Matt Connolly's Blog

my brain dumps here…

Telstra Bigpond Cable crappy Netgear Router part 2

This Netgear CGD24N router has really been giving me a headache. We have several network devices, more than some, but not what I call extreme. There are three people living in our house, and we have:

  • 2 x laptop computers
  • 2 x desktop computers
  • 2 x iPhones
  • 1 x iPad
  • 1 x AppleTV

There’s a few other devices, like a network printer, but they aren’t heavy on internet traffic.

After doing quite a bit of reading on the Whirlpool forum, it’s clear that there is a known problem with the Netgear CGD24N router with its Network Address Translation (NAT), which is a really important function of a router to share an internet connection with multiple devices (in layman’s terms).

Another guy “Extreame” has started his own forum in competition to Whirlpool (it seems, not as good though… too much flashy useless stuff) and has some good information too. He seems to be quite the expert on cable modems and recommends turning NAT off and buying your own wireless router.

The Symptoms

After using the router for a while, certain web pages will completely time out. It looks like a line drop out at first, but then you discover that some pages continue to work while others don’t. When accessing a web site, the browser tends to keep a connection to the server open for a subsequent request (perhaps some javascript, images, etc). These pages continue to work. Other pages don’t.

Logging in to the router, I can see that the connection is still good. (Also proven by the web pages that do work) and that you can ping the outside world from the router. Frustrating.

Further Testing

The `netstat` command on Mac (and similar on Linux / Windows) show the status of your network connections. Typically, when everything really starts to slow right down, I see a lot of this in my netstat output:

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.0.19.60951     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60950     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60949     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60948     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60947     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60942     118.215.36.245.443     SYN_SENT
tcp4       0      0  192.168.0.19.60938     118.215.36.244.443     SYN_SENT
tcp4       0      0  192.168.0.19.60937     184.72.233.6.80        SYN_SENT
tcp4       0      0  192.168.0.19.60936     174.129.225.194.80     SYN_SENT
tcp4       0      0  192.168.0.19.60935     174.129.205.91.80      SYN_SENT
tcp4       0      0  192.168.0.19.60934     174.129.205.86.80      SYN_SENT
tcp4       0      0  192.168.0.19.60933     174.129.205.84.80      SYN_SENT
tcp4       0      0  192.168.0.19.60932     64.237.104.20.80       SYN_SENT
tcp4       0      0  192.168.0.19.60931     205.196.123.122.80     SYN_SENT
tcp4       0      0  192.168.0.19.60930     75.101.155.80.80       SYN_SENT
tcp4       0      0  192.168.0.19.60929     75.101.152.248.80      SYN_SENT
tcp4       0      0  192.168.0.19.60928     204.11.109.23.80       SYN_SENT
tcp4       0      0  192.168.0.19.60927     50.17.249.53.80        SYN_SENT
tcp4       0      0  192.168.0.19.60926     50.17.248.226.80       SYN_SENT
tcp4       0      0  192.168.0.19.60925     204.11.109.22.80       SYN_SENT
tcp4       0      0  192.168.0.19.60924     50.17.237.29.80        SYN_SENT
tcp4       0      0  192.168.0.19.60923     204.11.109.21.80       SYN_SENT
tcp4       0      0  192.168.0.19.60922     69.194.143.60.80       SYN_SENT
tcp4       0      0  192.168.0.19.60921     69.194.143.60.80       SYN_SENT
tcp4       0      0  192.168.0.19.60920     204.11.109.24.80       SYN_SENT
tcp4       0      0  192.168.0.19.60919     202.79.210.121.80      ESTABLISHED
tcp4       0      0  192.168.0.19.60918     69.194.143.60.80       ESTABLISHED
tcp4       0      0  192.168.0.19.60917     69.194.143.60.80       SYN_SENT
tcp4       0      0  192.168.0.19.60916     69.194.244.14.80       ESTABLISHED
tcp4       0      0  192.168.0.19.60915     208.96.4.68.80         CLOSE_WAIT

What’s all this SYN_SENT business? I haven’t seen that before. After looking into it, this is what happens when your computer is trying to make a connection to a remote server but no response has been received from the server. This is consistent with the NAT table being full, such that the router cannot return the packets from the server back to the computer. This is also consistent with why some sites continue to work while others time out.

