May have identified FiOS router slowdown problem
Last time, I noted how my Verizon-supplied ActionTec router seemed to flake out after a week or so of heavy use, such that its DNS requests started to fail. I switched my internal router to use OpenDNS instead of the router’s own internal DNS, thinking that would solve the problem.
Perhaps not surprisingly, it didn’t. However, when I awoke this morning to find my router performance sucking again, this time I poked around the logs on the ActionTek router a bit more. I ran across this gem in the security log:
Jun 30 11:48:52 2007 Firewall Error Firewall internal NAT Error : connection pool is full. No connection created
Aha. That does make sense. If the NAT table is full, new connections will come at the expense of older ones.
So, how can I increase the size of the NAT table, or somehow otherwise resolve this issue?
Well, poking around the GUI I see no options to control the size of the NAT table, so I’ll have to find a way to get it to not use a dynamic NAT table. Fortunately the router has a ‘Static NAT’ option, which allows you to configure an IP on the internal LAN, an IP on the external WAN, and instruct the NAT subsystem to map ports directly from one to the other, avoiding the need for a NAT table.
Sadly, this option doesn’t let me specify ‘whatever the current WAN IP address is’, so depending upon how often Verizon expires my public IP, I may have to fiddle with this setting. I knew FiOS was too good to be true.
UPDATE: Thanks to a pointer from Christian in the comments, I got the Actiontek router into bridge mode, and my NAT problems are over.
July 24th, 2007 - 21:31
Change ActionTec Router to bridge mode
Just got my FIOS, and running into some of the issues you described. Ran acorss this link to turn actiontec router into bridge mode, so I can use my linksys router with dd-wrt instead. this might help both our situations. Figured I post the link info in case you wanted to peruse:
http://www.dslreports.com/forum/remark,17679150?hilite=bridge+actiontec
Cheers,
Christian
November 11th, 2008 - 20:38
I just got off the phone with verizon for about an hour trying to explain to the level I tech what the problem was. After he finally realized that I wasn’t playing xbox (not quite sure why he thought i was to begin with) and assured me that Verizon did not support xbox servers (well no shit) we started getting down to finding out how to fix the problem. Lone and behold he spoke to some level II network tech for about 20 minutes and decided it was time to call Actiontec, which is where he talked briefly for a few moments and then I was taken off of hold and he explained to me what the Actiontec rep said. They said that it was a known issue and it would be “fixed” in the next firmware release. In which, of course, him nor the Actiontec rep knew exactly when that was. The only suggestion that was somewhat obvious and is probably the only way for most steam users (other than bridging your router) to fix the issue is to try and refresh the list in smaller increments. Use a lot of filters. Hopefully this gave some insight for the people who don’t want to sit on hold with verizon for an hour like I did. Maybe my next call will be to Actiontec.
November 21st, 2008 - 16:37
I got Verizon FiOS back in June 2008, and immediately noticed the issues, and rebooting the router didn’t solve the issue all the time. Verizon support listened, but didn’t know the root cause, nor knew where to go for escalation except to send someone out… to no avail. After I told one support engineer of what I found about the known problems with the ActionTec router, he was very appreciative, and was honest in saying that Verizon would have to take it up with ActionTec, and/or I would have to call them for support (since it was a vendor hardware issue)… so we’ll most likely have to wait for a firmware update, or for Verizon to start using another vendor.
There has got to be a way to allow for higher connections, or some service that can automatically clean the NAT table without rebooting the router. I’ve poked around the GUI as well, haven’t found much to indicate a way to solve this issue.
Sucks because I do believe the Verizon service is better than Comcast, but FiOS is limited on their success due to their friggin hardware vendor… seems like an easy solution?!
Thank you to all, especailly anelson for the original post, and Matt for going through the pain that I was reluctant to do with ActionTec (and validating what the expected results would be).
November 21st, 2008 - 16:49
I suggest you put the router into Bridged mode as I noted in the update at http://apocryph.org/finally_got_fios_router_bridge_mode . Since I’ve done this, it turns the router into a glorified network interface card, and I let me OpenBSD firewall do the NATing. Now I can saturate the pipe with no problems.