Narrowing down a internet issue

[HCHTech]

Ok, I'm struggling a bit pointing the finger of blame in this issue.

I have a small client with fiber internet from one of our local ISPs. Fiber is a new service for them, only rolled out in the last couple of months, they previously only sold Cable & DSL service.

My client has a small ONT in their network room, one fiber connection in, two ethernet connections out. One ethernet connection goes to our Sonicwall, and one goes to their phone box (phone service is also provided by the ISP). There are actually two other ethernet ports, but they have been disabled - ISP states they are reserved for "future service offerings".

For about 2 weeks now, the client is experiencing intermittent internet outages, during which none of their 5 computers can get to the internet. The phones continue to work during the outage, though. Resetting their network equipment (ISP's ONT, Switch & Sonicwall) by power cycling the UPS restores the connection. ISP sent someone out, who stated that "Since the phones continue to work, it's not our equipment".

Internet connection is DHCP. The Sonicwall is pulling an IP of 24.101.241.x, subnet is 255.255.255.0, so it's a /24 network. using the ISP's DNS. They had an outage this morning, so I rush onsite to see what's up while it's still broken.

Visual inspection of the 3 pieces of equipment during the outage did not reveal anything - All lights that should be lit are in fact, lit.

• The computers all have correct IP addresses on the LAN, I can ping their switch, ping other computers and printers, and open up the management interface of the Sonicwall. Their LAN is working fine. No sign of things like a broadcast storm.
• No computer can ping 8.8.8.8, so no connection out.
• The management interface of the Sonicwall cannot ping 8.8.8.8, so no connection out there, either.
• Releasing / Renewing the WAN connection from the Sonicwall interface pulls the same IP as before (as expected) but still no internet and cannot ping 8.8.8.8
• Plugging a laptop directly into the ONT, the laptop pulls 100.80.177.x. subnet is 255.255.255.0, and DOES have internet (ping and websites)

Next, I try setting the Sonicwall for a STATIC WAN IP, using the IP, Gateway & Subnet that the laptop had when connected directly to the ONT, plus 8.8.8.8 for DNS. There is no internet and and the Sonicwall cannot ping 8.8.8.8.

Finally, I change the WAN connection BACK to DHCP, the Sonicwall pulls the very same address it originally had: 24.101.241.x, and suddenly has internet. All clients can now ping out and websites work again.

I'm not sure I'm ready to agree that the problem here is 100% the Sonicwall. It obviously didn't have a long uptime, It's resources aren't being taxed at all, and doing a Release/Renew doesn't restore the WAN connection. That, plus the fact that plugging a laptop into the ONT pulled a completely different IP - I would have expected the IPs to be closer in range - that's not a smoking gun, just a curiosity.

It seems to me that I should have been able to get a connection with the Sonicwall when I tried manually setting the 100.80.177.x address as a static WAN. Lastly, a quick scan of the SW logs only show "no connection" errors when the connection was down, nothing leading up to that point that might indicate a problem that was ramping up.

For now, I've left them with instructions to only power cycle the Sonicwall if the internet goes down again, maybe that will help point the finger. I'm left with suspecting the Sonicwall somehow as the problem, but unable to find any evidence proving that. I'm not ready to let the ISP off the hook just yet.

Did I miss anything diagnostic here?

 

[mmerry]

Had something similar. First time, they had to replace the ONT in the network room. The second time, I think they narrowed it down to the cable from the ONT to my firewall.

 

[YeOldeStonecat]

• No computer can ping 8.8.8.8, so no connection out.

So you're unable to bring up a command prompt and type "ping 8.8.8.8"?

...//snicker snicker. You can always run a ping, the key is...if you get replies...or not...

Next time they're down, from an external resource, run a ping -t to the WAN IP of the Sonicwall, and then...the default gateway of the WAN IP of your Sonicwall. If the default/remote gateway of the WAN IP info of the Sonicwall is down, that's the ISPs CPE. Just curious. Although I'd wager a pint of Guinness that the WAN's remote gateway would still be up...and the connectivity...likely a negotiation issue 'tween the ONT and your Sonicwall.

 

[HCHTech]

likely a negotiation issue 'tween the ONT and your Sonicwall.

That's what I'm thinking as well, but I don't really know how to troubleshoot that. This ISP's fiber rollout is new in my area and we've already had a couple of trouble tickets because of it. One was that they are running some kind of carrier NAT that has to be manually disabled for any remote access to work. I've never run into that before, either. I think there might be some arcane setting I need to do on the Sonicwall for their service. I'll post back if I ever figure it out.

Also, we typically disable ping response from the Sonicwall as part of our SOP. I would need to re-enable it specifically for this test.

Edit - Ok, I think this has something to do with the CGNAT. I'm going to ask that they disable that and see if the problem goes away.

 

[HCHTech]

Had something similar. First time, they had to replace the ONT in the network room. The second time, I think they narrowed it down to the cable from the ONT to my firewall.

When I was on the phone with the ISP guy when he was onsite the other day, I asked him to replace the patch cable between the ONT and the firewall, just for fun. I did check that today and it looked ok to me.

 

[YeOldeStonecat]

K so at least next time you see your assets offline...and there's a call for "no internet"...you don't really need to get a response from your firewalls WAN...you can just jump right to running a ping to the WANs remote gateway (next hop)
We always document our clients full network info in our HUDU, so we have all the LAN/other internal networks/WAN info there.