Diagnosing intermittent WAN outages: how to listen on WAN and gather details?

Started by OmnomBánhmì, December 06, 2024, 02:30:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 06, 2024, 02:30:11 PM
The question may seem odd, so I'll explain. In order to diagnose intermittent outages with my DOCSIS internet provider I'd like to sneek peek into the WAN network. The cable modem works in bridge mode. The connection has dual stack.

From time to time there's outages, a few seconds long at a time, irregularly (every 1 to 4 hours) but consistently multiple times a day. There is no service interruption, WAN interface stays up, and all clients notice a sudden lag. If you're in an RDP session the connection stalls, breaks down and needs to be re-established. Most other things run as usual after the hiccup.

If this were on a LAN connection on any Linux box I'd use ss, sar and arp next to Wireshark and such to build some knowledge about who's connecting and who is there (on the ISP end) in the first place. Since I'm on OPNsense this will not work, right?

Since calling the ISP leads to suggestions "please restart your router" and no observable improvement, what do you suggest I do instead to track down issues? Any ideas?
December 07, 2024, 05:46:42 AM #1
Following. After this latest update, 2 hot fixes, and a manually kernel patch, my internet is doing the same thing. I'm pulling my hair out. I see no red flags in the logs. Argh!
December 07, 2024, 06:16:35 AM #2 Last Edit: December 07, 2024, 08:25:58 AM by OPNenthu
Quote from: OmnomBánhmì on December 06, 2024, 02:30:11 PM
There is no service interruption, WAN interface stays up, and all clients notice a sudden lag. If you're in an RDP session the connection stalls, breaks down and needs to be re-established. Most other things run as usual after the hiccup.

Hey, I don't know the direct answer to your question, but based on your description here I'm wondering if you're experiencing congestion?

I have DOCSIS too and I was getting pretty terrible ping times and a bufferbloat score of 'C' or worse before I did this.

I think most cable customers wouldn't see this because they're using the ISP gateway as the router and it has all the traffic filtering and shaping already, but once we put it into bridge mode I think all of that goes out the window. (could be wrong)

Not saying this is your issue, but worth mentioning.

UPDATE: a cautionary word from @meyergru about some ISPs not behaving well with shaping. YMMV.
December 12, 2024, 12:40:27 PM #3
FTR, I still haven't solved the actual issue, that is "how to passively detect WAN issues". Thinking about putting an SBC onto the WAN as a sole device and log what I get (which may be not much, but I have an otherwise underused Pine64 board here).

The traffic shaping tips may help, will try them soon, thank you OPNenthu!

cobbers83, any change? I still have the same thing.
Print
Go Up Pages1
User actions