Question about routers and access points
Hi all, I've had a Netgear XR300 serve me fairly well for the past 5 or so years, but in the last few months I've had increasingly frustrating levels of failure. Things like sustained 100% CPU utilization, individual machines connected but unable to access internet, being unable to access the router admin page, individual machines suddenly having their ping go to 500-2000ms and bandwidth down to the kB range (I have symmetric 300Mbps up/down).
As a potential, I've been eying the Firewalla Purple to become my new router for a few reasons (Netgear not getting security updates, Firewalla has Wireguard support, etc.). The Firewalla only has short-range wifi, so my question is this:
Would using a Firewalla as a router and using the Netgear device as an access point for wireless connectivity be likely to mitigate these kinds of issues?
I've realized I lack the knowledge on which aspects of connectivity would be handled by two discrete devices, so I'm hoping to suss out if this is a viable solution.
Have you tested the power supply on your XR300? If you've been otherwise happy with it before it started behaving badly, sometimes a dying power supply can cause issues. It's worth checking it with a multi-meter first or if you can secure a new power supply inexpensively to swap it out.
Also, have you tried connecting a computer via one of the wired ports to make sure it's not wireless interference? You might have a new device in your area that is disturbing the wireless signal. Also, not sure if this is applicable, but I had a wireless access point suddenly do very poorly and I later found out one of the kids in the household decided to play with the antennas and broke it while attempting to use it as a spaceship during playtime. Mom tried to put it back and it mostly worked but later when I took it apart to examine it I noticed one of the antennas internal connectors was broken.
I only mention these possibilities because if it stopped working properly in the last few months these are the sort of issues that seem more likely. Most routers don't start failing especially if you've been at 300Mbps up/down and your upstream internet hasn't changed, unless something like the above has happened. I haven't checked, but your router might have gotten compromised in which case doing a factory reset and loading the most recent firmware might be a good thing to try also, if the software is not persistent.
But if all of the above is not happening, or you're just done with the Netgear XR300, using a separate router and wireless access device does work. It's what I do at home. I use have an OPNSense router from Protectli and I use Ruckus wireless access points (used, acquired on ebay) for my wireless network and it works wonderfully. It's more expensive, but I have a much more configurable router and the wireless access points can be scaled up to handle a ridiculous number of clients. I can also swap out the wireless access points and the router independently.
I haven’t seen the advice to check the power supply yet, so that’s worth trying. Thankfully, the hardware itself should be safe since we don’t have kids and I’m rarely touching the antennas, but if they happened to be delicate or I inadvertently damaged one then I could see that as a possibility as well.
I have thought about whether network interference might be playing a role here, but what I think is strange is having a device that previously had 100 Mb up down one moment, suddenly slow to a crawl without changing our usage or location in our apartment. But that’s definitely something to investigate and see if that might resolve the issue.
Ultimately, reflashing the firmware seems like the most logical first step. Then, checking for interference and power issues, and maybe a hardware upgrade if that all fails.
Interference can be from outside sources too: new neighbors blasting WiFi on a near by channel, microwave aging, new iot device near your area that doesn’t follow WiFi rules, etc.
Also hardware failure of WiFi parts could be (but not likely) the chipset itself just aging.
Just to follow up - failing power supplies can show up as intermittent poor network performance. Sometimes when a wireless router is connecting to a distant phone for example, it has to boost the power to the antennas to get a better signal and that can tax the power supply just enough that the other components get starved for power, like the cpu or network interfaces. So if you do replace the power supply, be sure to test it with a full load of wireless devices running at once to confirm it can handle it.
Also, wireless interference usually works like that too - I worked in an office whose wireless would cut out completely seemingly at random. It turns out our neighbors on the floor below us just got some new printing/plotting equipment and when they turned it on to make some posters for clients, their devices knocked everything offline for about 5 minutes while it was running. We only found out because one of them came out for a smoke break after he kicked off the print job and one day while I met him outside he told us his phone doesn't work either during the print jobs which was why he was out there killing time. He had no idea this was affecting anyone else but the people in his office and was deeply apologetic once he realized what was going on!
