Pace 5268AC - DMZplus Bug | Workaround provided, input welcome

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
5 posts Page 1 of 1
by ftffttn » Thu Feb 28, 2019 10:42 pm
Hi all,

Several weeks ago, I noticed that SSH connections to a remote AWS host would freeze or hang intermittently whenever a moderate amount of text output was received. By "moderate", I mean a normal system update command like apt update or viewing a log file via cat <log file>, or using scp to transfer config files.

Basically, this issue had all of the earmarkings of an MTU issue. I spent a good amount of time diagnosing the problem, which was earmarked by the following symptoms:
    1. Used tcpdump on the remote host and determined that the remote host wouldn't get an ACK from my computer, resulting in the host retrying the packet.
    2. Tcpdump on my computer indicated that the ACK was sent
    3. My computer would retry the ACK
    4. My computer would receive packet retries from the remote host
    5. The remote host wouldn't receive any of the ACK retries from my computer

What made this especially frustrating was that no hardware on my end changed in the 2 years since I've been a Sonic member (not the router, computers, or the Pace 5268AC). Even worse, the "DMZplus" setting had been enabled for my router the entire time, and you'd think that this would be the last place a problem would originate.

The Fix
After much trial and error, I did a factory reset on the modem, disabled "DMZplus", and reinitiated DHCP for the 5268AC and SSH works properly again. I can cat 6MB+ log files with ease. However, if I reenable "DMZplus" for my router and reset DHCP, the SSH problem returns. There is a catch, however. With "DMZplus" mode off, my router has to use the 5268AC's firewall, which severely limits the usefulness of the service...

In short, the issue appears to have been caused by a firmware glitch on the 5268AC. This problem began around the time I received the "11.1.0.531418-att" firmware update. Hopefully, this helps someone else who is experiencing the same problem. In the meantime, I'd love to find a way to bypass the 5268AC, switch devices, or bring my own FTTN compatible modem, like the BGW210-700. Heck, I'd be OK with continuing to pay the modem rental fee if I could use a device that can actually bridge.

Any Input?
I've spoken with a number of friendly Sonic technical representatives, but they tend to default to the "yeah, this is your problem since you're running your own router." However, it's not unforeseeable that customers would want to run their own network hardware in lieu of what AT&T provides.
by chirano » Fri Mar 01, 2019 12:46 pm
Your diagnosis that the firmware is the culprit is probably right. On DSLReports, AT&T customers report that this version of the firmware causes a significant performance hit when DMZPlus is used. My connection speed has dropped to about 40 Mbps with DMZPlus enabled compared to 50 Mbps when it's off.

AT&T is presumably aware of the issue, but it seems the company doesn't care about it enough to roll back the firmware or issue a bug fix. The only "fix" currently appears to be to get AT&T to replace the Pace with a non-Pace gateway.
by ftffttn » Sun Mar 03, 2019 12:32 am
@Chirano, thanks for the reply

Firmware is definitely the issue. I downgraded my firmware to an older version and SSH works as expected with DMZplus enabled. One of AT&T's reps even mentioned a work around after acknowledging (a first!) this bug:

https://forums.att.com/t5/AT-T-Fiber-Eq ... 5153#M7940

For what it's worth, if this were due to something on my end, I'd consider it a learning experience. However, this is a problem with AT&T's hardware. AT&T insists on exclusively controlling all aspects of their hardware, yet they can't get it right. They've been charging us for 3 months since the bug was deployed and have yet to deploy a fix. Worse yet, we're obligated to deal with it because their only competition is Comcast. My network's finally working as expected after I got involved and wasted a lot of time troubleshooting what would otherwise be considered an MTU glitch. And to add insult to injury, AT&T's previous firmware leaves the 5ghz wifi radio on, with no way to disable it.
by ftffttn » Mon Jun 17, 2019 10:47 pm
The most recent update (11.2.1.531810) was released by AT&T several days ago. While SSHing in to my box from work, I noticed that pip3 and apt-get were freezing up. Strange. I confirmed that the latest firmware update had been automatically installed on my 5268AC, did a factory reset, and reconfigured DMZ+, but the glitches (described above) that I experienced were not resolved. What a pain.

I downgraded to 10.5.3.527283 and everything works as expected; however, this shouldn't be considered a long-term or stable fix. Unfortunately, Sonic can't provide a workaround or fix for this AT&T induced problem, and Fiber isn't coming to my neighborhood anytime soon, so I'll be evaluating alternate ISPs.
by willtull » Wed Jul 31, 2019 3:15 pm
This definitely sounds like the PACE firmware issue which causes problems with DMZPlus enabled. Neither Sonic nor AT&T were willing or able to solve this despite many people reporting the issue on the AT&T forums. I finally bought my own Arris BGW210 which immediately fixed the issues.
5 posts Page 1 of 1

Who is online

In total there are 8 users online :: 1 registered, 0 hidden and 7 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: Google [Bot] and 7 guests