1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 - Dual WAN unstable?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Sugarmonster, Oct 22, 2006.

  1. Sugarmonster

    Sugarmonster LI Guru Member

    If anyone's noticed the posts I've made recently it looks like I'm just ragging on the RV042 but that's not the case, really! I think the product has a huge amount of potential, but it just annoys me when things that could be great are let down by problems.

    And so to this one. The situation is: 1 ADSL feed, one cable modem feed. When I disable either of the WAN ports to force traffic through a single feed things are great.

    When I use both feeds though I get some strange, flakey behavour. "Connection reset" messages on downloads, browser pages that don't load properly so I have to keep refreshing them etc. It just makes my whole internet connection unstable. It's most obvious on a multi threaded newsreader where you can see the forced disconnects come up in the log as connections are just terminated.

    Obviously this doesn't happen to every connection, but it's enough that it's noticable and it makes using the net with dual WAN enabled impractical - any benefit I'd get from the dual connections is negated by the constant disconnections and need to retry!

    Could I have a duff router? Is anyone out there using dual WAN successfully?

    Marc.
     
  2. moi2

    moi2 LI Guru Member

    I have the same issues here as you know.

    If anyone has this working I would be interested so I can return my unit as faulty.
     
  3. moi2

    moi2 LI Guru Member

    Have you picked this up with Linksys support yet?
     
  4. whiny

    whiny Network Guru Member

    Lets keep this thread going. To the best of my understanding, the router *is* working correctly - TECHNICALLY. Where it fails is the load balancing mechanism. Let me explain the best I can:

    The router tries to "balance" each of your connections by utilizing them equally. For example, if WAN1 is downloading at 1Mbps and WAN2 is idle, and another download request comes in, it will download on WAN2. It tries to equally fill the numbers up to your "theoretical maximums" which you have programmed into the router.

    The computer behind the router is stupid. It doesnt know anything except an internet connection available at 192.168.1.1 (or whatever). It sends an outbound request for file abc, and then the router decides how it will travel.

    Now we get to the problem that many of us are having. Some protocols like HTTP are persistent - meaning the communication is held open during the entirety of an HTTP transaction. So it doesnt matter which WAN port initiates the connection - the protocol will hold it open until all is said and done.

    Connections that dont work on a persistent protocol have a major problem. One loose example: What if an outside user tries to connect to your RV router on WAN1:21. Your computer doesnt know the difference, so it answers the call and sends the reply back to the router. The router then "balances" the lines by sending an outgoing packet on WAN2 because the protocol wasn't persistent. The user on WAN1, of course, is left waiting for a response that they will never receive.

    The only solution I can readily think of is to force the RV to communicate on one WAN port for a certain service. Eg, all incoming and outgoing traffic on port 21 MUST be done through WAN1.

    Unfortunately I have not seen an easy or clearcut way to make this happen, and Linksys has been less than helpful it making it work....

    Technically, the router is working properly. Realistically, not so much.
     
  5. pablito

    pablito Network Guru Member

    This is a pretty serious problem if it behaves as mentioned. I can't test all the scenarios right now (no available 2nd line) but I need to install one at a location that would suffer from these issues.

    For inbound connections like the example of an inbound FTP connection shouldn't the return *always* go down the pipe it came in on? This would be a major problem if it didn't. Another example of the same would be if one of your ISPs blocks the desired port but you send users to the WAN that should work. What happens then?

    An example that concerns me would be VPNs and session based browsing that are initiated from the inside such as a Cisco client or sites with logins. Once established shouldn't it always stay on that WAN port? I can't imagine it trying to send some packets down the other WAN port, that would simply fail or at best cause a new session.

    We can bind protocols to a specific WAN port and if that works (there are reports that it works most of the time but can also fail) what happens if that WAN port goes down? I would want the other WAN port to take over but would it if I bind something to one WAN port? It might never get there when a port goes down and the users wonder why they pay for two WANs.

