timeout when ping target with 85 bytes

liujia 6

Sir,

A hosting produce - C2338 CPU with Intel I120 network adpater installed Windows 2019. When I ping it from Internet with default 32 bytes, it is okay. But time out when using 85 or more bytes. How to find out why package was dropped?

Pinging 51.158.148.26 with 32 bytes of data:  
Reply from 51.158.148.26: bytes=32 time=283ms TTL=114  
Reply from 51.158.148.26: bytes=32 time=284ms TTL=114

But with 85 or more bytes of data was 'Time out'

Pinging 51.158.148.26 with 85 bytes of data:  
Request timed out.  
Request timed out.  
Request timed out.  
Request timed out.  
  
Ping statistics for 51.158.148.26:  
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

If I run mtupath.exe 51.158.148.26, it shows

MTU path scan to 51.158.148.26, ttl=64, limit=48  
# 26 best MSS 84 (estimated MTU 112) [pPPPP****p*p**ppP**P**P***]  
  
  
        #1 MSS IN RANGE     1 <==    83 ==>    84  
        #2 SCAN TIMEOUT    85 <==  1379 ==>  1464  
        #3 MSS EXCEEDED  1465 <== 14919 ==> 16384  
  
[WARNING] Minimum IPv4 Internet MTU of 576 was not reached  
[WARNING] Possible PMTU blackhole in route to peer

Why this server's MTU has limited to 112 bytes?

I installed latest NIC driver from Intel or Windows update, it did not help. I have disabled Windows Firewall, but nothing was chagned. I tried to run 'netsh wfp show netevents', but there is no related block events by wfp too. If changed server from Windows 2019 to Linux, everyting is okay.

If package did not drop on network layer, it is possible happen on physical layer or data link layer? How to check or debug if package drop on them? Refer: https://learn.microsoft.com/en-us/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model

3 answers

Limitless Technology 39,351 Reputation points

2021-10-01T19:41:24.177+00:00
Hello @liujia

Please try to ping with different public ip address from this 2019 server.

Please try to ping with 51.158.148.26 ip from different machine having different subnet to check if there is any request time out.

Please check if you any VLAN configurations or NAT rules in placed at gateway or firewall level.

Try swap internal ip of Windows 2019 with Linux system to see if there are any firewall rules for static ip.

----------------

--If the reply is helpful, please Upvote and Accept as answer--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Gary Reynolds 9,391 Reputation points

2021-10-03T07:29:23.657+00:00

Hi @liujia

Have you try to repeat the test from a machine on the same network, rather than across the internet?

Some firewalls and routes support a feature to limit the maximum size of a ICMP packet that they will forward, this is to limit the potential for DDoS attacks. The details of the tests you have run above are all based on ICMP. Have you completed any tests that use TCP or UDP?

Are you seeing a problem with the service you are planning to run on the server?

Gary.
Please sign in to rate this answer.
liujia 6 Reputation points

2021-10-07T03:00:58.267+00:00

Dear Gary,

In this case, Windows 2019 IP address is 51.158.148.26, netmask is 255.255.255.0, gateway is 51.158.148.1. If I ping gateway 51.158.148.1 from Windows 2019 box with 58 bytes, it is timeout too.

C:\Users\Administrator>ipconfig Windows IP Configuration Ethernet adapter iEtherNet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:bc8:6010:215:498e:3a4c:b4c1:5ec0 Link-local IPv6 Address . . . . . : fe80::498e:3a4c:b4c1:5ec0%11 IPv4 Address. . . . . . . . . . . : 51.158.148.26 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::a293:51ff:feb7:93d5%11 51.158.148.1 C:\Users\Administrator>ping 51.158.148.1 -l 85 Pinging 51.158.148.1 with 85 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 51.158.148.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

If Windows 2019 will drop all packages which is larger than 112 bytes, then most of services can not full working, for example I can not RDP to Windows 2019.

Gary Reynolds 9,391 Reputation points

2021-10-07T09:45:55.08+00:00

Hi @liujia ,

Let's check the MTU of the network interface in case it has been changed, on the server.

Using the netsh try the following command to display the MTU

netsh interface ipv4 show subinterface "local area network"

Change "local area network" to the name of the network interface.

Gary.

liujia 6 Reputation points

2021-10-07T09:49:35.85+00:00

Dear Gary,

Windows 2019 box 's MTU is 1500.

