[384.12_Alpha - builds] Testing all variants.

[skeal]

my concern is i have some coming back saying "incorrect"

00:00:00.491488 IP6 (class 0x20, flowlabel 0xf5a7f, hlim 60, next-header TCP (6) payload length: 20) one.one.one.one.853 > 2001:558:6043:2a:68eb:dda7:d65f:1456.37551: Flags [F.], cksum 0x1d6d (correct), seq 3419, ack 516, win 29, length 0
        0x0000:  620f 5a7f 0014 063c 2606 4700 4700 0000  b.Z....<&.G.G...
        0x0010:  0000 0000 0000 1001 2001 0558 6043 002a  ...........X`C.*
        0x0020:  68eb dda7 d65f 1456 0355 92af 5199 0378  h...._.V.U..Q..x
        0x0030:  5e37 cde5 5011 001d 1d6d 0000            ^7..P....m..
00:32:54.604003 IP6 (hlim 64, next-header TCP (6) payload length: 20) 2001:558:6043:2a:68eb:dda7:d65f:1456.37551 > one.one.one.one.853: Flags [.], cksum 0x7b31 (incorrect -> 0x1b60), seq 516, ack 3420, win 554, length 0
        0x0000:  6000 0000 0014 0640 2001 0558 6043 002a  `......@...X`C.*
        0x0010:  68eb dda7 d65f 1456 2606 4700 4700 0000  h...._.V&.G.G...
        0x0020:  0000 0000 0000 1001 92af 0355 5e37 cde5  ...........U^7..
        0x0030:  5199 0379 5010 022a 7b31 0000            Q..yP..*{1..

does this imply i have insecure connections coming back...

Could be, not all sites support DNSSEC for instance.

 

[Swistheater]

i am thinking the reason why it comes back with the checksum incorrect could imply that this is an issue with the routers detection?---- ,but i don't see how that is when L&LD has them coming back all "correct".

See https://www.wireshark.org/faq.html#_why_am_i_seeing_lots_of_packets_with_incorrect_tcp_checksums

i see this would be useful if it was coming from a machine wireshark is installed on.. maybe you can elaborate @dave14305

 

[dave14305]

i am thinking the reason why it comes back with the checksum incor

i see this would be useful if it was coming from a machine wireshark is installed on.. maybe you can elaborate @dave14305

Assuming the router is doing TCP checksum offloading, it’s the same scenario, just with tcpdump instead of Wireshark doing the capturing. Nothing is wrong with the output you see, since it seems to be the outbound direction showing “incorrect.”

 

[Swistheater]

Assuming the router is doing TCP checksum offloading, it’s the same scenario, just with tcpdump instead of Wireshark doing the capturing. Nothing is wrong with the output you see, since it seems to be the outbound direction showing “incorrect.”

My main concern is the checksum is one method allegedly used to determine the privacy of DoT

 

[dave14305]

My main concern is the checksum is one method allegedly used to determine the privacy of DoT

Says who? Don’t worry about the underlying TCP protocol since the TLS tunnel for DoT will ensure the security of the transfers.

 

[ColinTaylor]

My main concern is the checksum is one method allegedly used to determine the privacy of DoT

I don't think so. TCP checksum offloading happens at the local link level. You're thinking of something else.

 

[Swistheater]

Says who? Don’t worry about the underlying TCP protocol since the TLS tunnel for DoT will ensure the security of the transfers.

my point is that dot is suppose to be end to end encryption. if some how a checksum got sent incorrectly could imply manipulation. that is what i was under the assumption that the test was for. maybe i should not believe everything i read.

 

[Swistheater]

Assuming the router is doing TCP checksum offloading, it’s the same scenario, just with tcpdump instead of Wireshark doing the capturing. Nothing is wrong with the output you see, since it seems to be the outbound direction showing “incorrect.”

i am not too concerned since like you said they are only in the outbound.. all of my inbound are correct..

 

[skeal]

I'm trying to check LAG operation. Link aggregation (or 802.3ad). Anyone here know how to check if it is operational?
EDIT: LAN side not WAN side.

 

[Swistheater]

I'm trying to check LAG operation. Link aggregation (or 802.3ad). Anyone here know how to check if it is operational?
EDIT: LAN side not WAN side.

are you trying to run a NAS ? or bridge connections?

 

[skeal]

are you trying to run a NAS ? or bridge connections?

It's called bonding or twinning. Using two Ethernet connections between router and downstream switch.

