* [Bismark-devel] switching issue on device @ 2011-04-17 14:36 Nick Feamster 2011-04-17 14:46 ` Dave Taht 0 siblings, 1 reply; 7+ messages in thread From: Nick Feamster @ 2011-04-17 14:36 UTC (permalink / raw) To: bismark-devel when I ping my server from the openwrt box, I can see it: root@OpenWrt:~# ping 172.16.0.159 PING 172.16.0.159 (172.16.0.159): 56 data bytes 64 bytes from 172.16.0.159: seq=0 ttl=64 time=1.326 ms 64 bytes from 172.16.0.159: seq=1 ttl=64 time=1.365 ms but when I associate to the SSID of the OpenWRT box and try to ping my server's IP address, I can't. Strangely, when I associate to an access point that is *downstream* of the OpenWRT box (i.e., a second access point that is actually connected to one of the switch ports on the OpenWRT box), pinging also works. It is only when I associate directly to the OpenWRT box that (1) upnp names (e.g., back-bay.local), and (2) pinging the .159 address do not work. Any ideas what is going on here? Thanks! -Nick ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-17 14:36 [Bismark-devel] switching issue on device Nick Feamster @ 2011-04-17 14:46 ` Dave Taht 2011-04-17 14:52 ` Nick Feamster 0 siblings, 1 reply; 7+ messages in thread From: Dave Taht @ 2011-04-17 14:46 UTC (permalink / raw) To: bismark-devel On 04/17/2011 08:36 AM, Nick Feamster wrote: > when I ping my server from the openwrt box, I can see it: > > root@OpenWrt:~# ping 172.16.0.159 > PING 172.16.0.159 (172.16.0.159): 56 data bytes > 64 bytes from 172.16.0.159: seq=0 ttl=64 time=1.326 ms > 64 bytes from 172.16.0.159: seq=1 ttl=64 time=1.365 ms > > > but when I associate to the SSID of the OpenWRT box and try to ping my server's IP address, I can't. > > Strangely, when I associate to an access point that is *downstream* of the OpenWRT box (i.e., a second access point that is actually connected to one of the switch ports on the OpenWRT box), pinging also works. It is only when I associate directly to the OpenWRT box that (1) upnp names (e.g., back-bay.local), and (2) pinging the .159 address do not work. > Multicast DNS (.local) addresses need a mdnsresponder installed. By default you are using pure dnsmasq, which defaults to naming various machines whatever.lan, (and can be configured to "do the right thing for real internet connections" by setting up For example, in my case, my main dns server out on the internet for taht.net delegates the subdomain "co.teklibre.org" to my gateway there (or it did, before I left colorado) and my router would assign names and addresses inside of that space, (after setting it up to use co.teklibre.org and not .lan) example: cruithne.co.teklibre.org is my laptop. > Any ideas what is going on here? > I'm mildly confused as to your topology here. Diagram? You are behind NAT by default, so if you try to ping through the WAN port to something anything inside the LAN, those machines will be unreachable. You should however, be able to ping from the wireless to anywhere wired, LAN or WAN port. If you have AP isolation turned on in the wireless side, you cannot ping any other wireless connection, and I'm unsure what the behavior is for wired to wireless in that case. (I HATE AP isolation personally, but it exists to virus proof public wireless lans) Ping me on #bismark if you need further aid. > Thanks! > -Nick > _______________________________________________ > Bismark-devel mailing list > Bismark-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bismark-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-17 14:46 ` Dave Taht @ 2011-04-17 14:52 ` Nick Feamster 2011-04-18 0:21 ` Kim Hawtin 0 siblings, 1 reply; 7+ messages in thread From: Nick Feamster @ 2011-04-17 14:52 UTC (permalink / raw) To: Dave Taht; +Cc: bismark-devel On Apr 17, 2011, at 10:46 AM, Dave Taht wrote: > I'm mildly confused as to your topology here. Diagram? > > You are behind NAT by default, so if you try to ping through the WAN port to something anything inside the LAN, those machines will be unreachable. You should however, be able to ping from the wireless to anywhere wired, LAN or WAN port. If you have AP isolation turned on in the wireless side, you cannot ping any other wireless connection, and I'm unsure what the behavior is for wired to wireless in that case. I'm just talking about my LAN here: SERVER <----(2.4 GHz wireless, SSID "foo") ----> WNDR3700 <---- (wired LAN port) ----> Access Point 2 * When I associate to AP2, I can