dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2462
share rss forum feed


TL

@multi.fi

Strange USG100 Problem

I have very strange problem with my USG100.

Earlier it worked fine with static IP in a business use. Then I bought it to use at home (to replace existing Zywall 2+).

At home I have 10/10M VDSL2-connection and Inteno DG201-terminal. I use bridge mode port, so I can get public IP via DHCP.

Zywall 2+ works fine, but if I replace it with USG100 I get problems. I can browse web, but the response is slow. Any bigger data transfer is interrupted (ftp-transfer, speedtests...) after couple of seconds. UGS in on default settings and has the newest firmware.

If I connect USG after existing 2+ (USG WAN to 2+ LAN), everything works fine.

I have tried everything I can think but still it don't work. I have come to conclusion, that there is something in the ISP-side that makes the difference between 2+ and USG, but I can't figure out what that can be. The symptoms are like those of duplex mismatch, but I can't prove anything. On USG i can see 100/duplex, like it should be. I can't check Inteno, because it's ISP's property, but they say that ports are on auto negotiation as they should. I have tried switch and hub between Inteno and USG, without any change, so probably the problem is not there. So what could make this behavior on ISP side? They are not so helpful, so I thinki I must prove some error to get them to do something (if they have something wrong of course).

If I don't remember wrong, I had the same problem when I changed from my earlier router/firewall to 2+. No error was ever found, but then it just started to work normally. Maybe they did something at ISP, but I don't know about it.

So any suggestions?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11

1 edit
Check the MTU size.


TL

@multi.fi
MTU is 1500 like it should be. Changing the MTU don't have any effect.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
reply to TL
You said VDSL. Are you on PPPoE? Then MTU shoud be 1492 or less depending on your provider. Do the ping MTU test.

Kirby Smith

join:2001-01-26
Derry, NH
reply to TL
And if you are PPPoE, then not only does the USG need to be set up for the correct MTU, both ways, but also any managed switches and all the PCs.

kirby


TL

@multi.fi
I'm not using PPoE, just normal ethernet.

Ping test shows that packets with normal MTU are going thru and there are not any black-hole routers on the path.

I took some packet captures on both LAN and WAN sides. There are missing packets, retransmissions and TCP-resets (I think there was even TCP-reset on the https-admin connection to USG).

Because USG works behind existing 2+, so could there be something wrong with the information that is received via DHCP? I couldn't find CLI-command to check the received information, is there such command?


TL

@multi.fi
If I play a video from youtube, the video stops every time at the same spot. The video continues to play by itself after couple of minutes.

Kirby Smith

join:2001-01-26
Derry, NH
ISP throttling? What happens if you download some innocent file, Linux distribution say, directly from a repository, and then again via Bittorent? Are there periods of low or no data rate?

Just guessing here.

kirby


TL

@multi.fi
I haven't tried, but I can't imagine that it is ISP throttling, when it works with one router and not with the other. And if it was, shouldn't the speed be controlled, not to break the whole connection?

I forgot to say earlier, that if I use USB 3G -modem connected to the USG everyting works fine. So there is something wrong with the ethernet WAN-connection.

So any new ideas?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Did you check WAN port speed and duplex settings? Try adding a switch between the router and modem just for test.


TL

@multi.fi
I have already tested both switch and hub between USG and modem. USG shows the parameters right (100M/full and 10M/half). There is no change in the problem.

I think the physical side of the connection is ok, but there is something in the data (dhcp, etc.) that is processed differently in USG and 2+ and the way USG does it is incompatible with ISP.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11

1 edit
Register here and PM me.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to TL
said by TL :

I have tried everything I can think but still it don't work.

Have you tried sniffing and capturing packets on WAN side between USG and modem?

The USG 100 has the capability to do so, you can later examine the capture in Wireshark or post here for us to have a look.

Go to Maintenance -> Diagnostics -> Packet Capture

If you don't have Wireshark get it here »www.wireshark.org/download.html

I'm pretty sure that some issue/anomaly will pop up there.

ttl

join:2012-09-19
finland
Now I finally had time to make WAN-capture, when trying to play youtube-video. There are many retransmissions, duplicate acks and tcp resets. The capture file is attached, maybe someone can tell what's wrong?


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe

2 edits
I don't see anything wrong with my limited understanding of the protocols.

However, can we backtrack a bit.
1) You said you're using VDSL yet not PPPoE. What is it? PPPoA, IPoA or what? What encapsulation are you using?
2) Where is your PPP (or whatever) session terminated? (Where do you enter your ISP username/password? On the modem or router?)
3) Can you post screenshot from USG WAN config with Advanced options showing?

ttl

join:2012-09-19
finland
I can't say anything about encapsulation. ISP owns the VDSL-modem, and out of it comes normal ethernet. So I don't enter any username or password anywhere. The WAN config of the USG is just normal ethernet (MTU 1500, DHCP client enabled).


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
And you're getting public WAN IP on USG? Or is the modem also doing NAT?

ttl

join:2012-09-19
finland
Yes, I get public WAN IP on USG, so no nat in modem.

JPedroT

join:2005-02-18
kudos:1
Any of the more CPU intensive stuff enabled on the USG, ie BWM, App patrol, Anti Virus etc. If yes, try to disable and see if it works.

I do not remember if you can turn of DoS protection on the USG like on the older ZyWALLs, but if you can look at that to.
--
"Perl is executable line noise, Python is executable pseudo-code."

ttl

join:2012-09-19
finland
No, there are no "extra" features enabled. Debug log shows all the time something about bandwidth, even if it is not enabled. Is that normal?