 

[Swistheater]

It's called bonding or twinning. Using two Ethernet connections between router and downstream switch.

okay that is what I was trying to determine what you were trying to do. I know you can do it with a NAS two Ethernet cables to a supported NAS, and also it can be done with a modem via WAN aggregation if your modem supports it. I didn't know it can be done with a switch, but i would have to assume that it would need to support it, if it did, would it only support the higher bandwidth of transfer speeds on your network?

 

[Gar]

The local caching setting only impacts traffic originating on the router itself. It does not impact clients.

Might a streaming service like directv now mess up if running through dot? I haven't experimented because others are relying on the router right now. Wondering if dot and cache is interacting with it somehow.

Edit: disregard

 

[skeal]

okay that is what I was trying to determine what you were trying to do. I know you can do it with a NAS two Ethernet cables to a supported NAS, and also it can be done with a modem via WAN aggregation if your modem supports it. I didn't know it can be done with a switch, but i would have to assume that it would need to support it, if it did, would it only support the higher bandwidth of transfer speeds on your network?

It's all setup on the switch, I just want to check if the router has bonding working. I can see log entries early in the boot process saying that bonding isn't up yet, but it never says when bonding is working. I would like to know how to restart the service.

 

[Swistheater]

It's all setup on the switch, I just want to check if the router has bonding working. I can see log entries early in the boot process saying that bonding isn't up yet, but it never says when bonding is working. I would like to know how to restart the service.

is it via static manual LAG setup style? do you have a link you could provide to the switch to help describe the setup?

 

[skeal]

is it via static manual LAG setup style?

The setup on the switch is easy and the setup on the router is one setting.

 

[RMerlin]

All clients are faster, including when I VPN into my network on my phone. The more powerful and the faster the client is, the more noticeable it is to me. When loading pages with graphics (like the guru3d Asus 2900 review), the pages load in total, not pixel by pixel or line by line.

Image load time have also nothing to do with DNS. Assuming all images are on the same server, then there is one single query sent at the start of the page load, and the result is cached by your client's own DNS cache.

Are you sure your problem isn't that you are switching between local DNS and non-EDNS capable DNS, which force you to load content from a non-optimal CDN node?

 

[L&LD]

Image load time have also nothing to do with DNS. Assuming all images are on the same server, then there is one single query sent at the start of the page load, and the result is cached by your client's own DNS cache.

Are you sure your problem isn't that you are switching between local DNS and non-EDNS capable DNS, which force you to load content from a non-optimal CDN node?

Pretty sure that's not the case (non-EDNS capable DNS).

From what you offer, I guess that most sites don't have their images stored on the same servers as their main websites.

Either way, I tested it again briefly today and there is no doubt that caching is noticeably faster for my environment. Even after clearing the browser cache and rebooting the client devices I tested with, along with the router after I made any changes.

If anything, when I was using the ISP DNS servers, I should have seen a theoretical much faster response to websites. They cache all requests too.

 

[RMerlin]

From what you offer, I guess that most sites don't have their images stored on the same servers as their main websites.

They might not, but they certainly don't host each image on different servers. So, first image which might be hosted for instance on static.mywebsite.com will generate one DNS lookup, and that query result will get cached by your OS (and often by the browser itself), so it only gets queried once. And with a typical TTL of 60 mins, then the reply will stay in cache for at least an hour.

DNS queries are heavily cached, at multiple levels. This is another reason why I keep telling people to ignore those fancy DNS benchmark tools that are totally useless. Query gets sent once (and only once), and then the result gets cached for the record's TTL.

 

[L&LD]

They might not, but they certainly don't host each image on different servers. So, first image which might be hosted for instance on static.mywebsite.com will generate one DNS lookup, and that query result will get cached by your OS (and often by the browser itself), so it only gets queried once. And with a typical TTL of 60 mins, then the reply will stay in cache for at least an hour.

DNS queries are heavily cached, at multiple levels. This is another reason why I keep telling people to ignore those fancy DNS benchmark tools that are totally useless. Query gets sent once (and only once), and then the result gets cached for the record's TTL.

I don't use benchmark tools.

We're in total agreement there.

I also agree that the images won't be on different sites either. But my issue and at least one other person was that originally, checking for updates in amtm was taking 2 minutes or more (for 8 scripts including amtm).

Thank you for the additional information, but this is the best set up as-is. All websites load as they should, no issues at all. The extra responsiveness is just a bonus I don't want to forgo right now.