Intermittent packet loss to WAN - seems random
I'm running Firewalla Gold in Router mode. I have a TP-Link router (previously main router) that is configured in AP mode serving WiFi. Although the problem I am describing happens even if I remove the TP-Link from the configuration, leaving me with just the cable modem -> FWG -> locally connected workstation.
I have pingplotter ICMP plots running on the workstation (connected via ethernet to Firewalla) to both the Firewalla IP address and to resolver2.opendns.com (or any other internet address I have tried). Randomly (seemingly) throughout the day, connections in Teams, Zoom, my kids' games etc. will freeze. It happens on the locally attached PC too when that's the only device connected. Sometimes Teams gives me the "bad network quality" message (not always). Whenever Teams stutters or I get that message, Pingplotter shows up to 100% packet loss at exactly the same time. The pingplot to the FWG IP address directly is always stable though - doesn't look like FWG OS is having a problem.
I isolated this to simplest configuration (with just FWG and a PC), replaced ethernet cables with brand new CAT6, and this problem still occurs frequently. I can't get through a meeting on Teams or a phone call on WiFi calling without it freezing for a few seconds at a time, sometimes kicking me off the call. The pingplot is always consistent with 100% packet loss pinging the opendns.com. Same behavior pinging other sites including teams.microsoft.com and 8.8.8.8.
If I switch my TP-Link router back to router mode, remove FWG from network, and plug TP-Link back into cable modem, everything works as before with no packet loss.
I love the FWG, but this problem has been driving me nuts. Especially with the kids remote school work via Zoom, and Google Meets. It's nearly unusable.
I did try disabling Monitoring, Smart Queue, AD Block, Family. I didn't have DoH running or VPN client. I removed all the rules I'd been playing around with also. No difference in behavior.
Lastly, I should mention this, although I hope this isn't the cause because I LOVE IT, I'm running docker and have Homebridge and Pi-hole running. I'm also running the VPN Server. I have the thing running at about 49% busy and about 1.5GB free memory. Although, I did remove Pi-hole as part of my troubleshooting. I haven't tried removing Homebridge or stopping docker.
I'm hoping you can help because the FWG is awesome, but for the sake of kids' sanity, I have it currently removed. I have not tried re-introducing it in Simple or DHCP mode because I really want to run it as my router.
TP-Link is the C5400, by the way.
-
Assuming you've tried restarting the FW Gold between customizations changes, and there might be a better approach, but I really think to get a definitive diagnosis your options seem to me that either:
A) you might need to keep going and try your approach with 1pc + Firewalla Gold + Tplink in AP mode first without the VPN running, and then set docker to not auto start on reboot if you have it set to do so and properly reboot the FW Gold once more to see.
or
B) file a support request and give Firewalla team access to your FW Gold as described in the help section so they can look at what's going on and try to see for themselves if they can spot the problem (including doing possible hardware diagnostics?) short of stopping docker service and reboot with it running.
Sounds pretty aggravating though, for sure. Please let us know what happens!
-
Thanks. Fortunately, Firewalla support was great and helped me isolate the problem. For some reason the FWG and my cable modem weren’t negotiating a link properly. I put a dumb switch between them which forced/tricked them both into properly negotiating 1gig full duplex. Everything is working fine now. I’m going to try to replace the cable modem and eliminate the dumb switch, but I’m just glad it’s working now.
Thanks
-
It seems I had the same problem here. Putting a simple switch between my AVM FritBox 6660 (running as a cable modem + router, because bridge mode does not work well) and my Firewalla Gold has solved my constant problems with seemingly random packet losses.
Firewalla team, could you elaborate what the reason for this is? The modem is state of the art here in Germany and it's not a simple process to replace modems from network providers (even though I own this one).
-
I don’t think my issue is identical, but similar. I tried an unmanaged switch as well as a managed switch between my modem (actually a fiber optic ONT) and FWG. Neither solved the issue, even when setting port speeds manually on the managed switch (my ISP also tried manual port speed settings on the ONT to match). I put an old, simple router between instead of a switch, and the intermittent loss stopped. It seems that FWG and my modem have an incompatibility when directly connected to each other whether in DHCP mode or static IP. If a different router handles the DHCP connection to the ISP, it’s fine. So, I’m double NAT right now, but not any major drawbacks to that for me currently.
This started for me minutes after the FWG fall 2021 release. I see new software was pushed out December 2021. I’ll see what happens if I remove the second router later today.
-
If nothing detected, then reboot your WiFi / Switch
-
A spike of poor latency and then back to normal. Not enough of an outage to drop the call, but enough to disrupt.
It happens every 5-10 minutes. Duration is just a spike in latency.
My local metro ISP drops a fiber link into my home and it terminates at a device labeled:
CTC Union
GSW-1005MS -
I’m on fiber too. Calix GigaPoint 803g is my ISP device. I see total packet loss every 20-30 min for 20-30 seconds when my FWG is connected directly to the ISP device. I’m still double NAT with a TP-Link ER605 to “solve” my issue for now. Do you have another router you could use for a day while tracking latency to see if it’s truly the FWG? I found the iPhone app “Pingify” helpful when I was troubleshooting this stuff.
-
Just wanted to add to this thread - I had a similar issue (which led me here). I ended up opening a support case, and allowing support remote access to the unit. Less than an hour later, support provided a shipping address to RMA the unit. In other words, this may be a situation where contacting support is the most efficient path to a fix.
-
I posted my solution to my intermittent loss today here: https://help.firewalla.com/hc/en-us/community/posts/4408251167635/comments/12630669895443
Please sign in to leave a comment.
Comments
13 comments