C:\Users\Administrator>netsh interface ipv4 show subinterface "iEtherNet" MTU MediaSenseState Bytes In Bytes Out Interface ------ --------------- --------- --------- ------------- 1500 1 1058451 959507 iEtherNet

Gary Reynolds 9,391 Reputation points

2021-10-07T10:05:46.763+00:00

Hi @liujia ,

Are you able to install Wireshark on the server and capture the ping to the gateway, and see if the server is transmitting the packet. Then we will see if the problem is the server or the router causing the packet to be dropped.

Also do you you have access to router to check the MTU of the router?

Gary.

Gary Reynolds 9,391 Reputation points

2021-10-07T10:09:47.133+00:00

Also do you have another machine on the same IP subnet that you can use to test against as well?

Gary Reynolds 9,391 Reputation points

2021-10-07T11:44:48.343+00:00

I've tried pinging both your server and all the routers in between, from my end. The result would suggest that the server is not returning the ICMP packets, but without seeing the packets capture from the server is not possible to be 100% certain.

Here is the results from my end.

The routers closest to your server return the large ICMP packet.

Gary.

liujia 6 Reputation points

2021-10-08T02:43:24.76+00:00

Dear Gary,

Yes, I can installed Wireshark on the Windows 2019 box. I expored txt from Wireshark when I ping gateway using 32 bytes and 85 bytes. You check via https://pastebin.com/AzqM2nPn and find that:

a. ping gateway 51.158.148.1 from 51.158.148.26 using default 32 bytes, Wireshark can capture reply package from gateway
b. but if gateway reply package length is larger(for example, 200 bytes), then 51.158.148.26 will 'Destination unreachable (Protocol unreachable)'
c. ping gateway 51.158.148.1 from 51.158.148.26 using default 85 bytes, Wireshark just show Echo (ping) request, no reply package from gateway

I do not know the router's MTU, and I do not have another server in the same IP subnet to test. Hosting company said that - if server using Linux OS is okay, then it is not a problem related networking(not router issue).

Sometimes I will reboot server to test, so myabe ping 51.158.148.26 will timeout. It should be okay, I have tested ping using your nettools.exe.

Gary Reynolds 9,391 Reputation points

2021-10-08T07:08:25.753+00:00

Hi @liujia

Did you manage to capture the packet details for the scenario b:

but if gateway reply package length is larger(for example, 200 bytes), then 51.158.148.26 will 'Destination unreachable (Protocol unreachable)'

From looking at the packet trace it looks like the router is dropping packets.

I know you don't have another server in the same subnet, but have you tried to ping the other IP addresses in your subnet to see if there is another machine in the subnet that you can test against?

With the NetTools test I did, I had a modified version which was using a larger packet size, which is why it was showing a failure, if you search for 1.30.5.1 on the NetTools website there is a new version that includes the ability to specified the ping size.

Gary.

liujia 6 Reputation points

2021-10-08T07:48:14.577+00:00

Dear Gary,

I expored ping-gateway.pcapng file from Wireshark too, but looks like .pcapng is not allow to attach here, so I uploaded here: https://we.tl/t-3Wris8Cljf

ping 51.158.148.29 from 51.158.148.26 with 85 bytes will timeout too.

C:\Users\Administrator>ping 51.158.148.1 -l 85 Pinging 51.158.148.1 with 85 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 51.158.148.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\Administrator>ping 51.158.148.29 -l 85 Pinging 51.158.148.29 with 85 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 51.158.148.29: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\Administrator>ping 51.158.148.29 Pinging 51.158.148.29 with 32 bytes of data: Reply from 51.158.148.29: bytes=32 time<1ms TTL=64 Reply from 51.158.148.29: bytes=32 time<1ms TTL=64 Ping statistics for 51.158.148.29: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\Administrator>

If you ping 51.158.148.26 using NetTools with 100 bytes(more than 85 bytes), then it will show timeput result.

Gary Reynolds 9,391 Reputation points

2021-10-08T10:37:06.117+00:00

Hi @liujia

If I ping the IP addresses either side of the .28 node with a ICMP packet size of 300 bytes I get this results, which would indicate that the router is working ok with larger packet sizes.

Do you have a packet trace of the ping to from 51.158.148.26 to 51.158.148.29, to see if there is anything strange in the packet trace.

