PSA: SNOs with an ASUS router >> Turn off Traffic Analyzer!

Please turn off Traffic Analyzer on ASUS routers with this feature to prevent being unable to change router settings in the future!

I’m posting this to prevent other SNOs from having to go through what I just did.

There seems to be a really nasty issue with Traffic Analyzer in certain ASUS routers that causes it to fill up the jffs storage of the router. When this happens a lot of settings changes can no longer be saved (including port forwarding changes) and the logs of the router will get filled with messages that garbage collection can’t be executed because there is no free space on the jffs partition.

kernel: jffs2: jffs2_reserve_space_gc of 196 bytes for garbage_collect_dnode failed: -28
kernel: jffs2: Error garbage collecting node at 01bd5ca0!
kernel: jffs2: Argh. No free space left for GC. nr_erasing_blocks is 0. nr_free_blocks is 0. (erasableempty: yes, erasingempty: yes, erasependingempty: yes)

My guess is this was likely caused by the amount of traffic storagenodes generate on the network. So while this definitely isn’t caused by Storj, running a storagenode might increase the chances of running into this issue.

So, why can’t you just free up some space on the jffs partition? Well, because the jffs filesystem has a weird and very annoying quirk that prevents it from deleting files when it’s entirely full. Apparently a delete or even writing /dev/null to an empty file requires a metadata write first and there is no slack built in to allow for those writes to happen.

Even worse, this issue survives a factory reset of the router in many cases (it did in my case).

So, what should you do?

If your logs don’t show any errors yet regarding the full jffs partition and garbage collection. Just turn off Traffic Analyzer in your router settings. This will prevent its database from growing further and filling the entire partition. Optionally you can delete data with the trash icon on the Traffic Analyzer page (this option may only be available on some models). While this isn’t entirely necessary, it’s probably a good idea to clean up what’s already there.
Some screenshots of where to find this option in different router models:

image1114×1257 190 KB

image1060×1149 357 KB

If your router is already running into issues, there is unfortunately no simple fix. I went through the process outlined on this page:

In short it explains how to export the partition to a usb drive, then mount it on a different system with a little more space to do the removal, trim it back down to its original size and copy it back to the router. Unfortunately this requires having another linux system (I had to create a VM) to do these operations on. And if SSH wasn’t enabled on your router before this issue occurred, you can’t enable it afterwards, it simply won’t work. I had to temporarily enable telnet instead. If you have to, please disable it again right after for security reasons. And if you use SSH, only ever open it on the LAN side.

I sincerely hope nobody else runs into this issue, it kind of ruined my morning today.

You had one job…

Congratulations on having a minimum of 20 characters to post.

Is there any way of feeding this back to ASUS or are they already aware of the issue?

Do you know if this issue is still relevant on these days? I am planning to get a new asus router and wanted to find any issues with them here with regards to running a node. Any other important issues with asus routers you may be willing to share?

Can’t say. But turning off traffic analyzer prevents it from happening. I’ve not turned it back on again and the router is fine. I generally like Asus routers, just this issue was really annoying. They update frequently so they may have resolved it, but I wouldn’t risk leaving traffic analyzer on.

Unifi had an infamous dip in software quality few years back, but today they have more than rebounded.

I’d say, if you want hands-off solution that “just works” - get dream machine. Any of them. I’m using UDMP + their Qualcomm/Atheros based access point (don’t remember the model number, but can look it up) and it has been marvelous, especially in recent few years.

If you want rock bottom solution cost wise — I would still go with a separate router -it can be Sophos XG, or pfSense, or even Untange on some cheap single board Chinese industrial pc and Ubiquiti access point(s), if you want wifi. Of course you can also get EdgeRouter too, but if going ubiquiti route — just get all Unifi.

All above solutions except Sophos support fq-codel, if that matters to you. (It does, unless you have gigabit fiber connection)

Definitely stay away from consumer brands — asus, tplink (including their ubiquiti shitty copycat Omaha abomination), dlink, netgear, etc. They are all variable degree shit. Stick to enterprise solutions. Cisco, ruckus, Aruba are way overpriced, however — so ubiquiti is still the only sensible choice today.

There is an unobvius benefit of using enterprise wifi — you get access to DFS channels, and while all your neighbors congregate in a shared bands, you have the whole spectrum to yourself:)

I can talk about network equipment for hours — feel free to ask questions

I prefer Mikrotik for routers and switches (stay away from CSS-…, the ones with SwOS) , Ubiquiti for WiFi and pfSense if I want to run a router in a VM.
Although, I also use Linux as a router - no GUI, just iptables. It’s not as convenient, but more flexible.

Speaking of switches, D-Link makes good managed switches (as long as it’s not DGS-1xxx), but they are expensive, so does HP.

Ehh, ubiquiti with comparable parameters (at least on paper) costs 3-5 times more than this Asus router I have in mind (rt-axe7800). I understand it costs this much for a reason, and it’s an awesome device, but it’s just not my price range. WiFi congestion is not a problem for me - my speeds are good even on a 8 or 9 yo Keenetic ultra II (I have 1gbit up/down Ethernet), and this new Asus I have in mind have even more WiFi channels and my new devices support them (6E). I just wanted to know if there will be no unsolvable problems with running storj. Also, I need 6E WiFi for upcoming purchase of Meta Quest 3, that is why this Asus router caught my eye.
I will remember all recommendations from everyone though for future, when I will be able to afford such price range or space enough for several devices (like router + AP combo).

