Orbi WiFi 7 RBE973
Reply

Re: Why does blocking ICMP cause constant Orbi reboots?

F_V
Luminary
Luminary

Why does blocking ICMP cause constant Orbi reboots?

OK, I'll start this by saying please do not respond if you are only going to comment, "why do you care about ICMP, why are you blocking it, etc.".  This is just an academic question from my own curiosity, as well as the fact that no other Orbi I've owned has done this before. 

 

I have an RBRE960 Orbi Mesh system, 1 router and 2 satellites running in AP mode.  My DHCP, DNS, VPN, etc., is handled by a pfSense firewall, and the Orbi router is plugged directly into this.  This setup has worked flawlessly for ages, and my rule sets are such that I only allow required ports, and block everything else.  Not for need, but just because I like to tinker. 

 

My question is this:  Why does this Orbi not allow you to block ICMP between the router and the firewall/gateway appliance?  If I allow ICMP, it works as expected, but as soon as I block ICMP traffic, the Orbi just reboots constantly, making it impossible to connect for more than a few seconds.  Does blocking ICMP tell the Orbi that it's offline and cause constant reboots?

 

Also, I will say for others getting constant reboots, which I see all over the forums, is that this may be the culprit.  Some internet facing hardware may not reply to ICMP.  Turning this on/using hardware that does reply to ICMP may fix it.

 

Curious...

Message 1 of 22

Accepted Solutions
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

I appreciate all the input, it's nice to see a forum where people actually help one another.  While it is annoying to have 30k unnecessary pings a day in my firewall logs, I can just filter them out in the future.  I did notice during some packet inspection that all of the Orbi satellites are also pinging the router, however blocking these doesn't seem to cause the Orbi to reboot for some reason, so I'll just leave those blocked.

 

Thanks everyone, see you all next time I have an obscure networking question.

View solution in original post

Message 21 of 22

All Replies
bullm00n
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

Interesting.  I had a lot of reboots in AP mode as well (would even cause the ISP modem to restart!). In Router mode, it presented more as disconnects and the ISP modem didn't reboot.  It seemed to be related to IPv6 as disabling it helped, but before I could get too far testing that, support gave me some beta firmware to try.

You might sign up for the beta software and try that.  It seems to have solved most of my problems although I have not tried AP mode again.  And now Xfinity is doing some work / upgrades and our system is chaos, so testing anything this week is impossible.  I'm lucky to get internet at all now. 🙄

 

Message 2 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

Thanks for the reply.  Yes, these reboots are a direct result of me blocking ICMP replies back to the Orbi while in AP Mode.  If it doesn't see the ICMP reply, the Orbi reboots over and over until I unblock ICMP.  I've also disabled IPv6 on all devices that I'm able to on my LAN, no real reason to run that behind NAT in my opinion.  Of course my Chromecast is happily jabbering away blasting out data via IPv6, though unfortunately for it, nobody is listening 🙂

 

Not sure about signing up the the beta Firmware, on the one hand I do love to tinker, on the other hand I've been burned by Netgear firmware updates enough times to be wary about changing from a working firmware version.  Are there any added features to the beta?

Message 3 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

I can confirm that the beta would be worth trying. Not sure about the ICMP thing though as I've not tried that. I'll check on this with others and see if they can reproduce this. 

 

@Straq 

Message 4 of 22
bullm00n
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?


@F_V wrote:

Are there any added features to the beta?


For me, stability is a feature. 🙂  It has been a huge improvement for us.  The beta is low risk and very easy to revert back to the current version you are using if you don't like it.  Plus, it would be interesting to see if the ICMP issue persists.  But if you are otherwise happy and things are working well enough, sit back and have some popcorn.

Message 5 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

Agreed, stability is a plus.  My RBRE960 has been very stable for months, that is until I went out of town for 10 days this month.  It went down 3 days afterward and didn't come back until I got home to power cycle.  Sad, couldn't check in on the pet cams for a week!

 

I shall try the beta.  I signed up for it, and it redirected to a Survey Monkey survey about current events.  For shame Netgear, for shame... 🙂

 

Will I receive an email, it didn't link to any firmware downloads or anything like that.

Message 6 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

So just to follow up, I signed up for the beta firmware, but there's no indication anywhere of when/if I'll get a download, where it would be located, etc.  Anyone know?

Message 7 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

Probably come in email or PM. 

Message 8 of 22
bullm00n
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?


@F_V wrote:

So just to follow up, I signed up for the beta firmware, but there's no indication anywhere of when/if I'll get a download, where it would be located, etc.  Anyone know?


I signed up as well, but never heard anything, but I thought it might be because my issue got picked up by an open support case and they gave me the beta.

 

Last week Xfinity started upgrading the network in our area which is causing all sorts of disruptions.  The new firmware seems to be tolerating it well enough, but it makes any consistent testing all but impossible.  And I dropped back into AP mode because dealing with Xfinity support with their modem in Bridge mode just confuses them to the point that it's better to run the thing as a router until they get through this upgrade.  Most of their front-line support have no idea how things work and they just follow a "support script" - pretty sad, but this is pervasive now in the support realm in almost any industry.  I tip my hat to the surprisingly excellent support I got from Netgear once it got escalated beyond the "script person". 🙂 

At any rate, I have just blocked ICMP on both IPv4 and IPv6 on the xFi Router.  No indication the Orbi rebooted, but several IoT devices went offline for a sec but came right back up.  I'll let you know how it goes over the next few hours.

