Post by: nortoneye on November 19, 2018, 03:37:02 PM
jim >:(
Post by: TwinStar on November 19, 2018, 06:46:39 PM
Post by: nortoneye on November 19, 2018, 08:08:39 PM
Thanks for the reply
Post by: William Brillinger on November 20, 2018, 11:27:24 AM
One of our group members (the other Tim) built a suite of tools to help diagnose this.
https://rpug.pdc.ca/index.php/topic,706.0.html
Hopefully he will chime in here if your backup program isn't the issue.
Post by: nortoneye on November 26, 2018, 08:34:45 AM
jim
Post by: nortoneye on November 26, 2018, 02:35:38 PM
jim
Post by: G8B4Life on November 27, 2018, 05:16:23 AM
Quote
I did the port 80 test and it;s open.
Did you use the UDP Test tool to check?
- Tim
Post by: nortoneye on November 27, 2018, 07:00:14 AM
Post by: G8B4Life on November 28, 2018, 06:27:38 AM
Quote
i did use the tool to test port 80, it indicated it was open, the ISP folks said it was not open on their router, so they reconfigured
There's a couple of ways to read what they said. When they said "their router" they could have meant the CPE (Customer Premises Equipment) router if they supplied one to you for your internet (many ISP's can remotely configure CPE that they have supplied) or most likely they could have meant the router at their end. Without knowing which tests in the test tool you ran and how you ran them there's a couple of things that could be going on.
1. Your ISP blocks inbound port 80 traffic.
2. Your ISP uses carrier grade NAT (Network Address Translation) and blocks inbound port 80 traffic.
By giving you a static IP address (sometimes called a public IP address in the case of point 2) what this allows them to do is to open the port up just for you and nobody else.
You can talk to your ISP again and ask them if you do need the static IP address or not. Tell them the Ring software you use communicates outbound and inbound via udp on port 80 (and it's fixed, the ports cannot be changed). They should be able to let you know from that information whether you do or not.
- Tim
Post by: nortoneye on November 28, 2018, 10:54:01 AM
the ISP support folks indicated the fiber optic network they have connects differently than a cable based network-we did try to open port 80 and connect with a dynamic IP, but it would not connect without assigning a static IP...don't know if this will be a problem with fiber optic based networks or not..I'll mention it to Tim Ring as well--thanks for your suggestions!
Jim
Post by: G8B4Life on November 28, 2018, 08:58:33 PM
Who is your ISP if you don't mind me asking (you can PM me the answer if you don't want to make it public). Their description of "connects differently" does sound like they use some type of Carrier Grade NAT and I'd like to see if I can find out anything about the technology they use.
Expanding on this a bit, even with a static IP address you could technically (but unlikely) still be behind Carrier Grade NAT but the static address means your ISP can open a port up just for you and no one else as I mentioned earlier. If your interested in finding out whether you have a public routable IP address or a private IP address (CGN) you can try a couple of things.
The best way: you can check whether your IP address reported by websites like www.whatismyip.com (http://www.whatismyip.com) and the WAN interface IP address (you'll need to log into your router to check this IP address) match, or, the second best way, you can run the Traceroute test in the UDP test tool and check if any of the IP addresses after the first Hop (especially the second Hop) are in the private address range thus:
10.0.0.0 -- 10.255.255.255
172.16.0.0 -- 172.31.255.255
192.168.0.0 – 192.168.255.255
100.64.0.0–100.127.255.255
The first three are common to the LAN side of your router and you'd see an address in one of those ranges as the first Hop if you do the traceroute test. The fouth range is a dead giveaway of GCN.
- Tim
Post by: nortoneye on November 29, 2018, 02:42:36 AM
my ISP is Paul Bunyan Communications in Bemidji, Mn, a local cooperative that has invested heavily in fiber optics which they promote as "the Giga Zone" as they have speeds of up to a gigabite/sec. Great for streaming and downloading versus the 100MB speed of my prior cable based provider.
I did send an email to Tim Ring regarding this issue.
Jim
Post by: G8B4Life on November 29, 2018, 06:53:30 AM
Quote
Our GigaZone service requires the purchase of a globally routable IP address ($10/month) to remove the basic firewall.
While they are talking about their firewall service in the webpage what it means in this instance is that they can't configure their CGN equipment to work with RPA, and it's almost certainly due to the fixed inbound port number.
- Tim
Post by: nortoneye on November 29, 2018, 07:24:55 AM
Thanks for figuring this out-at least now I know what the issue is/was. The extra charge is kinda a pain, but the connection speed is nice to have. On the flip side as members of the cooperative, we receive a dividend check that should cover the added expense.
