Orbi WiFi 7 RBE973
Reply

FVS336GV2 VLANS and VOIP traffic

bofaboy
Tutor

FVS336GV2 VLANS and VOIP traffic

Howdy,

 

I'm trying to troubleshoot an issue with traffic routing from one VLAN to another:

 

192.168.11.x to 10.0.0.x ping routes fine, but the traffic im trying to test for isnt communicating across the VLANs  (voice traffic from a PC/soft phone to the VOIP Server in my LAN).

 

The Firewall logs are littered with this:

 

Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c0000000002537e0>] key_timehandler+0x948/0x1010 [vipsec]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c00000000024c9e0>] key_freesav+0x0/0x560 [vipsec]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c000000000247a58>] key_sa_chgstate+0x0/0x1a8 [vipsec]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c00000000024cae4>] key_freesav+0x104/0x560 [vipsec]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c00000000024c9e0>] key_freesav+0x0/0x560 [vipsec]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c0000000000a29f0>] xlr8NatCtxFlush+0x138/0x1b0 [xlr8Nat]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<c0000000000a2a30>] xlr8NatCtxFlush+0x178/0x1b0 [xlr8Nat]
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]  [<ffffffff8013975c>] local_bh_enable+0xa4/0xd8
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL] Call Trace:
Mon Dec  7 03:25:37 2015((GMT)) [FVS336Gv2][Kernel][KERNEL] Badness in local_bh_enable at kernel/softirq.c:140
Mon Dec  7 02:37:32 2015((GMT)) [FVS336Gv2][Kernel][KERNEL]
ec]

 

....but absolutely nothing else indicating a dropped packet, etc.

 

Any ideas?  The log entries happen about once an hour.

 

Please and Thank you,

Steven

Message 1 of 6

Accepted Solutions
bofaboy
Tutor

Re: FVS336GV2 VLANS and VOIP traffic

Ok so...  I wanted to close this thread out and let people know there were a couple problems were going on...

 

1. I configged the VLAN number on a JGS524E inconsistently with the configuration on the FVS336Gv2.  namely, FVS336GV2 port 4 (VLAN 4) connected to a switch that had ports configured to VLAN 2)..  oops..  sorry..  didnt actually understand the VLAN stuff rewrote the packets and glad it's fixed now.  😞  This caused instability with the VPN and internet connections.  My bad.  Thanks Netgear for explaining this part of it.  Apologies for my ignorance.

 

2.  We ended up upgrading to a FVS336Gv3 and got better results from the internet as I believe the v2 shouldn't run v4.3.3-6 firmware.  See below.

 

After implementing the V3 router, we retired the FVS336Gv2 from the office and tested it at the owners house using firmware 4.3.3-6 and had abysmal results just trying to browse the internet with one PC connected.  Google chrome complained a lot about DNS timeouts when trying to browse complex pages like the home page for http://www.aol.com (with multiple host name references)...  it could take 2 minutes to fully resolve all the links and finish loading the page...  At other times, it wouldnt even load the home page for google.com...  and yet other times it would error out for DNS and then almost immediately show the page (that was truly weird).

 

HOWEVER: downgrading the firmware to 3.1.1-08 removed ALL slowness in the browsed pages.

 

The Owner's home lan consists of 3 PCs (2 VLANs configured on the 336GV2 and no other VLAN capable devices with a 30Mb Down/6Mb Up internet connection).  My unaudited testing would indicate that the v2 is not capable of reliably running firmware 4.3.3-6 and browsing the internet even in a small scale (single WAN connection at their house only).  We tested with 2 different v2 routers, BTW, in case you just think I have a bad router.   And another P.S. sites like speedtest.net show the throughput of the router is fine while connected with both different firmwares, so it's not a throughput issue (even if this router is capped at about 30Mb LAN<->WAN throughput), but something else was really causing overall page load slowness (I don't exactly know what).  Chrome would sit there with a status of "resolving host" for over a minute at times when browsing aol.com's home page.   This problem was not isolated to aol.com, but yahoo.com, msn.com and others..  I just seemed to settle on testing AOL because it behaved the worst.  🙂

 

Configuration notes for the v2 router testing:

  • we have 1 VPN tunnel configured on the v2 to connect to the office that has the v3 running in it,
  • 1 DHCP scope with a lease interval of 48 hours
  • 1 hardwired PC was active during the test (2 PCs were powered on (hardwired), 4 total in the house (2 use wireless), and I still couldnt get aol.com to load in under a minute
  • After downgrading the firmware to v3.1.1-08, the page loaded in under 2 seconds consistently and the VPN worked flawlessly.  Other PCs (who were having the same page load issues during testing) were resolved as well when I downgraded the router firmware.
  • PC Antivirus was even disabled at times during testing, with no discernable difference in page load times.

Some might say that I should have tested different DNS Servers as that could be the problem, but..  I did...  COX has two sets of their own (total 4) DNS Servers , which performed fine using tools like nslookup and had no slowness in response (immediate replies)..  but I also tested google DNS Servers as well, with the exact same results in page load slowness.  And again...  There was only one PC using the internet at 1AM (during testing) so there wasn't any contention for speed through the WAN pipe, so the only logical difference is the firmware rev...  and the "25%" performance degredation stated in the firmware release notes for 4.3.3-6 using the FVS336Gv2 router.

 

I hope someone sees this and can confirm the results, and then gets engineering to help resolve this since I love the functionality updates (in v4.3.3-6 firmware) to my favorite router (my 336Gv2 -- I own 4 of them) but I can't use this firmware version if it means not browsing the internet reliably.

