Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network troubleshooting


  • Please log in to reply
25 replies to this topic

#1 spelaben

spelaben

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 08:36 AM

Hey guys, I have some trouble with my home network and I'm running out of ideas. I don't like to ask for help but here I am, a little desperate as well to be honest. redface.gif

The network components:

Switch (10 clients, 1 server (Windows Server 2008 R2 with AD/DNS/DHCP), 1 router)

Now I bought a new Router (ASUS AC66U) for the second floor, which I configured as Accesspoint so I can use WLAN, also connected to the switch.

I flashed DD-WRT and everything seemed to work fine, but sporadically I lose Internet connectivity on my WLAN connected devices. Later I discovered, that I also lose connection on my clients when that happens.

I ran a wireshark capture on one of the clients and what happens now (reproducible) is that when I open a URL I get lots of TCP DUP ACK and TCP RETRANSMISSION packets, the site opens very slowly, if at all. Now the interesting part: When I turn off the AC66U and open up a site it instantly loads and there are maybe 1-2 retransmission packets.

I didn't run the wireshark trace on other firmwares I tried (ASUSWRT Merlin, stock firmware and TomatoUSB by Shibby) but the symptoms are the same.

In the source of the packets I see the MAC adress of the first router, which connects to my ISP and I guess there is some kind of conflict but I am by no means an expert to network related stuff.

I would greatly appreciate it if someone could guide me through the setup of DD-WRT to coexist peacefully with the other router or give me some useful hints on how to solve this problem. smile.gif

Thanks! Please let me know if you need more information on the setup.
 


BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 01:45 PM

The problem may simply be that you've daisy-chained the new router to the switch that is connect to the other router. Packets now have to go through additional hops, and this can cause network congestion. Is the upstairs router on the same network segment as the main router? Try putting them on different networks. You could also try a different wiring setup for the upstairs router, by connecting it directly to the main router, making sure the second router is not using DHCP.



#3 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 02:02 PM

The problem may simply be that you've daisy-chained the new router to the switch that is connect to the other router. Packets now have to go through additional hops, and this can cause network congestion. Is the upstairs router on the same network segment as the main router? Try putting them on different networks. You could also try a different wiring setup for the upstairs router, by connecting it directly to the main router, making sure the second router is not using DHCP.

 

Yes, they are both on 192.168.0.0/24

Okay, I just tried your suggestion and connected the second router directly to the first one (LAN port 2) and it happened again after ~10 minutes. DHCP is enabled on the second router, because I thought it would be okay if the Windows Server for example uses the DHCP range 192.168.0.50-100 and the second router uses 101-120.

 

Is it necessary to disable DHCP on the second router even when the systems use different ranges?



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 02:09 PM

DHCP will conflict if both routers are using it because they are both on the same segment. The range simply defines the IP addresses each router will hand out to clients.

This may help: http://www.wikihow.com/Connect-Two-Routers

Substitute the router address you are using for the one used in the guide.



#5 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 02:43 PM

DHCP will conflict if both routers are using it because they are both on the same segment. The range simply defines the IP addresses each router will hand out to clients.

This may help: http://www.wikihow.com/Connect-Two-Routers

Substitute the router address you are using for the one used in the guide.

 

I attached a picture of the new config from the second router. The first is 192.168.0.12.

 

My wireless clients can connect to the second router (AP) but there is no Internet connectivity. (Can they even reach the gateway with this configuration?) :(

 

Attached File  network.png   15.64KB   0 downloads



#6 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 02:54 PM

You configured the second router to be on a different network. So the wireless clients can connect, and probably even connect with other clients on that network segment. But they can't reach the Internet because the default gateway is set to 192.168.0.12, while the router's address is on the 192.168.1.0/24 network. Change that router IP address to 192.168.0.1 -- provided that's not the IP address of the main router. If it is, make it something like 192.168.0.2.

 

Also, you still have DHCP enabled on the second router. You need to turn that off. You can't have two DHCP servers running on the same network. You'll end up with network congestion and IP address conflicts. If you turn DHCP off on the second router, the clients that are routed through it should get their IP config info from the main router.

 

Looks like you're getting there. Just need to get the configuration settings right.



#7 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 03:10 PM

You configured the second router to be on a different network. So the wireless clients can connect, and probably even connect with other clients on that network segment. But they can't reach the Internet because the default gateway is set to 192.168.0.12, while the router's address is on the 192.168.1.0/24 network. Change that router IP address to 192.168.0.1 -- provided that's not the IP address of the main router. If it is, make it something like 192.168.0.2.

 

Also, you still have DHCP enabled on the second router. You need to turn that off. You can't have two DHCP servers running on the same network. You'll end up with network congestion and IP address conflicts. If you turn DHCP off on the second router, the clients that are routed through it should get their IP config info from the main router.

 

Looks like you're getting there. Just need to get the configuration settings right.

 

Okay, I disabled DHCP and changed back the IP. The problem is that my DNSmasq configuration won't work now.

What I can't get into my head is that I used the same setup before with a TP-LINK WR841ND as Accesspoint running DD-WRT with DHCP enabled and there wasn't any congestion. The AC66U was a replacement for the old hardware.

I will let you know if the network is stable now with DHCP off, thank you for your support. I will probably continue the epic adventure to get DHCP with DNSmasq running on the same network if this is fixed. :D



#8 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 03:33 PM

You configured the second router to be on a different network. So the wireless clients can connect, and probably even connect with other clients on that network segment. But they can't reach the Internet because the default gateway is set to 192.168.0.12, while the router's address is on the 192.168.1.0/24 network. Change that router IP address to 192.168.0.1 -- provided that's not the IP address of the main router. If it is, make it something like 192.168.0.2.