Now I'm waiting for more steam sounds......
jim
Post by: nortoneye on November 29, 2018, 03:15:05 PM
I did send the info to Tim Ring
Info
9:58 AM (5 hours ago)
to me
Hi Jim,
Thanks very much for the feedback! We do appreciate it!
I see a couple tings that do not make any sense unless GigaZone's goal is just to up-charge their customers for services that basically all other Internet Providers offer included in their price.
The statement "Our GigaZone service requires the purchase of a globally routable IP address ($10/month) to remove the basic firewall." is an absurd statement. All Internet providers must offer IPV4 networking (Huge vast majority of the internet ) and ALL IPV4 is by definition globally routable! IPV4 is globally routable by design. This statement has the appearance of trying to get people to pay for a manufactured technical problem. It has nothing to do with the internet begin globally routable, or our server, or your equipment. What I hear them saying is we put in place a firewall to stop traffic and if you pay $10 we will take it out!
You said they gave you a static IP to fix the problem. The above information has nothing to do with a static IP. It talks about a "firewall" that the ISP is providing that is causing the problem.
This has nothing to do with fiber connection or static vs dynamic addressing. In our area ATT offers fiber and the default settings work just fine with our server. The huge vast majority of home internet suppliers use dynamic IPs. If our server was not compatible with dynamic IPs than most of our customers would not be able to use our server.
Even though it is working, you may want to consider getting a different ISP because the statement " requires the purchase of a globally routable IP address ($10/month) " is not normal form typical ISPs.
Tim
I also sent a redacted version of his reply to my ISP for comment-nothing so far.
Post by: nortoneye on November 30, 2018, 01:44:08 PM
Post by: Alan on November 30, 2018, 11:15:13 PM
Post by: G8B4Life on December 01, 2018, 08:25:35 AM
Sigh! I really am at a loss to explain the absolute refusal to accept that the problem in probably 99% of cases could be the choice he made and programmed into his system, and a baffling misunderstanding of how ISP's can connect people to the internet.
Quote
All Internet providers must offer IPV4 networking (Huge vast majority of the internet ) and ALL IPV4 is by definition globally routable! IPV4 is globally routable by design. This statement has the appearance of trying to get people to pay for a manufactured technical problem. It has nothing to do with the internet begin globally routable, or our server, or your equipment.
This is just the most baffling thing I have heard. All IPv4 is not globally routable. As I pointed out 6 posts back, IPv4 has private address ranges which are NOT globally routable (IPv6 is the same). These ranges are reserved, and are typically used for private networks, such a network in your home, or in the case of Carrier Grade NAT (also called Large Scale NAT or Nat444), your ISP.
And it has everything to do with his server, and his software.
Quote
This has nothing to do with fiber connection or static vs dynamic addressing. In our area ATT offers fiber and the default settings work just fine with our server. The huge vast majority of home internet suppliers use dynamic IPs. If our server was not compatible with dynamic IPs than
most of our customers would not be able to use our server.
Well he got that right at least, whether your connection is fibre, cable or whatever the physical medium is has no bearing on this issue. Whether you have a static or dynamic IP by itself also has no bearing on the issue. What has a bearing is how the ISP makes the connection between you and the internet, and what firewalling they may do, but that's another subject.
I'll probably be accused of scaremongering again but I'll continue with the topic of CGNAT, if anyone's still reading this thread they might find it interesting.
Jim's case has little chance of being a part of the Net Neutrality scandal but probably has everything to do with IPv4 address exhaustion, which I'll explain for those that want to fall asleep.
For those that don't know, for all intensive purposes all public IPv4 addresses have been allocated - that means no more can be gotten from the official registries responsible for allocating them. This does not mean that there are no more left, your ISP probably has plenty left in stock to allocate to their customers. When they run out though they have to find someone selling some of theirs. The question is how many has your ISP bought? an IPv4 address is not cheap, the current rate is somewhere in the order of $US18.00 each. If your ISP is small they might have only bought something like a /18 block which is 16,384 addresses (that's $294,912 in IP Addresses). Now when your ISP goes over 16,000 odd customers they either need to buy another block of addresses if they want to keep giving each customer a public IP address or implement a way of preserving their pool of public address and only give a public ip address to customers who say they really need one. That implementation is called Carrier Grade NAT.
This image shows a typical (but simplified) ISP -> customer connection where the customer has a public IP address. CPE stands for Customer Premises Equipment, and is your router (which may be combined all-in-one with a modem).