ping SERVER, and resolve MDNS names. * When I log into WNDR, I can ping SERVER * When I associate to the WNDR3700, I can neither ping the server, nor resolve MDNS names. So, isn't it strange that everything works when I'm connected via AP2, but not via the WNDR? By my reasoning, all of the traffic that I'm sending when I'm connected via AP2 would have to go through the WNDR anyhow... -Nick ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-17 14:52 ` Nick Feamster @ 2011-04-18 0:21 ` Kim Hawtin 2011-04-18 1:45 ` Dave Taht 2011-04-18 2:19 ` Nick Feamster 0 siblings, 2 replies; 7+ messages in thread From: Kim Hawtin @ 2011-04-18 0:21 UTC (permalink / raw) To: bismark-devel On 18/04/11 00:22, Nick Feamster wrote: > On Apr 17, 2011, at 10:46 AM, Dave Taht wrote: >> I'm mildly confused as to your topology here. Diagram? >> >> You are behind NAT by default, so if you try to ping through the WAN > port to something anything inside the LAN, those machines will be unreachable. > You should however, be able to ping from the wireless to anywhere wired, > LAN or WAN port. If you have AP isolation turned on in the wireless side, > you cannot ping any other wireless connection, and I'm unsure what the > behavior is for wired to wireless in that case. > > I'm just talking about my LAN here: > > SERVER<----(2.4 GHz wireless, SSID "foo") ----> WNDR3700<---- (wired LAN port) ----> Access Point 2 > > * When I associate to AP2, I can ping SERVER, and resolve MDNS names. > * When I log into WNDR, I can ping SERVER > * When I associate to the WNDR3700, I can neither ping the server, nor resolve MDNS names. > > So, isn't it strange that everything works when I'm connected via AP2, > but not via the WNDR? By my reasoning, all of the traffic that I'm > sending when I'm connected via AP2 would have to go through the WNDR anyhow... I am not sure how relevant my experience is here, as I am not using a WNDR3700. I have seen this behavior on other APs. I have a hunch that its related to how ARP is treated on the AP. In my case specifically on WPA2 on a modern Billion device that does ADSL2+/AP/VoIP. This behavior generally does not seem to be an issue on an open network or using WEP. I noticed this last weekend when I was setting up my server at home to to builds on, transfering files around with rsync/scp/etc Only when *both* hosts on the wireless have ping'd the AP can then you ping the other hosts from wireless to wireless... ([laptop A], [laptop B]) --wifi-wpa2--> [AP] <--wired-- [server] For example I can not ping [laptop B] from [laptop A], both being on the wireless using WPA2, until I ping the AP from both laptops. I can however ping the [server] from both laptops. However I can not ping either latptop from [server] until the laptop has ping'd [AP]. There is currently no mdns in use by any of these devices. Perhaps the AP is building an internal table using mdns to allow/identify traffic across its interfaces? regards, Kim ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-18 0:21 ` Kim Hawtin @ 2011-04-18 1:45 ` Dave Taht 2011-04-18 4:59 ` Kim Hawtin 2011-04-18 2:19 ` Nick Feamster 1 sibling, 1 reply; 7+ messages in thread From: Dave Taht @ 2011-04-18 1:45 UTC (permalink / raw) To: bismark-devel On 04/17/2011 06:21 PM, Kim Hawtin wrote: > On 18/04/11 00:22, Nick Feamster wrote: >> On Apr 17, 2011, at 10:46 AM, Dave Taht wrote: >>> I'm mildly confused as to your topology here. Diagram? >>> >>> You are behind NAT by default, so if you try to ping through the WAN >> port to something anything inside the LAN, those machines will be >> unreachable. >> You should however, be able to ping from the wireless to anywhere wired, >> LAN or WAN port. If you have AP isolation turned on in the wireless >> side, >> you cannot ping any other wireless connection, and I'm unsure what the >> behavior is for wired to wireless in that case. >> >> I'm just talking about my LAN here: >> >> SERVER<----(2.4 GHz wireless, SSID "foo") ----> WNDR3700<---- >> (wired LAN port) ----> Access Point 2 >> >> * When I associate to AP2, I can ping SERVER, and resolve MDNS names. >> * When I log into WNDR, I can ping SERVER >> * When I associate to the WNDR3700, I can neither ping the server, >> nor resolve MDNS names. >> >> So, isn't it strange that everything works when I'm connected via AP2, >> but not via the WNDR? By my reasoning, all of the traffic that I'm >> sending when I'm connected via AP2 would