Zyxel AX7501-B0 - NAT sessions / packets drop (both wired and wireless)

nonsens3

I have a Zyxel AX7501-B0, running V5.15(ABPC.0)C0 firmware.

I also self-host some services and run experimentations from home, and this is currently the main router (considering changing it).

Today I noticed that if I start too many TCP connections (that need to be NATed), I start having terrible packet loss (like 50%) both over wired and wireless connections, without any errors/warning on the router side.

If I go to System Monitor → Traffic Status → NAT I currently see about 1200 NAT sessions in total on my network, but with the experiment I ran today, I was seeing about 2500 NAT sessions when the packet loss was occurring.

How can I debug this and find out what the limits of the router are, given that it displays no error messages in the logs as far as I could tell?

The Total percentage on the Traffic Status → NAT page is also not accurate — currently it says 38-40% with about 1200 NAT sessions, and when I had 2500 NAT sessions it was at about 60%, but obviously there seems to be an issue with the number of connections and/or packets I was processing.

——Ideally I'd like to be able to serve a lot more connections/packets over this router, but I realize I am probably hitting its limits, and trying to figure out what these are.

nonsens3

Under NAT → Sessions I have the following setting:

MAX NAT Session Per Host: 2048

As mentioned above, I had about 4 hosts that were creating a lot of traffic (with 500 NAT sessions according to the Zyxel page, but with about 3000 established TCP connections each, according to netstat -an|grep ESTABLISHED | wc -l so it looks like I was under the NAT session per host limit, but still that resulted in a huge ~50% of packets dropped (both for wired and wireless connections).

Reducing 4 hosts to 2 hosts, and now seeing ~1300 NAT sessions, results in 0% packet loss.

tonygibbs16

Hello @nonsens3

Welcome to the forum.

The user guide for AX7501-B0 says the following about the number of NAT per host:

So you may well have hit an issue, but reducing the number of NAT per host seems to help you.

- the router gateway might be running out of memory or processor speed…

- the datasheet, see https://eyenetworks.no/wp-content/uploads/AX7501-B0_Datasheet_5.pdf , does not give a total throughput or goodput figure in the way that Cisco does for some of their devices, e.g. backplane speed of a switch.

You might also want to try the V5.15(ABPC.1)C0 firmware available at https://support.zyxel.eu/hc/en-us/articles/360019108619-Zyxel-security-advisory-for-DNSpooq to see if it is better.

I hope that this is helpful.

Kind regards,

Tony