Draytek router dropping traffic frequently

Caged said:
With everything, you pay for convenience. I wouldn't spend my own money on Meraki because I don't need to. I'd definitely spend my employer's money on it though if we needed to service branch locations.
Click to expand...

Yep, hence why most of our customers go the Ubiquiti route, because it's robust and still simple to use but it does help to utilise SSH which is obviously not required with Meraki.
 
Ironic Namesake said:
The only slightly odd sessions I can spot is a Hikvision NVR trying to access a 192.168.254.*** address (this is the range Hikvision NVRs give to IP cameras)
Click to expand...

If your IP range is not 192.168.254.* then this may be an issue. If it can't see it locally it may be trying to push traffic over your WAN. If it's UDP then there is a chance it'll be a constant flow saturating the bandwidth which could potentially cause drops and or lack of response to ping.

Ideally you'd have a rule already in your firewall stopping anything destined for RFC1918 (or 1980 I can never remember) addresses over your WAN interface to stop this but may be worth a try.
 
Steveocee said:
If your IP range is not 192.168.254.* then this may be an issue. If it can't see it locally it may be trying to push traffic over your WAN. If it's UDP then there is a chance it'll be a constant flow saturating the bandwidth which could potentially cause drops and or lack of response to ping.

Ideally you'd have a rule already in your firewall stopping anything destined for RFC1918 (or 1980 I can never remember) addresses over your WAN interface to stop this but may be worth a try.
Click to expand...

I'll have a look at this. 192.168.254.*** is a range Hikvision NVRs use only by default for the cameras connected to the PoE interfaces. I did run Wireshark for a while yesterday but didn't spot anything related to this traffic, will look into it further today.

The Cisco Meraki range I was considering - they even give you the free equipment (MX64) for taking part in their webinars which might be worth a look, I guess initially we could run this separately to make sure everything is running as it should (we have a couple of VLANs using internet access only so could run these through a second router temporarily). MX64 looks sufficient as there isn't a need for wireless (have separate APs for Wireless already)

You're right - this was indeed happening, blocked this now and see if anything changes.

By number of packets not much though - during a 30 minute period approximately 1k packets
 
Last edited:
Had some free time to look into this further - running packet capture didn't seem to bring out anything obvious, have sent Draytek some captures / logs to see if they can spot anything.

Pretty much ready to move to another vendor once we can afford a bit of downtime as we haven't come any closer to finding a solution
 
Liquidfox said:
We've started deploying Dell Sonicwalls recently, they've been quite good.
Click to expand...

I'll have a look at those too - we wouldn't be able to change for at least a couple of weeks until we can get someone in over the weekend to avoid any downtime during the week.

I did run simultaneous wireshark captures on both the WAN and LAN interfaces - about all that's telling me is that it stops routing between the LAN and WAN but not the cause of it. I'm not too hopeful in the support guys finding the reason but we'll see.
 
I've had a right headbanger with a customer who has had a Draytek 2860ac since December '15. Started to exhibit similar symptoms. I ended up reducing the MTU down from 1500. Sorted.
 
swinnie said:
I've had a right headbanger with a customer who has had a Draytek 2860ac since December '15. Started to exhibit similar symptoms. I ended up reducing the MTU down from 1500. Sorted.
Click to expand...

The MTU on the LAN or WAN interface? What did you change it to?

I've been looking at other parts of the network as I was hoping to find an issue somewhere there which is causing it to hang - I did come across someone mentioning Sonos devices causing this with Draytek of which there's one on our network but I could recreate it.

Funnily enough it happened yesterday (after nearly everyone left the office, so with not much load) twice within a few minutes. After this our Draytek wireless AP went down and hasn't come back up since.

Will have a look today to see what happened there, if it's related. We've got a new Meraki AP arriving today so quite good timing :p
 
Dooksy said:
1492 on the WAN side. But that's Draytek default isn't it?
Click to expand...


On the WAN side. The default of the 2860ac the default is 1500.

I think we settled on 1482, I also consulted the ISP and managed to escalate to someone who had an idea of what they were talking about!
 
1492 will be the default if you set the WAN to dial PPPoE - the ethernet frames will be 1500 to the modem but they include an 8 byte overhead. Not enough ISPs that do PPPoE support baby jumbos, and not enough kit supports it unfortunately.
 
The WAN is connected to another router (provided by ISP)

Anyway - it looks like the issue was possibly caused by a bad network cable :o:o (Draytek WAN > provider router) - switched out early this morning and not a single downtime event as of yet.
 
Well now you know for next time. Strange that the Draytek wasn't logging physical link issues / unusually high port error counts.
 
bledd said:
Bingo!
Click to expand...

Still not 100% now sure the cable was the only cause - we've had 1 day without a single disconnect but did have 1 yesterday, although it's far less than before.

We're moving part of the network to an Edgerouter now - some part only requires internet connection only so we're going to separate and see if the issue still continues.
 
You must log in or register to reply here.
Back
Top Bottom