Packet loss in Double NAT situation

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

SilentStorm

Regular Contributor
1614877315622.png


Is it normal to see packet loss in a double NAT situation on your 2nd router (10.0.0.1 is ISP gateway)
 

CaptainSTX

Part of the Furniture
Based on my experience of having run in a double NAT for the better part of eight years no it should not cause any packet loss.

Are you using any port forwards or DMZ settings?

What router are you using as your internet facing router? I suppose it if doesn't have adequate processor speed it might not be able to keep up with your GT-AC2900 on a 500/20 connection. If you connect directly to your first router with a PC do you get your full 500/20 speeds?

Also you could disable Diversion as a test and see if that might have an impact on packet loss.
 

SilentStorm

Regular Contributor
Based on my experience of having run in a double NAT for the better part of eight years no it should not cause any packet loss.

Are you using any port forwards or DMZ settings?

What router are you using as your internet facing router? I suppose it if doesn't have adequate processor speed it might not be able to keep up with your GT-AC2900 on a 500/20 connection. If you connect directly to your first router with a PC do you get your full 500/20 speeds?

Also you could disable Diversion as a test and see if that might have an impact on packet loss.

Yes in my ISP Gateway (XB6) it supports gigabit speeds, I have my 2nd router in DMZ mode so that all the ports are open to it.

I'm getting packet loss on my ISP router too, which makes me think this is not a double NAT issue, but instead an issue with the ISP Gateway.

When I ping the DNS server that my ISP Gateway is using, I am getting packet loss as well.

I took my Asus Router out of the equation to test and occasional packet loss is still present. Keep in mind, with the Asus Router in the equation, it was only at the start where I experienced packet loss. Maybe because it was just as I booted it up. It was decreasing in packet loss percentage anyways.
 

SilentStorm

Regular Contributor
What packet loss on the ISP gateway? None is shown in your screenshot. The only packet loss is to your GT-AC2900.
It went away when I took the screenshot, but when I first started it, the Asus Router was at 40 percent packet loss and the ISP Gateway was at 20 percent packet loss.

I also realized I had two tests going on at once and once I stopped one of them, things went back to normal, so I don't know if that had anything to do with it.

Also, should I be testing with the Asus router or without the router? Does it matter? I have CakeQoS so I wonder if that does anything to help or not...

In terms of wireless too, I've selected channel 11 for 2.4ghz and let the router use DFS channels on 5ghz so that this whole Double NAT thing doesn't cause any channel congestion. But even when hardwired, still getting these issues, whether the Asus router is there or not, so this definitely seems like an external problem.

Anyhow, I'm leaving pingplotter to ping these three, see what results I get. The first one is my DNS server.
1614891038306.png
 
Last edited:

SilentStorm

Regular Contributor
Also, I've pinged my Asus router several times via command prompt and connmon (for a full 24 hours too), with 0% packet loss and always under 1ms.

Does that perhaps rule the router out of the equation?

My 10.0.0.1 on the other hand will go anywhere from 1ms up to like the hundreds in ms.

I'm also aware that the DNS server that my 10.0.0.1 gateway uses gives me packet loss.
 

CaptainSTX

Part of the Furniture
Yes in my ISP Gateway (XB6) it supports gigabit speeds, I have my 2nd router in DMZ mode so that all the ports are open to it.
Once you get your packet loss issue fixed take you ASUS router out of the DMZ as this isn't necessary to get a double NAT to function unless you are running some type of server on your ASUS and are doing this instead of a double Port forward.

Also just for grins since you are already running diversion add Skynet and see how many hits you are taking daily from the "bad guys". It will be a lot since your router is in the DMZ.
 
Last edited:

SilentStorm

Regular Contributor
maybe set cloudflare or google as your dns server ? 1.1.1.1 or 8.8.8.8 (corrected)
Unable to do that manually on the gateway. ISP doesn't allow it, and we have way too many devices to attempt to go through the hassle of changing every single DNS server.

I've re-tested with the router and now there's no packet loss. Must've been because I may have just rebooted it and it led to packet loss.