I'll second the power supply as a potential failure point. I had a NetDuma R2 that started exhibiting almost identical behavior and the cause ended up being a failing power supply.
Honestly, from the 100% CPU utilization it sounds like you may have a software issue, or that your device may have been hacked to be part of a botnet. Have you tried a full software reset, re-flashing the original firmware (if possible for that model) and changing your passwords on the router ? That would hopefully wipe out and back doors that have currently been opened. The only other thing I can think of that would cause your symptoms is a hardware issue like a heatsink coming loose, causing the CPU to overheat and throttle itself.
I am not sure if you're comfortable with something like this, but I would personally try to flash DD-WRT on the router. I like to tinker and I'm really cheap. I think this link here is the instructions for the version that is reportedly compatible with your router. This does come with a non-zero risk of bricking your router, so it's certainly not for the faint of heart. It's even higher than usual because your device isn't officially supported. You apparently can't go back to the original "Duma OS" either.
I'm not familiar with that Firewalla device, but it seem very expensive for what amounts to a 2 port gigabit router. Any router that can run OpenWRT or DD-WRT can be set up as a VPN server. That said, if you are not technically minded, yet value security and ease of use
All good points. The CPU usage had me thinking about a compromised device as well since it’s just me and my wife and we do concurrent 4K streaming or gaming on multiple devices.
Thankfully, I’m pretty tech savvy, but I have been trying to figure out what level of tinkering I’m willing to do. I agree the firewalla is on the pricey side, but there is some appeal about having a lot of the insights already set up and made available in their user interface.
I have been thinking about reflashing the firmware as a step to see if these some of these issues resolve. I changed the password somewhat recently, but not so recently that I remember exactly when so that’s not a bad idea either.
It's hard to say. However things that a consumer grade router can do that are really CPU intensive and sort of above their paygrade are encryption/decryption (VPNs) packet inspection (firewalls) and dynamic routing.
The CPUs on those routers are built to be able to forward packets from one subnet to a default route, and vice versa. Doing anything beyond that stuff well requires a more powerful general purpose CPU or dedicated hardware because they involve doing fancy math. Even routing from a default route involves some not insignificant CPU time.
Switching is a far easier operation by comparison. You're just doing a single CAM table lookup. You don't need to calculate subnets or consult potentially multiple routing tables or do anything fancy. In enterprise switches this is handled by a dedicated ASIC, and so has no CPU impact at all, but I expect a consumer grade router just handles this in the CPU, but it's a very simple operation. Wifi handling is a little more complex, but I imagine most of that is also handled by dedicated hardware, even on that Netgear.
So in short, in theory, your all in one router should handle switching and wireless a lot better than it handled switching, routing, firewall and wireless, but there's really no way to know without testing it. You're not even really sure if the hardware is just operating beyond it's capabilities, or if there's actually something fundementally wrong with the device (bad CPU core, faulty memory, power issues, software bug).
I'd just buy the firewalla and test it. If you still have issues, well, you would have needed a new router anyway.
OK, thanks a ton for confirming that I’m not too far off. The QA person in me desperately wants to figure out what’s going wrong with my current router, and the other part of me wants to buy something new and move on lol
You'll want to put the Netgear router into AP mode (see page 113 of the manual: https://www.downloads.netgear.com/files/GDC/XR300/XR300_UM_EN.pdf ). Then the device you put in front will handle most of the advanced functionality and the Netgear will just provide WiFi.
Alternatively, you can operate the Netgear normally behind the other router but that will lead to a lot of problems with double NAT (especially if you play games with P2P networking, which is a lot of gameshttps://www.downloads.netgear.com/files/GDC/XR300/XR300_UM_EN.pdf), and it won't help if the problem is your netgears performance in the first place.
I was looking at getting a Turris Omnia for a while - might be worth looking into.