No smilies, no avatars, no flashing gifs. Just discuss the issues of the day, from last night's telly via football to science or philosophy.
Started by hailesaladdie on Nov 12, 2021 9:17:44 AM
Any network experts on here (FTTP WAN Dropout Problem)

Hello all,

Finally joined the 21C here, and got FTTP in our area, so I found a decent deal with Vodafone, got the fibre line installed and was very glad to get rid of the ropey, barely-8Mb copper connection I had before.

But the number of WAN dropouts is insane - making the connection barely usable for video calls, etc.

(Continued)

Previous
|
Next
|
Top
|
Bottom
hailesaladdie - 12 Nov 2021 09:19:55 (#1 of 16)

Vodafone tech support are friendly enough, but are basically going down the route of "oh, it's stabilising", then "oh, it's the router's fault", then "oh, must be one of your devices making wifi problems, please only use one device for a period of 48h".

But you can see quite clearly in the logs, and some quite worrying things are happening.

First, there's a fair bit of traffic from well known blacklisted IP ranges. Why are these reaching customer routers in the first place? But when they do reach the router, it blocks the WAN connection. So the whole thing drops out for about 30s at a time. Depending on the time of day, this can be anything between every 5 and 10 minutes.

This isn't right... Is it?

tasselhoff - 12 Nov 2021 11:09:00 (#2 of 16)

Dropping for 30 seconds sounds like spanning tree getting the hump (amongst other things). Try just using one ethernet connected device for testing.

What logs?

tasselhoff - 12 Nov 2021 11:11:29 (#3 of 16)

there's a fair bit of traffic from well known blacklisted IP ranges

Port scanning is going on all the time. Just don't allow your router firewall to let them in. Do you have any ports you need opening to the outside world? If not, it may be a red herring.

Can I assume you're using NAT on your router?

hailesaladdie - 12 Nov 2021 12:05:10 (#4 of 16)

I don't have a huge amount of the control over the router - it's the one supplied by Vodafone, and a lot of the config gets overwritten when it's in mesh mode (which it is).

Yes, I'm using NAT. Don't need to open anything to the outside world.

I do expect a bit of port scanning, but I'd have thought something from a blacklisted source would be blocked before reaching the customer router? Maybe too optimistic.

The logs are from the router. What I can see is something along the lines of:

[ 5080.366075] DROP wan in: IN=pppoe-wan OUT= MAC= SRC=<dodgy IP> DST=<my IP> LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63780 PROTO=TCP SPT=45741 DPT=11327 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000


followed by a number of entries like

Failed to send DHCPV6 message to ff02::1:2 (Permission denied)


failed to send packet: Network is unreachable


and some other odd PPPoE messages. These coincide with the drops.

tasselhoff - 12 Nov 2021 12:11:24 (#5 of 16)

Is <my IP> your internal one or the router one? If the former, be afraid.

I'd start by disabling IPV6 as you don't need it and it makes troubleshooting easier.

tasselhoff - 12 Nov 2021 12:13:03 (#6 of 16)

Disable it on the router and on your PC. Normally any DHCP addresses will then be IPV4 only.

tasselhoff - 12 Nov 2021 12:14:11 (#7 of 16)

failed to send packet: Network is unreachable

Is that associated with the permission error?

hailesaladdie - 12 Nov 2021 12:18:23 (#8 of 16)

<my IP> is the router

There's no option to turn IPV6 off - the local network is IPV4 by default on this setup anyway.

hailesaladdie - 12 Nov 2021 12:19:28 (#9 of 16)

> Is that associated with the permission error?

It usually follows within 10s, but there's not correlation ID if that's what you mean.

tasselhoff - 12 Nov 2021 12:39:49 (#10 of 16)

If the internal network is IPV4 only, why is your router trying to send packets to IPV6 addresses (or is it incoming?).

I don't see why this has anything to do with your issues though.

Do you have a switch?

tasselhoff - 12 Nov 2021 12:41:11 (#11 of 16)

Failed to send DHCPV6 message to ff02::1:2 (Permission denied)

DHCP should be internal only, obviously. Why is it trying to send to an internal IPV6 address?

hailesaladdie - 12 Nov 2021 12:48:01 (#12 of 16)

So, it looks like ff02::1:2 is an all-DHCP multicast address. Odd.

No switch - the network setup is fairly basic. The router WAN port connects to the FTTP modem. The LAN is a wireless mesh - just two devices at the moment.

tasselhoff - 12 Nov 2021 12:50:46 (#13 of 16)

some other odd PPPoE messages

That is probably the issue

tasselhoff - 12 Nov 2021 12:51:35 (#14 of 16)

To rule out any mesh issues you might want to set them as access points for now.

hailesaladdie - 15 Nov 2021 15:25:26 (#15 of 16)

Your hunch was correct - the PPP errors led us down the right path.

AIUI, the router had been provisioned for the wrong service. They've only just started doing FTTP, so all the routers in the warehouse had been set up for FTTC. Not only that, they hadn't been set up for mesh use, nor for VoIP. I'd managed to sort out the last couple of issues, but the type of PPP authorisation had thrown me - for whatever reason, it was allowing me on for a certain period, then disconnecting/reconnecting.

Anyway, many thanks for your help, and kudos to the helpdesk guy who went through methodically and figured it out!

tasselhoff - 15 Nov 2021 16:27:01 (#16 of 16)

Nice!

Previous
|
Next
|
Top
|
Bottom
Check Subscriptions
|
Home » IT & Computers