Just wanted to throw a question out to the community asking for feedback on others experiences deploying the B one 5g.
We have come across more bugs recently on a, large customer deployment, than we would expect but haven’t seen much discussed here about the same issues so I wanted to ask what, if anything others are seeing?
Things we have found over the last 3 months include:
- Sessions where there is a steady stream of traffic outbound getting moved to a tunnel breaks NAT/session as the source of the traffic is the wan address the session was leaving on. This means the fusionhub doesn’t have the return path. This needed a reboot to stop the issue and the work around is to not allow the traffic to exit the device without the tunnel (drop all traffic).
- QOS being enabled causing the b one to randomly reboot at least once per day. QOS not being turned on causing occasional reboots. (currently testing with special build)
- Random reboots after making changes on the device and clicking apply. Seen this on 8.4.x and 8.5 firmware including the special build.
I’m basically just wondering if we have got some unique use case which is meaning we are seeing issue other aren’t or is this something more common that others are experiencing?
thanks
I don’t have an exceptionally large footprint of B One 5Gs deployed, but I haven’t seen these issues (though I’m not sure I would have seen #1, but i haven’t seen #2 or #3).
Hi Christopher,
thanks for letting me know.
The first issue is linked to the fact we have lots of customers who run IPsec and GRE tunnels over our speedfusion tunnels. We see the issue where they report the ipsec or GRE tunnel as not working.
We can only see the issue with a network capture at the fusionhub side of the link, and what we see in wireshark is traffic going to the internet address of their tunnel having a source address which isn’t correct.
A network capture on the lan of the B-one (support.cgi) shows the correct source address but on the remote capture we see the source has been NAT’d to one of the WAN IP’s but then sent over the tunnel.
We think the issue happens after a reboot or if the tunnel goes down and traffic fails out of a WAN, and when the session gets pulled back to the tunnel it doesn’t get released by NAT. The work around at the moment is to drop the traffic if the tunnel is down so no nat session gets created.
I have the non-cellular version of the B One. No stability issues with 8.5.0 build 5636 firmware running. I do not use QoS and have not noticed any unexpected reboots. My uptime is currently 22 days 5 hours 22 minutes.
Do you have IPsec NAT-T disabled under Advanced → Service Passthrough?
It should be disabled when you want to forward IPSec to the FusionHub correctly.
Hi Daniel
Yeah, that’s the first thing that gets turned off.
A large number of our customers are doing ipsec/sdwan over our network, we provide them with public IP’s to their devices and they then build the tunnels from their equipment. Mostly this works perfectly except for some bugs we have encounted around send all traffic (on various peplinks).
We just seem to have seen more issues with the b-one compared to other devices which was why I threw the question out there. at the same time I’m aware we are posibly doing some rather unique configs which might be contributing to the issues we are seeing.
thanks
James
1 Like