Posted: Sat Aug 08, 2020 0:46 Post subject: Lag spikes on WAN etho... is this a DOS attack??
Hello everyone,
I'm running a new R7000 nighthawk, flashed to the 06-02-2020-r43324 version of dd wrt and a wired connection to a gigabit fiber connection.
I had zero issues up until about a week ago, when I started getting weird lag spikes while playing online games, specifically first person shooters, and went to investigate.
I noticed on the dd wrt bandwidth monitor that it was receiving huge inbound traffic spikes of upwards of 1-3gbit/s on the WAN eth0 port (which from my understanding is the throughput lane for all the network traffic).
Does this indicate a DOS attack on my system, or is this an issue with the router or the isp modem that is bridged?
You do know that traffic is bursty, right? Most of the time you do not get a constant stream download, especially for things like video or system updates.
Yes, but I have a 1gbit/s connection, and the incomming spikes are over 5gbit/s and the outgoing are 1gbit/s.
I am also not downloading anything and only have my phone connected to the router at the time of testing.
Does this not indicate an issue? It seems like maxxing out my connection, even for a split second, would cause me to experience lag in a game, like my packets are delayed in that time...
Are you saying that these kind of spikes in the bandwidth monitoring is normal?
Joined: 21 Jan 2017 Posts: 1783 Location: Illinois Moderator
Posted: Sat Aug 08, 2020 3:18 Post subject:
you're not getting a D.o.S. attack, something on your LAN has bursty traffic and most likely several devices at the same time... none of it makes any sense because the ports on that router are only 1gbps and you are hitting 4gbps...so not humanly possible unless it's totaling all LAN traffic on all 4 ports...
Don't trust those graphs.
to fix your laggy games you need to use Q.o.S.
use HTB & PIE to start...
that router will die at 180-200mbps with qos on because it doesn't have enough cpu for gig speed AND qos...so pick your poison...low lag using qos and 200mps (200000kbps), or lag NO qos and gig speed....
You might be able to eek out a little more, but nothing more than 210-215mbps, so set your limits the right way. and only check the ACK box initially for TCP. the others boxes may have negative impacts on latency. _________________ FORUM RULES
Joined: 08 May 2018 Posts: 14244 Location: Texas, USA
Posted: Sat Aug 08, 2020 6:49 Post subject:
If you are on gigabit fiber, invest in an x86-based router. You are kicking yourself in the nuts otherwise. And, as always, do not expect ethernet performance out of wireless. You's beating your head on a brick wall if you do. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
I'm seeing 5...20Gbps spikes on eth0 (AC87, r43078, WAP) with a 50Mbps connection. 'In' is alwayss half of 'out'.
Nothing to worry, I suppose it is just a timing glitch when calculating the speed. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
Posted: Sat Aug 08, 2020 11:06 Post subject: Re: Lag spikes on WAN etho... is this a DOS attack??
thommy181 wrote:
Why you use that old DD-WRT build. In my opinion you should update this and make fresh configuration for your deevice.
I could not yet figure how to use Wireguard on newer builds, I think something is weird with the new settings for netmasks. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
Joined: 16 Mar 2019 Posts: 353 Location: Szczecin, Poland EU
Posted: Sat Aug 08, 2020 11:46 Post subject: Lag spikes on WAN etho... is this a DOS attack??
Read this document: https://wiki.dd-wrt.com/wiki/index.php/Wireguard and try to configure wireguard. In my opinion you should put the same netmask as ISP (I'm use this solve). If you create big own local network you can put individual mask there. I think it's not necessary generally.
The WAN side is only seeing spikes of 5Mbits/sec or 0.625 Megabytes per second. This is nothing.
On the LAN side where you have devices that you are connecting (unless it is open) those are updates to the page.... I did happen to notice while I was watching mine that it does the same thing and the in/out display had absolute value large but negative
Edit:
Added image with error spike. Not possible since wireless is disabled. This exceeded the true ability or router so it is an error.
I just updated from a January build to current (44251) and started seeing the same graph spikes for the first time (only on my LAN interface, but at around 35 Gbit where there should just be background noise) , immediately. (search brought me to this thread) I think there's a regression in the measurement.