XR1000 - Configuring Traffic Controller for Parental Controls

[Taha]

My setup - fiber to AT&T required gateway in bridged / IP passthrough mode to the XR1000 (wireless disabled) - direct connect some devices, wireless via Orbi in AP mode. Shouldn't impact the question, but just in case. Running the latest .64 firmware available for the XR1000, and I did a factory reset after the firmware upgrade, so everything is clean as of yesterday. The intent is to use Traffic Controller Rules to block services and devices at different times. But it isn't working exactly as expected, and finding that some options aren't clearly documented. 

Goal 1 - set some off hours for kids devices. That was easy - new rule, select the devices, all traffic, highlight the hours they are asleep, and block. Works perfectly.

Suggestion - allow creation of device "groups", and then let those be the target of the rules. It could even be as simple as doing things to all devices of a certain type (phones, smart home), although more granularity would be good. Right now the options are just all, or manually clicking through a list each time. Not as good if you have multiple rules and schedules applying to the same devices. Workaround - name related devices with a unique letter at the beginning for each group, so they at least show up together.

Second goal - block youtube and social media all the time on certain devices. And I don't want to block spotify. This is harder - new rule, select the devices - now what? Applications only includes a list of games, not relevant. Port based doesn't help with particular websites. "Category" is promising - includes "media" and "social media". Checked both. Success on social media - facebook and twitter are blocked. Not on Youtube - still gets through with no issues. But Spotify is blocked. I have also tried Livestream (didn't touch either). So Spotify and youtube are apparently different categories, which is good.

Questions - is there a list somewhere of what each category includes? Where would I find youtube, and what else is in the same bucket? Is this sorting by preconfigured site lists, or some type of matching algorithm (assuming the first). If there is a site not included, how do I add it or cover it, or is that even possible in this interface?

Is there a way to do what I am describing that can be flexible with a schedule, limited only to selected devices, and customizable with a list of places to allow or deny? The router is definitely capable of doing all of that, but it is not clear that the interface provides any way to do it.

I have looked at adblock as an option. Created a block list that just includes youtube (domain type). See screenshot. But two issues - one, it doesn't work. Nothing gets blocked on any computer. And two, if it did work it would hit all the computers in the house that did not have adblock paused, which is not really my intent here. I want youtube available on the family TV in the living room, just not on kids devices in their bedrooms. And not necessarily all the time - adblock has no scheduling. But trying it anyway.

I manually added the default list after taking this screenshot per the instructions here. They work, but the youtube rule doesn't. So adblock is turned on and working. I had this same issue in a much earlier version of adblock as well, so maybe there is something wrong with that list configuration?

I have also looked at Netgears builtin options - in fact, I used this on the orbi. Settings / Content Filtering / Block Sites / Services / Schedule. This can work, but it is indiscriminate in blocking on all devices, there is only a single schedule, and you can only make one exception. The limitations of this are why I am not using the orbi in the first place. It can only do a small piece of what I want.

Still looking forward to DumaOS 3.2, hoping that will improve things on many fronts. I have been excited about the potential of this router with Netduma's software (and the promise of Rapps) since I first got it - several years in it has improved a lot, but still has a lot of unrealized potential.

 

[Netduma Fraser]

Thank you for the detailed post, forgive me if I miss any of your points:

1. The groups suggestion has come up before so it is on our roadmap to potentially include in the future.
2. If you go on Bandwidth Allocation, switch to Applications, then on the left list click the ? icon you can see what each category includes and search for specific applications/services
3. You can do that but you would have to make each rule individually based on the type of traffic and schedule
4. Adblock won't work for YouTube currently which is something we're looking into

For the YouTube domain, specifically enter https://www.youtube.com and see if it works then

[Taha]

1. Thanks.

2. I went to QOS / Bandwidth Allocation / Applications, and found that youtube.com is included under media. However, blocking media does not result in youtube being blocked. Also, I went to the network monitor while running youtube on the top listed device, and the traffic is all listed as "unknown". I can't block unknown.

 

3. Make each rule - can you elaborate? I really can't find any way to make a rule that would block youtube except under Settings / Content Filtering / Block Sites. Which has the limitations I mentioned before - can't be applied only to certain devices. I am happy to make as many rules as I need, just can't see any way to do that and apply it to specific devices only. Suggestions appreciated here.

4. I wasn't actually expecting adblock to work to block youtube ads, although that would be great. I was just thinking of using it to block the youtube.com domain entirely. And that isn't working. I did try entering https://www.youtube.com as you described, youtube remains unblocked.

[Netduma Fraser]

Let me speak with the team, we're doing some important DPI updates currently and testing them, I'm not sure if it's exclusive to the R2 or we can do so for the XR range at the moment but if we can then I think that would resolve your issues completely.

[Taha]

Two things - first, any answer on the DPI updates? Is that going to require Netgear approving the new firmware? I have checked the progress site, I know that update is out of your hands.

https://support.netduma.com/support/solutions/articles/16000132677-dumaos-firmware-progress

Second, I have had several occasions where the DHCP stops working from the XR1000. Devices that already have an address work fine, but as leases expire or devices restart, those devices cannot get DHCP addresses, and show as connected / no internet under the wireless configuration. I remember this happening when I was last using the router as well, pre .64 firmware, but had hoped that was fixed.

