My end to ISP fustration: openvpn with a VPS

My end to ISP fustration: openvpn with a VPS

geoffrey mendelson geoffreymendelson at gmail.com
Sat Feb 6 23:04:57 IST 2010 

On Feb 6, 2010, at 10:24 PM, Gadi Cohen wrote:
> Some more on this for those interested... it looks like NV just have  
> some special rules that go into effect during times of peak  
> traffic.  My speeds and email are fine most of the time, but in the  
> evenings this weekend suddenly my slightly less regular mail ports  
> (587, imap ssl on 993) are blocked again and certain intl bandwidth  
> is down to 6k/sec.  During such times, I can tunnel through the VPN,  
> access my email and download at normal speeds again.



I think it's far less sinister than that. While every ISP does traffic  
shaping, they also oversell their bandwidth. No matter how good your  
QOS routing is, you are not going to get good performance with less  
than 100 byte long compessed header SIP packets, when the lines are at  
99% capacity with 1400 byte P2P or video packets.

Since voice and video protocols are usually UDP based, they don't even  
get out of the starting gate as it were. The packets expire in the  
queue and although many arrive, the application discards them.

There is also a feature of DNS which uses UDP packets up to 2048  
bytes. It's part of the EDNS support and can not be globally turned  
off. The best you can do is to set the maximum sent and received  
packet size to 512 bytes, which is the fallover size when the larger  
packets fail. I have read pages after pages of comments about it by  
people supporting bind, and if your router/firewall can't support UDP  
packets of 2k, then it's your router's fault.

Well yes it is, my router has an mtu of around 1452  bytes, and no I  
can't change it. If your application breaks because every router in  
the country can't support UDP packets that big, at least fix the  
application enough to let globally turn off the option.

The same with DNS security, many users have reported that it  
quadruples DNS query time. Not a problem until your queries take 3 to  
4 seconds without it. Rare, but it happens to international ones  
during peak load.

I do have a mea culpa about that, I recently switched to google DNS,  
which most of the time is great, but if the lines are clogged, the  
lines are clogged,

As for netvision blocking ports, they started that a year ago. I  
complained, and since I have a commercial account, I was told they did  
not block any ports, and since then they have not. Up unitl a month  
ago I used a ssh tunnel to send and receive email to my provider, but  
have since gone back to using 587 and sasl pop3.

Things have been so bad on my aDSL line for a week that not only did  
it crash every 2 or 3 minutes but after several hours of crashing my  
router would jam my network and everything would stop. Since I have  
been sick and unable to hold a conversation longer than about 5   
words, I just turned off the router and left the line unused. A friend  
called me to wish me shabbat shalom and ask how I was feeling, he  
mentioned that his aDSL line was not working well in what turned out  
to be a similar situation. He is still in Jerusalem, but at the other  
end of town.

Geoff.

-- 
geoffrey mendelson N3OWJ/4X1GM
Jerusalem Israel geoffreymendelson at gmail.com
New word I coined 12/13/09, "Sub-Wikipedia" adj, describing knowledge  
or understanding, as in he has a sub-wikipedia understanding of the  
situation. i.e possessing less facts or information than can be found  
in the Wikipedia.

More information about the Linux-il mailing list