I’m with you on the price and furthermore, at the time I bought my last router at the least, Asus far outperformed Ubiquiti in wifi signal strength and range. Ubiquiti is awesome hardware and killer software, don’t get me wrong. But for my money, I went with Asus. Also knowing that I could change the software to asuswrt-merlin if something bothered me. Though apart from the issue in this post, I’ve never felt a reason to, so I stuck with stock firmware.

Unfortunately enterprise solutions tend to come with enterprise price tags. And most people probably won’t benefit much anyway. I’ve never felt like I’m missing out on anything.

I configured one for a client relatively recently. It looked OK to me, configuring it for the first time was not difficult, and while the manual wanted me to use an app, it was not mandatory, I could do everything the normal way.
I still prefer Mikrotik routers though, they are more flexible (almost like a linux router), but an UDM is cool for those clients who do not have their own servers to run the controller software.

At home, I use a Linux router and an old Ubiquiti AP-LR, it works great. I do not use WiFi a lot though, so the old AP is more than enough for me. I have a newer one, but I have not set up the location where I want to use it.

One client had Aruba wireless and I hated it, everything was super complicated in one way and not flexible in another way (though it was a while ago and I do not remember the details, I know that I really hated the monitoring/controller software).

Mikrotik switches are good, except the CSS series, also some CRS series have a really weird way of configuring vlans.

I like it, java is not a big problem for me and most clients have servers. Just like at home I run the controller in a VM.

Perhaps.

This is not just weather radar – military uses these bands, as does air traffic control, and some satellite comms.

The way I see it – asuses and other tplinks are not stupid. They know full well what kind of crap they are shipping. So, rightfully not trusting their software quality to comply with regulations they decide not to risk it and not enable DFS channels at all:

• Regulatory fines of noncompliance on UNII-2 is very high,
• Consumers homes are not high density environments, so the UNII-1 and UNII-3 will suffice.

So, risk for no reward.

In other parts of the world perhaps enforcement is weaker or fines are smaller, so they can risk non-compliance.

Not so much a US thing, bit just a thing of settings:

Screenshot_20231113_235453_Chrome1080×1890 147 KB

Screenshot_20231113_235145_WiFiAnalyzer1080×1769 149 KB

Nice to see they have enabled it. Last I checked was few years ago. Many vendors, including asustek did not have it.

(they need to hire UX designer. What the hell is this UI?! and I’m not talking about colors even…)

Wait, was PSK visible in plain text in the UI?!

Also, WIFI regulation are regional, including channels allocation, (looking at non-english test in the UI – maybe you are not in US?), it’s possible it is still not available for US customers.

@arrogantrabbit
Yep. The PSK is displayed in plain text. I always wondered why the heck they don’t mask it?
@JWvdV
Put “Protected management frames” on “Capable”. It mitigates some hacking risks as I understand it. “Enable” or “enforced” stops some old devices connect to wifi.
If supports wpa3, set it to wpa2/wpa3-psk.
I also enable all things like agile multiband, target wake time, and others in Proffesional tab. I don’t know if it’s good or bad, but from description sounds ok, and my routers perform pretty good. Also, I like to keep 2.4 and 5 ghz connections separate, with different ssid, because iPhone is pretty crappy in managing the connections.

Ubiquiti has the option to show the PSK, saves me the trouble of having to write it down somewhere else. I mean, if someone has access to the UI of your AP or router, he doesn’t need the PSK to connect to your network.

Can’t confirm. I have always had both radios on the same SSID, no issues with roaming of any kind. High performance devices linger on 801.11ac/ax as long as possible, as it should be.

If both, devices and access points, properly adhere to standards, single SSID is preferred.

This is why it’s important to get compliant, properly designed equipment – so you don’t have to micromanage connections, SSIDs, and channels. Some vendors go above and beyond and provide some degree of band steering, to nudge non-compliant devices to the right bands, but this is a non-standard behavior, and better be avoided.

I recommend getting devices on Qualcomm (former Atheros) WiFi chipsets, they tend to work much better and have better firmware.

Right. But it’s always little tings. Why do I have to do extra work to block out the field in the screenshots? Attention to details, makes all the difference.

I tend to buy commercial/enterprise stuff for things I want working reliably. Networking, printers, servers, test equipment, etc. It has been so far worth it for me from financial perspective – because time is money. Before I found Ubiquiti I went through quite a lot of hardware and software – both open source (including Tomato, OpenWRT, dd-wrt, pfSense) and commercial, including mikrotik, sophos, (both UTM and XG), untangle, and even meraki, before Cisco acquisition. Becoming networking and firewall expert through relentless troubleshooting and babysitting was never in my plans, but just like with synology, I ended up learning many nitty gritty and useless in any other context details of those systems against my will.

Ubiquiti already paid for itself many times over because I never have to babysit it. I screw it on the wall in the closet, setup auto updates on stable channel, and haven’t touched for 4 years. BTW, their NVR – Protect – is best in class. Especially comparing with the Surveillance Station. There is no integration with HomeKit, but Homebridge on a raspberry pi eh… bridges that gap.

Added benefit that I could buy a pice of their gear, play with it, and then sell on ebay for more

To be clear, it’s not bug free, there are some quirks, for example, firewall configuration is quite counterintuitive – but I value user experience polish and attention to details above all else, and unifi so far has been far ahead of competition for my use cases.

I’ve sent configured network to my extended family across the pond, and now when we talk – we talk about what matters, not how to unscrew up the wifi again.

I would have censored the SSID as well so it would not be much of a difference for me.

It’s good to have a mask on the password field for different situations, like when you show your friends some settings or you access remotely a pc, and then the router webpage on that pc. You don’t want someone to photoshot your private password. Untill a friend pointed me to use Wireguard on Asus routers, I managed routers at night, when noone was on the other side at work.