Problem with HTTP routing

Sounds like you have MTU issues.

The configuration you quoted doesn't appear to have any special encapsulation (e.g., you aren't running over a VPN), but you can run into MTU issues on DSL circuits as DSL uses a form of PPP encapsulation (if I recall correctly)... whatever it uses, DSL almost always has a smaller MTU than plain ethernet.

Hi Jack,

As Walter suggests it sounds like it may be an MTU issue. MTU issues are USUALLY resolved automatically using Path MTU Discovery (PMTUD), however several years ago some older gear was not good at re-negotiating the true MTU and one easy way to "affect" people was to send incorrect PMTUD info and restrict users to ridiculous low MTU sizes, almost stopping them in their tracks. Going from a low MTU to a higher one is not usually an issue, its the REDUCTION in MTU value that can cause problems, especially if some traffic is marked as "Do Not Fragment").

Many ISP's used to disable PMTUD to prevent this, but that can have negative side effects and things should be much better now. MTU sizes still require some adjustment in some situations, but it should now be automatic. As a guide -

PPPoA usually runs at an MTU of 1500, which matches Ethernet exactly so no adjustment is required and no issue should appear, HOWEVER, please remember that if the target site you are picking up files from has an issue with handling MTU size then you still may be affected.

PPPoE usually runs at an MTU of 1492, which means your local Ethernet uses 1500, and your WAN link uses 1492, so some adjustment is required, however things should be automatically resolved in this situation.

If you are passing traffic through a VPN at some point then the MTU could be reduced down to around 1420 or so, but this varies depending on the specific implementation.

MTU size should be automatically handled, but in your case it sounds like it is not, with the real catch being that its probably at the other end and there may not be much you can do to sort that out if you do not manage the entire path between your 2 sites. Depending on the H/W you are using, you may be able to force the MTU LEAVING your site to be much smaller than required, and thereby bypassing the issue, but a lot of this is pure guess work.

Good luck........................pk.

It is also fairly common for people setting up routers to forget about PMTUD and to block out the ICMP packets that are needed. For PMTUD to work, ICMP Major 3 Subtype 4 "Fragmentation Needed" must be permitted from arbitrary outside hosts into any inside host that communicates with the outside. The Fragmentation Needed messages can be sent by any router (or firewall) along the path, not just from target endpoints. ICMP Fragmentation Needed can arrive in response to -any- outgoing packet, not just during the handshake, as packets can end up travelling through different paths during a connection.

ICMP 3/4 is a subset of ICMP Network Unreachable. It is not uncommon to allow all ICMP 3 through as the same major type is used for Host Unreachable, Port Unreachable, and other such communication failures.