7 Replies Latest reply: Aug 3, 2011 11:03 AM by slttan RSS

    How can I watch remote Solo from behind FIOS Actiontec?

    mufc1999

      Hi all,


      I just switched to FIOS internet service few days ago and since moving from Verixon DSL, I am not able to watch a remotely located Solo box. I am able to watch the Solo ok using other service providers so there is no problem at the remote location.

      The problem seems to be that the return traffic coming back from the remote Solo is not able to pass back through the Actiontec MI424WR router to the Sling player software. I am able to initially connect to the Solo and from there everything goes bad, no video shows and a packet trace shows the end points communicating and eventually the Sling player SW reports being unable to connect.

       

      The Actiontec security log is reporting illegal packets coming from the Solo remote IP address and mention of disallowed packet fragmentation.I am not clear if it's just a case of needing some rules to allow the return traffic or if it's something else.

       

      Here's an extract of the log:

       

      Jun  9 19:24:53 2010    Inbound Traffic Blocked - Illegal packet
      options TCP Fragment <Solo IP-><FIOS IP offset: 1432 on clink0
      Jun  9 19:24:54 2010    Inbound Traffic Blocked - Defragmentation
      failed  Fragmented packet, packet exceeds: TCP
      <SOLO IP> -> <FIOS IP > on clink0
      Jun  9 19:24:54 2010    Inbound Traffic Blocked - Illegal packet
      options TCP Fragment SOLO IP -> FIOS IP offset: 1432 on clink0
      Jun  9 19:24:54 2010    Inbound Traffic Blocked - Defragmentation
      failed  Fragmented packet, packet exceeds: TCP
      <SOLO IP> -> <FIOS IP > on clink0
      Jun  9 19:24:54 2010    Inbound Traffic Blocked - Illegal packet
      options TCP Fragment <SOLO IP> -> <FIOS IP > offset: 1432 on clink0
      Jun  9 19:24:54 2010    Inbound Traffic Blocked - Defragmentation
      failed  Fragmented packet, packet exceeds: TCP

       

       

      Anyone have an idea of what rules I would need to add to get this to work? In the past for slingbox use, I've only ever had to configure a router to allow connecting to a slingbox inside the network - never had to do anything to allow the return traffic back in to my source network. Isn't the latter usually handled by session state management on the router so it knows which requests were initiated from behind it and what to allow back in?

       

      Regarding the illegal packet and fragmentation messages etc, I can't find much online to suggest this is a common problem - and the frag error doesn't make much sense as the Actiontec MTU is set to 1500 (automatic) and the router at the Solo location is set to a lower 1430-something (can't connect to the router right now to see).

       

      Could it be the actiontec is set to MTU 1432 - and my Solo router has to fragment and the Actiontec won't allow it? The MTU settings on the Actiontec are as above 1500 and I'm hesitant to change them without knowing how it will affect the other services.

       

      Anyway, I'm a bit stumped and be delighted to get advice; I miss my Solo!!

       

      Thanks for any help.

        • Re: How can I watch remote Solo from behind FIOS Actiontec?
          eferz Expert

          The thing I could suggest is to make sure the router local to the Solo has port forwarding for both UDP and TCP.  Allowing the Slingplayer to negotiate UDP packets instead of TCP might let you get away with it.  But in all honesty, I'd open a ticket with Verizon or Actionec.  Obviously it has  something to do with the firewall's packet flow handling.

            • Re: How can I watch remote Solo from behind FIOS Actiontec?
              mufc1999

              Thanks a lot for the suggestion. The remote router wasn't forwarding to the Solo port for UDP so I enabled that; unfortunately it doesn't seem to be making any difference.

               

              Is that what you meant? Just want to be sure I understand correctly in case I didn't change the router correctly.

               

              I'm packet tracing it in wireshark and I don't see any evidence in the log of the sling player trying to do anything via UDP after it has issues with TCP.

                • Re: How can I watch remote Solo from behind FIOS Actiontec?
                  eferz Expert

                  Yep, you got it right.  Enabling UDP forwarding on the router for the Slingbox was my recommendation.

                   

                  Very odd that its not at least falling back to UDP.  Its a shame since, UDP datagrams would have bypassed the TCP MTU issues.  Maybe its possible that it needs to initiate via TCP first then it uses UDP while it goes through "optimizing" the SlingStream.  I'm not entirely sure how the sessions are established and maintained.  But, I do know that while using the Slingbox in a remote office, enableing UDP port forwarding gave me better performance.

