Skip to content

Symptoms: MTU Black Hole / TLS Stalls

  • Users report that HTTPS connections to api.internal.acme.com frequently stall or time out after the initial handshake begins.
  • HTTP (port 80) connections to the same host work without issue.
  • ICMP ping to api.internal.acme.com (10.20.30.50) succeeds with low latency (~1ms).
  • Small API responses (< 1KB) sometimes succeed; larger payloads always fail.
  • The problem started after a network migration that introduced a VPN tunnel between data centers.
  • SSH sessions to the host work fine but SCP transfers of large files stall midway.
  • No errors appear in the application logs -- connections simply hang.
  • The issue affects all clients in the 10.10.0.0/16 subnet connecting across the VPN to the 10.20.0.0/16 subnet.