In our move to New Zealand, we’re trying to cut costs by buying used items where we can. We lucked into finding some graduating college guys who were clearing house and selling everything, so we bought a bunch of stuff for a good deal.
Amongst this stuff was a DSL modem/wireless router. We definitely needed such a beast, and new ones here are ungodly expensive, so that was cool. However, it was made by D-Link. I’d had limited experience with D-Link products, but I wasn’t particularly impressed b them. It was only a vague ambivalence, and it still seemed a good deal, so we went with it.
We get it home, and first thing I find is it has a British-style power plug on it, which is not at all the same as a New Zealand plug. The guys who sold it to us were, I believe, Malaysian, and it turns out they must have brought it from Singapore (which apparently uses British-style outlets). Not really the router’s fault, but not a good omen.
So I set it up and it seems to mostly work. The administration website is horrifically designed, but how often do you have to deal with it? All the time, as it turns out, as it doesn’t seem to hold persistent settings very, well, persistently. But it still mostly works, so OK.
But Sheila starts having problems going to certain web pages. Can’t check her e-mail. Can’t log into her bank account. Most any secure page just doesn’t work. Just sits for a few seconds…then nothing. My Mac, however, had no issues (which of course led to more gloating on my part).
Thought at first it could be some malware, but she’s pretty careful about that, and it didn’t feel like it. Seemed like timeouts, like the bloody router was dropping packets. (Unfortunately as a combo modem/router, we couldn’t take it out of the picture to verify.)
Futzed around a bit, did some Googling…saw others with similar problems but no solid solution. So finally I sit down to have a better look at it. Install Wireshark (what they’re calling Ethereal these days, if you were unaware or forgot like I do every time I learn the new name). Capture packets during a failure…and it’s immediately apparent: nice, black-highlighted lines, ICMP messages from the router, saying ‘packet dropped; too large for next hop, fragmentation required’. Yeah, MTU stuff, which I kinda guessed.
So I learn a bit about PMTUD, or ‘Path MTU Discovery’ protocol. It’s a way of dynamically optimising MTU to a particular destination by first sending larger packets, looking for responses saying, ‘nope, too big’, and sending again, making them smaller till they fit down the Intertubes.
In my case, MTU from the router out to the Internets was set to the provider-specified 1492, which sounds appropriate for a PPPoE DSL connection. The ‘too-large’ packets were 1500 bytes, which, checking my calculator, is larger than 1492. So, yeah, problem.
But the router told the computer that it’s all whack. Why don’t it listen?
Looking at the response ICMP packet a bit further, the info about the failed packet ain’t right! TCP sequence numbers don’t match and are huge. Checksum failed. On all of them. So it’s like going to the drive-thru and all you hear through the loudspeaker is garbled static. You try a few more times, “I WANT A CHEESE BURGER PLEASE”, but eventually you give up and drive off.
Okay, terrible analogy. But I’m guessing that the computer’s IP stack couldn’t correlate the response with the original packet, so it thinks it was just lost, and tries again a few times then gives up. (Why no problem on my Mac? Dunno…maybe it has a smaller max MTU. Maybe it doesn’t set ‘do not fragment’. Maybe it makes a guess at correlating, or decreases the packet size on retries if it sees no response. I’ll have to check it out.)
So, first thought: firmware upgrade on the router. I look and see it’s running what appears to be version 1.00 beta, which sounds old to me. So I go to dlink.com and find the download page and see a pretty-recent 2.00 version and think, ‘cool!’. Then I see the big warning saying how ‘this firmware is engineered for North American products only and using it on another product may render it inoperable’, and think ‘crap!’. So I check out the Singapore support page, and find a couple of inconsistent links to various downloads, with specific versions for Thailand and some for Singapore…is that really necessary?! Most of them are pretty old, and most seem to say ‘only for ADSL2 connections, breaks ADSL1′. Some appear to be for very-particular bug fixes, but they’re just in a plain directory listing, no info to go on. There’s a reference to the firmware shipping with it, which is still the same bloody beta version that I already have!
Eventually I get scared and give up on that path. Figure out a way to adjust global MTU on the machine to 1492, and all is golden. Not a great solution, but a workable one.
So what’s my point here? Well, if somebody else has this problem and Google points them here, maybe they’ll find a solution hidden amongst my ramblings. And also to note that you can just see the chaos and ad-hoc nature of sofware development at D-Link, from the outside. From the terrible design of the software, from seeing the (presumed) bugs in the software, from seeing that they have different software for every bloody country they sell to! I’ve been in enough bad-enough development environments to know the signs, but for me they’ve had the good grace to collapse before going to market.
Or, in short: I think I’ll avoid buying another D-Link product in the future.