Solved

DSL Frequent Disconnects with Firewall/Router - Bellsouth DSL, Westell 6100 modem, Netgear RP614v2 firewall/router

Posted on 2004-10-12
14
72,278 Views
Last Modified: 2013-12-14
I recently moved and my only broadband solution at the moment is Bellsouth FastAccess DSL (bellsouth.net).
I had been using Comcast cable-modem for several years prior to this with no difficulties at all. I took all my equipment
as-was to the new house. The only variable here is the change from cable-modem to DSL.

The DSL modem is a Westell 6100 in PPPoE mode and it provides NAT and DHCP. If I connect any single one of my PCs or laptops directly to it, everything works
perfectly. My net connection stays up 24/7. The problem begins when I put my firewall/router (Netgear RP614v2) in the loop between the DSL modem and my LAN. At first, everything
works great. Then within 10-15 minutes I simply lose connectivity to the Internet. When this occurs, it fails in one of two ways:

1. I can no longer access the DSL modem interface (192.168.1.254) from the LAN, but the "Internet" light on the DSL modem is still green.

-OR-

2. I can still access the DSL modem interface (192.168.1.254) from the LAN, but the "Internet" light on the DSL modem is out and when I
    go into the modem's "expert" interface and look at the statistics, I see on the ATM page that the PPPoE connection is DOWN. I've left it
    that way overnight and during the workday and it never recovers on its own.

Either way, if I reset the DSL modem (power off, wait, power on), everything works fine again for another 10-15 minutes. Very frustrating. :)

Here's whatI have tried and/or learned so far...

The DSL modem had the PPPoE connection set to "On Demand". I tried setting that to "Always On". No change.
I tried cloning one of my PC's MAC address to the firewall's WAN port. No change.
I read all about MTU and set that down to the first value that passed the 'ping -f -l' test (MTU = 1372, why so low?). No change.
I made sure my firewall would respond to ICMP/ping on the WAN port. No change.
The DSL modem has the latest version of its firmware for that model (verified with BellSouth technician).
I captured about 16 hours worth of IP traffic with ethereal between the DSL modem and my laptop. I saw nothing generated by the DSL modem
that looked like it would expect a response except an occasional ping (already turned that on on the firewall, see above).
I have an older Netgear FR314 firewall/router. I put that in the loop for a "second opinion". No change, exact same behavior as with the RP614v2.

Here's what I'm currently thinking...

My firewall also does NAT and DHCP for my LAN. I do have the DSL modem and my firewall NAT/DHCP set to separate subnets (192.168.1 vs. 192.168.0).
Is there some other double-NAT issue I'm yet unaware of?

Is DHCP on both an issue? Are requests to the firewall somehow bleeding through to the DSL modem and "confusing" it?

What's really bothering me is what's the difference between my PCs/laptops and the firewall as far as the DSL modem is concerned?
Is there some kind of low-level ethernet traffic that I cannot see with ethereal that PC will respond to differently than the firewall?
It's almost as if the DSL modem knows the difference between the two...

I'm looking for further advice past all this. I am a software engineer with lots of hands-on (non DSL) network experience, so please feel free to
hit me with an obscene level of technical detail and/or references. :)


0
Comment
Question by:mrjones69
14 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12289776
Lets start by keeping it simple.  DSL (PPPoE) is not an 'always on' situation, so what is happening here is SOP...  First thing I would do is to ck any logs that your modem or router provides.  Specifically, ck for PPPoE Max Idle Time or DHCP Lease renewal failure.  This may give you an indication of what is transpiring.  As far as configuring your router, for PPPoE, try setting Max Idle Time to zero (off) and enabling the Keep Alive Option (this may be the same as Always On in your case..  hmm).

You may also want to read this link regarding TS and Netgear..

http://kbserver.netgear.com/kb_web_files/n100772.asp

Regarding ethereal..  this utility should pick up ALL traffic, and I have no knowledge of any low-level traffic that it could miss...