According to the Whirlpool status page, the CGD24N has a NAT routing table size of 1024. So that’s 1024 connections, should be enough for about 8 devices right? Let’s think about it. Each mail account has probably 2 connections (send via smtp and receive via imap/pop). Each web site you go to typically has about 5 connections from modern browsers like Firefox and Safari. Other applications, such as iTunes, that access the internet all make their own connections too.

The result is, that you don’t need to have too many windows or tabs open at once to run into this limit. So is 1024 normal? small?

I found one web page that lists some routers used on Verizon DSL connections. They have substantially more than 1024! Even the smallest is 7500 and they get into the hundreds of thousands!

Proving the point

I managed to get an ssh connection to a computer at my work, and ran a SOCKS proxy over the connection. After adding the SOCKS proxy to my network configuration, all of a sudden, my connections were all working. A few more hops to the internet, and doubly using my work’s internet connection, which isn’t an acceptable solution, but it proves that bypassing the NAT in the router and making all requests through a proxy (which are sharing one established connection) gives no network problems at all.

Out of curiosity, the `netstat` output looks like this:

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)    
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54335        ESTABLISHED
tcp4       0      0  127.0.0.1.54335        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54334        ESTABLISHED
tcp4       0      0  127.0.0.1.54334        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54333        ESTABLISHED
tcp4       0      0  127.0.0.1.54333        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54332        ESTABLISHED
tcp4       0      0  127.0.0.1.54332        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54331        ESTABLISHED
tcp4       0      0  127.0.0.1.54331        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54330        ESTABLISHED
tcp4       0      0  127.0.0.1.54330        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54329        ESTABLISHED
tcp4       0      0  127.0.0.1.54329        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54328        ESTABLISHED
tcp4       0      0  127.0.0.1.54328        127.0.0.1.1085         ESTABLISHED
--snip--
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54249        ESTABLISHED
tcp4       0      0  127.0.0.1.54249        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54248        ESTABLISHED
tcp4       0      0  127.0.0.1.54248        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54247        ESTABLISHED
tcp4       0      0  127.0.0.1.54247        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54246        CLOSE_WAIT 
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54241        CLOSE_WAIT 
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54239        ESTABLISHED
tcp4       0      0  127.0.0.1.54239        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54237        ESTABLISHED
tcp4       0      0  127.0.0.1.54237        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54224        ESTABLISHED
tcp4       0      0  127.0.0.1.54224        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54223        ESTABLISHED
tcp4       0      0  127.0.0.1.54223        127.0.0.1.1085         ESTABLISHED
tcp4       0      0  127.0.0.1.1085         127.0.0.1.54222        CLOSE_WAIT 
tcp4       0      0  192.168.0.4.53657      17.149.35.59.5223      ESTABLISHED
tcp4       0      0  192.168.0.4.53643      17.250.248.83.5223     ESTABLISHED
tcp4       0      0  192.168.0.4.53632      17.172.62.121.443      ESTABLISHED
tcp4       0      0  192.168.0.4.53617      69.89.31.155.22        ESTABLISHED
tcp4       0      0  192.168.0.4.52488      199.47.217.147.80      ESTABLISHED

Not a single SYN_SENT. And minimal connections to the outside world via our local router and it’s ridiculously small NAT table.

What now?

Great, so Telstra Bigpond provide a cable modem and router where the router stinks. Now, if I bought this from a shop, I’d return it, and buy a different model… but what are the choices with Telstra??

Advertisements

2 responses to “Telstra Bigpond Cable crappy Netgear Router part 2

  1. djaloneatnightShane 28 October, 2014 at 15:52

    great job and good luck, i cannot say what your next step should be, maybe have them accept the unit back and buy your own, research ALWAYS pays off when purchasing it equipment.

    • mattconnolly 28 October, 2014 at 16:29

      The problem with Telstra cable is that you do not have a choice of equipment. Telstra provide the equipment as a part of the plan and there are no third party options for cable modems. You can still use a third party router, which was my solution, but you have to reconfigure the crappy Netgear turn it’s NAT off and be in bridge mode.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: