Gah, this 2850 is driving me nuts!

I'm currently running firmware 3.6.3_RC1 so the ***!!" thing won't keep rebooting with an HTC One X connected via wifi (I have tried the 'released' edition on the Web site, but it seems older and causes the reboots to start again) and NOW I have the situation where the unit will work fine for a few tens of minutes but then performance through it tails off and ping packet loss from the LAN starts to go up until the damn thing won't respond to pings and Web traffic grinds to a trickle.

I have swapped out everything (including the 2850) and this is where I am at:

2850 connected to Internet OK (showing an 11Mbit link - about as good as I can get).

Lan port 1 (P1) is setup with a local IP address (not used) and the 2nd subnet option is in use so the port/router has one of our public WAN interface addresses assigned to it too.

For testing there's a 5-port gigabit switch connected to LAN port 1 (P1). Connected to the switch are also:

My desktop PC with another of our public WAN addresses assigned to it.

A watchguard firewall assigned another of our public IP addresses. Behind the firewall is our corporate LAN and about 8o users

The draytek's WAN IP address is the default gateway for my PC and the corporate firewall.

When I am the only device using the Internet, performance is fine and I get a 100% response when PINGing the 2850

When the corporate LAN starts using the 2850 too, PING packet loss climbs and eventually you can't PING the 2850 at all

It seems that the 2850 can't cope with any significant load.

Following these tests I am going to put back the old Zyxel ADSL router the 2850 was supposed to replace (in advance of us getting a BT infinity link).

Anyone else suffering from problems with their 2850 when they're under load?


Edit: Old Zxyel P600 ADSL router back in place and broadband speed back at expected 10-13Mbit/sec - solid performance.

correct me if I am wrong but are you running a firewall (draytek) with another firewall (watch guard) behind it?
Are they both doing NAT if there are I would put the 2850 in no NAT mode disable the firewall and give it a static IP so only the watch guard is doin the NAT and the 2850 is a router.
Do you really need both in place?

Hi,

The Draytek *is* in No-NAT mode (public IP sunbet turned on) and so is the Watchguard. At the moment the Draytek is being tested with its firewall disabled (because that job's being done by the Watchguard). I have a second 2850 setup in the same way but with the firewall rules in place and setup as a NAT router, ready to slot in when the basic testing's done and the Watchguard removed. So far, using the 2850's has been a right PITA and I am still waiting for a response from Draytek.

The watchguard is in place for historic reasons and we were lining up the 2850 to replace it, but it has to stay for now as it is paired with another one elsewhere to provide IPSec VPN tunnels (we've tried Draytek-to-Watchguard IpSec and can't make it work - that's another story).

Ultimately the Watchguard will go, but it's during testing for this that we found out that the 2850s grind to a halt very rapidly

At the moment, our nearly-three-hundred-pounds-worth-of-2850 is sitting cold in the server room while a £30 Zyxel ADSL router does the job properly. No funny.

have you tried this?
http://www.draytek.co.uk/support/kb_vigor_2ndsubnet.html

It will look slightly different on the 2850 though as you can specify 4 alias'

sicon wrote: have you tried this?
http://www.draytek.co.uk/support/kb_vigor_2ndsubnet.html

It will look slightly different on the 2850 though as you can specify 4 alias'

Cheers but that's how we have them set up already.

Draytek support want me to turn off all aspects of QoS to see what happens. Beyond that, if they still don't work as expected they'll either be gathering dust in the corner of the server room or be on ebay - and I'll once again stop using Draytek (and curse the day I went back to them after a 3 year break).

/mumble

that a shame, I know the QOS can cause a headache as it comes ON a default now when I always thought it didn't before.

Anyway I must admin I have never really used a Draytek in router only mode and I think you would be happy again if you swapped out the Watchguard and used just the 2850.
I have put the 2830 and 2850 in place on many other devices including Juniper Netscreen, Baracuda and WatchGuards and they have always been as good, If not better.

ON the Watch Guard to Draytek VPN front - that is also possible just needs a bit of fiddling. its usually down to Proxy ID