[ale] Is It Possible... Jacktrip or Jamulus KILLS Cisco Router??

neal at mnopltd.com neal at mnopltd.com
Mon Feb 22 22:12:07 EST 2021 

Ok, replacement Cisco RV180VPN arrives from Ebay today.

Flash with latest firmware, load the config, and put it in.

aaaaaaaaaaaand, 20 minutes after starting the Jamulus client, it fails 
the same way.

So, the only thing interesting/unique about a Jamulus client on the LAN 
side is that it is sending data on UDP port 22124.  So, there is a Port 
Triggering rule on the Cisco.  Which means it is supposed to keep track 
of who opens this port outbound so it can match responses up when they 
come back?

IS IT POSSIBLE that Cisco failed to test this thoroughly?  And with a 
client beavering away sending constant compressed audio it overruns its 
internal data? Since this product is recently at End-of-Life we cannot 
ask Cisco.

Now, practically, there is only ONE client on the LAN side which is 
sending data on UDP port 22124: the one Jamulus PI box.  (remember? I 
said linux/raspian WAS involved)  Can't I logically remove the Port 
Triggering rule, and just Port Forward all UDP 22124 to the Jamulus PI 
box?  (which has a static DHCP address)

regards,

Neal

On 2021-02-16 10:21, neal at mnopltd.com wrote:
> Subsequent failure last night looks like the Cisco Router crapped in
> its own nest.
> 
> From the router itself:
> 
> traceroute to 75.75.76.76 (75.75.76.76), 10 hops max, 40 byte packets
>  1  * * *
>  2  * * *
>  3  * * *
>  4  * * *
>  5  * * *
>  6  * * *
>  7  * * *
>  8  * * *
>  9  * * *
> 10  * * *
> 
> From a PC trying to access other DNS servers:
> 
> PS C:\Users\sanctuary> nslookup - 1.1.1.1
> DNS request timed out.
>     timeout was 2 seconds.
> Default Server:  UnKnown
> Address:  1.1.1.1
> 
> PS C:\Users\sanctuary> nslookup - 208.67.222.222
> DNS request timed out.
>     timeout was 2 seconds.
> Default Server:  UnKnown
> Address:  208.67.222.222
> 
> Trying traceroute on cisco after reboot (jamulus was still running):
> progress.com: Temporary failure in name resolution
> Cannot handle "host" cmdline arg `progress.com' on position 1 (argc 3)
> 
> 2nd reboot after shutting off Jamulus and it is ok.
> 
> So it sure looks to me like the NAT code in the router is garbled
> under this load.
> 
> Hopefully replacement router showing up today and we'll flash latest 
> firmware.
> 
> 
> On 2021-02-14 06:16, Neal Rhodes via Ale wrote:
>> That's a great idea, at least for diagnosis, since I can cause this
>> failure any evening I want.
>> 
>> I can at least force an nslookup on a PC to use those and see if it
>> works or not.
>> 
>> One really really weird thing: I noticed three warnings in the Cisco
>> logs maybe-about the time of failure complaining that IPV6 was not
>> configured.  Which it is not.  Ever.   Did the Cisco get a wild hare
>> and decide to NAT all the DNS traffic through IPV6?
>> 
>> Thanks and regards,
>> 
>> Neal
>> 
>>> Have you tried using another public DNS service instead of Comcast.
>>> I’ve found Comcast DNS to be extremely unreliable and I use a
>>> combination of OpenDNS (208.67.222.222 and 208.67.220.220) and
>>> Cloudfare (1.1.1.1 and 1.0.0.1).  I’ve heard others use Google or
>>> Comodo.   All of these are publicly available.
>>> 
>>> Ray
>> 
>> On 2021-02-13 21:59, Raylynn Knight wrote:
>>>> On Feb 13, 2021, at 2:37 PM, Neal Rhodes via Ale <ale at ale.org> 
>>>> wrote:
>>>> 
>>>> I will apologize in advance for not taking some of the advice given 