Note that on the home side of the CPE you have a private IP address - no one can type this address into a web browser or other software and reach you, and on the ISP side of the CPE you have a public IP address. Anyone in the world could type that number into a web browser and in most cases reach your router (don't worry, your router would just drop the attempted connection unless you had specific services running or the router was unsecure). In this scenario there is only one round of Network Address Translation (NAT), which is done by your router, which you should be in control of.
And this image shows the CGNAT implementation (again simplified).
In this scenario now there are two private networks, the one on the home side of the CPE and one on the ISP side of the CPE. Both your and the ISP's routers are performing NAT (called double NAT). This can be a huge problem as explained next.
So what is NAT? Network Address Translation, and this, in the best layman's terms I can think of is what it does. When you request a website in your browser, it instructs your computer to send a request to your router saying "I want what is at IP address 123.123.123.123, port 80 and it needs to come back to IP Address 192.168.0.15 port 9169). You router then forwards that request to the router at your ISP but replaces the return address with it's own (it needs to come back to 148.56.218.16 port 9169) and remembers where it must send it back to when it receives the reply. Your router and most routers on the internet don't change the return to port.
With CGNAT, at an ISP level, the story is very different. The request is carried out the same way but the CGNAT router also changes the return port number (called Port Address Translation) and this breaks anything that uses a fixed port number, like RailPro Assistant.
This is how the connection to Rings Server from RailPro Assistant would look like in the non CGNAT scenario:
Now ,this is with CGNAT:
Note the CGNAT router has changed the from port. There is now no return path to the customer PC as the proceeding router will not have the reply from Rings server on port 80 mapped to an address for it to forward it to as it's expecting a reply to port 3647 from Rings server, and Ring's server won't reply to the router anyway when it see's that the from port was not 80.
This also not to say that even in the non CGNAT scenario that there couldn't be routers along the path taken by the request across in internet that don't change the from port but it's a less likely scenario.
Here's a configuration guide from Cisco that explains a bit about CGNAT, including the Port Address Translation (halfway down the page or so) if anyone is inclined to read it: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-cgn.html (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/iadnat-cgn.html)
The bad part is more CGNAT is coming as the adoption of IPv6 is, in a general sense slow and the scarcity of IPv4 addresses becomes more and more prevalent.
If you've read this far and are still awake you've done well.
- Tim
Post by: Alan on December 01, 2018, 10:01:24 AM
Post by: G8B4Life on December 02, 2018, 02:19:25 AM
I realised after writing that post that I know some people that I believe are located behind CGNAT, and if I'm not mistaken I'll be over at their place in a week or so. I should be able to run some tests.
- Tim
Post by: nortoneye on December 02, 2018, 04:18:19 PM
So for non computer folks this boils down to RPA requiring communication through a fixed port, 80 in this case, and ISPs deciding to be selective in allocating the IPv4 addresses using CGNAT? So my son's ISP, different than mine, works fine because they do not use CGNAT? And if RPA did not require communication through a fixed port, life would be good?
My RPA is working, just trying to understand in a basic way what's going on.
Thanks for your interest and detailed information Tim. Let's run some trains!
Jim
Post by: G8B4Life on December 03, 2018, 04:40:47 AM
I'm still hoping to be able to make a test in the next couple of weeks, and I've almost finished updating the test tool, which I'll then update the user guide on determining if a user is behind CGNAT.
I will say that the fixed port is only a problem on the inbound (ie, back to you from Ring), direction, on the outbound direction (from you to Ring) it's not a problem.
- Tim
Post by: nortoneye on January 16, 2019, 01:49:59 PM
Post by: nortoneye on January 23, 2019, 10:18:48 PM
Tim Ring called my ISP today to discuss the connection issues I had. I talked to him and my ISP tech support guy. Tim Ring admits he will need to make a change in his program to resolve connection issues that I and one other user has had knowing that he is likely to have increasing problems in the future. He may change his current server or most likely will build the work around into the new server he is building and hopes to have online this year. When he has the new server online, he will post that information in the "what's new" section of the website.
My ISP tech had read Tim's detailed post of Dec 1 and was very complimentary saying "he has it right". Anyway I am happy that this will eventually be solved for me and others.
Jim
Post by: William Brillinger on January 24, 2019, 05:49:39 AM
Thank you for what you have accomplished for railpro users around the world.
Post by: TwinStar on January 24, 2019, 07:48:28 AM
Post by: KPack on January 24, 2019, 11:14:25 AM