It's interesting, now 10.0.0.1, my gateway, isn't showing any packet loss on pingplotter when I ping 8.8.8.8, but if I ping my DNS server, it shows significant packet loss.
 

SilentStorm

Regular Contributor
Once you get your packet loss issue fixed take you ASUS router out of the DMZ as this isn't necessary to get a double NAT to function unless you are running some type of server on your ASUS and are doing this instead of a double Port forward.

Also just for grins since you are already running diversion add Skynet and see how many hits you are taking daily from the "bad guys". It will be a lot since your router is in the DMZ.
Fixed itself. Thanks.

Here's the Skynet info.
1614890610806.png


Quick question here, isn't a router plugged into a modem in DMZ mode already, in all technicality? Isn't my current setup kind've the same way? because I've set my Asus Router so that it has access to all ports, and then I have UPnP enabled on the Asus Router to allow for OPEN NAT in gaming.
 

CaptainSTX

Part of the Furniture
Yes if you turn DMZ your first router would provide most of the firewall protection but with Skynet you have additional options which makes it possible to selectively block more IPs and ranges of IPs. I block countries that I see knocking often in Skynet. I have never run Skynet on a router double NATed behind another so I don't know how it will work if you disable DMZ.
 

SilentStorm

Regular Contributor
Yes if you turn DMZ your first router would provide most of the firewall protection but with Skynet you have additional options which makes it possible to selectively block more IPs and ranges of IPs. I block countries that I see knocking often in Skynet. I have never run Skynet on a router double NATed behind another so I don't know how it will work if you disable DMZ.
Thanks for this.

Also, I'm noticing that when I ping my gateway, it can spike up to like 6ms, is this normal? Because when I ping the Asus router, it's usually always under 1. I never see it over. Does this mean the issue is with the gateway or is that not a good indication? Because at that same time, my public IP address also saw a spike into the 200ms.
 

SilentStorm

Regular Contributor
Looks like it may be a pingplotter issue? Showing false packet loss. This one was consistently showing 40% packet loss. I stopped the ping and re-did it and it now shows 0%. weird.

EDIT: Silly me, I didn't find the issue! When I click "X" on the pingplotter, I'm only exiting the summary and not actually stopping the whole test, so when I restart it, it's doing 8.8.8.8 twice and that's what's getting me packet loss.
 
Last edited:

Datalink

Regular Contributor
You can get false packet loss indications from Pingplotter. Thats yet another problem with using Pingplotter. So, if you do this in stages:

1. Ping the router (just the router) via ethernet, you should not see packet loss. This should convince you that there's no packet loss to or from the router.

2. Ping the modem. You might see packet loss from the router where you have just proved to yourself that the router has not packet loss. In this case, you shouldn't see packet loss from the modem.

3. Ping the CMTS (just the CMTS) which is hop #3 on the route to anywhere. You might see packet loss from the router and modem where you just convinced yourself that both router and modem don't suffer from packet loss. Note that in your case the modem shows up in the pingplotter trace due to the fact that its running in Gateway mode.

Fwiw, false packet loss indications from Pingplotter are a problem with the Hitron CODA-4582 which is an Intel Puma 7 modem.

If you do end up with packet loss indications with Pingplotter, you need to confirm that with a ping test using the windows Ping command or other command line application.

Also fwiw, you should see a response time at or under 1 milli-second from the modem. I wouldn't expect to see any large latency spikes from the modem, unless of course the modem is busy doing something that preempts the low priority ping response.

What modem do you have, the XB6 or XB7, and, which model is it? The modem model can be seen on the bottom of the modem. It will either be an Arris or Technicolor model.
 

SilentStorm

Regular Contributor
You can get false packet loss indications from Pingplotter. Thats yet another problem with using Pingplotter. So, if you do this in stages:

1. Ping the router (just the router) via ethernet, you should not see packet loss. This should convince you that there's no packet loss to or from the router.

2. Ping the modem. You might see packet loss from the router where you have just proved to yourself that the router has not packet loss. In this case, you shouldn't see packet loss from the modem.

