Re: Verizon/Qwest single end-user difficulty vs Xfinity (was Re: NANOG Digest, Vol 182, Issue 14)

[Tom Daly <tjd () q7 io>]

Jeff,

Since you are using bridge mode, try adjusting down the MTU supported
through the network. We have observed that a realistic MTU for Verizon 5G
home internet is about 1428 bytes.

Good luck,

Tom




On Sun, Mar 19, 2023 at 8:00 AM <nanog-request () nanog org> wrote:

> Send NANOG mailing list submissions to
>         nanog () nanog org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
>         nanog-request () nanog org
>
> You can reach the person managing the list at
>         nanog-owner () nanog org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
>
>
> Today's Topics:
>
>    1. Spamhaus flags any IP announced by our ASN as a criminal
>       network (Brandon Zhi)
>    2. Verizon/Qwest single end-user difficulty vs Xfinity (Jeff Woolsey)
>    3. Re: Spamhaus flags any IP announced by our ASN as a criminal
>       network (Tom Beecher)
>    4. Re: Verizon/Qwest single end-user difficulty vs Xfinity
>       (Darin Steffl)
>    5. Re: Verizon/Qwest single end-user difficulty vs Xfinity (Joe)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 18 Mar 2023 14:57:12 +0100
> From: Brandon Zhi <Brandon () huize asia>
> To: nanog () nanog org
> Subject: Spamhaus flags any IP announced by our ASN as a criminal
>         network
> Message-ID:
>         <
> CAAyZddEAu48oYngA6xgwrsijbVf9LiwLHVE5OnO3y+8faUSMLg () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello guy,
>
> We recently discovered that any IP address announced by our ASN is
> blacklisted by Spamhaus, even if we only announced it but not use it.
>
> I would like to ask if this is manually set by Spamhaus or is the system
> misjudgment? Has anyone encountered the same situation as us?
>
>
> Best,
>
> *Brandon Zhi*
> HUIZE LTD
>
> www.huize.asia  <https://huize.asia/>| www.ixp.su | Twitter
>
>
> This e-mail and any attachments or any reproduction of this e-mail in
> whatever manner are confidential and for the use of the addressee(s) only.
> HUIZE LTD can?t take any liability and guarantee of the text of the email
> message and virus.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20230318/3e9aa32f/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 17 Mar 2023 18:32:53 -0700
> From: Jeff Woolsey <jlw () jlw com>
> To: nanog () nanog org
> Subject: Verizon/Qwest single end-user difficulty vs Xfinity
> Message-ID: <8c539894-c5ee-e01c-08a1-5a72c0037c04 () jlw com>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Verizon 5G Internet Support is not at a high-enough pay grade to assess
> this problem...? So I'm turning to y'all.
>
> I'm trying to save $$$ and increase speed, using Verizon 5G Home
> Internet to replace XFinity, even though they gave me a faster modem a
> few weeks ago.? I run both of the modems in Bridge/Passthrough mode.
>
> A friend of mine is nice enough to offer some offsite backup space, and
> I use rsync over ssh to get there.? He's 1500 miles away.? He uses a
> non-standard ssh port (keeps the doorknob twisters away).?? This sort of
> thing has been working without difficulty over Xfinity (my end) for
> years.? He also changed his connection almost a month ago now, to Qwest,
> I believe.
>
> I try the same thing over Verizon [1] and ssh always times out, no
> response.? We are also NTP peers, and that doesn't work well over
> Verizon either. ICMP traceroutes and pings succeed.? UDP traceroutes do
> not get any further than 207.109.3.78 (last hop before destination) .?
> Not every traceroute offers TCP, but MacOS does, and nothing responds to
> any of that, even at the usual ssh port.? UDP traceroutes to either port
> behave like an ordinary one, which it is.
>
> Since I can get there via xfinity, I can traceroute, ping, but not ssh
> back through Verizon.
>
> I also set up an incoming (xfinity) port from the same non-standard ssh
> port forwarding to regular ssh on a different system on my LAN, and when
> I ssh -p <port>? that from Verizon (even cellphone data),? I get that
> other system, and that works fine.? The 207... router is not in that path.
>
> I can also ping the Verizon connection from Xfinity (and vice versa).
>
> Go figure.
>
> [1] This same difficulty occurs in Verizon's Looking Glass, from several