>>>> on our church WAN/LAN regarding making 10.1.10.X see 192.168.x.x.
>>>> 
>>>> The stock small business Comcast router setup is what they call 
>>>> "virtual bridge mode", meaning no firewall, and being a hybrid 
>>>> voice/data configuration any significant changes risks bringing the 
>>>> whole house down.  With no support from them to get it back up.
>>>> 
>>>> I have the access we need working, retaining our Ubuntu audio server 
>>>> on the comcast side, and letting our cisco router act as firewall, 
>>>> and I haven't brought down questions about murky security issues. 
>>>> yet.
>>>> 
>>>> BUT this has to be one for the record books... Configuration:
>>>> 
>>>> Comcast Router <==> Cisco RV180vpn Router <==> 192.168.x.x: Virtual 
>>>> Studio/Jambox
>>>> +Ubuntu Jack/Jamulus
>>>> 
>>>> Comcast router, with Ubuntu server running Jacktrip and Jamulus.  
>>>> Normal Comcast 10.X.X.X network.
>>>> 
>>>> Cisco Router providing 192.168.x.x LAN behind it.
>>>> 
>>>> Now comes the weird part... outside VS boxes can hit the Jacktrip or 
>>>> Jamulus all day, for hours, no problem. JackTrip uses TCP port 4464, 
>>>> and UCP 51002-62000.   Jamulus just uses UDP 22124.   Once fired up, 
>>>> these are wailing away sending either uncompressed (jacktrip) or 
>>>> compressed (Jamulus) audio.
>>>> 
>>>> BUT, fire up the VS box on the LAN, connecting to the Jacktrip or 
>>>> Jamulus server sitting on the Comcast box, and within 2 hours 
>>>> NOTHING on the LAN will be able to get DNS service.   Not 
>>>> immediately, but within 2 hours.   The Cisco box doesn't fake DNS; 
>>>> it tells clients to hit 75.75.75.75, or 75.75.76.76, the standard 
>>>> Comcast ports.   The DNS failure is visible both in the Cisco 
>>>> router's Diagnostic tools, AND from a browser, AND from nslookup on 
>>>> a PC.  The Ubuntu box outside the LAN continues to have normal DNS 
>>>> responses.
>>>> 
>>>> We can still PING external hosts we have an IP address for.    I was 
>>>> able to ping my house router.
>>>> 
>>>> This has happened three different days, and in each instance, a 
>>>> simple reboot of the Cisco router has resolved it for days.   Until 
>>>> Virtual Studio or Jambox is started again.   Today, being Saturday, 
>>>> there was NO activity besides me.
>>>> 
>>>> And on Sundays, we have been streaming video without incident.
>>>> 
>>>> The Cisco RV180VPN is in fact not running latest firmware.  I have 
>>>> another coming (I hope) on Ebay and will flash that with latest and 
>>>> try it.  Beyond that,  what?   I guess we could buy a brand new 
>>>> router with current support...
>>>> 
>>>> From a local PC: nslookup
>>>> DNS request timed out.
>>>>    timeout was 2 seconds.
>>>> Default Server:  UnKnown
>>>> Address:  75.75.75.75
>>>> 
>>>>> google.com
>>>> Server:  UnKnown
>>>> Address:  75.75.75.75
>>>> 
>>>> DNS request timed out.
>>>>    timeout was 2 seconds.
>>>> DNS request timed out.
>>>>    timeout was 2 seconds.
>>>> DNS request timed out.
>>>>    timeout was 2 seconds.
>>>> DNS request timed out.
>>>>    timeout was 2 seconds.
>>>> *** Request to UnKnown timed-out
>>>> 
>>>> I also tried nslookup - 75.75.76.76 with identical results.
>>>> 
>>>> My wife suggested I should run a traceroute to the DNS server when 
>>>> it's working, and then again when it fails.  I should listen to her 
>>>> more often.
>>>> 
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list