3. Ping the CMTS (just the CMTS) which is hop #3 on the route to anywhere. You might see packet loss from the router and modem where you just convinced yourself that both router and modem don't suffer from packet loss. Note that in your case the modem shows up in the pingplotter trace due to the fact that its running in Gateway mode.

Fwiw, false packet loss indications from Pingplotter are a problem with the Hitron CODA-4582 which is an Intel Puma 7 modem.

If you do end up with packet loss indications with Pingplotter, you need to confirm that with a ping test using the windows Ping command or other command line application.

Also fwiw, you should see a response time at or under 1 milli-second from the modem. I wouldn't expect to see any large latency spikes from the modem, unless of course the modem is busy doing something that preempts the low priority ping response.
Yep, was already doing that.

Router no packet loss, always under 1ms.

Modem no packet loss but there are some spikes up to 6ms and such. These ping spikes align with the ping spikes we receive in game, or when pinging 8.8.8.8, but there's big ping hops between hops 4 and onwards, so not sure if that means my modem is the issue?

No packet loss to the CMTS either.

Big ping hops between hop 4 and onwards though. The only packet loss I'm getting is again, when pinging my ISP DNS server. Confirmed this on command prompt as well.

My modem is a Technicolor XB6 which uses a Broadcom chipset.
 

SilentStorm

Regular Contributor
Also, I recognize your name from Rogers forums... I'm guessing you're on that too?

Here's where I'm at right now. Rogers has refused to accept any of my evidence in terms of traceroutes and ping spikes, etc. I'm pretty sure the issue is node congestion.

I spoke to the Rogers support agent who said "several devices are down in your area and there's node congestion." They sent out an engineering team to test it at 7 AM in the morning when no one's even doing anything and the node is clear. Despite me telling them it happens at peak hours, generally between 1-9 PM, and horrible between 5-9 PM, they won't listen.

And I totally understand the fact that we're in a lockdown right now (at least in Mississauga) and everyone's home, but the issue has gotten worse and worse to the point where all we're now being told in video calls is "we sound like robots" and likewise, the person we're listening to is cutting out because our internet service is crappy.

Also, our upload speeds randomly just plummet. My package is 500/20. My upload speed gets to as low as 1 mb during peak hours.

It's now getting to the point where it's becoming a constant disruption, and we can't handle it anymore. Our lines are fine too, the technician checked them.

I filed a complaint with the CCTS. Today, I received a call from a Rogers agent asking if I can follow up with the Office of the President, so I said sure, because I'm more than willing to do anything to resolve this issue. I know I'm ranting about them, but I've had an awesome experience with Rogers up until now, and they've given me so many bonuses for free and what not. I don't want to switch, which is why I don't ever pull the "cancellation card." I just want the issue fixed.
 

Datalink

Regular Contributor
Yup, I'm on the Rogers forum as well.

I'd definitely follow this up with the Office of the President. This is really simple. Tell the customers what the loads are on the neighbourhood nodes and CMTS when there are problems such as this. That load number will indicate whether or not its time to split the node. Splitting the node isn't an instantaneous action. It usually takes weeks to plan out and put into action, but, its a simple task to review the load numbers and give the customers an honest reply instead of forcing the customers to complain time and time again, followed by a CCTS complaint. Its a self inflicted wound for Rogers that starts when a customer calls tech support for the first time, only to be told that nope, there's nothing wrong here :(
 

SilentStorm

Regular Contributor
Yup, I'm on the Rogers forum as well.

I'd definitely follow this up with the Office of the President. This is really simple. Tell the customers what the loads are on the neighbourhood nodes and CMTS when there are problems such as this. That load number will indicate whether or not its time to split the node. Splitting the node isn't an instantaneous action. It usually takes weeks to plan out and put into action, but, its a simple task to review the load numbers and give the customers an honest reply instead of forcing the customers to complain time and time again, followed by a CCTS complaint. Its a self inflicted wound for Rogers that starts when a customer calls tech support for the first time, only to be told that nope, there's nothing wrong here :(
Yep, and I know that a CCTS complaint costs them money, which is why I don't want to do that right away.

I just don't feel like they care until $$ is involved.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top