Jeff, Since you are using bridge mode, try adjusting down the MTU supported through the network. We have observed that a realistic MTU for Verizon 5G home internet is about 1428 bytes.
Good luck, Tom On Sun, Mar 19, 2023 at 8:00 AM <nanog-requ...@nanog.org> wrote: > Send NANOG mailing list submissions to > nanog@nanog.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.nanog.org/mailman/listinfo/nanog > or, via email, send a message with subject or body 'help' to > nanog-requ...@nanog.org > > You can reach the person managing the list at > nanog-ow...@nanog.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of NANOG digest..." > > > Today's Topics: > > 1. Spamhaus flags any IP announced by our ASN as a criminal > network (Brandon Zhi) > 2. Verizon/Qwest single end-user difficulty vs Xfinity (Jeff Woolsey) > 3. Re: Spamhaus flags any IP announced by our ASN as a criminal > network (Tom Beecher) > 4. Re: Verizon/Qwest single end-user difficulty vs Xfinity > (Darin Steffl) > 5. Re: Verizon/Qwest single end-user difficulty vs Xfinity (Joe) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 18 Mar 2023 14:57:12 +0100 > From: Brandon Zhi <bran...@huize.asia> > To: nanog@nanog.org > Subject: Spamhaus flags any IP announced by our ASN as a criminal > network > Message-ID: > < > caayzddeau48oynga6xgwrsijbvf9liwlhve5ono3y+8faus...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hello guy, > > We recently discovered that any IP address announced by our ASN is > blacklisted by Spamhaus, even if we only announced it but not use it. > > I would like to ask if this is manually set by Spamhaus or is the system > misjudgment? Has anyone encountered the same situation as us? > > > Best, > > *Brandon Zhi* > HUIZE LTD > > www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter > > > This e-mail and any attachments or any reproduction of this e-mail in > whatever manner are confidential and for the use of the addressee(s) only. > HUIZE LTD can?t take any liability and guarantee of the text of the email > message and virus. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.nanog.org/pipermail/nanog/attachments/20230318/3e9aa32f/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Fri, 17 Mar 2023 18:32:53 -0700 > From: Jeff Woolsey <j...@jlw.com> > To: nanog@nanog.org > Subject: Verizon/Qwest single end-user difficulty vs Xfinity > Message-ID: <8c539894-c5ee-e01c-08a1-5a72c0037...@jlw.com> > Content-Type: text/plain; charset=UTF-8; format=flowed > > Verizon 5G Internet Support is not at a high-enough pay grade to assess > this problem...? So I'm turning to y'all. > > I'm trying to save $$$ and increase speed, using Verizon 5G Home > Internet to replace XFinity, even though they gave me a faster modem a > few weeks ago.? I run both of the modems in Bridge/Passthrough mode. > > A friend of mine is nice enough to offer some offsite backup space, and > I use rsync over ssh to get there.? He's 1500 miles away.? He uses a > non-standard ssh port (keeps the doorknob twisters away).?? This sort of > thing has been working without difficulty over Xfinity (my end) for > years.? He also changed his connection almost a month ago now, to Qwest, > I believe. > > I try the same thing over Verizon [1] and ssh always times out, no > response.? We are also NTP peers, and that doesn't work well over > Verizon either. ICMP traceroutes and pings succeed.? UDP traceroutes do > not get any further than 207.109.3.78 (last hop before destination) .? > Not every traceroute offers TCP, but MacOS does, and nothing responds to > any of that, even at the usual ssh port.? UDP traceroutes to either port > behave like an ordinary one, which it is. > > Since I can get there via xfinity, I can traceroute, ping, but not ssh > back through Verizon. > > I also set up an incoming (xfinity) port from the same non-standard ssh > port forwarding to regular ssh on a different system on my LAN, and when > I ssh -p <port>? that from Verizon (even cellphone data),? I get that > other system, and that works fine.? The 207... router is not in that path. > > I can also ping the Verizon connection from Xfinity (and vice versa). > > Go figure. > > [1] This same difficulty occurs in Verizon's Looking Glass, from several > different places, and other Looking Glasses (e.g. Cogent, Equinix).? It > also occurs on my Verizon phone data connection (not WiFi).? If he were > serving more stuff out of his home, this would be a bigger problem. > > > -- > Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com > Spum bad keming. > Nature abhors a straight antenna, a clean lens, and empty storage. > "Delete! Delete! OK!" -Dr. Bronner on disk space management > "Card sorting, Joel." -me, re Solitaire > > > > ------------------------------ > > Message: 3 > Date: Sat, 18 Mar 2023 16:25:50 -0400 > From: Tom Beecher <beec...