Message 9 of 22
bullm00n
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

FYI, I have not experienced any issues or random 960 reboots after having blocked ICMP for over 24 hours.  I am going to restore the xFi firewall now to the defaults.  I don't know if this is conclusive or not, but at least in my setup and the beta firmware I'm running, ICMP isn't causing an obvious problem.

Message 10 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

For you all that tried blocking ICMP to the Orbi in AP Mode and haven't had it reboot, are you on the new beta firmware?  I'm on V6.3.7.10_3.3.3 and just tried it again, blocked ICMP to the Orbi and the Orbi and all satellite connctions drop offline within 10 seconds, then it reboots (I assume it's rebooting as the ssid, guest ssid, and IoT ssid all show up for a bit then it applies my config of only ssid active), connects, then disconnects again and starts over the cycle.  I think it's strange that others with the same firmware are getting different results.  Also kinda curious why the Orbi is CONSTANTLY pinging the downstream router., like on the order of 50+ per minute.

Message 11 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

Did you get the beta FW? 

 

Message 12 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

Nope, no DM, no email, nothing.  Feels a little disingenuous to have a big orange banner at the top of the page saying "You're invited!" if that's not actually the case 🙂

Message 13 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

I'll try and get this to someone.

@Blanca_O 

Message 14 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

I also went through the signup process again just to make sure it wasn't something on my end.  Thank you for your help, much appreciated!

Message 15 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

K. There looking into this. 

Message 16 of 22
CrimpOn
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?


@F_V wrote:

My question is this:  Why does this Orbi not allow you to block ICMP between the router and the firewall/gateway appliance?  If I allow ICMP, it works as expected, but as soon as I block ICMP traffic, the Orbi just reboots constantly, making it impossible to connect for more than a few seconds.  Does blocking ICMP tell the Orbi that it's offline and cause constant reboots?


I have been out of touch and just came across this post.  My guess is that your analysis is exactly correct.  Some time sensitive routine inside the Orbi RBRE960 periodically uses ICMP to verify that "something" is there on the WAN interface.  i.e., it is "connected".  It is fairly clear that the physical Ethernet connection being "up" is not enough.  I would venture to guess that the Orbi is looking for either:

  • The device which assigned an IP address to the Orbi using DHCP, or
  • Some specific resource on the internet, such as a DNS server or even Netgear itself.

"Oh, crap. The DHCP server that gave me an IP is no longer "THERE". I better start over."

 

This would not happen when the Orbi is  in router mode because Orbi can function perfectly well as a stand-along network with no connection to the outside world.  (Not particularly useful to most of us, but adequate for specific needs.)

 

Notice on the web admin Basic tab, the option to "Test" the internet connection:

CrimpOn_0-1688103575134.png

 

How about using the pfSense to capture traffic from the Orbi WAN port.  This would reveal what the Test function is doing (in router mode), and might also reveal what address the Orbi is attempting to Ping in Access Point mode.

 

 

Message 17 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

Well, I haven't generated a .pcap capture but even with pfTop on the firewall you can see the Orbi (in AP Mode) 192.168.2.2 CONSTANTLY pinging the firewall 192.168.1.1, seems to be at a rate of between every 1 or 2 seconds.

 

Topology is cable modem LAN port plugged into pfSense WAN port, then pfSense LAN port plugged into unmanaged network switch, then network switch plugged directly into Orbi WAN port.  The switch has many other items plugged into it as well, however none of these items are pinging the pfSense.  As soon as I tell pfSense not to respond to the pings, immediate and repeated restarts of the Orbi.

 

icmp.jpg

 

Message 18 of 22
CrimpOn
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

This looks pretty clear (to me).  Orbi engineers wanted some mechanism to validate that "something is out there" and decided to Ping the device that assigned its IP address with DHCP. The standard DHCP process does not typically include further connections until half of the lease time has expired.  With typical lease times being 86,400 seconds (one day), that would be a long time.  This conjecture could be validated by changing the DHCP server (temporarily) to a different IP and watching to see if the Orbi begins to Ping that host instead of the pfSense itself.

 

My guess is that the issue is resolved:

no ICMP response means "No Network".

 

Very creative experiment.

Message 19 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

I remember seeing a similar thing happen after getting my 8 series. After NG pushed everyone to v4 from v3 FW and causes problems, I wanted to check to see if we could block certain auto update addresses. We could block but noticed that the RBR wouldn't work right or the front LED came on PINK and it lost internet services. Figured NG put something in the FW that if certain addresses were blocked, the RBR wouldn't work. Kinda creative to keep there services tied to operation. 🙄

Message 20 of 22
F_V
Luminary
Luminary

Re: Why does blocking ICMP cause constant Orbi reboots?

I appreciate all the input, it's nice to see a forum where people actually help one another.  While it is annoying to have 30k unnecessary pings a day in my firewall logs, I can just filter them out in the future.  I did notice during some packet inspection that all of the Orbi satellites are also pinging the router, however blocking these doesn't seem to cause the Orbi to reboot for some reason, so I'll just leave those blocked.

 

Thanks everyone, see you all next time I have an obscure networking question.

Message 21 of 22
FURRYe38
Guru

Re: Why does blocking ICMP cause constant Orbi reboots?

👍

Message 22 of 22
Top Contributors
Discussion stats
  • 21 replies
  • 1668 views
  • 4 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7