CODA-4582 - Open Issues for Investigation

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Resident Expert
Resident Expert
Posts: 6,024

Re: CODA-4582 - Open Issues for Investigation

@joelcyyz when you were with Bell, did you run a speedtest thru the VPN and if so, what were your results and what was the internet plan that you were on (download & upload rates).  

 

I think there are a couple of problems here:

 

1.  Rogers uses IPV6 whereas Bell doesn't.  You didn't indicate in your post if you had IPV6 up and running, so, just bringing this up as a possible issue.

 

2.  VPN rates thru the Puma series modems are historically low, compared to the non-VPN rates and I don't believe that its a matter of Rogers throttling VPN rates.  This isn't a Rogers issue, its an Intel Puma chipset issue, personal opinion.  This problem  has been around for some time now and I have no idea if it will ever be addressed.  It may have originated in 2007/2008 when Texas Instruments first designed and built the Puma 5 chipset, and then just carried on to the Intel Puma 6 CGNxxxxx modems and now the Intel Puma 7 CODA-4582 modem.  Intel bought the Puma product line from Texas Instruments in 2010 and put their own spin on the chipset design.  

 

If you look at the following link:

 

http://communityforums.rogers.com/t5/Internet/FEEDBACK-Rogers-Rocket-Wi-Fi-Modem-Firmware-Trial/m-p/...

 

You will see this at the bottom of the post, along with a few other issues:

 

Known or reported issues
  • Non TCP/UDP/ICMP traffic (such as ESP/IPSec without NAT-T) is slowed down below 25 Mbps

My personal opinion is that Hitron needs to take a very close look at VPN performance with the Puma 6 and 7 modems and persue the issue with Intel if necessary, or, if the firmware already exists within the modem to run VPNS at higher rates, then, get on with it and make it happen.  Its unfortunate that there are no performance specs which show the VPN rates thru the Puma 6 and 7 modems.  If there were, potential customers could decide if it was worth it or not to sign up for an ISP, given the throughput specs.  Remember that were talking about Puma 6 and 7 modems used worldwide, not just with Rogers. 



I Plan to Stick Around
Posts: 9

Re: CODA-4582 - Open Issues for Investigation


Datalink, I thank you for your post and note that I have responded to your questions below in-line and in red.

Thanks!


@Datalink wrote:

@joelcyyz when you were with Bell, did you run a speedtest thru the VPN and if so, what were your results and what was the internet plan that you were on (download & upload rates).  No, I did not run a speedtest but do note that the throughput was sufficient such that the VPN connection was functional regardless of the application I was using (usually database applications, home automation, spreadsheets, etc.)

 

I think there are a couple of problems here:

 

1.  Rogers uses IPV6 whereas Bell doesn't.  You didn't indicate in your post if you had IPV6 up and running, so, just bringing this up as a possible issue. No, I am relying on IPV4 for Port Forwarding etc.  Do you think this will make a material difference as I can try using IPV6?

 

2.  VPN rates thru the Puma series modems are historically low, compared to the non-VPN rates and I don't believe that its a matter of Rogers throttling VPN rates.  This isn't a Rogers issue, its an Intel Puma chipset issue, personal opinion.  This problem  has been around for some time now and I have no idea if it will ever be addressed.  It may have originated in 2007/2008 when Texas Instruments first designed and built the Puma 5 chipset, and then just carried on to the Intel Puma 6 CGNxxxxx modems and now the Intel Puma 7 CODA-4582 modem.  Intel bought the Puma product line from Texas Instruments in 2010 and put their own spin on the chipset design.  Very interesting and thank you for the added inromation and insight.  I will most definitely read the below link later in the day!

 

If you look at the following link:

 

http://communityforums.rogers.com/t5/Internet/FEEDBACK-Rogers-Rocket-Wi-Fi-Modem-Firmware-Trial/m-p/...

 

You will see this at the bottom of the post, along with a few other issues:

 

Known or reported issues
  • Non TCP/UDP/ICMP traffic (such as ESP/IPSec without NAT-T) is slowed down below 25 Mbps Well, I know it is WAY below 25 Mbps becuase I cannot even load a simple web page or my local printers web interface.  The performance is terrible!

My personal opinion is that Hitron needs to take a very close look at VPN performance with the Puma 6 and 7 modems and persue the issue with Intel if necessary, or, if the firmware already exists within the modem to run VPNS at higher rates, then, get on with it and make it happen.  I could not agree more.  This is -- for people like me -- a very serious limitation.  Its unfortunate that there are no performance specs which show the VPN rates thru the Puma 6 and 7 modems.  Indeed because had I known then I possibly would have stuck with Bell! If there were, potential customers could decide if it was worth it or not to sign up for an ISP, given the throughput specs.  Remember that were talking about Puma 6 and 7 modems used worldwide, not just with Rogers.  Point noted!


