Major inet lag at college - Admins giving us bs for an explaination??

[cw42]

For the first few weeks of the semester the inet was running perfectly fine, and very fast. Last week some serious lag issues started to come up. Internet is a bit slower, but it's most noticable in games. Games like BF2, WoW, and CS will all show pings around 800, and be completely unplayable.

So, someone goes to the admins to ask what's going on, and they blame it on too many students using routers in the dorms, and it's causing packets to get stuck in some kind of "infinite loop". Recently I just heard from another student that routers are now banned in the dorms. I've been living in these dorms for three years now, and we've never had lag this bad before.

So... are the admins feeding us bs, or is there some kind of truth in the "infinite loop"?

 

[spidey07]

Yes its true.

It can happen.

Improperly configured SOHO routers can reak havoc on a campus network causing "routing loops" and ARP/Proxy-ARP problems. A routing loop is nothing more than a bunch of routers sending packets in a cirle until the TTL of the packet eventually expires. Think of a baseball diamond where the packets should go to 1st, 2nd, 3rd and then out to the internet. In a loop they go 1st, 2nd, 3rd, home, 1st, 2nd, 3rd, home, etc.

When packets are in a routing loop from just a few bad SOHO routers the main routers processors go through the roof from processing all that crap over and over again. This causes a delay in legitimate traffic.

 

[cw42]

thx for the explaination spidey.

so why are the admins blaming us when it's their routers causing the problem?

 

[JackMDS]

SOHO Ruters = The Linksys, Netgear, D-Link, Student's Routers.

:sun:

 

[spidey07]

Originally posted by: cw42
thx for the explaination spidey.

so why are the admins blaming us when it's their routers causing the problem?

Because its not their routers causing the problem. It is the SOHO stuff.

Let's face it, you can build in security and policies to stop this stuff but at that point you are weighing the "easy vs. secure" balance.

You just can't have both. More secure in order to stop this stuff from occuring takes a considerable amount of skill and work - from a design perspective it requires CCIE level or above. That skill and work = money, and its ongoing. And as the network scales in size so does the ongoing maintenance and support. For a reasonably sized campus network of say 500 routers and 5000 switches you would probably need 5 senior level true network engineers to maintain all the crap that pops up on college networks.

Its not an easy task and all college neworks face it. Its more about "how much do you want to spend to be secure vs. just banning and enforcing the root of the problem?"

Just for fun, try this.....

Let's say your IP is 10.242.35.65. You can assume that the campus is using the 10.x.x.x address space. Plug in your SOHO router and add a static router for 10.0.0.0/8 and point it to the internal IP address of your machine. Your entire subnet will be very flaky (most likely your floor or building). If you wanna get really dirty find out what routing protocol they are using and start throwing routes into their network. Although that may get you a nice knock on the door.

 

[cmetz]

cw42, pick some random sites on the Internet, ping them. Look for any returned "ICMP Time-to-live exceeded" messages. If so, then routing loops are the problem. Otherwise, that claim is suspect.

SOHO routers are really just PAT gateways and in and of themselves unless you configured them foolishly (actively stupid configuration) they shouldn't cause problems. However, the same people who brought in a SOHO router probably have a few boxes behind it, and are in general more heavy Internet users. Personally, if it were my network, I'd encourage the use of SOHO routers as a minimal firewall rather than having students plug Windows boxes directly into a public IP address on today's Internet. But I suspect the support aspects of that would be pretty ugly, especially given that university networking folks are usually way understaffed.

Latency/lag and packet loss are typical symptoms of congestion, that is, your link(s) to the outside world are overloaded. It is extremely common for college folks' Internet links to be loaded down too much during the first month folks are in the dorms. A bunch of freshmen arrive and go to work downloading all sorts of things they shouldn't be, pigging out on the new found bandwidth. After the newness wears off, the load will settle down, some. Students will typically expand their usage to overload whatever capacity a university gives them, too. So it's really difficult to solve this problem. Hence many universities' heavy-handed approaches to bandwidth management, like just banning P2P apps - it's a desparation move trying to keep bandwidth usage in check.

spidey07, if a few loops on individual drop ports can gum up their routers' forwarding engines bad enough to degrade service, they're sitting ducks for a good DoS attack. Most SOHO routers can't themselves move more than 10Mb/s or so, while a directly attached PC can spray a whole lot more...

 

[spidey07]

Yeah - but think of some of the hardware these places are running. It may not be that modern.

I've also seen SOHO routers go haywire and cause a bridging loop (basically spitting back whatever layer2 frame they receive)/broadcast storm as well.

 

[cw42]

cmetz: Pinging is blocked on our network. My guess is to prevent virus infested pc's owned by idiots from ddosing.

 

[randal]

Originally posted by: spidey07
Yeah - but think of some of the hardware these places are running. It may not be that modern.

I've also seen SOHO routers go haywire and cause a bridging loop (basically spitting back whatever layer2 frame they receive)/broadcast storm as well.

Had a customer who was using 3x ancient linksys boxes to run their wireless network have that happen couple weeks ago. It made things incredibly unstable, and nearly non-functional. They are now the proud owner of a gigantic invoice and a leased 3810.

Oh, and very few botnets use icmp to ddos targets - almost always use frag'd udp or tcp syns.