And MTU size...  I assume you used a method similar to the one on my website for determining this.  MTU will not be the cause of a dropped connection, just packet fragmentation resulting in slow or no page being displayed.  (www.doverproductions.com)  I have seen network admins having to drop their MTU size down to under 1000 sometimes to get pages (and webforms) to be displayed..  But, you should make sure that the MTU size is correct on all devices on the network, including routers and PC's.

Just got a call..  server is down and must go do my Troubleshooting thing..  Hopefully another expert will drop by and try to complete these thoughts..  :)

FE

0
 

Author Comment

by:mrjones69
ID: 12296726
I verified that my firewall/router also had the latest firmware, just to rule out a missing known-issue correction.
Just wanted a sanity check on ethereal. I'm not aware of anything it won't pick up either.

To clarify, my DSL modem is the one creating and maintaining the PPPoE session, not my firewall/router.
There are no options (even in "expert" mode) to change any inactivity timeout values. The only two options are
the "connection type" which can be "Manual", "On Demand", or "Always On", and something called "Turbo TCP",
which is a checkbox. I haven't messed with that, but it's defaulted to off. It didn't sound like it had anything to do
with the issue, probably some kind of performance optimization.

I captured 2 logs from the DSL modem last night, one with the firewall/router in the path where the PPPoE session failed and then also failed to reconnect despite regular retries, and one with a PC hooked directly to the modem with no failures over an 8 hour period. You can ignore the part about not self-testing the modem. I have done that, but it doesn't seem to capture that fact in its log. It always passes its self-test.

Also, I do not believe I have any line interference issues or anything like that because I've had it stay up on a single PPPoE session for as long at 16 hours if I have a PC connected directly to it. The only reason it wasn't longer than that is that I've been trying to diagnose the problem and put the firewall/router back in the loop after that.

1st log, firewall/router between DSL modem and LAN (failed after about 20 minutes and never recovered)

All Entries
CURRENT MODEM STATUS
DSL Modem Status....... Up
PPP Session Status...... Session failure
Connection Type......... PPPoE
Time set from............. Boot
Time since last boot.... 0 days, 2 hrs: 32 mins: 28 secs

Time last modem self test.. NEVER
Time last modem result.... UNKNOWN

EVENTS
**********************************************************************
The first number is the Event time (days,hrs:min:sec) since boot.
Events are listed starting from the most recent.
**********************************************************************

0,2:31:57 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,2:31:26 Connecting session(0): My Connection due to AlwaysOn
0,2:23:25 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,2:22:54 Connecting session(0): My Connection due to AlwaysOn
0,2:14:53 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,2:14:22 Connecting session(0): My Connection due to AlwaysOn
0,2:6:21 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,2:5:50 Connecting session(0): My Connection due to AlwaysOn
0,1:57:49 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:57:18 Connecting session(0): My Connection due to AlwaysOn
0,1:49:17 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:48:46 Connecting session(0): My Connection due to AlwaysOn
0,1:40:45 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:40:14 Connecting session(0): My Connection due to AlwaysOn
0,1:32:13 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:31:42 Connecting session(0): My Connection due to AlwaysOn
0,1:23:41 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:23:10 Connecting session(0): My Connection due to AlwaysOn
0,1:15:9 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:14:38 Connecting session(0): My Connection due to AlwaysOn
0,1:6:37 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,1:6:6 Connecting session(0): My Connection due to AlwaysOn
0,0:58:5 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,0:57:34 Connecting session(0): My Connection due to AlwaysOn
0,0:49:33 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,0:49:2 Connecting session(0): My Connection due to AlwaysOn
0,0:41:1 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,0:40:30 Connecting session(0): My Connection due to AlwaysOn
0,0:32:29 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,0:31:58 Connecting session(0): My Connection due to AlwaysOn
0,0:23:57 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish PPPoE session
0,0:23:26 Connecting session(0): My Connection due to AlwaysOn
0,0:22:55 PPP CONNECTION ERROR on VPI 8 VCI 35 : Could not establish Link
0,0:22:54 PPP DISCONNECTED on VPI 8 VCI 35 : PPP link layer failure
0,0:5:11 DNS: Unknown host: 'wpad.launchmodem.com'
0,0:0:28 PPP CONNECTED on VPI 8 VCI 35
0,0:0:28 Connecting session(0): My Connection due to dsl Restart
0,0:0:12 US Atten: 18.0 DS Atten: 29.0
0,0:0:12 US Margin: 16.0 DS Margin: 31.0
0,0:0:12 US Tx Power: 0.0 DS Tx Power: 16.4
0,0:0:12 US DSL Rate: 384 kbits/sec DS DSL Rate: 3008 kbits/sec
0,0:0:12 WanMgr reports DSL is UP
0,0:0:0 Model Number: B90-610030-06
0,0:0:0 Software Version: VER:03.00.61
0,0:0:0 Product: WireSpeed Dual Connect Model: NAT Combo
end of diagnostic log file