 

I Plan to Stick Around
Posts: 41

Re: CODA-4582 - Open Issues for Investigation

@joelcyyz

Slowing down VPN traffic violates any reasonable definition of net neutrality.  The CRTC supports net neutrality.

 

One possible cause is that your VPN packets are traversing WiFi too many times.  You confirmed the topology:

iPhone <-> CODA <-> notebook <-> CODA <-> cloud...

If three of those links are WiFi, that might explain the slowdown.  If so, does wiring the Mac to the CODA (eliminating two WiFi hops) improve performance significantly?

 

If the slowing down is due to the CODA, then that is just a defect / limitation.  What mechanism in the CODA could cause this?  Here are some things that come to mind:

  • policy -- they (Rogers?) want to slow down VPNs.  That violates net neutrality.
  • VPN pass-through requires the CODA's CPU to manipulate the packet in a way that normal packets don't require.  For example, for ordinary NATted packets, some routers have a fast-path hardware (does the CODA?) but that hardware probably cannot handle VPN pass-through.  I admit that I know little about L2TP and how the packets need to be mangled for pass-through.
  • some unintentional firmware stupidity.  Hope for a fix but don't expect one.

If the problem is that the CODA is bad at VPN pass-through, consider trying bridge mode.  Then the CODA should not process any kinds of packets differently (more slowly).  This would require you to install your own router.  Choosing a router is tricky but is discussed somewhat in this thread.

 

We've recently been told that Rogers + CODA in bridge mode allows two devices directly on the internet, each with its own globally routable IPv4 address!  You could put your Mac-as-security-gateway directly on the net and the non-VPNed things in your house behind a 3rd party router directly on the net.  That would require making sure that your Mac is secure enough for the task.  I would hope that your Mac would be wired to the CODA and the devices you connect to the Mac-as-security-gateway would talk directly to it via WiFi.  The result is a much simpler topology than you currently have and less likely to have weird bottlenecks.

 

How are allowed to configure your network with a VPN is really constrained by your corporation's policies.  I know nothing of them but you should.  My router implements IPSec VPNs -- that's one of the reasons why I use a PC as my router; that's a fair bit of work.

I Plan to Stick Around
Posts: 9

Re: CODA-4582 - Open Issues for Investigation


Hugh, as above, please see my in-line responses which appear in red below.

Thx!


@HughR wrote:

@joelcyyz

Slowing down VPN traffic violates any reasonable definition of net neutrality.  The CRTC supports net neutrality.  I would tend to agree with that!

 

One possible cause is that your VPN packets are traversing WiFi too many times.  You confirmed the topology:

iPhone <-> CODA <-> notebook <-> CODA <-> cloud...

If three of those links are WiFi, that might explain the slowdown.  If so, does wiring the Mac to the CODA (eliminating two WiFi hops) improve performance significantly? CODA<->Notebook<->CODA<->Cloud is wired...

 

If the slowing down is due to the CODA, then that is just a defect / limitation I may be incorrect in my conclusion but it is the only thing in the chain that has changed and, in addition, only VPN is impacted (i.e. TeamViewer is not impacted, Screen Sharing is not impacted, etc.).  What mechanism in the CODA could cause this?  Here are some things that come to mind:

  • policy -- they (Rogers?) want to slow down VPNs.  That violates net neutrality.  Does not make it impossible.  The Rogers support person I spoke to told me that they specifically do not support servers so, assuming this is true, then slowing VPNs makes sense as it would be a way of achieving this.
  • VPN pass-through requires the CODA's CPU to manipulate the packet in a way that normal packets don't require.  For example, for ordinary NATted packets, some routers have a fast-path hardware (does the CODA?) but that hardware probably cannot handle VPN pass-through.  I admit that I know little about L2TP and how the packets need to be mangled for pass-through.
  • some unintentional firmware stupidity.  Hope for a fix but don't expect one.

If the problem is that the CODA is bad at VPN pass-through, consider trying bridge mode.  Then the CODA should not process any kinds of packets differently (more slowly).  This would require you to install your own router.  Choosing a router is tricky but is discussed somewhat in this thread.  I have thought about this and I have discussed this but would prefer not to!

 

We've recently been told that Rogers + CODA in bridge mode allows two devices directly on the internet, each with its own globally routable IPv4 address!  You could put your Mac-as-security-gateway directly on the net and the non-VPNed things in your house behind a 3rd party router directly on the net.  That would require making sure that your Mac is secure enough for the task.  I would hope that your Mac would be wired to the CODA and the devices you connect to the Mac-as-security-gateway would talk directly to it via WiFi.  The result is a much simpler topology than you currently have and less likely to have weird bottlenecks.