 

Happy NETGEAR customer,

Steven

View solution in original post

Model: FVS336Gv2|PROSAFE DUAL WAN GIGABIT FIREWALL WITH SSL & IPSEC VPN,FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 5 of 6

All Replies
DaneA
NETGEAR Employee Retired

Re: FVS336GV2 VLANS and VOIP traffic

Hi bofaboy,

 

Let us isolate the problem. Kindly answer the questions below:

 

a. Just to clarify, is the PC/soft phone and VoIP server in the same VLAN or in a different VLAN?

b. Do you have switch/es connected to the FVS336Gv2 that has VLANs and voice VLANs configured? If yes, then what is the exact brand and model of the switch/es?

c. What is the current firmware version of the FVS336Gv2?

 

About the logs from the FVS336Gv2, I encourage you to contact NETGEAR Support then open a case regarding your concern then submit the logs so they could analyze it.  You may contact NETGEAR Support at anytime on this hotline number: 1855-7767233.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 6
bofaboy
Tutor

Re: FVS336GV2 VLANS and VOIP traffic

Howdy,

 

Yes..  We have the VOIP Server in a seperate VLAN from the PCs.

 

We use Netgear JGS524E and JGS524 switches.

 

Ill log a call to Tech Support about the logging issues.

 

 

Message 3 of 6
bofaboy
Tutor

Re: FVS336GV2 VLANS and VOIP traffic

and P.S. the Phones (and VOIP Server) are running on a Cisco SG500-52P POE Switch. 

 

Steven

Message 4 of 6
bofaboy
Tutor

Re: FVS336GV2 VLANS and VOIP traffic

Ok so...  I wanted to close this thread out and let people know there were a couple problems were going on...

 

1. I configged the VLAN number on a JGS524E inconsistently with the configuration on the FVS336Gv2.  namely, FVS336GV2 port 4 (VLAN 4) connected to a switch that had ports configured to VLAN 2)..  oops..  sorry..  didnt actually understand the VLAN stuff rewrote the packets and glad it's fixed now.  😞  This caused instability with the VPN and internet connections.  My bad.  Thanks Netgear for explaining this part of it.  Apologies for my ignorance.

 

2.  We ended up upgrading to a FVS336Gv3 and got better results from the internet as I believe the v2 shouldn't run v4.3.3-6 firmware.  See below.

 

After implementing the V3 router, we retired the FVS336Gv2 from the office and tested it at the owners house using firmware 4.3.3-6 and had abysmal results just trying to browse the internet with one PC connected.  Google chrome complained a lot about DNS timeouts when trying to browse complex pages like the home page for http://www.aol.com (with multiple host name references)...  it could take 2 minutes to fully resolve all the links and finish loading the page...  At other times, it wouldnt even load the home page for google.com...  and yet other times it would error out for DNS and then almost immediately show the page (that was truly weird).

 

HOWEVER: downgrading the firmware to 3.1.1-08 removed ALL slowness in the browsed pages.

 

The Owner's home lan consists of 3 PCs (2 VLANs configured on the 336GV2 and no other VLAN capable devices with a 30Mb Down/6Mb Up internet connection).  My unaudited testing would indicate that the v2 is not capable of reliably running firmware 4.3.3-6 and browsing the internet even in a small scale (single WAN connection at their house only).  We tested with 2 different v2 routers, BTW, in case you just think I have a bad router.   And another P.S. sites like speedtest.net show the throughput of the router is fine while connected with both different firmwares, so it's not a throughput issue (even if this router is capped at about 30Mb LAN<->WAN throughput), but something else was really causing overall page load slowness (I don't exactly know what).  Chrome would sit there with a status of "resolving host" for over a minute at times when browsing aol.com's home page.   This problem was not isolated to aol.com, but yahoo.com, msn.com and others..  I just seemed to settle on testing AOL because it behaved the worst.  🙂

 

Configuration notes for the v2 router testing:

  • we have 1 VPN tunnel configured on the v2 to connect to the office that has the v3 running in it,
  • 1 DHCP scope with a lease interval of 48 hours
  • 1 hardwired PC was active during the test (2 PCs were powered on (hardwired), 4 total in the house (2 use wireless), and I still couldnt get aol.com to load in under a minute
  • After downgrading the firmware to v3.1.1-08, the page loaded in under 2 seconds consistently and the VPN worked flawlessly.  Other PCs (who were having the same page load issues during testing) were resolved as well when I downgraded the router firmware.
  • PC Antivirus was even disabled at times during testing, with no discernable difference in page load times.

Some might say that I should have tested different DNS Servers as that could be the problem, but..  I did...  COX has two sets of their own (total 4) DNS Servers , which performed fine using tools like nslookup and had no slowness in response (immediate replies)..  but I also tested google DNS Servers as well, with the exact same results in page load slowness.  And again...  There was only one PC using the internet at 1AM (during testing) so there wasn't any contention for speed through the WAN pipe, so the only logical difference is the firmware rev...  and the "25%" performance degredation stated in the firmware release notes for 4.3.3-6 using the FVS336Gv2 router.

 

I hope someone sees this and can confirm the results, and then gets engineering to help resolve this since I love the functionality updates (in v4.3.3-6 firmware) to my favorite router (my 336Gv2 -- I own 4 of them) but I can't use this firmware version if it means not browsing the internet reliably.

 

Happy NETGEAR customer,

Steven

Model: FVS336Gv2|PROSAFE DUAL WAN GIGABIT FIREWALL WITH SSL & IPSEC VPN,FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 5 of 6
JohnRo
NETGEAR Employee Retired

Re: FVS336GV2 VLANS and VOIP traffic

Hello bofaboy, 

 

I must say I am impressed with the isolation and troubleshooting you have done to test the firmware. Though this community is being looked at by our engineers it would be best if you could add these details in your support case. 

 

Thanks, 

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 4388 views
  • 1 kudo
  • 3 in conversation
Announcements