@beecher.cc> > To: Brandon Zhi <bran...@huize.asia> > Cc: nanog@nanog.org > Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal > network > Message-ID: > <CAL9Qcx7rF6ssPwO48vAs-ULxv-40= > kwyyoa63vz0yfgvb10...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Given the list of things on these two prefixes alone, I would venture to > guess it's not a misjudgement. > > https://check.spamhaus.org/listed/?searchterm=5.178.2.1 > https://check.spamhaus.org/listed/?searchterm=80.66.64.1 > > > > On Sat, Mar 18, 2023 at 3:47?PM Brandon Zhi <bran...@huize.asia> wrote: > > > Hello guy, > > > > We recently discovered that any IP address announced by our ASN is > > blacklisted by Spamhaus, even if we only announced it but not use it. > > > > I would like to ask if this is manually set by Spamhaus or is the system > > misjudgment? Has anyone encountered the same situation as us? > > > > > > Best, > > > > *Brandon Zhi* > > HUIZE LTD > > > > www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter > > > > > > This e-mail and any attachments or any reproduction of this e-mail in > > whatever manner are confidential and for the use of the addressee(s) > only. > > HUIZE LTD can?t take any liability and guarantee of the text of the email > > message and virus. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.nanog.org/pipermail/nanog/attachments/20230318/6ea2cdce/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Sat, 18 Mar 2023 16:06:52 -0500 > From: Darin Steffl <darin.ste...@mnwifi.com> > To: Jeff Woolsey <j...@jlw.com> > Cc: "North American Network Operators' Group" <nanog@nanog.org> > Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity > Message-ID: > <CAH-uaeq+yibTAkDNwUew6eh_D4toBSmqFy=oR= > k+6+g-ri9...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Verizon does weird stuff with traffic in their cell network. Like wireguard > only running 1-2 Mbps over Verizon but faster on fixed like providers. I'm > assuming they rate limit certain protocols to avoid bypassing their > streaming video rate limits. I can see 200/30 Mbps on a 4G speedtest but > VPN runs very slow still. > > Xfinity is better than cellular so I'd switch back. Any fixed cable, fiber, > wisp, or fast dsl provider should be better and more stable. > > On Sat, Mar 18, 2023, 2:51 PM Jeff Woolsey <j...@jlw.com> wrote: > > > Verizon 5G Internet Support is not at a high-enough pay grade to assess > > this problem... So I'm turning to y'all. > > > > I'm trying to save $$$ and increase speed, using Verizon 5G Home > > Internet to replace XFinity, even though they gave me a faster modem a > > few weeks ago. I run both of the modems in Bridge/Passthrough mode. > > > > A friend of mine is nice enough to offer some offsite backup space, and > > I use rsync over ssh to get there. He's 1500 miles away. He uses a > > non-standard ssh port (keeps the doorknob twisters away). This sort of > > thing has been working without difficulty over Xfinity (my end) for > > years. He also changed his connection almost a month ago now, to Qwest, > > I believe. > > > > I try the same thing over Verizon [1] and ssh always times out, no > > response. We are also NTP peers, and that doesn't work well over > > Verizon either. ICMP traceroutes and pings succeed. UDP traceroutes do > > not get any further than 207.109.3.78 (last hop before destination) . > > Not every traceroute offers TCP, but MacOS does, and nothing responds to > > any of that, even at the usual ssh port. UDP traceroutes to either port > > behave like an ordinary one, which it is. > > > > Since I can get there via xfinity, I can traceroute, ping, but not ssh > > back through Verizon. > > > > I also set up an incoming (xfinity) port from the same non-standard ssh > > port forwarding to regular ssh on a different system on my LAN, and when > > I ssh -p <port> that