RT-AC88U (ASUS firmware) packet loss after upgrate to Gigabit Fiber - OpenVPN culprit?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

p3ter

Occasional Visitor
Hi, I have been running an RT-AC88U with one additional AiMesh node (RT-AC68U) on stock firmware 3.0.0.4.385_20631 without issue. My internet was recently upgraded from 10/100 Mbps to 1 Gigabit, and the same day I started getting between 2 & 4% packet loss.

After some troubleshooting I found that pinging my ISP's nearest router directly from the Router (System Tools, Network Analysis, Ping) was exhibiting the same packet loss, eliminating most other client or local network sources of the problem. I also noticed that packet loss seemed to come in regular bursts, 20-30 seconds with no problems, then a short 'blip' with higher ping times and/or packet loss.

When looking for the cause, I did some power off/reboot cycles with no improvement, then saw a recurring CPU spike (+15%) on CPU Core 1 on the router with timing that seemed to match the duration and frequency of the packet loss. Moving on to SSH, looking at 'Top', I saw that the process '/etc/openvpn/vpnserver1 --cd /etc/' seemed to be responsible for the 'cycling' and the 15% additional load on the CPU. The CPU didn't seem to be getting close to 100%, but as a testing step I deactivated my OpenVPN client, disabled my OpenVPN server and rebooted the router. this seems to have worked around the issue, and I am now running without packet loss, and getting reasonable (500-700 mbps) Upload/Download speeds.

I also however notice a large number of repeated 'portsLinkStaus=1' messages in the Log, as well as frequent repeated:
rtl_fail: rtkswitch fail access, restart.
kernel: rtk_port_linkStatus_get() fail, return 14
kernel: rtl8365mbrtl8365mb initialized(0)(retry:0)
kernel: rtk port_phyEnableAll ok

...which I think from posts here is related to a known issue with Ports 5-8.

Has anyone here with Gigabit Internet experienced anything similar? Any thoughts as to whether OpenVPN is the root cause, or whether I simply made the router work a bit less hard, and masked another remaining issue?

...and finally, the reason for posting to this group (when I don't have merlin on this router) is that I have read that Merlin enables hardware acceleration on the router, which might offload some of that work - can anyone with experience with OpenVPN before/after merlin firmware confirm? Anything else I might need to consider before trying Merlin? (Currently working from home, so 'disable OpenVPN' might be a long-ish term solution if I don't have a long boring weekend coming, and feel particularly brave..)

Thanks!
 

RMerlin

Asuswrt-Merlin dev
...and finally, the reason for posting to this group (when I don't have merlin on this router) is that I have read that Merlin enables hardware acceleration on the router, which might offload some of that work - can anyone with experience with OpenVPN before/after merlin firmware confirm? Anything else I might need to consider before trying Merlin? (Currently working from home, so 'disable OpenVPN' might be a long-ish term solution if I don't have a long boring weekend coming, and feel particularly brave..)

The same hardware-accelerated AES is also present in the stock firmware. It's not something that requires dedicated support, it's inherent to the CPU. And in your case, your CPU has no AES acceleration support.
 

p3ter

Occasional Visitor
Thanks for the feedback and confirming I don't have hardware AES acceleration. It has taken me a while to respond, but acutally it seems like I had a number of issues - I was orignally getting much better results after disabling OpenVPN, but then I started seeing regular packet loss/slow packets again, and was also noticing some activity related to the wireless automatically hopping channels, as well as the issue with ports 5-8 going missing... A few more tweaks and power off's later, and I have gained overr 300mbps throughput (seeing 980mbps now) so far with no noticeable packet loss. The connection has been reliable for over a week, but it does seem like "if in doubt, power off & unplug for a few minutes" is going to be part of my new routine (as well as the already set up auto-reboot once a week)
I must admit my current feelings are that my next Router might not be an ASUS... These routers seem to be great 'jack of all trades' routers if you have 100Mbs and need a lot of functionality, but the lack of reliability, lack of reliable Gigabit performance, and the need to do a complete manual fresh setup after every significant firmware upgrade, are killing it for me...
 

L&LD

Part of the Furniture
I would agree with the 'reboot first' approach. I would not with the weekly reboots though (for no reason except habit).

The Asus hardware is normally very robust, but your RT-AC88U along with the RT-AC86U (2018 models) for some, have been proven in hindsight to not be the most stable.

Anything past the 2018 RT-AC86U is easily able to handle 1Gbps symmetrical ISP speeds, even if you can't recklessly turn every option and feature 'on' available to the router to get those speeds.

If you're considering anything upscale from an RMerlin/Asus powered router, then you may have better luck. If you'll be sticking with consumer options, you'll be sorely disappointed by switching.
 

p3ter

Occasional Visitor
Yup, I still think ASUS is hard to beat price/performance wise as a consumer grade router, so if there is a next step, it will need to be worth it, and it probably means it will be a steep learning curve for me too... Which is one reason why I am not in any hurry to change!
I have been considering making the step(/jump?/leap?) up to Ubiquiti or Mikrotik for a while, for a number of reasons. One reason is that my incoming fiber is in about the worst possible place for a Wireless router (in a Garage behind a boiler, the other side of an external wall), so the current solution I have is to place the main router where I want my best WiFi (and close to my cabled Gaming PC's), with a daisy-chain of patch cables and internal house Cat5e networking to get it there. I then have to 'loop back' the main router to my patch panel via the second socket in a dual wall outlet, to take one of the 8 LAN ports back to my patch panel to drive a gigabit switch for other devices in the house, NAS, Server, and backhaul for an RT-AC68U Aimesh node. It puts a bit of a bottleneck on 'LAN1' port on the Router, and the everything ends up being a bit of a mess of Patch Cables, Fiber converters, Switches, and associated low voltage power supplies. But it works!
With something like Ubiquiti Dream Machine (or maybe Mikrotik) gear I could keep a non-WiFi Firewall/Router out of the way in the Garage, replacing both the Switches and the fiber converter (if the unit has SFP+), then drive a couple of WiFi access points with POE, replacing 1 AiMesh Node and at least 4 additional power supplies for the assorted Converters/Switches etc.
But with the focus on a reliable working from home environment right now, the single overriding priority is "if it ain't broke, don't try to fix it"...!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top