A couple of additional questions:

Have you installed any additional software on the servers?

Is the servers a default install?

Have you tried to disable IPv6 to make sure this is not causing any issues?

Have you installed any AV software on the server?

Do you have NAT'ing enabled on the server?

Is the IP address configured on the server 51.158.148.26? Gary.

Gary Reynolds 9,391 Reputation points

2021-10-08T11:12:23.837+00:00

Could you share the output of ipconfig /all

liujia 6 Reputation points

2021-10-08T13:46:25.397+00:00

Dear Gary,

You can ping other IPs(23, 24, 25, 27-30) with 300 bytes, maybe they are not Windows, If I reboot Windows 2019 box and load to a resucreOS(ubuntu live OS), 51.158.148.26 can be ping with 300 bytes too.

ping 51.158.148.28 from 51.158.148.26, there is no different result with 51.158.148.1, it will timeout if ping with more than 85 bytes.

I tried to install Windows 10, Windows 2008 on the same box, has similar result.

no additional software

most like default install

disabled IPv6 from dedicated server control panel is not help

disabled Windows firewall and Windows defender, not help too. No other AV software

no NAT configured
Sign in to comment
Gary Reynolds 9,391 Reputation points

2021-10-08T23:00:07.69+00:00

Hi @liujia

With the packet captures we have completed so far, we are capturing the packets seen by the network stack and not what has been transmitted on the wire. Really we need to see what is being sent by the server on the wire but without another machine, or help from your hosting company I'm not sure we will be able to get any more information.

I've seen weird networking issues before that are caused by the offload features in the driver, I think the next thing to try is to disable all the optimization features in the network card driver properties and see if this fixes the issue.

Based on the Intel i210 network card and this page ethernet-products.html I would recommend that you disable the following settings:

Jumbo frames (jumbo packets)
Large send offload
Adaptive inter-frame spacing
Flow control
Interrupt moderation rate - Off
Receive Side Scaling
IPv4 checksum offload
TCP checksum offload
Offload transmit IP checksum
UDP checksum offload

I would check that the transmit and receive buffer settings I wuld try increasing them, but also set them to 0 and see if this makes any difference.

I know your hosting company has told you that the server is a Dell, but I can't find any information
on Dell server\machines that having Intel Atom C3250 processor, but that might be because the processor was released back in 2013. The other thing that doesn't make sense is that the MAC address of your machine is associated to ADI Engineering and not Intel. ADI Engineering specialise in embedded single board computers, which might explain why your hosting company has said that it doesn't support Windows as the board might not be tested or certified for Windows. May be ask them.

Give the network options a try and see if that fixes the problem, if not, then my suggestion would to send a network capture of the issue to the hosting company and try to get them to do a packet capture from the router or another machine on the network segment to see what is being transmitted by the server when you have an ICMP over 85 bytes.

Gary.
Please sign in to rate this answer.
liujia 6 Reputation points

2021-10-09T03:44:11.707+00:00

Dear Gary,

I tried to disabled offload features and checksum before, as https://learn.microsoft.com/en-us/powershell/module/netadapter/disable-netadapterchecksumoffload?view=windowsserver2019-ps and https://docs.hetzner.com/robot/dedicated-server/troubleshooting/performance-intel-i218-nic/

And I tried to increase ReceiveBuffers to 2048(max) or 80(min) via Intel proset software, but not help.

I asked help from hosting company before, he said he do not support Windows and can not capture packages or diagnosis at network level for me
I asked help from Intel before, he said I120 is a nature produce, it should not be a driver problem.
I asked help from Dell before, he said I did not have service tag, so can not support.

Maybe have to try ask ADI Engineering for help.

Gary Reynolds 9,391 Reputation points

2021-10-09T22:06:18.507+00:00

Hi @liujia

From a few other forums I've seen that you have been chase this problem for a few months now, and if the hosting company is not willing or able to help you resolve this issue, I think there are only couples options available.

Contine to chase the problem, with no guarantee that you will be able to resolve the problem, or cut your loses and change to a different server type or hosting company that does support Windows based servers.

Sorry I wasn't able to help.

Gary.

liujia 6 Reputation points

2021-10-10T00:01:23.89+00:00

Dear Gary,

Thanks for your time and suggestion. You are a good man.
Sign in to comment