Several weeks ago, I noticed that SSH connections to a remote AWS host would freeze or hang intermittently whenever a moderate amount of text output was received. By "moderate", I mean a normal system update command like apt update or viewing a log file via cat <log file>, or using scp to transfer config files.
Basically, this issue had all of the earmarkings of an MTU issue. I spent a good amount of time diagnosing the problem, which was earmarked by the following symptoms:
- 1. Used tcpdump on the remote host and determined that the remote host wouldn't get an ACK from my computer, resulting in the host retrying the packet.
2. Tcpdump on my computer indicated that the ACK was sent
3. My computer would retry the ACK
4. My computer would receive packet retries from the remote host
5. The remote host wouldn't receive any of the ACK retries from my computer
What made this especially frustrating was that no hardware on my end changed in the 2 years since I've been a Sonic member (not the router, computers, or the Pace 5268AC). Even worse, the "DMZplus" setting had been enabled for my router the entire time, and you'd think that this would be the last place a problem would originate.
After much trial and error, I did a factory reset on the modem, disabled "DMZplus", and reinitiated DHCP for the 5268AC and SSH works properly again. I can cat 6MB+ log files with ease. However, if I reenable "DMZplus" for my router and reset DHCP, the SSH problem returns. There is a catch, however. With "DMZplus" mode off, my router has to use the 5268AC's firewall, which severely limits the usefulness of the service...
In short, the issue appears to have been caused by a firmware glitch on the 5268AC. This problem began around the time I received the "220.127.116.111418-att" firmware update. Hopefully, this helps someone else who is experiencing the same problem. In the meantime, I'd love to find a way to bypass the 5268AC, switch devices, or bring my own FTTN compatible modem, like the BGW210-700. Heck, I'd be OK with continuing to pay the modem rental fee if I could use a device that can actually bridge.
I've spoken with a number of friendly Sonic technical representatives, but they tend to default to the "yeah, this is your problem since you're running your own router." However, it's not unforeseeable that customers would want to run their own network hardware in lieu of what AT&T provides.