On Tue, 2016-11-29 at 13:34 -0500, Jared Mauch wrote:
Folks at Comcast have told me to ask for the SMC gateway to be replaced with either the netgear or Cisco to solve that issue.
Over the past year and a bit, I have had all three of the Comcast business routers in my network. The Netgear only stayed for one day - after about 10-15 minutes of "heavy" (~300kbit/s) DNS lookups coming in from the outside, it was almost impossible to make new TCP connections across the router, either IPv4 or IPv6. The SMC D3G-CCR mostly worked, except at some point during the year, the fraction of traffic going over IPv6 went high enough to wreck the D3G, causing it to crash and reboot several times a day, without having enough diagnostics for me to figure out what was going on. The Cisco DPC3941B seems to fail in pretty much the same way as the SMC D3G-CCR, but it has enough diagnostics that I could finally figure out what was happening. With "Gateway Smart Packet Detection" disabled, and the "Firewall completely disabled", the logs are still showing tens of thousands of dropped IPv6 connections every day. In other words, the config options that supposedly disable the firewall completely, do not in fact disable the firewall code, and I am still hitting connection tracking limits. DNS lookups coming from randomized port numbers (to avoid spoofing issues) mean every DNS query takes up another slot in the connection tracking table. Once the table is full, the router will search for a re-usable slot before routing a packet. This can cause ping times to 10.1.10.1 (the router) to go as high as 800ms. This is from a system sitting 5ft from the router. If the router does not find any re-usable slot in the connection tracking table, packets can get lost. This leads to the "fun" scenario where pinging the router from a system directly connected to it shows 30% packet loss, while streaming video over an already established TCP stream continues at full speed! Not a symptom I ever expected to see... -- All rights reversed