Dark Fiber, Sonicwall, PPOE and Macs

Recently a client of mine had the opportunity to get a Fiber Optic connection to his office. Verizon in many areas is making this service, called FiOS available. They certainly can provide a lot of services with this type of bandwidth. Phone, internet and video are their current focus it seems.

Anyway, we cut over the internet connection, which in this case is handled by a Sonicwall TZ170. It was connected to a cable modem using DHCP and running NAT and we switched to a PPOE connection with credentials again NAT'ing. We set the MTU to 1490 and told the Sonicwall to fragment outgoing packets as necessary. Checked connection from the windows server, worked great, desktops great. And I thought we were done, another routine day.

Well you know how that goes, anytime it seems too easy there is always a tiger lurking.

This time is was the Mac's. Yep the Tiger OS was waiting to pounce. It seems that the Macs connected, and could ping hosts, but web sites and mail were not working. Actually web sites with little content like say Google worked fine, but cnn.com or apple.com did not. The bad sites would start to load, but never finish, usually hanging on large graphics....

Turns out the Macintosh machines Ethernet interfaces (both airport and Ethernet) are set to a mtu of 1500 and for some reason the Sonicwall was not able to fragment the packets on the way out. Changing the mtu to 1490 with ifconfig:

ifconfig en1 mtu

This seemed strange and inconvenient. And while I have a familiarity with Macintosh machines of all types, I have not spent much time with OSX. I can survive the experiences because of all the years of linux/unix. I tried to get the machines to set their interfaces via an rc.local type of approach, but it wasn't working like BSD the way I remember it. So I visit Apple with one of the windows machines and find a super helpful doc that outlines how to set the mtu via a Startup Script. In my opinion they have the startup methodology worked out well, it's very organized, and seems very reliable.

As for the issue with the Sonicwall, I've notified Sonicwall of the issue and they are looking into it.

I have a sneaky suspicion that the Windows machines were not using an mtu of 1500, I swear I remember reading an article about windows mtu somewhere that mentioned windows has a low default frame size. I was unable to find this document tho. If you know I'd love to hear from you.

Anyway, it won't bee too long before my next post.

Till Next Time,

Sean Riley
President, DogRiley