    The only sure way seems to be setting up as only a failover but a very desirable setup is to leverage both ports even if it doesn't load balance. I might want my regular users to always go down WAN 1 (highest download speed) for example and all inbound connections and VoIP to come and go via WAN2 (best upstream speed). And then use WAN2 for regular users if WAN 1 goes down. I can live with that much better than a load balance that causes trouble. My clients would be doing a lot of session based activity that couldn't tolerate half the packets getting lost or causing a new login.

    My intention is to use an RV082 to replace two PC based firewalls that are working very well but use a lot more electricity than an RV would. These PC systems each do failover to the other's WAN port. I point pcs to one FW and the servers to the other. This works very well but is overkill on power consumption and space. Perhaps two RVs would be safer but the cost defeats the purpose.

    Anyone out there have some realtime experience with a dual WAN load balance setup that has session based activity and an inbound setup (port forward)? In particular what happens if one WAN goes down etc.
     
  6. Sugarmonster

    Sugarmonster LI Guru Member

    @whiny: Your situation is not quite the same as mine, in that I'm only concerned with outbound connections through both ports whereas you are talking about handling incoming ones. Your description does sound like a recipie for problems though - I guess it all comes under general remit of "handling dual WAN properly"!

    The router could possibly handle your situation, by taking note of what IP addresses were coming in and making sure that replies to that address went out of the same port they came in on. I'm stretching my networking knowledge a bit thin with that statement though, I know nothing about how difficult that would be to implement.

    And no, I've not taken it up yet with linksys support. I wanted to make sure I wasn't doing anything silly first. As it looks like I'm not, I'll describe my situation to them and see what they can come up with.
     
  7. d__l

    d__l Network Guru Member

    pablito, I have an RV082 with dual DSL connections which are unequal in speed. I've port forwarded public traffic to a network camera on the slower WAN2 without any problems.

    All the RV-series routers only balance outbound connections. If you are looking for the RV-series routers to balance inbound connections to say a web server, then you are out of luck. If however, you wish to "partition" and restrict inbound traffic to a particular WAN port, it works great. If the WAN port that hosts the network camera is down, then there is no public access to it

    As to managing outbound connection sessions, I'm still grappling with some problems. I would like my outbound traffic to primarily use my faster WAN, but inevitably if I make a connection to a web site, there are mutiple connections opened up if the site has numerous ads and it seems that most of them end up loading through my slow connection. With the old firmware this could be managed to some extent by artificially setting the faster WAN's speeds much higher than it actually is or conversely setting the slower WAN's speeds much slower than it is. This doesn't seem to work as well with the newer firmwares.

    Some people have complained that access to HTTPS sites with their RV042 will not work because the secure sites restrict sessions to one IP and not allow balanced sessions across the two WANs. The only solution in this case is to bind the HTTPS protocol to one of the WANs which sort of defeats the purpose of load balancing. I've never had any trouble like this with my RV082 and really haven't noticed anyone else reporting these problems when they use an RV082.
     
  8. pablito

    pablito Network Guru Member

    Thanks for the reply. To clarify, I don't intend to load balance inbound and suspected that it wouldn't be a problem. If I hit a particular WAN port from outside then I'll get a reply from that port.

    The outbound is going to be the problem. If we have to lock down specific protocols to one WAN port to avoid problems with session based connections appearing to come from both ports then load balancing does little and perhaps more troublesome is that we don't get any fault tolerance at all.

    I couldn't test as thoroughly as I wanted but I did notice that I would get a double login unless I nailed traffic to one WAN port. What I couldn't test with certainty was what happened if I then took down that port. Would traffic that was nailed to one port start going out the other port? This is what I'd want to happen. Priority over one port but fallback to the other if a port goes down.

    Right now testing this is difficult without interrupting the client network and potentially getting egg on my face.
     
  9. whiny

    whiny Network Guru Member

    So I guess the question we all need answered is, "how can we force the RV to use WAN1 or 2 in situation xyz"?