> different places, and other Looking Glasses (e.g. Cogent, Equinix).? It
> also occurs on my Verizon phone data connection (not WiFi).? If he were
> serving more stuff out of his home, this would be a bigger problem.
>
>
> --
> Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com
> Spum bad keming.
> Nature abhors a straight antenna, a clean lens, and empty storage.
> "Delete! Delete! OK!" -Dr. Bronner on disk space management
> "Card sorting, Joel." -me, re Solitaire
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 18 Mar 2023 16:25:50 -0400
> From: Tom Beecher <beecher () beecher cc>
> To: Brandon Zhi <Brandon () huize asia>
> Cc: nanog () nanog org
> Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal
>         network
> Message-ID:
>         <CAL9Qcx7rF6ssPwO48vAs-ULxv-40=
> kWyYOA63vZ0YFGVB100iQ () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Given the list of things on these two prefixes alone, I would venture to
> guess it's not a misjudgement.
>
> https://check.spamhaus.org/listed/?searchterm=5.178.2.1
> https://check.spamhaus.org/listed/?searchterm=80.66.64.1
>
>
>
> On Sat, Mar 18, 2023 at 3:47?PM Brandon Zhi <Brandon () huize asia> wrote:
>
> > Hello guy,
> >
> > We recently discovered that any IP address announced by our ASN is
> > blacklisted by Spamhaus, even if we only announced it but not use it.
> >
> > I would like to ask if this is manually set by Spamhaus or is the system
> > misjudgment? Has anyone encountered the same situation as us?
> >
> >
> > Best,
> >
> > *Brandon Zhi*
> > HUIZE LTD
> >
> > www.huize.asia  <https://huize.asia/>| www.ixp.su | Twitter
> >
> >
> > This e-mail and any attachments or any reproduction of this e-mail in
> > whatever manner are confidential and for the use of the addressee(s)
> only.
> > HUIZE LTD can?t take any liability and guarantee of the text of the email
> > message and virus.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20230318/6ea2cdce/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Sat, 18 Mar 2023 16:06:52 -0500
> From: Darin Steffl <darin.steffl () mnwifi com>
> To: Jeff Woolsey <jlw () jlw com>
> Cc: "North American Network Operators' Group" <nanog () nanog org>
> Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity
> Message-ID:
>         <CAH-uaeq+yibTAkDNwUew6eh_D4toBSmqFy=oR=
> K+6+G-Ri9ceg () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> Verizon does weird stuff with traffic in their cell network. Like wireguard
> only running 1-2 Mbps over Verizon but faster on fixed like providers. I'm
> assuming they rate limit certain protocols to avoid bypassing their
> streaming video rate limits. I can see 200/30 Mbps on a 4G speedtest but
> VPN runs very slow still.
>
> Xfinity is better than cellular so I'd switch back. Any fixed cable, fiber,
> wisp, or fast dsl provider should be better and more stable.
>
> On Sat, Mar 18, 2023, 2:51 PM Jeff Woolsey <jlw () jlw com> wrote:
>
> > Verizon 5G Internet Support is not at a high-enough pay grade to assess
> > this problem...  So I'm turning to y'all.
> >
> > I'm trying to save $$$ and increase speed, using Verizon 5G Home
> > Internet to replace XFinity, even though they gave me a faster modem a
> > few weeks ago.  I run both of the modems in Bridge/Passthrough mode.
> >
> > A friend of mine is nice enough to offer some offsite backup space, and
> > I use rsync over ssh to get there.  He's 1500 miles away.  He uses a
> > non-standard ssh port (keeps the doorknob twisters away).   This sort of
> > thing has been working without difficulty over Xfinity (my end) for
> > years.  He also changed his connection almost a month ago now, to Qwest,
> > I believe.
> >
> > I try the same thing over Verizon [1] and ssh always times out, no
> > response.  We are also NTP peers, and that doesn't work well over
> > Verizon either. ICMP traceroutes and pings succeed.  UDP traceroutes do
> > not get any further than 207.109.3.78 (last hop before destination) .
> > Not every traceroute offers TCP, but MacOS does, and nothing responds to
> > any of that, even at the usual ssh port.  UDP traceroutes to either port
> > behave like an ordinary one, which it is.
> >
> > Since I can get there via xfinity, I can traceroute, ping, but not ssh
> > back through Verizon.
> >
> > I also set up an incoming (xfinity) port from the same non-standard ssh