                   

                  As for your question about Maximum Transmission Unit (MTU) setting.  It defines largest protocol data unit that the it can pass onwards.  By today's standards 1500 is normal since it complies to both Ethernet 802.3 and v2 standards.  However, the MTU path determines the actual MTU transmission.  This is determined by the all the devices that exists between you and the destination.

                   

                  So, for example, lets say you have 5 hops between you and Slingbox.  If all the routers between you and that slingbox have a 1500 MTU setting then that's the size it will use.  However, if one device in the chain is set to 600 then the actual MTU transmission would be 600.

                   

                  Why tweak MTU size?  Well, the lower size can make it more reliable.  If the indivdual fragments are dropped then the smaller size will have less noticible affect if the packet is rebroadcasted.  Larger settings can make it more robust.  Since the protocol overheads encapsulate each packet then more time is given to the data rather than processing the overhead.  This is generally why local area networks with Gigabit will employ Jumbo Frames to allow large MTU threshold.  However, the public WAN shouldn't be set to anything than higher 1500 since that's generally what should be out there.

                   

                  I still think you should consult either Verizon or Actiontec regarding your issues.

              • Re: How can I watch remote Solo from behind FIOS Actiontec?
                pjpiranha

                Hello, did you eventually solve this issue. I have exactly the same issue and Verizon simply told me to ensure 5001 udp/tcp are enabled at the SB location(France). This is obviously correctly setup as when I run slingplayer from my office (New York) I can connect and video streams perfectly. However from home in Brooklyn from behind a ActionTec Verizon router I get a connection error saying that the Video cannot be rendered.

                 

                Sounds like the same problem, how did you solve it?

                 

                Thanks in advance

                  • Re: How can I watch remote Solo from behind FIOS Actiontec?
                    mufc1999

                    Sorry - I only saw your message now; hadn't been viewing the board recently.

                     

                    It was a bit later but I did make progress thanks to the previous suggestions from eferz. I wasn't sure about the UDP vs TCP stream aspect and after eventually became more focused on the issue of MTU size between my Slingplayer SW and the remote Solo. The remote box had always been accessible fine anywhere else when not on the LAN behind my FIOS Actiontec.

                     

                    The Actiontec logging made it a possibility that the packet was getting fragmented on the Solo side. I also checked the MTU ping test (see this link for an explanation   http://help.expedient.com/broadband/mtu_ping_test.shtml)

                     

                    I revisited my remote Solo's router (Netgear) MTU setting and found it quite low at 1430-something (quite lower than the typical 1492 or 1500) so I was thinking that the Netgear was having to fragment the return packets and that was causing the issue at the Actiontec. I don't recall for sure now why I decided on using 1492 for the MTU but I think it was because when doing the MTU ping test that's what came out as optimal from my home PC. So I changed the MTU on the remote Netgear to be 1492 - and it started working from my main PC on the local LAN behind the Actiontec whose MTU was already 1492.

                     

                    I continued to have the issue on a laptop using wifi on the same local lan until I set it's wifi interface MTU to 1492 and after that it was also working.

                     

                    Ironically, i've just noticed that I have the same fragmentation errors when using an iphone on wifi (whose MTU I am not in control of and it's 1500 I believe
                    ) so I think I may need to readjust the remote Netgear again to 1500 at a later time and see if it resolves it (not able to do it currently). I have a similar connection issue using a Slingcatcher (local behind Actiontec) which feels related.

                     

                    Why the Actiontec is logging and appears to have a problem with all fragmented packets I have no idea. There isn't much info online about those error messages and searching them gives you the router manual where they are quoted and not much discussion or meaning. I tried several times with Verizon and they had Actiontec on the line at least once and I didn't get any insight as to what is the issue.

                     

                    From where I am now with this, it seems that either you have to be in control of the MTU setting for all the endpoints (and as eferz wrote there still can be some intermediate point that can require fragmentation)  - or there has to be some way to adjust the Actiontec to cope with the fragmentation.

                     

                    Hope it helps but let me know if you any questions or if something I wrote isn't clear.

                  • Re: How can I watch remote Solo from behind FIOS Actiontec?
                    nealwald

                    After spending 2 full days researching this issue the answer turns out to be quite simple. Slingplayer and the website viewer will work.   You need to change the MTU on your FIOS Actiontec to 1492 from 1500 which is what it is set to as default.   Here is the link how to change your MTU setting.http://www.actiontec.com/support/product_details.php?pid=213&typ=all#q28

                     

                    It is troubling that neither Slingbox or Verizon had the answer to this issue.  Even Actiontec discourages you from making this change but it is the resolution.