    There needs to be an easy way for us to specify a particular service only goes out on one port. Im SURE there must be a way.
     
  10. EricChak

    EricChak Network Guru Member

    The new bios 1.3.7.10 for RV042 make the MSN impossible using dual wan load balancing mode. Change back to previous bios working fine. Anyone have the same problem?
     
  11. moi2

    moi2 LI Guru Member

    Eric,
    Port 1863 is the default MSN port, try protocol binding this to one of the WAN ports.

    I think this is a different issue than the load balancing of streaming applications. I saw a significant improvement for binding port 1863 with MSN not disconnecting every 30mins.


    Moi
     
  12. EricChak

    EricChak Network Guru Member

    That help, thanks. By the way, the old firmware and the RV082 didn't need to set up with this port.
     
  13. Sugarmonster

    Sugarmonster LI Guru Member

    I have to say I broke the habit of a lifetime when I bought the RV042 and enabled uPnP. Frankly I got tired of constantly managing my ports and mappings so I just thought I'd let the automatic stuff have a go - so far that's worked really well, I've had no problems with messenger at all.

    The main reason I enabled it is because the RV042 does tell you what uPnP ports it's opened up, rather than some of the other ones which just say "yep, it's enabled, live with it" so at least you can see what's happening.
     
  14. orb1

    orb1 Network Guru Member

    Issues on RV082 also

    I have load balancing issues as well. Though to me I am seeing hiccups in the packets. I am trying to use Vonage on my RV082 in LB mode. However I have designated that my Vonage ATA device use the WAN1 port. I notice that when I am on a phone call packets are dropping so I miss what the other party is saying for about a second every 30s or so. I can also try pinging my ISP gateway and the packet drop happens to there as well.

    As soon as I disable the WAN2 port completely then the drops stop happening.

    Any ideas? I am running 1.3.3.5, but this has occurred in all the recent firmwares.
     
  15. Sugarmonster

    Sugarmonster LI Guru Member

    Interesting. I was starting to wonder if it was something like the RV042 not having the horsepower to handle high throughput through both ports, but I thought the RV082 had a faster CPU in it? If it does, scratch that theory...
     
  16. Ant718

    Ant718 LI Guru Member

    Hey guys, I stumbled upon this thread because I was googling for the same issues as some of you are experiencing. On our company LAN we are using the rv042 in dual-wan mode (we have 2 business dsl lines). I started noticing the annoyances of dual wan just recently and now it's getting to me. More specifically, user problems with running AIM PRO and I believe Outlook 2003 from an Exchange server. AIM PRO will pick and choose when it lets you connect, at first i didn't understand why it would authenticate but then just say "disconnected." Linksys couldnt figure it out until i decided to disable dual wan and just use a primary WAN1 connection and everything worked. Outlook 2003 does the same thing as a lot of the times it tells me it's losing connection to the server (we have a 3rd party company hosting our exchange server). What is the solution to this? I know everyone suggests port binding but how would I do that in the web management console? It asks for a destination ip in the menu, what would that be? Source IP would be my my machine or any range of ip's but what is destination?

    thanks in advance.
     
  17. Toxic

    Toxic Administrator Staff Member

    the problem is HTTPS need 1 IP address to connect with on one single session. The load balancing on the RV0x2 series should be fixed as soon as the initial connection takes place. but it doesn't.

    Linksys really need to address this issue tbh.
     
  18. Toxic

    Toxic Administrator Staff Member

    the dest IP is your Mail server IP address or where it resides on the initail WAN connection to the internet. if you only have a domain name the check out a reverse DNS lookup to give you the IP address.
     
  19. Ant718

    Ant718 LI Guru Member

    For our exchange host, I put in their server (our exchange server) ip address but for let's say AIM/GAIM, i did nslookup for login.oscar.aol.com but the ip it returns is dynamic though, so what is the solution then?

    Thanks for your answer though.
     