> > port forwarding to regular ssh on a different system on my LAN, and when
> > I ssh -p <port>  that from Verizon (even cellphone data),  I get that
> > other system, and that works fine.  The 207... router is not in that
> path.
> > I can also ping the Verizon connection from Xfinity (and vice versa).
> >
> > Go figure.
> >
> > [1] This same difficulty occurs in Verizon's Looking Glass, from several
> > different places, and other Looking Glasses (e.g. Cogent, Equinix).  It
> > also occurs on my Verizon phone data connection (not WiFi).  If he were
> > serving more stuff out of his home, this would be a bigger problem.
> >
> >
> > --
> > Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com
> > Spum bad keming.
> > Nature abhors a straight antenna, a clean lens, and empty storage.
> > "Delete! Delete! OK!" -Dr. Bronner on disk space management
> > "Card sorting, Joel." -me, re Solitaire
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20230318/50b770ae/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Sat, 18 Mar 2023 16:53:21 -0500
> From: Joe <jbfixurpc () gmail com>
> To: Jeff Woolsey <jlw () jlw com>
> Cc: nanog () nanog org
> Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity
> Message-ID:
>         <
> CA+zb_vGH28N+__GjM65oky6_DC6WWmGuiP2rw5H79R9k6uw4rw () mail gmail com>
> Content-Type: text/plain; charset="utf-8"
>
> You mentioned using a non-standard port for your ssh/rsync, have you tried
> changing that to something other than what your using?
> Keep in mind some of these providers might be blocking non-standard ports
> as this is a common method to abuse others and might be a cheaper
> alternative to dealing with the constant pile of abuse complaints.
>
> Maybe not just a thought.
>
> -Joe
>
>
> On Sat, Mar 18, 2023 at 2:51?PM Jeff Woolsey <jlw () jlw com> wrote:
>
> > Verizon 5G Internet Support is not at a high-enough pay grade to assess
> > this problem...  So I'm turning to y'all.
> >
> > I'm trying to save $$$ and increase speed, using Verizon 5G Home
> > Internet to replace XFinity, even though they gave me a faster modem a
> > few weeks ago.  I run both of the modems in Bridge/Passthrough mode.
> >
> > A friend of mine is nice enough to offer some offsite backup space, and
> > I use rsync over ssh to get there.  He's 1500 miles away.  He uses a
> > non-standard ssh port (keeps the doorknob twisters away).   This sort of
> > thing has been working without difficulty over Xfinity (my end) for
> > years.  He also changed his connection almost a month ago now, to Qwest,
> > I believe.
> >
> > I try the same thing over Verizon [1] and ssh always times out, no
> > response.  We are also NTP peers, and that doesn't work well over
> > Verizon either. ICMP traceroutes and pings succeed.  UDP traceroutes do
> > not get any further than 207.109.3.78 (last hop before destination) .
> > Not every traceroute offers TCP, but MacOS does, and nothing responds to
> > any of that, even at the usual ssh port.  UDP traceroutes to either port
> > behave like an ordinary one, which it is.
> >
> > Since I can get there via xfinity, I can traceroute, ping, but not ssh
> > back through Verizon.
> >
> > I also set up an incoming (xfinity) port from the same non-standard ssh
> > port forwarding to regular ssh on a different system on my LAN, and when
> > I ssh -p <port>  that from Verizon (even cellphone data),  I get that
> > other system, and that works fine.  The 207... router is not in that
> path.
> > I can also ping the Verizon connection from Xfinity (and vice versa).
> >
> > Go figure.
> >
> > [1] This same difficulty occurs in Verizon's Looking Glass, from several
> > different places, and other Looking Glasses (e.g. Cogent, Equinix).  It
> > also occurs on my Verizon phone data connection (not WiFi).  If he were
> > serving more stuff out of his home, this would be a bigger problem.
> >
> >
> > --
> > Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com
> > Spum bad keming.
> > Nature abhors a straight antenna, a clean lens, and empty storage.
> > "Delete! Delete! OK!" -Dr. Bronner on disk space management
> > "Card sorting, Joel." -me, re Solitaire
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20230318/56fadc80/attachment-0001.html
> >
>
> End of NANOG Digest, Vol 182, Issue 14
> **************************************