Hello, bonjour,
I'm not sure it is the right place to ask this, but as most the members of this list are working for companies selling *DSL services, maybe there will be a match :)
The network of one of the companies I'm working for is connected to internet simply via a green.ch VDSL line, over a Zyxel P2802. Everything was fine until a few weeks ago, and now I'm getting more and more "Timeout, server not responding." messages in my (even active) terminals connected via ssh to remote hosts, and jabber/imap/etc. connections are getting randomly disconnected too after a few minutes or hours.
I guess it's a problem related to the company size: it grew during the last months, and now there are about 20 employee, which makes about 40-50 terminals (PC + VoIP Phones + a few internal servers) connected to the LAN.
Is it possible that the Zyxel device is not the proper one anymore for this case? Rebooting doesn't really help, and there are no special messages in the logs, CPU Usage ~ 13%, Memory Usage ~ 60%. Feedback from Studerus Support was to upgrade the Firmware, but it was already up to date... I have the same Router @home and never got this kind of issue.
What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ?
Thanks for your attention & a nice end of week to you :-) Olivier
Salut Olivier,
We are using ZyXEL ZyWALL1050/USG1000/USG300 behind various P-2802.
In most case, we have some green.ch public IP address subnet, the P-2802 is running as (br-)router, smaller installations PPPoE is terminated on the ZyWALL.
As wholesales VDSL2 is PPPoE only, there is no advantage in terminating the tunnel direct on the router as in the ADSL times using PPPoA then.
Please contact me off-list for some more in-depth P-2802 information.
Regards,
-Kurt.
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Olivier Mueller Sent: Wednesday, March 05, 2008 2:32 PM To: swinog@swinog.ch Subject: [swinog] VDSL/Zyxel P2802 HWL not "strong" enough for a small company LAN? <snip>
you wrote nothing about line usage i´d recomend to graph the dsl-line-usage on a 1 second intervall-base to see if you have peaks. additionally put a icmp paket loss to it - then you see if line usage corresponds to paket or link loss.
also have a look for link loss - check your modem if the dsl link was rebuilt in problem times - frequency problems on the copper lines grows - so it´s "normal" that lines begin to get bad while dsl-line count in the neighbourhood grows. check if your router log´s that - also check link status with your provider - if the dsl line is on the edge of maximum speed it could help to reduce bandwith with x percent (eg: 20%)
and of course: check if you have viruses in the lan - there are a lot of mass-spreading viruses who can sit on a user´s notebook and overload the router nat table and causes such problems...
i hope this basic recomendations can help you
gruezi from austria :-) bernd
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Olivier Mueller Sent: Wednesday, March 05, 2008 2:32 PM To: swinog@swinog.ch Subject: [swinog] VDSL/Zyxel P2802 HWL not "strong" enough for a small company LAN?
Hello, bonjour,
I'm not sure it is the right place to ask this, but as most the members of this list are working for companies selling *DSL services, maybe there will be a match :)
The network of one of the companies I'm working for is connected to internet simply via a green.ch VDSL line, over a Zyxel P2802. Everything was fine until a few weeks ago, and now I'm getting more and more "Timeout, server not responding." messages in my (even active) terminals connected via ssh to remote hosts, and jabber/imap/etc. connections are getting randomly disconnected too after a few minutes or hours.
I guess it's a problem related to the company size: it grew during the last months, and now there are about 20 employee, which makes about 40-50 terminals (PC + VoIP Phones + a few internal servers) connected to the LAN.
Is it possible that the Zyxel device is not the proper one anymore for this case? Rebooting doesn't really help, and there are no special messages in the logs, CPU Usage ~ 13%, Memory Usage ~ 60%. Feedback from Studerus Support was to upgrade the Firmware, but it was already up to date... I have the same Router @home and never got this kind of issue.
What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ?
Thanks for your attention & a nice end of week to you :-) Olivier
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Wed, 2008-03-05 at 14:50 +0100, Spiess Bernd wrote:
you wrote nothing about line usage
Right: it's for a web-design company, so 80% download (http), 20% upload (sftp/scp/ftp/rsync), no p2p (afaik and according to ntop :-), Jabber clients everywhere.
I see no traffic peaks, just these disconnects...
i´d recomend to graph the dsl-line-usage on a 1 second intervall-base to see if you have peaks. additionally put a icmp paket loss to it - then you see if line usage corresponds to paket or link loss.
ok, thanks for all the suggestions (and the other posts on the list), I'm sure some of them will help!
regards, Olivier
Olivier Mueller wrote:
I see no traffic peaks, just these disconnects...
If it's any help to you - we've also been seeing many disconnects in the last 1-2 weeks. Not on VDSL, just plain ADSL. Typically every day we would have 3-4 quick disconnects during the night, then maybe a few in the morning too. It has stopped since the weekend I think.
/Per Jessen, Herrliberg
Hello!
On Wed, March 5, 2008 2:31 pm, Olivier Mueller wrote:
Is it possible that the Zyxel device is not the proper one anymore for this case?
I don't know the situation on current Zyxel hardware, but my Prestige 642R couldn't handle all connections for my needs.
What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ?
I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list).
Regards, Manuel
Manuel Krummenacher schrieb:
I personally would buy an Alix board from pcengines.ch (costs about CHF 150 with 3 LAN interfaces), install pfSense on it, switch the Zyxel to bridge mode and be happy. ;-) With the Alix, you would also gain extra benefits like complex packet filter rules, traffic shaping, traffic graphs etc. (see pfsense.com for full feature list).
Seconded. I've got a previous-generation WRAP board with pfSense (just upgraded to the recently released 1.2). It should be noted that pfSense also does IPSEC and OpenVPN "SSL-VPN" and a host of other things. I'm not sure how much bandwidth the Alix-boards can shuffle, but my WRAP is supposed to max out somewhere in the 30MBit range. You can also install it on an old PC and temporary replace the Zyxel, to get some idea about the current traffic pattern.
Rainer
Re-bonjour,
On Wed, 2008-03-05 at 14:31 +0100, Olivier Mueller wrote:
What would you try next? If you think I should get some more hardware (and use the Zyxel as a bridge), what would you then recommend ?
Thanks again for all your helpful answers to my initial post. I took the "Alix Board & pfSense" solution, and it is now up & running live since two days, with a bridged Zyxel P2802.
Jabber & ssh connections are now stable (not a single timeout since the activation), and everything else is still working fine with a good performance, so I guess the initial problem was solved.
Time spent: - 1h for reading/posting on the swinog ML :) - 30min to organize the hardware (thanks to Filip @ Webkitchen.ch!) - 30min to find the proper null-modem adapter and especially gender-changer: 2x 9pin/F (merci Ueli :-) - 3h for RTFM, setup & testing - 15min for the "going live" - 20min to solve some small issues with suggestions/help from #swinog irc channel
Bonus: PPTP VPN server installed and activated in 5 minutes. So at the moment, I am quite happy with this http://www.pfsense.com/ based setup. Testing will continue for about 1-2 weeks, and if everything remains fine, I will add a backup device to the setup.
Regards & happy Easters, Olivier
-
Kurt A. Schumacher -
Manuel Krummenacher -
Olivier Mueller -
Per Jessen -
Rainer Duffner -
Spiess Bernd