Question

Has ping / tracert been blocked on 5g network?

  • 18 October 2022
  • 79 replies
  • 3966 views
Show first post

79 replies

iTinkeralot
Rank
Userlevel 7
Badge +8

For some reason it appears T-Mobile is blocking ICMP traffic. Both the ping utility and trace routing use ICMP so it pretty much breaks both. Here in east TN now nothing when pinging. Ten packets sent zero responses. The other day the latency was 180 ms plus and 80% loss. Now nada

S

Here in the S.F. Bay Area I had a similar ping problem for about a week -- about 70-80% lost packets.  Starting two days ago, I’ve had no problems.  Tried half a dozen sites, all respond with 0% loss.  Hopefully the issue gets resolved where you’re at...

Glade to hear your issue was fixed. Was worried they changed something. Knowing it is a technical issue that will be resolved is better. 

A

I haven't seen many issues out if it yet but it's very annoying.  I use Teams for work and it's working fine.

 

As a Network Admin though, this makes some of my troubleshooting I do day to day very difficult.

S

I tried calling T-Mobile support but no one understands the issue or even knows what ping is. 

Not to mention as a network admin I use apps on my iPhone all the time to ping our external services when I am not near my laptop. 

J

Here in the S.F. Bay Area I had a similar ping problem for about a week -- about 70-80% lost packets.  Starting two days ago, I’ve had no problems.  Tried half a dozen sites, all respond with 0% loss.  Hopefully the issue gets resolved where you’re at...

S

Yeah we have probably 5 users that have reported issues with Teams connecting since yesterday (probably started before on the weekend). After looking at it found they all have T-Mobile home internet. I also have T-Mobile home internet as a second ISP. Cox works fine, ping fails on T-Mobile. 

A

I’m seeing the same thing with my T-Mobile Home Internet.  Can’t ping out.

I’ve had decent experience so far except for some work VPN issues and gaming but blocking or deprioritizing ICMP until it’s not usable is kind of crazy.

Luckily, Verizon is turning up a brand new tower in my town next month with their 5GUW / C-Band gear.  They also support IP passthrough so your own router can have public IP address.

S

This is really bad. This breaks Microsoft Teams among other services I am sure. MS Teams requires ping to verify connectivity to work (pings teams.microsoft.com). If ping fails then Teams will go offline. 

Ping fails from my T-Mobile router gateway and from my T-Mobile phone. 

J
Userlevel 1

Having same problem as others, in OC NY. Using TMHI as secondary WAN, with opnsense cluster behind it. Use ICMP to detect gateway outage. 

 

Got a sagemcom modem a week & a half ago, integrated it into my network. Worked fine for a day or two, then suddenly couldn't ping through it. Didn't take metrics; figured something went sideways & that 611 would make it right. Tech support swore up & down that they didn't block ICMP, that it must be "a problem with my computer, and that I should contact my computer manufacturer about ICMP issues." (That would be pcengines & freebsd; they're not the problem.)

 

Sent me a new modem (another sagemcom), again worked fine for a few days, then back to nope. Have switched the gateway monitor IP to that of the modem - not optimal, since it can only tell if the device is responding, not whether it's routing packets to the outside. 

 

Since both modems [briefly] worked as expected, it makes me think it's a firmware update that's causing the problem; whether it's a bug or a new policy, I can't say. Either that, or they took exception to my pings, though I would argue that 1pps isn't excessive. 

B
Badge

I’m in Gulf shores, AL.  Having the same issue as others, not get a ping back.

 

Spent over an hour with T-Mobile tech support and at one pint was told there is no way to turn off ping blocking on the gateway.  My problem started just a few days ago also.  Had worked fine for months.  Except for this have had zero issues and getting 350+ down and 65+ up.

iTinkeralot
Rank
Userlevel 7
Badge +8

I can understand that. Another user was using the T-Mobile solution as a back up and doing a similar tactic with his negate firewall. In order to insure the failover could take place he had to disable the ping processing. When the Starlink fell it still transitioned to the backup. I don’t mean to lessen the importance of being able to have ICMP packets passed. I have seen the excessive loss and latency of the ICMP responses to 150 ms or more so I get it. 

I just don’t think T-Mobile will be invested in resolving it right away. It is hard to tell how extensive the behavior is but it is generating some noise. Maybe with lots more noise they will pay attention.

P

My primary beef (the only one actually) is the loss of ping packets.

We will be using these devices as failover internet connections.

What I’ve observed is up to 90% packet loss with ICMP.

At that rate, it will continue to see that as a loss of internet connectivity when it is actually fine.

iTinkeralot
Rank
Userlevel 7
Badge +8

It is doubtful you will find someone invested in that. Really serious users will use a VPN solution and avoid the port forwarding issues. Being able to use trace routing or the ping utility to troubleshoot is helpful but I guess T-Mobile is not after the serious technical users. It will just result in more calls to customer support which probably will provide little traction on the problems most of the time. If it garners a lot of negative press that might have an influence but the bulk of the users probably don’t have a clue what ping or trace route is. As long as the solution is up and running properly it is not often I go there. 

P

Other than phone call, which does not get anyone high enough up the technical food chain, is there another way to contact t-mobile to complain about blocking of ICMP?

 

iTinkeralot
Rank
Userlevel 7
Badge +8

That is assuming trace route is working in your location. Recently ping and trace route have been problematic for users in a number of locations over the T-Mobile CGNAT solution. 

iTinkeralot
Rank
Userlevel 7
Badge +8

You should be able to trace route to it but not be able to ping it. 

