01-22-2015 09:30 AM
We've been experiencing a system wide drop in throughput with our RAP units connected over Comcast. The throughput will drop from 15 Mbps to 1 Mbps between the hours of 8 - 11p (PST). After doing extensive network testing -- i.e. it's not a scheduled process gobling up bandwidth -- our network engineers think that Comcast is blocking UDP traffic during this time. If this is the case, I doubt it's isolated and was wondering if anyone else in the community is experiencing the same?
01-22-2015 09:49 AM - edited 01-22-2015 09:51 AM
Thank you for your feedback. I can't say I've heard this before from Comcast or any other provider. I have a couple of questions:
- How are you measuing your drop in UDP throughput during these hours?
- Is Comcast the provider for the home user or do you have Comcast Business at your controller location?
- If this is Comcast on the user's end; during this time, do you have issues with users of other providers?
- Has your organization talked to Comcast about this yet?
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
01-22-2015 10:16 AM
Thanks for the response. I've referred your questions to our network engineers.
Our controller is on Verizon and our end-users are on Comcast Residential and Business. It seems like a long shot, since I was just told that it's affecting our AT&T users too.
02-15-2015 09:12 PM - edited 02-15-2015 09:26 PM
After a couple weeks of network testing by our engineers and the guys at Comcast and AT&T, they say it's a "Peering Link" issue. The peering link is getting saturated during primetime hours (7p - 11p) with other traffic, like Netflix, that our Aruba RAP traffic is getting slowed down... hard to believe, but that's their story and they're sticking to it.
I'd imaging if it were a peering link issue, this problem would be more endemic. Dropping from 20 Mbps to 1 Mbps during these hours is painful!
05-06-2015 06:17 AM
This is a common and widely known issue with Comcast cable modem internet connections. We're also seeing it on Charter Residential. Comcast has admitted to the rate-limiting UDP traffic and told us they'll rate-limit when and where they decide it's in their best interests.
Aruba may intentionally be unaware of this because they haven't responded with an alternative VPN option. The solution most vendors have implemented is to be able to wrap the VPN tunnel in TCP 10000 or to just use IP protocol 50/51. The Aruba RAP will only allow you to use UDP port 4500 (NAT-T). More and more ISP's are starting to rate limit UDP traffic and we're having to look at other vendor solutions for our remote wireless location. It's a shame because the RAP works great and is a wonderful solution but having a 90% degradation because of the ISP rate-limiting is not acceptable to our users.
Our Aruba SE (who is one of the best SE's I've ever worked with) Xing Zhou has submitted a feature request for an option to wrap the IPSEC tunnel in TCP.
05-06-2015 06:33 AM
05-06-2015 08:43 AM
In the SF Bay Area, we're experiencing these slow downs/throttling with Comcast, Webpass, and a couple other ISPs. Interestingly, our performance improved greatly after the FCC ruling a few months ago, but we're starting to experience degredation again.