nanog mailing list archives
Re: Verizon/Qwest single end-user difficulty vs Xfinity (was Re: NANOG Digest, Vol 182, Issue 14)
From: Tom Daly <tjd () q7 io>
Date: Sun, 19 Mar 2023 08:14:26 -0400
Jeff, Since you are using bridge mode, try adjusting down the MTU supported through the network. We have observed that a realistic MTU for Verizon 5G home internet is about 1428 bytes. Good luck, Tom On Sun, Mar 19, 2023 at 8:00 AM <nanog-request () nanog org> wrote:
Send NANOG mailing list submissions to nanog () nanog org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request () nanog org You can reach the person managing the list at nanog-owner () nanog org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. Spamhaus flags any IP announced by our ASN as a criminal network (Brandon Zhi) 2. Verizon/Qwest single end-user difficulty vs Xfinity (Jeff Woolsey) 3. Re: Spamhaus flags any IP announced by our ASN as a criminal network (Tom Beecher) 4. Re: Verizon/Qwest single end-user difficulty vs Xfinity (Darin Steffl) 5. Re: Verizon/Qwest single end-user difficulty vs Xfinity (Joe) ---------------------------------------------------------------------- Message: 1 Date: Sat, 18 Mar 2023 14:57:12 +0100 From: Brandon Zhi <Brandon () huize asia> To: nanog () nanog org Subject: Spamhaus flags any IP announced by our ASN as a criminal network Message-ID: < CAAyZddEAu48oYngA6xgwrsijbVf9LiwLHVE5OnO3y+8faUSMLg () mail gmail com> Content-Type: text/plain; charset="utf-8" Hello guy, We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it. I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us? Best, *Brandon Zhi* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can?t take any liability and guarantee of the text of the email message and virus. -------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20230318/3e9aa32f/attachment-0001.html------------------------------ Message: 2 Date: Fri, 17 Mar 2023 18:32:53 -0700 From: Jeff Woolsey <jlw () jlw com> To: nanog () nanog org Subject: Verizon/Qwest single end-user difficulty vs Xfinity Message-ID: <8c539894-c5ee-e01c-08a1-5a72c0037c04 () jlw com> Content-Type: text/plain; charset=UTF-8; format=flowed Verizon 5G Internet Support is not at a high-enough pay grade to assess this problem...? So I'm turning to y'all. I'm trying to save $$$ and increase speed, using Verizon 5G Home Internet to replace XFinity, even though they gave me a faster modem a few weeks ago.? I run both of the modems in Bridge/Passthrough mode. A friend of mine is nice enough to offer some offsite backup space, and I use rsync over ssh to get there.? He's 1500 miles away.? He uses a non-standard ssh port (keeps the doorknob twisters away).?? This sort of thing has been working without difficulty over Xfinity (my end) for years.? He also changed his connection almost a month ago now, to Qwest, I believe. I try the same thing over Verizon [1] and ssh always times out, no response.? We are also NTP peers, and that doesn't work well over Verizon either. ICMP traceroutes and pings succeed.? UDP traceroutes do not get any further than 207.109.3.78 (last hop before destination) .? Not every traceroute offers TCP, but MacOS does, and nothing responds to any of that, even at the usual ssh port.? UDP traceroutes to either port behave like an ordinary one, which it is. Since I can get there via xfinity, I can traceroute, ping, but not ssh back through Verizon. I also set up an incoming (xfinity) port from the same non-standard ssh port forwarding to regular ssh on a different system on my LAN, and when I ssh -p <port>? that from Verizon (even cellphone data),? I get that other system, and that works fine.? The 207... router is not in that path. I can also ping the Verizon connection from Xfinity (and vice versa). Go figure. [1] This same difficulty occurs in Verizon's Looking Glass, from several different places, and other Looking Glasses (e.g. Cogent, Equinix).? It also occurs on my Verizon phone data connection (not WiFi).? If he were serving more stuff out of his home, this would be a bigger problem. -- Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com Spum bad keming. Nature abhors a straight antenna, a clean lens, and empty storage. "Delete! Delete! OK!" -Dr. Bronner on disk space management "Card sorting, Joel." -me, re Solitaire ------------------------------ Message: 3 Date: Sat, 18 Mar 2023 16:25:50 -0400 From: Tom Beecher <beecher () beecher cc> To: Brandon Zhi <Brandon () huize asia> Cc: nanog () nanog org Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network Message-ID: <CAL9Qcx7rF6ssPwO48vAs-ULxv-40= kWyYOA63vZ0YFGVB100iQ () mail gmail com> Content-Type: text/plain; charset="utf-8" Given the list of things on these two prefixes alone, I would venture to guess it's not a misjudgement. https://check.spamhaus.org/listed/?searchterm=5.178.2.1 https://check.spamhaus.org/listed/?searchterm=80.66.64.1 On Sat, Mar 18, 2023 at 3:47?PM Brandon Zhi <Brandon () huize asia> wrote:Hello guy, We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it. I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us? Best, *Brandon Zhi* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s)only.HUIZE LTD can?t take any liability and guarantee of the text of the email message and virus.