 

Also, you still have DHCP enabled on the second router. You need to turn that off. You can't have two DHCP servers running on the same network. You'll end up with network congestion and IP address conflicts. If you turn DHCP off on the second router, the clients that are routed through it should get their IP config info from the main router.

 

Looks like you're getting there. Just need to get the configuration settings right.

 

Sorry, but disabling DHCP doesn't fix the instabilities. :(

 

Attached is a screenshot of the wireshark log, the symptoms are the same. When I reboot the router it works for ~10 minutes and then the network becomes extremely unstable.

 

Attached File  Retransmission.png   1.01MB   0 downloads


Edited by spelaben, 06 July 2014 - 03:34 PM.


#9 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 03:41 PM

Hmm. You might need to review how you installed DD-WRT on the Asus router. You may also want to have a look at the TP-LINK router configuration, and compare it to the Asus configuration. You may also have to spend some time on the DD-WRT tech site doing some research.

What device is on the 173.194.0.0/16 network?



#10 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 04:05 PM

Never mind, that network address is for Google Apps. Is that network segment showing up for all the failed TCP packets?



#11 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 04:13 PM

Never mind, that network address is for Google Apps. Is that network segment showing up for all the failed TCP packets?

 

I just did a factory reset to DD-WRTs default settings and reconfigured everything, just the basic things (network, WLAN security, operating mode). I will try to reproduce again and tell you if it's the same network segment.



#12 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 04:18 PM

OK. Google Apps (which I assume you are using) utilizes a range of IP addresses aside from 173.194.0.0./16. If other addresses show up, post them here.

My preliminary thinking is there may be something in your firewall settings that is interfering with that traffic, or the DNS servers you are using are not resolving those IP addresses properly, or something in DNSmasq is not resolving them properly.

Since it's Google, it shouldn't be dropping packets like that.



#13 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 06 July 2014 - 04:26 PM

OK. Google Apps (which I assume you are using) utilizes a range of IP addresses aside from 173.194.0.0./16. If other addresses show up, post them here.

My preliminary thinking is there may be something in your firewall settings that is interfering with that traffic, or the DNS servers you are using are not resolving those IP addresses properly, or something in DNSmasq is not resolving them properly.

Since it's Google, it shouldn't be dropping packets like that.

 

Alright it just happened again with these IPs: 88.198.155.41 and 80.157.170.177, seems like another IP everytime I try to reproduce. We can rule out DNSmasq and custom DNS servers / DHCP now too because I disabled all of that. I need to sleep (11:25 am and this kept me busy all saturday and sunday...)

 

Thanks for your assistance so far, really appreciate it!


Edited by spelaben, 06 July 2014 - 04:26 PM.


#14 sflatechguy

sflatechguy

  • BC Advisor
  • 2,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:03 AM

Posted 06 July 2014 - 06:56 PM

The 88.198.155.41 address points to Hertzner Online AG. Not sure what the other address is, but at this point we don't need to worry too much about that. It appears traffic on your internal network is flowing smoothly. The problem arises when a device or service behind your NAT tries to communicate with a public IP address. The packets are being lost, and this is what is causing the network congestion. Because it's multiple IP addresses, we can probably rule out the firewall.

 

Rereading your initial post, you tried several different types of firmware on the Asus router, and the problem persists regardless of what you installed on the router. You also said this wasn't an issue when you were using the TP-LINK router. And, the problem disappears when you remove the Asus router from your network.

 

At this point, I'm thinking the router itself may have issues, most likely something in the hardware. Try reconnecting the TP-LINK router and see if the issue returns or not. If it doesn't, you'll need to get in touch with Asus and do some troubleshooting with them.

 

Just to be on the safe side, you may also want to review the DNS configuration on your Server 2012 to make sure that's correct. And you may want to check the DNS logs on that server just to see what may be going on there.



#15 spelaben

spelaben
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:03 PM

Posted 10 July 2014 - 01:54 PM

The 88.198.155.41 address points to Hertzner Online AG. Not sure what the other address is, but at this point we don't need to worry too much about that. It appears traffic on your internal network is flowing smoothly. The problem arises when a device or service behind your NAT tries to communicate with a public IP address. The packets are being lost, and this is what is causing the network congestion. Because it's multiple IP addresses, we can probably rule out the firewall.

 

Rereading your initial post, you tried several different types of firmware on the Asus router, and the problem persists regardless of what you installed on the router. You also said this wasn't an issue when you were using the TP-LINK router. And, the problem disappears when you remove the Asus router from your network.

 

At this point, I'm thinking the router itself may have issues, most likely something in the hardware. Try reconnecting the TP-LINK router and see if the issue returns or not. If it doesn't, you'll need to get in touch with Asus and do some troubleshooting with them.

 

Just to be on the safe side, you may also want to review the DNS configuration on your Server 2012 to make sure that's correct. And you may want to check the DNS logs on that server just to see what may be going on there.

 

Okay, after three days of testing I came to the following conclusion: My tablet (Samsung Galaxy Note Pro 12.2 with Android 4.4.2) is causing the issues. Every time I connect to the AP with this exact device, the retransmission and dup tcp packets are logged after ~15 minutes to 1 hour. Used the AP 2 days without connecting the tablet to it and everything went well and just reproduced this behaviour three times in a row with the tablet connected. This is a very exciting topic for me because at the moment I have not a clue what could possibly cause this. I'm still on it though, trying a malware scan on the device right now and I will keep you updated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users