  20. pablito

    pablito Network Guru Member

    Trying to port bind by destination to places you can't control or is multi-IP/dynamic isn't going to help. I suggest port binding by protocol/port and use 0/0 for destination. That too can be a pain for some applications but works fine for others.

    The more certain method is to port bind internal IP to 0/0 destination over a single WAN port. You still get failover protection. Then run inbound services like Exchange over the other WAN. Email and other server protocols are much easier to bind than some client apps.

    For now this is the only way that works for me. They need to fix it but the workaround is not too bad for the time being.

    Example that works:
    Bind internal net->0/0 to WAN1
    Bind internal net/SMTP/VOiP/OpenVPN ->0/0 to WAN2
    priority high up/down VOiP/VPNs on WAN1/2
    priority high up HTTP on WAN2
    priority low down HTTP/yada ->WAN1/2
    Give out WAN2 IP for email,http, etc serving.

    If you SNMP the interfaces for analysis you can adjust the bindings as needed for better load balancing.
     
  21. Ant718

    Ant718 LI Guru Member

    Pardon my ignorance but how do I config "Port binding"... I have an RV042 and in the Web Interface I go to > System Management > Dual WAN > Protocol Binding

    Service
    Source IP : . . . to . . .
    Destination IP : . . . to . . .
    . . .
    Interface : WAN1
    Enable :

    I can select the Port (i.e. 5190 for AIM) but it won't work unless I set both a source IP (my PC) and a destination IP (which is a dynamic AIM server ip).
     
  22. pablito

    pablito Network Guru Member

    Someone can correct me if the 042 is different than the 082 but you set the the Source IP to 1-254 (your internal net) and leave the Destination IP at the default 0/0 which is any destination. That should work.
     
  23. EricChak

    EricChak Network Guru Member

    getting trouble with ftp from outside to either wan1 or wan2 address when LB is enable. diable LB working fine, tried to bind either wan1 or 2 still failed, any suggestion?
     
  24. bradolive

    bradolive Guest

    Intermittend dropping - even with 1 WAN

    I have similar issues - RV042 connected to dual business dsl lines. Uploaded the latest firmware (10) and get intermittent dropping - especially when streaming audio.

    I've even set up the router to force all of the streaming audio to one port - turned it into backup mode only - and even run it with just one dsl line.

    In all cases, it intermittently drops the connection.

    When I put in the old linksys router (WRT54G or similar) - things are great, but I need to have the vpn and dual link capability.

    Any suggestions on what to do? I've turned on and off just about every option to test.

    I also hear that if I am passing a port through (i.e. open to my mail server or web server) I cannot use the vpn functionality - is that true?
     
  25. timb

    timb Network Guru Member

    Same problem here. IRC and SSH seem to be randomly dropping. I did not have this problem before grabbing the latest firmware. (Though I was having problems keeping SSH sessions established, and as always Linksys' engineers ignore the problem.)
     
  26. Krobar2

    Krobar2 LI Guru Member

    This issue with the RV series has been around a long time, the router needs to bind sessions to single WAN ports but it does not. Port 443 had always needed to be bound since alot of secure sites get paranoid when two source IP are seen. The FTP and MEssaging issues were introuduced again in the new .10 firmware, they are issues Linksys fixed a while back and have now broken again.
     
  27. Pinchy

    Pinchy Network Guru Member

    I'm beginning to think they just want us to get frustrated with the lack of capabilities and force us to buy PIX instead... only thing for me is that if I dump the RV0XX line, it won't be for a Cisco product!!!!!
     
  28. dpbklyn

    dpbklyn LI Guru Member

    Hey all..I am having a similar problem with a 082 with firmware 1.3.5. Everything is workign OK, except two users are using AOL (I have been trying for 2 years to get them off that crap).

    These users are being disconnected 20 times a day. I dont mind binding all the AOL protocols to a particular WAN port, but I need to know what they are. Does anyone out there know what the protocols are and what ports they use?

    Thank you,

    dp
     

Share This Page