from Verizon (even cellphone data), I get that > > other system, and that works fine. The 207... router is not in that > path. > > > > I can also ping the Verizon connection from Xfinity (and vice versa). > > > > Go figure. > > > > [1] This same difficulty occurs in Verizon's Looking Glass, from several > > different places, and other Looking Glasses (e.g. Cogent, Equinix). It > > also occurs on my Verizon phone data connection (not WiFi). If he were > > serving more stuff out of his home, this would be a bigger problem. > > > > > > -- > > Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com > > Spum bad keming. > > Nature abhors a straight antenna, a clean lens, and empty storage. > > "Delete! Delete! OK!" -Dr. Bronner on disk space management > > "Card sorting, Joel." -me, re Solitaire > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.nanog.org/pipermail/nanog/attachments/20230318/50b770ae/attachment-0001.html > > > > ------------------------------ > > Message: 5 > Date: Sat, 18 Mar 2023 16:53:21 -0500 > From: Joe <jbfixu...@gmail.com> > To: Jeff Woolsey <j...@jlw.com> > Cc: nanog@nanog.org > Subject: Re: Verizon/Qwest single end-user difficulty vs Xfinity > Message-ID: > < > ca+zb_vgh28n+__gjm65oky6_dc6wwmguip2rw5h79r9k6uw...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > You mentioned using a non-standard port for your ssh/rsync, have you tried > changing that to something other than what your using? > Keep in mind some of these providers might be blocking non-standard ports > as this is a common method to abuse others and might be a cheaper > alternative to dealing with the constant pile of abuse complaints. > > Maybe not just a thought. > > -Joe > > > On Sat, Mar 18, 2023 at 2:51?PM Jeff Woolsey <j...@jlw.com> wrote: > > > Verizon 5G Internet Support is not at a high-enough pay grade to assess > > this problem... So I'm turning to y'all. > > > > I'm trying to save $$$ and increase speed, using Verizon 5G Home > > Internet to replace XFinity, even though they gave me a faster modem a > > few weeks ago. I run both of the modems in Bridge/Passthrough mode. > > > > A friend of mine is nice enough to offer some offsite backup space, and > > I use rsync over ssh to get there. He's 1500 miles away. He uses a > > non-standard ssh port (keeps the doorknob twisters away). This sort of > > thing has been working without difficulty over Xfinity (my end) for > > years. He also changed his connection almost a month ago now, to Qwest, > > I believe. > > > > I try the same thing over Verizon [1] and ssh always times out, no > > response. We are also NTP peers, and that doesn't work well over > > Verizon either. ICMP traceroutes and pings succeed. UDP traceroutes do > > not get any further than 207.109.3.78 (last hop before destination) . > > Not every traceroute offers TCP, but MacOS does, and nothing responds to > > any of that, even at the usual ssh port. UDP traceroutes to either port > > behave like an ordinary one, which it is. > > > > Since I can get there via xfinity, I can traceroute, ping, but not ssh > > back through Verizon. > > > > I also set up an incoming (xfinity) port from the same non-standard ssh > > port forwarding to regular ssh on a different system on my LAN, and when > > I ssh -p <port> that from Verizon (even cellphone data), I get that > > other system, and that works fine. The 207... router is not in that > path. > > > > I can also ping the Verizon connection from Xfinity (and vice versa). > > > > Go figure. > > > > [1] This same difficulty occurs in Verizon's Looking Glass, from several > > different places, and other Looking Glasses (e.g. Cogent, Equinix). It > > also occurs on my Verizon phone data connection (not WiFi). If he were > > serving more stuff out of his home, this would be a bigger problem. > > > > > > -- > > Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com first.last@{gmail,jlw}.com > > Spum bad keming. > > Nature abhors a straight antenna, a clean lens, and empty storage. > > "Delete! Delete! OK!" -Dr. Bronner on disk space management > > "Card sorting, Joel." -me, re Solitaire > > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mailman.nanog.org/pipermail/nanog/attachments/20230318/56fadc80/attachment-0001.html > > > > End of NANOG Digest, Vol 182, Issue 14 > ************************************** >
