Issue with Nextcloud Upload Speeds over HTTP/2 and HTTP/3 on TP-Link ER605 Omada
I am experiencing an issue with my Nextcloud setup, specifically related to upload speeds when using HTTP/2 and HTTP/3 protocols, and I suspect it might be related to my TP-Link ER605 Omada router's configuration or the Omada Software Controller settings.
First, i have a gigabyte connection, CAT6 cables.
Here's a brief overview of the problem:
- With HTTP/3 enabled in NPM, upload speeds are significantly low, around 50Mbps.
- When using HTTP/2, speeds improve slightly to 80-90Mbps.
- Disabling HTTP/2 altogether increases speeds to 140-160Mbps. However, I've been advised by the Nginx Proxy Manager (NPM) developer not to disable HTTP/2 for compatibility and performance reasons.
My setup includes using NPM as a reverse proxy, and my router is the TP-Link ER605, managed via the Omada Software Controller. Port forwarding is configured for ports 80 and 443 to the NPM's IP address.
Could this issue be related to the Omada Software Controller or specific settings on the ER605 router? Are there any recommended settings I should try toggling on or off to address these speed limitations without compromising on the benefits of HTTP/2?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
It was the damn router or software controller! I just reset them all, ER605, SG2008 and of course, software controller.
Definitely this was a bug and it needs to be fixed!
full story: https://github.com/nextcloud/all-in-one/discussions/4307
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
So, I read through your GitHub. I don't think it is a controller issue.
There is nothing changed in the firewall settings which I think they don't correlate to your problem. These firewall parameters are default.
I would assume that there is something on your NPM setup. Something like cache size or threads should be increased to enable a faster and multiple-session connection.
If possible, you can bypass the router. Connect your server PC to the ISP fiber/line to check if you can get a full 600Mbps upload on the bare connection.
- Copy Link
- Report Inappropriate Content
@Clive_A But it was related, unfortunately. I reset everything, software controller, ER605 and the SG 2008 switch. Before that, I disabled Deep Packet Inspection, and every time I deleted the logs it seemed to work... for the first time, the speed jumped to 500mbps, so it works.
After a few hundred mb uploaded to nextcloud, I received a warning in the log again and the upload fail, "Detected TCP SYN packets attack and dropped *** packets", although these settings were completely turned off, all the options from settings really. Of course, I rebooted the router after modifying them, but this still appeared in the log. I also tried force provisioning, but the upload was always limited after this detection.
I reset everything and now the problems are gone. I wasted almost 2 months trying to find a fix for NPM or Nextcloud, when in fact the problem was with Omada. Before I had an AX1500 router and I had absolutely no such problem.
And this is just one problem, I had a lot of other problems that I prefer to forget and regret that I chose Omada, because the support is 0 to none when you need it.
It seems that you are the only one responding on this forum for some time. TP-Link should make some more hires if they want to stay on the market.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
psychedelicu wrote
@Clive_A But it was related, unfortunately. I reset everything, software controller, ER605 and the SG 2008 switch. Before that, I disabled Deep Packet Inspection, and every time I deleted the logs it seemed to work... for the first time, the speed jumped to 500mbps, so it works.
After a few hundred mb uploaded to nextcloud, I received a warning in the log again and the upload fail, "Detected TCP SYN packets attack and dropped *** packets", although these settings were completely turned off, all the options from settings really. Of course, I rebooted the router after modifying them, but this still appeared in the log. I also tried force provisioning, but the upload was always limited after this detection.
I reset everything and now the problems are gone. I wasted almost 2 months trying to find a fix for NPM or Nextcloud, when in fact the problem was with Omada. Before I had an AX1500 router and I had absolutely no such problem.
And this is just one problem, I had a lot of other problems that I prefer to forget and regret that I chose Omada, because the support is 0 to none when you need it.
It seems that you are the only one responding on this forum for some time. TP-Link should make some more hires if they want to stay on the market.
So, HTTP/2, it is TCP. That might trigger TCP SYN packet attack.
"HTTP/2 is based on the TCP protocol. HTTP/2 employs multiplexing technology over a single TCP connection, allowing multiple requests and responses to be transmitted in parallel, solving the head-of-line blocking problem present in HTTP/1.x versions. Moreover, HTTP/2 introduces features such as header compression and server push to optimize performance and reduce latency."
But I still hold a grain of salt here as it is over a single TCP connection.
While /3 seems to be UDP. I cannot relate it to the TCP SYN.
I recall DPI would only block if you enable it for blocking purposes. Or it only records.
You can contact the email support and will get a reply all the time. Forum workload so far is not overwhelming and it is split by a co-worker who's in charge of the Controller and WIFI.
So, overall, it is a myth and I am not convinced by the remarks so far. I am pretty sure it should not be a firewall issue as your Github showed pretty much the basic setting of the controller default. I would assume that you disabled Hardware Offload before the reset?
- Copy Link
- Report Inappropriate Content
@Clive_A Hardware Offload was enabled all the time, even now it is active. There was definitely a bug somewhere, considering that the NAT didn't work either and many times the ports were either closed or open. The router restarted itself almost daily, even twice a day. Now it seems he doesn't do that anymore, because I'm already on the 4th hard reset.
And like i said before, those security features were completly disabled, but the logs were still filled with that TCP SYN packet attack detection. Now I'm going to leave it as it comes from the factory by default, because I'm afraid mess it up with the settings again.
I thank the GPT chat for telling me to disable deep packet inspection, otherwise I wouldn't have realized that the router was actually the problem. I'm sure that DPI was not the cause of this issue, maybe only some performance hit on it, but that made me realize that the settings were somehow not being applied on the router.
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
psychedelicu wrote
@Clive_A Hardware Offload was enabled all the time, even now it is active. There was definitely a bug somewhere, considering that the NAT didn't work either and many times the ports were either closed or open. The router restarted itself almost daily, even twice a day. Now it seems he doesn't do that anymore, because I'm already on the 4th hard reset.
And like i said before, those security features were completly disabled, but the logs were still filled with that TCP SYN packet attack detection. Now I'm going to leave it as it comes from the factory by default, because I'm afraid mess it up with the settings again.
I thank the GPT chat for telling me to disable deep packet inspection, otherwise I wouldn't have realized that the router was actually the problem. I'm sure that DPI was not the cause of this issue, maybe only some performance hit on it, but that made me realize that the settings were somehow not being applied on the router.
DPI and IDS would be demanding in CPU. That would affect the overall Internet speed and this is known.
Since this cannot be replicated as you have reset it, will discuss if someone has the same problem with a backup. That'll be worth a further investigation.
But thanks for bringing this up on the forum as a piece of record.
TCP SYN has a solution post:
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 592
Replies: 6
Voters 0
No one has voted for it yet.