have to go through the WNDR >> anyhow... > > I am not sure how relevant my experience is here, as I am not using a > WNDR3700. I have seen this behavior on other APs. I have a hunch that > its related to how ARP is treated on the AP. In my case specifically > on WPA2 on a modern Billion device that does ADSL2+/AP/VoIP. This > behavior generally does not seem to be an issue on an open network or > using WEP. I noticed this last weekend when I was setting up my server > at home to to builds on, transfering files around with rsync/scp/etc > > Only when *both* hosts on the wireless have ping'd the AP can then you > ping the other hosts from wireless to wireless... > > ([laptop A], [laptop B]) --wifi-wpa2--> [AP] <--wired-- [server] > > For example I can not ping [laptop B] from [laptop A], both being on > the wireless using WPA2, until I ping the AP from both laptops. I can > however ping the [server] from both laptops. However I can not ping > either latptop from [server] until the laptop has ping'd [AP]. There > is currently no mdns in use by any of these devices. > > Perhaps the AP is building an internal table using mdns to > allow/identify traffic across its interfaces? In Nick's case he had AP isolation on, which isolates individual wireless clients from each other on the same AP. Most cafe's and public wifi spots have this on. Home users and anyone doing p2p stuff should have it off, and it should be off by default. It's ironic that people trust the internet more than machines topologically close by these days. So if you have AP isolation on in your WPA case and off in your WEP case, that's probably the real diagnosis. I've *also* seen all kinds of issues with ARP of late, taking 10s of ms for an ARP reply to be propagated, and in the bufferbloated case, often failing entirely. > > regards, > > Kim > _______________________________________________ > Bismark-devel mailing list > Bismark-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bismark-devel ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-18 1:45 ` Dave Taht @ 2011-04-18 4:59 ` Kim Hawtin 0 siblings, 0 replies; 7+ messages in thread From: Kim Hawtin @ 2011-04-18 4:59 UTC (permalink / raw) To: bismark-devel On 18/04/11 11:15, Dave Taht wrote: > In Nick's case he had AP isolation on, which isolates individual > wireless clients from each other on the same AP. > > Most cafe's and public wifi spots have this on. Home users and anyone > doing p2p stuff should have it off, and it should be off by default. > > It's ironic that people trust the internet more than machines > topologically close by these days. > > So if you have AP isolation on in your WPA case and off in your WEP > case, that's probably the real diagnosis. I will check this out when I get home. Its quite possible its the default on my AP. I need to image my older WRT54g with bismark and tinker with it directly. > I've *also* seen all kinds of issues with ARP of late, taking 10s of ms > for an ARP reply to be propagated, and in the bufferbloated case, often > failing entirely. Will have to compare with other kit locally to figure what happens with consumer kit... cheers, Kim ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bismark-devel] switching issue on device 2011-04-18 0:21 ` Kim Hawtin 2011-04-18 1:45 ` Dave Taht @ 2011-04-18 2:19 ` Nick Feamster 1 sibling, 0 replies; 7+ messages in thread From: Nick Feamster @ 2011-04-18 2:19 UTC (permalink / raw) To: Kim Hawtin; +Cc: bismark-devel On Apr 17, 2011, at 8:21 PM, Kim Hawtin wrote: > Perhaps the AP is building an internal table using mdns to allow/identify traffic across its interfaces? Yes, I also initially suspected an mdns issue, but it turned out to be the AP isolation point that Dave mentioned. Both Dave and Srikanth insist that this option is disabled by default, but I'm pretty sure I would not have blindly disabled this option, especially since I had no idea what it was, or that it even existed, before today. Hmm... maybe I'm becoming senile. -Nick ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-04-18 4:59 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2011-04-17 14:36 [Bismark-devel] switching issue on device Nick Feamster 2011-04-17 14:46 ` Dave Taht 2011-04-17 14:52 ` Nick Feamster 2011-04-18 0:21 ` Kim Hawtin 2011-04-18 1:45 ` Dave Taht 2011-04-18 4:59 ` Kim Hawtin 2011-04-18 2:19 ` Nick Feamster
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox