Highlighted
New Member
Posts: 18
Registered: ‎05-14-2013
Kudos: 1
Accepted Solution

"unable to send fragmented UDP traffic"

Hi,

 

I did a quick test with the ICSI analyzer and received the following warning 

 

Basic UDP access is available.

The client was unable to send fragmented UDP traffic. The most likely cause is an error in your network's firewall configuration or NAT.

The maximum packet successfully sent was 1482 bytes of payload.

The client was able to receive fragmented UDP traffic.

 

Is this likely to be my EdgeMax config or my ISP?

 

Config below

 

Cheers,

 

Sam

 

firewall {
    all-ping enable
    broadcast-ping disable
    conntrack-expect-table-size 4096
    conntrack-hash-size 4096
    conntrack-table-size 32768
    conntrack-tcp-loose enable
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "Packets from Internet"
        enable-default-log
        rule 1 {
            action accept
            description "Allow Established Sessions"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Drop Invalid State"
            log disable
            protocol all
        }
    }
    name WAN_Local {
        default-action drop
        description ""
        rule 1 {
            action accept
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            log disable
            protocol all
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description WAN
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_Local
            }
        }
        speed auto
    }
    ethernet eth1 {
        address 192.168.1.1/24
        description PKN
        duplex auto
        speed auto
    }
    ethernet eth2 {
        address 192.168.2.1/24
        description Cisco
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
service {
    dhcp-server {
        disabled false
        shared-network-name Cisco-DHCP {
            authoritative disable
            subnet 192.168.2.0/24 {
                default-router 192.168.2.1
                lease 86400
                start 192.168.2.100 {
                    stop 192.168.2.254
                }
                static-mapping Cisco_891 {
                    ip-address 192.168.2.10
                    mac-address 64:9e:f3:ae:97:a9
                }
            }
        }
        shared-network-name PKN-DHCP {
            authoritative disable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.100 {
                    stop 192.168.1.254
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            dhcp eth0
            listen-on eth1
        }
    }
    gui {
        https-port 443
    }
    lldp {
    }
    nat {
        rule 5000 {
            description "Masquerade for WAN"
            log disable
            outbound-interface eth0
            protocol all
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    upnp {
        listen-on eth1 {
            outbound-interface eth0
        }
    }
}
system {
    host-name PKN-Gateway
    login {
        user ubnt {
            authentication {
                encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:dhcp-relay@1:dhcp-server@4:firewall@4:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.1.0.4543695.130312.1019 */

 

 


Accepted Solutions
Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: "unable to send fragmented UDP traffic"

Where's your icsi netalyzr located? There's no MTU change on your EdgeMax per your config, so probably your ISP or some other routers in between your icsi netalyzr and the icsi netalyzr server.

 

http://netalyzr.icsi.berkeley.edu/info_udp_connectivity.html

http://netalyzr.icsi.berkeley.edu/info_mtu.html

View solution in original post


All Replies
Ubiquiti Employee
Posts: 2,991
Registered: ‎02-04-2013
Kudos: 354
Solutions: 289

Re: "unable to send fragmented UDP traffic"

Where's your icsi netalyzr located? There's no MTU change on your EdgeMax per your config, so probably your ISP or some other routers in between your icsi netalyzr and the icsi netalyzr server.

 

http://netalyzr.icsi.berkeley.edu/info_udp_connectivity.html

http://netalyzr.icsi.berkeley.edu/info_mtu.html

New Member
Posts: 18
Registered: ‎05-14-2013
Kudos: 1

Re: "unable to send fragmented UDP traffic"

The netalyzr is running in the browser of a PC connected to eth1

The MTU is 1500 (I'm with virgin media on docsis 2.0)

I think your conclusion is correct - just wanted to check !