The two screenshots are a windows machine that can't get an IP (I didsconnected and reconnected repeatedly), although it still remembers the routers DNS address for some reason. The second is a VM on my laptop - the laptop already had an IP, and is connected fine while I write this post. But the VM started up since the problem, and cannot get an IP, even though bridged to the same network adapter. And it normally works without issues, this isn't a new configuration.

I first noticed the issue on Thanksgiving, with guests and family over and many extra devices on the network - including several iphones and a few mac laptops - so I assumed it was related to one of them. However, it happened again today with no extra people. The CPU load on the dashboard is, as always, fairly high when viewing the chart, but not pegged at 100%. CPU2 is, as always, unused. The web interface is slow to respond, but not much different than normal. I went to the debug page and grabbed a log and attached it - in between starting and stopping I disconnected / reconnected both the computer and the VM from my screenshots.

Because this has happened before, I know rebooting fixes it, and I just did so. But having to do that every few weeks isn't really acceptable; is this something wrong with my hardware, or my configuration, or the current firmware of the router? Anything I can do to make it better, short of scheduled reboots (if those are even possible)?

Debug_log.zip

[Netduma Liam]

We will be bringing the DPI update to the XR range, though I believe this will be when the 3.2 firmware is released, which we're currently testing another version of.

Could you please try going to Settings -> Setup -> LAN Setup and set the minimum DHCP value to .100.

Then, go through the table below it and reserve an IP address for each device on the network. Give them an IP from .2 to .99, so they're outside of the DHCP range.

Let us know if you are still having issues after that please.

[Taha]

What is the benefit of doing the static IP assignments? A static assignment at the router still means DHCP responses have to be working. Are you assuming the router is screwing up and assigning the same IP multiple times, and not fixing that even with disconnects / reconnects?

This morning things were broken again. Saw this post, and went to try to make the change as requested. In spite of the fact that adding static assignments for 30-35 more devices 1 at a time through that interface is a painful.

Responsiveness was VERY poor. I kept clicking on the Lan Setup page, and the router would go to an empty screen and then reshow whichever page it was on before, and not LAN setup. It would usually get there in the end after a few tries, but not the first one. And a number of devices weren't connecting - more than yesterday. Yesterday's reboots were through the web interface - this time I physically powered it off and waited 30 seconds off in between turning it back on.

It did not help. In the short term, things were worse; most devices not online. After trying a few more things, I powered off everything (satellites, orbi router, XR1000, ISP supplied gateway (bridge mode) and fiber ONT). And then turned them back on one at a time from the fiber through the last satellite, in order with a little time in between to give it time to startup. I was still getting connected no internet on many end devices, only intermittent working webpage access to the router when I had a static IP set on my laptop, and frustration all around. Somewhere in there the Orbis went out of sync, and I never managed to get them back in sync - that is an Orbi issue I have seen before, they can be synced in router mode and stay that way in AP mode, but resyncing in AP mode is iffy.

After over an hour of trying to set static IPs unsuccesfully, rebooting everything repeatedly, and just generally getting extremely frustrated, the Orbi is back in router mode and the XR1000 is unplugged and offline. This has happened before, I had hoped that .64 brought some stability and responsiveness improvements, and an update plus factory reset worked for a while. But clearly there are still major issues dealing with a 40+ device network.

I really hope that 3.2 makes this router both faster and more stable. It should really be great hardware, but not worth the hassle right now.

[Netduma Fraser]

If the IPs are outside the DHCP range then in theory it should be fine, if you're still getting issues then disabling the DHCP server should resolve that and then any new devices you add you'd need to give them an IP on the device itself. 3.2 isn't far off now which will be a lot more stable in my opinion.

[Taha]

My static and reserved IPs were all outside of the DHCP range, so that should not have been part of the issue. I think the DHCP service was going down, and then resetting everything caused new issues with the Orbi sync.

Well past two years since I first had some of these issues at this point, it has been on the shelf most of the time since. Hopefully 3.2 and the process your team has gone through to get to it results in a much more stable product and features that work reliably, and soon as you say.

Thanks.

[Netduma Fraser]

Try it with DHCP completely enabled and see if that resolves it for you in the meantime

[Taha]

I assume that is meant to say disabled. I am pretty sure it would have worked. But that is a lot of devices to assign IPs to manually, and some of them are IOT devices, where it is difficult or impossible to do. No idea how to tell an echo dot or TP-Link smart outlet what IP to take.

Static IPs on the router still depend on the DHCP server being up and running.

In either case, I am off of this router and won't try it again until the next firmware release at best.

[Netduma Fraser]

I believe it does work still if you've given reserved IPs on the router first then disable DHCP, those devices still get a connection but I totally understand why you'd want to wait.

[Taha]

It will work until the devices get power cycled after their DHCP lease has expired. Assuming they are following the DHCP protocol, there are specified lease expiration times. If the DHCP server is off they won't get any response when they send out new DHCP requests.

[Netduma Fraser]

15 minutes ago, Taha said:

It will work until the devices get power cycled after their DHCP lease has expired. Assuming they are following the DHCP protocol, there are specified lease expiration times. If the DHCP server is off they won't get any response when they send out new DHCP requests.

The lease time is determined by the router, so by setting reserved IP addresses and disabling DHCP it doesn't go through this process and should retain the same IP the entire time.