2nd log, PC hooked directly to modem, stayed up for as long as I let it sit there (over 8 hours)

All Entries
CURRENT MODEM STATUS
DSL Modem Status....... Up
PPP Session Status...... Up
Connection Type......... PPPoE
Time set from............. Boot
Time since last boot.... 0 days, 8 hrs: 50 mins: 14 secs

Time last modem self test.. NEVER
Time last modem result.... UNKNOWN

EVENTS
**********************************************************************
The first number is the Event time (days,hrs:min:sec) since boot.
Events are listed starting from the most recent. **********************************************************************
0,0:0:28 PPP CONNECTED on VPI 8 VCI 35
0,0:0:28 Connecting session(0): My Connection due to dsl Restart
0,0:0:12 US Atten: 18.0 DS Atten: 0.0
0,0:0:12 US Margin: 17.0 DS Margin: 31.0
0,0:0:12 US Tx Power: 0.9 DS Tx Power: 16.7
0,0:0:12 US DSL Rate: 384 kbits/sec DS DSL Rate: 3008 kbits/sec
0,0:0:12 WanMgr reports DSL is UP
0,0:0:0 Model Number: B90-610030-06
0,0:0:0 Software Version: VER:03.00.61
0,0:0:0 Product: WireSpeed Dual Connect Model: NAT Combo
end of diagnostic log file

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12298605
So, since your modem is holding the PPPoE session, and providing NAT and DHCP, lets see if we can configure that router as a bridge.  I am not familiar with the router's interface, and the documentation on the web is not really that great on this router. ...  (I don't have a whole lot of time to look right now..:)  But ck to see if you can set it up as a different device type...
0
 

Author Comment

by:mrjones69
ID: 12298960
Ah... that meshes well with my continued reading on the subject. The Westell 6100 (even pre-configured by BellSouth) does support a "Bridged Ethernet" mode as an alternative to the PPPoE mode.
I found some advice on another forum suggesting that very thing. They were alleging that the firmware in the 6100's firewall and/or DHCP was flawed and that it was a known problem by both BellSouth and Westell but no fix has been put out yet. There were numerous allegations that somehow MSN Messenger logging in was triggering the disconnects because of these flaws. I'll try to test that theory.

Anyway, it appears that if I set the DSL modem to bridged ethernet mode, then my firewall/router should be the one controlling the PPPoE session.
That would solve my double-NAT, double-DHCP question by eliminating it. Basically, I believe that would put me as close as possible to the old cable-modem environment.
I will try that this evening and see what happens.

FYI, here's a link to the manual for the Westell modems. However, this describes the full capabilities of the unit. BellSouth apparently selects a subset of this and locks it down
in their customized firmware.

http://westell.com/content/sales/liteline.pdf
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12300321
I do so like it when my suggestions are seconded by other techs.  :)    This all makes sense to me, so that should be the path to take at this time.   the MS Messenger thing in interesting also, and I take it that you will test this by turning off messenger, but I wonder what difference it would make when bypassing the router..??  hmmm

Let me know how it works out....  maybe we can all learn something from this, eh?