-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20230318/6ea2cdce/attachment-0001.html------------------------------ Message: 4 Date: Sat, 18 Mar 2023 16:06:52 -0500 From: Darin Steffl <darin.steffl () mnwifi com> To: Jeff Woolsey <jlw () jlw com> Cc: "North American Network Operators' Group" <nanog () nanog org> Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity Message-ID: <CAH-uaeq+yibTAkDNwUew6eh_D4toBSmqFy=oR= K+6+G-Ri9ceg () mail gmail com> Content-Type: text/plain; charset="utf-8" Verizon does weird stuff with traffic in their cell network. Like wireguard only running 1-2 Mbps over Verizon but faster on fixed like providers. I'm assuming they rate limit certain protocols to avoid bypassing their streaming video rate limits. I can see 200/30 Mbps on a 4G speedtest but VPN runs very slow still. Xfinity is better than cellular so I'd switch back. Any fixed cable, fiber, wisp, or fast dsl provider should be better and more stable. On Sat, Mar 18, 2023, 2:51 PM Jeff Woolsey <jlw () jlw com> wrote:Verizon 5G Internet Support is not at a high-enough pay grade to assess this problem... So I'm turning to y'all. I'm trying to save $$$ and increase speed, using Verizon 5G Home Internet to replace XFinity, even though they gave me a faster modem a few weeks ago. I run both of the modems in Bridge/Passthrough mode. A friend of mine is nice enough to offer some offsite backup space, and I use rsync over ssh to get there. He's 1500 miles away. He uses a non-standard ssh port (keeps the doorknob twisters away). This sort of thing has been working without difficulty over Xfinity (my end) for years. He also changed his connection almost a month ago now, to Qwest, I believe. I try the same thing over Verizon [1] and ssh always times out, no response. We are also NTP peers, and that doesn't work well over Verizon either. ICMP traceroutes and pings succeed. UDP traceroutes do not get any further than 207.109.3.78 (last hop before destination) . Not every traceroute offers TCP, but MacOS does, and nothing responds to any of that, even at the usual ssh port. UDP traceroutes to either port behave like an ordinary one, which it is. Since I can get there via xfinity, I can traceroute, ping, but not ssh back through Verizon. I also set up an incoming (xfinity) port from the same non-standard ssh port forwarding to regular ssh on a different system on my LAN, and when I ssh -p <port> that from Verizon (even cellphone data), I get that other system, and that works fine. The 207... router is not in thatpath.I can also ping the Verizon connection from Xfinity (and vice versa). Go figure. [1] This same difficulty occurs in Verizon's Looking Glass, from several different places, and other Looking Glasses (e.g. Cogent, Equinix). It also occurs on my Verizon phone data connection (not WiFi). If he were serving more stuff out of his home, this would be a bigger problem. -- Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com Spum bad keming. Nature abhors a straight antenna, a clean lens, and empty storage. "Delete! Delete! OK!" -Dr. Bronner on disk space management "Card sorting, Joel." -me, re Solitaire-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20230318/50b770ae/attachment-0001.html------------------------------ Message: 5 Date: Sat, 18 Mar 2023 16:53:21 -0500 From: Joe <jbfixurpc () gmail com> To: Jeff Woolsey <jlw () jlw com> Cc: nanog () nanog org Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity Message-ID: < CA+zb_vGH28N+__GjM65oky6_DC6WWmGuiP2rw5H79R9k6uw4rw () mail gmail com> Content-Type: text/plain; charset="utf-8" You mentioned using a non-standard port for your ssh/rsync, have you tried changing that to something other than what your using? Keep in mind some of these providers might be blocking non-standard ports as this is a common method to abuse others and might be a cheaper alternative to dealing with the constant pile of abuse complaints. Maybe not just a thought. -Joe On Sat, Mar 18, 2023 at 2:51?PM Jeff Woolsey <jlw () jlw com> wrote:Verizon 5G Internet Support is not at a high-enough pay grade to assess this problem... So I'm turning to y'all. I'm trying to save $$$ and increase speed, using Verizon 5G Home Internet to replace XFinity, even though they gave me a faster modem a few weeks ago. I run both of the modems in Bridge/Passthrough mode. A friend of mine is nice enough to offer some offsite backup space, and I use rsync over ssh to get there. He's 1500 miles away. He uses a non-standard ssh port (keeps the doorknob twisters away). This sort of thing has been working without difficulty over Xfinity (my end) for years. He also changed his connection almost a month ago now, to Qwest, I believe. I try the same thing over Verizon [1] and ssh always times out, no response. We are also NTP peers, and that doesn't work well over Verizon either. ICMP traceroutes and pings succeed. UDP traceroutes do not get any further than 207.109.3.78 (last hop before destination) . Not every traceroute offers TCP, but MacOS does, and nothing responds to any of that, even at the usual ssh port. UDP traceroutes to either port behave like an ordinary one, which it is. Since I can get there via xfinity, I can traceroute, ping, but not ssh back through Verizon. I also set up an incoming (xfinity) port from the same non-standard ssh port forwarding to regular ssh on a different system on my LAN, and when I ssh -p <port> that from Verizon (even cellphone data), I get that other system, and that works fine. The 207... router is not in thatpath.I can also ping the Verizon connection from Xfinity (and vice versa). Go figure. [1] This same difficulty occurs in Verizon's Looking Glass, from several different places, and other Looking Glasses (e.g. Cogent, Equinix). It also occurs on my Verizon phone data connection (not WiFi). If he were serving more stuff out of his home, this would be a bigger problem. -- Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com Spum bad keming. Nature abhors a straight antenna, a clean lens, and empty storage. "Delete! Delete! OK!" -Dr. Bronner on disk space management "Card sorting, Joel." -me, re Solitaire-------------- next part -------------- An HTML attachment was scrubbed... URL: < http://mailman.nanog.org/pipermail/nanog/attachments/20230318/56fadc80/attachment-0001.htmlEnd of NANOG Digest, Vol 182, Issue 14 **************************************
Current thread:
- Re: Verizon/Qwest single end-user difficulty vs Xfinity (was Re: NANOG Digest, Vol 182, Issue 14) Tom Daly (Mar 19)