 

How are allowed to configure your network with a VPN is really constrained by your corporation's policies.  I know nothing of them but you should.  My router implements IPSec VPNs -- that's one of the reasons why I use a PC as my router; that's a fair bit of work. No corporation involved here.  It is just me -- as an individual -- wanting to dial in to home network at various points during the day, no more!


 

Highlighted
I'm Here A Lot
Posts: 5

Re: CODA-4582 - Open Issues for Investigation

It seems to me that you are terminating the VPN traffic in the CODA. This requires the CODA to encrypt and decrypt the L2TP packet payload. So a router that equipped with hardware encryption/decryption will help. I am not sure if CODA is capable of performing the hardware encryption/decryption. If it does the work in software then it will significantly slow down the throughput. You can follow the suggestion to put CODA in the bridge mode and use an external router. The Mikrotik 750G router that has hardware encryption with 470Mbps throughput.

 

https://mikrotik.com/product/RB750Gr3

 

I have been using it and it has been very stable.

Resident Expert
Resident Expert
Posts: 6,024

Re: CODA-4582 - Open Issues for Investigation

@unidisk, are you able to run a speedtest thru the VPN using the www.speedtest.net Toronto Rogers or Montreal Rogers server, or a high speed server at the termination point of your VPN?  I'm wonder what data rates you might see?  I'm assuming here that you have the white CODA-4582 modem? 



I Plan to Stick Around
Posts: 9

Re: CODA-4582 - Open Issues for Investigation


@unidisk wrote:

It seems to me that you are terminating the VPN traffic in the CODA. This requires the CODA to encrypt and decrypt the L2TP packet payload. So a router that equipped with hardware encryption/decryption will help. I am not sure if CODA is capable of performing the hardware encryption/decryption. If it does the work in software then it will significantly slow down the throughput. You can follow the suggestion to put CODA in the bridge mode and use an external router. The Mikrotik 750G router that has hardware encryption with 470Mbps throughput.

 

https://mikrotik.com/product/RB750Gr3

 

I have been using it and it has been very stable.

 

I am surprised by your above comment but am happy to learn more.  Please explain why you wrote that I am terminating the VON traffic at the CODA because in my way of thinking I am terminating the VPN traffic on my laptop (which is hard wired to the CODA) because the VPN server / software sits on my laptop.

 

TIA!


 

I Plan to Stick Around
Posts: 43

Re: CODA-4582 - Open Issues for Investigation

I continue to have packet loss.

 

Edit: > This ONLY started to happen when I switched to the CODA-4582 modem.

 

Rogers Support has suggested that I need to come to this forum for further assistance because there's "nothing wrong with my modem" etc.

 

I have replaced my ethernet cables, and my router, and used the modem as a router or a bridge, and I have connected my PC directly to the modem in bridge mode with windows firewall off. This is NOT a NAT or port forwarding issue. It happens in multiple games (Rainbow Six: Siege, Battlefield 4 are what I tested). These games have an in-game overlay for "you're having network problems!" and specifically ones for packetloss which show up. My ping can randomly jump from 40ms to 150ms too.

 

Here's output from mtr which was running for a while:

 

Screen Shot 2018-01-18 at 10.35.39 AM.png

 

Focusing on 174.114.112.1, which is not MY IP, I can ping this IP and it generally responds around 20-40ms.  If I introduce any kind of network traffic on my end, the pings to this IP spike dramatically and packet loss occurs. 

 

I am at work, and I started pinging 174.114.112.1, and it pinged fine. Then I SSH'd in to a machine at home, and ran ping again. Then I ran a speed test. Pings to that IP from my work terminal remained fine. Pings to that IP from my server machine spiked up like this.

 

I'm at a loss for what to do next.

I Plan to Stick Around
Posts: 41

Re: CODA-4582 - Open Issues for Investigation

@joelcyyz

Since you are VPNing on your own, you get to choose the type of VPN.  I would choose IPSec over L2TP.  Many recommend OpenVPN (people other than I seem to find it easy to set up).

 

If you are using the VPN to access your home LAN from outside, the topology we were talking about seems wrong.  Are you accessing your notebook-at-home from you iphone-on-the road?

notebook <-> CODA <-> cloud...iphone

Or maybe some other resource at home?

something<->notebook <-> CODA <-> cloud...iphone

 

Resident Expert
Resident Expert
Posts: 6,024

Re: CODA-4582 - Open Issues for Investigation

@daveinsurgent you have packet loss on the first and second hops in the trace.  Is that first hop your router?  If so, I'm assuming that the modem is in Bridge mode, which would make the second hop the CMTS.  You shouldn't have any packet loss in either case.  First step is to determine why you have packet loss to the first hop address, whether its the router or modem.