Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 4993 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall-to-Firewall RED tunnel bad pings one way after upgrade to v17.05

DevonNoonan

Ok so this one is bugging me and my company's owner is getting angry with me...

We upgrade two XG210 firewalls to v17.05. After upgrading the one firewall our VOIP traffic started getting bad. I put it off as coincidence and started applying QOS rules, it helped throughput but has done nothing for ping times. The jitter is in the 60-100 range. Previously this was low and I have tested each piece of the puzzle separately. The only trouble comes in when you cross the RED tunnel.

I used iperf3 and tested udp packets that closely resemble G.711 and these are my findings:

Site A (with problem)

- ping to internet fine

- ping to Site B fine

- UDP packets to internet fine

- UDP packets to Site B bad 

 

Site B

- ping to internet/Site A fine

- UDP to internet/Site A fine

 

I've tested the internet connection by itself and I've tested the hardware between the connection and the firewall by itself, no issues. I don't see any dropped packets in the drop-packet-capture.

Any thoughts?



This thread was automatically locked due to age.
Parents
  • 0

    A thought after the fact. I can test anything from 0-50Mbps, anything over 512Kb makes the jitter jump to 60+

  • 0 in reply to DevonNoonan

    DevonNoonan,

    I would suggest you to perform a firmware failback and check if the latency goes away.

    Otherwise open a ticket with support.

    Please let us know.

    Regards

  • 0 in reply to lferrara

    Hi lferrara,

    I did open a case with them. We ran through all the same testing and found the same results. The tech's first thought was UDP being throttled by the ISP but we set a DNAT rule up allowing incoming iperf traffic on SiteB and tested again... it was fine. It appears limited to the tunnel and only in one direction.

    They have asked me to perform a packet capture and send them in so the engineers can look. I'm doing that right now.

    I'll keep this updated for anyone else who wants to know.

    Cheers,

    Devon

Reply
  • 0 in reply to lferrara

    Hi lferrara,

    I did open a case with them. We ran through all the same testing and found the same results. The tech's first thought was UDP being throttled by the ISP but we set a DNAT rule up allowing incoming iperf traffic on SiteB and tested again... it was fine. It appears limited to the tunnel and only in one direction.

    They have asked me to perform a packet capture and send them in so the engineers can look. I'm doing that right now.

    I'll keep this updated for anyone else who wants to know.

    Cheers,

    Devon

Children
  • 0 in reply to DevonNoonan

    Hi Folks,

    Just an update in case anyone stumbles upon this. After poking around with the techs and with our ISPs etc. we came to no conclusion. I could still replicate the issue but we couldn't pinpoint a cause. In the end we switched to an SSL VPN Site-toSite setup for this and it worked right from the get-go. The latency and issues were gone. On one hand I have always felt this box was a little flaky and it may be time to update it.

     

    Cheers,

    Devon