Just wanting some advise or areas to investigate, so I can test this problem further or maybe suggest to 2Deg some other areas.
Ive got a Draytek 120 bridged to a WRT54GL access point running tomato. Behind these are an assortment of laptops, mobile devices, Win2k8 server, VOIP adapters etc. The house is a new build (appro 7 years old).
For the last 3 days, around 7am, our ADSL effective speed has dropped from its normal 9 Mbps (we are a wee way form the cabinet) to .6 Mbps. The negotiated connection in the draytek is still rock solid and in its normal 10788943 (for eg) area. From all indications the connection is good to go ... but download speed is non existent.
No amount of rebooting Modems/Routers etc will restore the download speed.
On the 1st day it occurred 2Degree :
* Reset the port - no success
* Ran a 24 hr port monitoring.
The strange thing is that whilst Im chatting online with 2Deg support (approx 11am) ... the speed all of a sudden returns. No reboot, no dropping connection ... it all of a sudden is working 100% normal.
On looking through the various IP monitoring and Bandwidth monitoring on the Tomato router I notice there is very very steady incoming traffic around .6/.7 Mbps ... and not attributable to any IP address internally. Start to think DoS attack or some sort of flood. So enabled syslog server at this point.
Next day, same thing. Around 7am (only cause thats when I first started using the connection and having issues) its down to a crawl. This time on a call tro 2Deg and around 8:30 or so ... wham ... all of a sudden its full speed again. This time there is no associated incoming traffic which cant be explained. The 24 hr port monitoring wasnt complete so said I would get back to them the next day.
Now today. Same thing. Around 7am or so, speed down to .6 Mbps (this is measured by speedtest.net). On the call to 2Deg and at 8:30, mid call so no reboot, reset or anything .... speed returns.
The results of the 24 hour probe supposedly showed
* Some untwisted wires
* Some transmission errors
* 9 spontaneous resynchs which occurred at the same time as the line being maxed out
* some disconnection and bit swapping
The only large downloads done on the 10th (during the probe) would have been the WSUS Server downloading some updates for internal machines.
Ive configued the Drakteks DoS feature but nothing has come from that. The Tomato router does have port forwd in place, but nothing beyond the normal :
* 2Talk src addresses to destination ports internally
* FTP src addresses to destination port on FTP Server
* port 80 to my DEV web server
* port 25 for mail
* port 123 for NTP
* and some PPTP and L2TP ports.
Im not really skilled in analysing router log files but from a cursory glance there is a number of dropped packets (as would possibly be expected with a static IP), but nothing stands out.
It just seems so strange that it is so regular and the restoring of service doesnt involve any reboot etc. After some of the dramas we have had in the past month with Chorus disconnecting ports and us losing all services (they were connecting some other house for a telephone and we lost everything) I wouldnt be surprised if someone somewhere is playing with things and tey happen to start work around 7am!
Cheers
Craig
(PS. Have also posted this to the Geekzone 2Deg forum, but thought maybe there would be more people here)
Trusted
Geekzone