B

ICMP is not working in Appleton, WI either.

 

ping 1.1.1.1 -n 10

Pinging 1.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 1.1.1.1:
    Packets: Sent = 10, Received = 0, Lost = 10 (100% loss),

 

This might be a deal breaker.  Hopefully, T-Mobile gets this working again.

J

ICMP is all but obliterated in Queen Creek AZ. Trace route and ping can’t be used starting 10/17/22. 

iTinkeralot
Rank
Userlevel 7
Badge +8

--- 142.250.72.238 ping statistics ---

55 packets transmitted, 4 packets received, 92.7% packet loss

round-trip min/avg/max/stddev = 129.473/154.139/168.004/14.654 ms

Pinging from terminal on MacBook Pro through the Nokia gateway via n41 frequency

B66 on primary and n41 on secondary 

Traffic is heavier tonight so speeds are down a bit but not bad. 

Not sure what is going on with the ICMP as it is pretty useless here.

iTinkeralot
Rank
Userlevel 7
Badge +8

So maybe in some locations it works but in others zip. You are among the fortunate. Nice download speed. You must be close in on an n41 frequency. I am on n41 but best I have seen is ~400 down.

ping google.com

PING google.com (108.177.122.138): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

64 bytes from 108.177.122.138: icmp_seq=5 ttl=102 time=146.403 ms

Request timeout for icmp_seq 6

Request timeout for icmp_seq 7

Request timeout for icmp_seq 8

Request timeout for icmp_seq 9

64 bytes from 108.177.122.138: icmp_seq=10 ttl=102 time=76.933 ms

64 bytes from 108.177.122.138: icmp_seq=11 ttl=102 time=114.437 ms

Request timeout for icmp_seq 12

Request timeout for icmp_seq 13

Request timeout for icmp_seq 14

64 bytes from 108.177.122.138: icmp_seq=15 ttl=102 time=129.560 ms

Request timeout for icmp_seq 16

64 bytes from 108.177.122.138: icmp_seq=17 ttl=102 time=104.947 ms

Request timeout for icmp_seq 18

Request timeout for icmp_seq 19

Request timeout for icmp_seq 20

Request timeout for icmp_seq 21

Request timeout for icmp_seq 22…

--- google.com ping statistics ---

49 packets transmitted, 10 packets received, 79.6% packet loss

round-trip min/avg/max/stddev = 76.933/110.130/146.403/22.334 ms

W

My ping to google.com works fine via Mac Terminal. I’m in Los Angeles.

 

PING google.com (142.250.72.238): 56 data bytes
64 bytes from 142.250.72.238: icmp_seq=0 ttl=50 time=21.246 ms
64 bytes from 142.250.72.238: icmp_seq=1 ttl=50 time=24.115 ms
64 bytes from 142.250.72.238: icmp_seq=2 ttl=50 time=23.327 ms
64 bytes from 142.250.72.238: icmp_seq=3 ttl=50 time=49.096 ms

And this is my speed test:

 

iTinkeralot
Rank
Userlevel 7
Badge +8

Ping and Trace Route both leverage ICMP to function so it just makes sense that both fail. I would guess with a VPN open both would work fine. It is hard to say what T-Mobile will do next with their solution. I have been getting more apprehensive since the gateway has now transitioned from the n71 to the n41 frequency. I have seen so many reports of users on the n41 where the throttling T-Mobile does pretty much cripples the cell beyond use. The prioritization for mobile handsets over the home gateways and the extra client loading in the urban locations just seems to be a bad mess. On the bright side my speeds have doubled or better on downloads much of the time. 

Choking the ICMP traffic as they have makes no sense to me. Bad move. I used ports 8080 and 443 pinging and it still behaves the same. It looks like they just throttled ICMP to death. For users that do much more than check email, browser the web, or stream a few select services they will eventually jump ship and get another solution that is more reliable and capable.

I
Userlevel 1

Yes, as of my post it seems T-Mobile is actively blocking Ping, Tracert, Traceroute and ICMP in addition if they do go through at all, they are deprioritized to the point that they are not effective to use in any capacity.

This sucks really bad... 

I use multiple uplinks and depending on the RTT, RTTSD, Loss it switches providers to balance connections across them… 

This behavior from the ISP breaks tons of functions as well as my link down failover automations. I hope T-Mobile realizes that ping and tracert/tracroute are 1000% necessary for proper network management and trouble shooting.

 

Verizon and AT&T don't have this problem of blocking pings, it is a T-Mobile specific issue and really makes the brand look cheap and the network mismanaged. 

You can have a secure network without blocking normal and essential network tools that have existed since before I was born.

iTinkeralot
Rank
Userlevel 7
Badge +8

Now the Arcadyan and also the Sagemcon gateway both require the T-Mobile home internet mobile application ONLY for administrative management as the go to. It is the go forward T-Mobile seems to have decided upon. Probably due to cost reductions for device code development and etc… It does not feel like an improvement for the end user. 

S
Badge

Found out after doing a factory reset (arcadyan version) today, that the ability to separate the 2.4ghz and 5ghz bands into separate SSIDs has been removed from the webGui (192.168.12.1).   Seems odd they would remove that ability from the user.

Reply


New badge winners

  • Curious George
    Crystallipshas earned the badge Curious George
  • Curious George
    ZDPhas earned the badge Curious George
  • Curious George
    MattScotthas earned the badge Curious George
  • Curious George
    Jack1eKhas earned the badge Curious George
  • Curious George
    jpviolanti2has earned the badge Curious George
Show all badges
Terms & Conditions