Network troubleshooting conundrum - next steps?

It wasn't initially getting an IPv4 address but the guys at EE gave me an alternate APN to try and it gave one. Unfortunately the situation remains the same as, I suspect, the IPv6 one is being preferred as you note.

The 3 sim I have does not give any IPv6 address at all.

Nor does the JL Broadband ADSL.

So I'm pretty sure this is where the trouble is

I'm not at all familiar with IPv6 addressing or routing, so am starting from a low bar on that front. I'm wondering if there's something I can change on my LAN side network to make it understand IPv6? Though would have thought the Huawei router would handle that translation??

My 3 sim works fine as above...would like to get the EE one working ideally as it has 4x better download (moot if I can't get the bugger to work I know!) and costs about the same with the discounts I get.

There is also the "don't want to be defeated by a white plastic box syndrome"

It's a Huawei B818.

I did take the USG out of the equation. The problem I then had is that not all devices were registering correctly with the B818 as a router. I'm not exactly sure why, but that was causing bigger issues at home than the slower internet connection. So I switched it back.

I suspect it may have been something to do with all devices on the network already having IP addresses/lease times and a new DHCP server coming in to handle things.

I may give this another go this weekend (during the week is not the best time to potentially take everything down ). Not wedded to the USG, but it seemed like a decent solution to what I needed to do.

All input appreciated.

So it sounds like your set up is the same as mine.

Does your Voda sim give you an IPv6 address as it's main addres?

The EE sim can be used for tethering/multiple devices (the only constraint is a1Tb/mth fair usage "limit"). It actually works if I take the USG out of the equation and plug the 4G router straight into the network. When I tried that config, however, a number of devices wouldn't connect to the network at all (which I have a feeling was down to some sort of DHCP conflicts).

I probably need to check that config again this weekend (the connections are in heavy use during the week which limits the buggering about I can do) to make sure I wasn't imagining it. And then possibly see if I can make the general network DHCP/routing piece work for me on the Huawei and ditch the USG.

Originally via DHCP.

Thought the same as you so gave it a static in the right reserved range. No dice still. Also bound the IP to the gateways WAN MAC. No dice.

I am invested in the Unifi stac (PoE switch, APs etc)...which is part of the reason I'm keen to get this to work.

The supplier of the USG are looking into it too - unfortunately we're all on the "it should work" path at the moment.

The USG did throw a wobbler not long after first install (without the EE WAN interface on it) whereby it disconnected, then endlessly cycled through restarting and disconnected. No idea what caused it. I've asked the vendor if they think it may have a fault.

The USG evidently isn't happy with the IP traffic coming from the router with the EE sim in. Hopefully it won't come down to ditching EE or the USG, but that's feeling like the option that might present itself.

Slightly off-topic.

Don't use 8.8.8.8 as a destination for your tracert .

It is an "anycast" address , which works similar to a CDN network , in that the address can be advertised in multiple places. So the server you are reaching at 8.8.8.8 from on device is not necessarily in the same network location as you get from another network.

It can give you misleading results ( yours looks like a more local issue ..)


( RFC 4768 for the geeks )

Looks like pings to ubiquiti’s host are failing intermittently over EE which is causing the route availability to flap up and down

I have had exactly the same with my WISP (not voda)

I would confirm this by plugging a laptop into the EE modem and setting a continual ping against ping.ubnt.com, observing the response which we predict will fail frequently.

You’d then want to know if this is down to actual packet loss on a particular route to Ubiquiti’s server or whether EE are just dropping ICMP for anything. So try some others e.g. 8.8.8.8 for google DNS

You are looking to find a host you can reliably ping on this connection as that’s what the USG needs to do in order to monitor each link.

Yes, the link can be online and passing traffic, but if the USG's route monitor fails because pings are getting dropped above a certain threshold then the link will be deemed unusable by USG and dropped from outbound routing.

That's why you aren't seeing 192.168.8.1 appear as your next hop on the traceroute, and its that reflected in the info you posted - eth0 (WAN1) is shown to be inactive from a routing perspective because a certain number of pings to ping.ubnt.com had been dropped.

You can change the settings on the USG i.e. designate a different host to ping, as well as the interval and pass/fail thresholds. This stuff isn't exposed in the GUI though meaning you have to do so via SSH and then place the settings into a config json stored on the controller and delivered to the USG every time it gets provisioned, otherwise you revert to the GUI settings on restart.

I don't know exactly what it does when WAN2 is unplugged, but I have a feeling this route monitoring behaviour is always active when you have a WAN2 / second internet connection defined.

Try removing the Internet connection for your VDSL in the Unifi GUI altogether which should revert to the config to a fixed interface without the load-balancing and route monitoring aspects. Then try pinging some hosts which you could monitor, from the USG itself in a SSH session. You want to establish a continuous ping which rarely fails.

I found the default ping.ubnt.com wasn't very good and I was having the same problem you are, and found advice from others online suggesting than monitoring an IP rather than a FQDN worked better, by taking name resolution out of the equation. I have alternated between several of the public DNS providers which reply to pings - you can see in the config I posted above I was using 1.0.0.1 as my route monitor, which is Cloudflare's secondary anycast IP.

Try this config to change the IP monitored and also relax the thresholds slightly. Reboot the USG to reinstate the original config.

configure
set load-balance group wan_failover interface eth0 route-test type ping target 1.0.0.1 [or whatever IP you choose]
set load-balance group wan_failover interface eth0 route-test initial-delay 10
set load-balance group wan_failover interface eth0 route-test interval 10
set load-balance group wan_failover interface eth0 route-test count success 2
set load-balance group wan_failover interface eth0 route-test count failure 4
save;commit;exit

Looks to me like EE isn’t passing ping reliably - can you plug a device into the LTE modem directly bypassing the USG, and see if you can ping these same IPs from there?

That config won’t persist if you reboot the USG - it will re-provision your config as configured in the controller.

It also looks like you have set test count failure to 10 which means 10 consecutive pings need to fail before it deems the host unreachable and drops the link.

(I set it to 10 to give chance to see what was occurring Also, the USG has been rebooted a few times, reprovisioning in the controller and this config is persisting).

I tried the ping earlier whilst directly attached to the router and it worked (avg response 30ms).

The IPv6 address is the result of me setting IPv6 to DHCPv6 in one of my previous looks. Set it to disabled and it shows nothing now (as expected...and also with no change to the situation).

(Thanks again for the input btw).

They do - and the APN I was using didn't even offer an IPv4 address (whatsmyipaddress shows it "not detected").

They gave me another APN to use which does allocate an IPv4 address, but the IPv6 one still looks to be the primary.

The vendor support guys (who have been great thus far. As have EE's technical team) asked me to drop them the "show configuration" output...it's a pretty big file but scanning through it I noticed this:

ipv6-name WANv6_IN {
default-action drop
description "packets from internet to intranet"
rule 3001 {
action accept
description "allow established/related sessions"
state {
established enable
invalid disable
new disable
related enable
}

As far as I'm aware I have the USG firewall off. But the above looks like a rule of some sort that drops IPv6 packets which if it were happening would explain my situation! I haven't read the above in context of the rest of the file yet, but will get to that today (assuming the vendor/Ubiquiti don't come back first).

Have you renewed the DHCP leases on the clients when you make a change?