FE
0
 

Author Comment

by:mrjones69
ID: 12307609
Most interesting results so far. I haven't even gotten to trying the bridged ethernet mode. I left the DSL modem alone for now and tried the Messenger experiment first.
I shut off the service on every Windows PC on the LAN, then reset the modem and firewall/router one time. It stayed up all night. I even put it to the test with a few BitTorrent
downloads and Windows updates. The modem dropped the PPPoE session once, but due to the Always On setting, it successfully reestablished the connection within a minute.
In other words, normal, expected behavior. I am thinking there is something to this Messenger business.

The next test this evening will be to deliberately start turning on Messenger one PC at a time and see what breaks.

I think after that I will try the bridged mode anyway as that should allow me to do whatever I want.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12307746
Yes, very interesting...  this thread seems to be a good learning experience for all of us..
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:mrjones69
ID: 12313111
Ok, next step. First I must confess to some ignorance. I don't fully understand the difference between the Windows Messenger that comes with XP
and MSN Messenger. This thread on dslreports.com is speaking of MSN Messenger:

http://www.dslreports.com/forum/remark,10962049~mode=flat?hilite=MSN

But I was able to duplicate the "2nd login kills the modem" with Windows Messenger. It had been up for over a day now and the instant I allowed
the second computer to restart Windows Messenger and login the modem disappeared and the Internet light went out. Poof.
So there's my work-around, don't run Messenger. :)

I'll try the bridge this weekend and see what happens there. Theory says that should bypass the issue all together.
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 12315370
Yes..  all these 'messengers' are confusing..  actually there are 3 flavors.  Windows Messenger, MSN Messenger, and a the Messenger Service.  I am sure that I can find a link that explains these.....  

This one seems to do a decent job..:

http://ask-leo.com/whats_the_difference_between_msn_messenger_windows_messenger_and_windows_messenger.html

Personally, I turn all three off on my client's home systems.  When you are working in a domain environment, I leave the Service running, as it is necessary if an admin wants to send Net Send messages across the domain to users...

FE
0
 

Author Comment

by:mrjones69
ID: 12325828
Well, as expected, setting the DSL modem to 'bridged ethernet' mode solved all my problems.
I can launch Windows Messenger from all the XP systems now with no problems.

This also fixed my next problem which was being unable to access my network from the Internet.
With only my firewall/router handling the job, the DSL modem's "convenience features" are no longer in my way.

I'll try to keep an eye on this 6100 firmware issue, but as long as it behaves itself in bridged mode, I'm happy. :)
Thanks for your help!
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12325985
*grin*  No Problem..  that is why we are here, eh?

and thanks..

FE
0
 
LVL 1

Expert Comment

by:hogwell
ID: 13983248
I am having a similar problem with a CenturyTel WesTell 6100 (firmware 03.00.50)...

I also have a linux-based router downstream from the 6100's subnet (192.168.1.x) that NAT's and serves DHCP to the 192.168.92.x subnet.

The DSL modem crashes every so often, and I cannot ping the modem's IP 192.168.1.1 - but lights are green.

I cannot set the modem to bridged mode because there are computers needing DHCP in the 6100's subnet (192.168.1.x).

Has this firmware bug in the 6100 been fixed yet? Anyone know where I might obtain newer firmware for the Westell to fix this bug?

I haven't tried the Messenger test yet...


0
 

Expert Comment

by:davidmorris2
ID: 14351696
changing the modem to bridge is all well and good but i cannot access the modem.  i downloaded the manual for the modem and the address is the same as my linksys modem, if i enter http://dslmodem i get an error message.  how do i get to the modem?  has bellsouth locked me out somehow?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 14352129
Try hooking up directly to the modem, and entering the IP Address, not the Netbios Name..

If you continue to have problems, open a new thread, and we will dig deeper!

FE
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now