Review: Cowin E7 Pro Active Noise Cancelling Wireless Headphones

For anyone who travels frequently on public transport or is out and about quite often, having a decent set of headphones is indispensable. Besides allowing you to enjoy your own music and videos on the go, it can really help improve the enjoyment of an otherwise dreary and stressful morning commute.

But not all headphones are born equal, as any self-confessed audiophile would tell you. The most basic of units often have compromised sound quality, poor build quality and lack isolation. This leads to turning up the volume to drown out the background noise, leading to listening fatigue, ringing ears, possible hearing damage and annoying fellow commuters with sound leakage.

As a result, I’ve always insisted on a fairly high quality set of over-the-ear headphones with active noise cancelling. Having used the AudioTechnica AT-ANC7, 7b, 9 and 23 active-noise cancelling headphones throughout the past decade, I’ve enjoyed my music in high fidelity and relative comfort. Unfortunately, noise cancelling headsets tend to be quite expensive. Moreover, modern expectations have led to an explosion of Bluetooth headsets for wire-free convenience. Noise-cancelling wireless headsets are generally even more expensive, especially from the more established brands.

As a result, when Lululook approached me about reviewing the Cowin E7 Pro Active Noise Cancelling Wireless Headphones, it looked like quite a compelling package. The unit has a list price of just AU$121.97, while promising Bluetooth connectivity and active noise cancelling technology. Thanks to Lululook, I have one to review under the review challenge terms – so lets see what you get for the price and whether it’s any good.

Unboxing

The package arrived looking like it had a pretty rough trip along the way.

Luckily, the packaging was well thought of and the unit was protected by an internal box.

The unit comes in a mostly black-and-white semi-matte nested cardboard box. The model is clearly shown on the front, with the noise cancelling feature being ticked on the rear along with the serial number.

Opening the box, we are greeted by a thank-you note with some odd English. The product and its accessories are housed inside the provided transport case – a good way of minimising wasteful disposable packaging and a nice bonus which many other headphones don’t always come with.

The case is a black soft-touch plastic feeling semi-rigid zip-case with the Cowin logo printed in white. The case has a hang-strap which is convenient and shows thought in the design.

Unlike some other cases, it’s not just a plain flat case, but instead it bulges around the earcups. This rather customised design makes it a good fit for the headphones and ensures it doesn’t take up excess bag space when you’re transporting it around. It’s nice to see this kind of consideration in product design.

Opening the case reveals the supplied manual and cables packed inside, along with the headphones themselves.

The manual is a relatively brief fold-out leaflet without too many technical details. A piece of foam is also packed in, which I suspect is to protect the earcups from clashing in shipment. A VIP card is provided for rewards for those who have purchased the product directly from Cowin. A 3.5mm stereo to 3.5mm stereo cable is supplied to use the headphones with equipment that doesn’t support Bluetooth and a charging-only USB cable is also included for recharging the headphones. The cables are nicely finished with the Cowin logo in the moulding.

The headset packs flat in the travel case thanks to the swivel joint design. The earcups themselves are backed by a metallic finish with a concentric ribbed design. On the right earcup (shown to the left on the image), the cut-out sector provides three buttons (+, – and the central portion where the indicator LED is). On the opposing earcup, for symmetry, the same sector design is employed although without any button functionality.

The sides of the earcups are finished in glossy black plastic, making up the bulk of the unit. The button sector is slightly raised, as it moves to push the buttons internally. The right earcup is home to the external 3.5mm stereo input, the voice microphone for calling and the power switch (Off, Bluetooth/External without Noise Cancelling and Bluetooth/External with Noise-Cancelling mode).

The opposing cup has the microUSB-B socket for recharging and the charge indicator LED.

The regular foam and pleather earpiece cushions are slightly asymmetric with a wider area on the front edge which seems a little unusual. The headphone orientation is marked on the inside of the plastic ends on the headband.

The headband is extendable with a sufficient range of adjustment, with a metal outside band and plastic inner piece. The hinges appear to be plastic, allowing the earcup to swivel and pivot for comfort.

The earcups themselves are noticeably chunky in appearance and sizeable, which detracts somewhat from the otherwise stylish design.

The top of each earcup has a slotted vent which probably is used to increase bass response and allow for active noise cancellation to work.

User Experience and Testing

This section will concern itself with the user experience, subjective opinions and test results. As it’s already known that people perceive sound differently depending on their preferences and experiences, I won’t be involved in arguments as to my opinion. However, as a guide, I tend to be relatively partial to a more “sterile”, analytical sound signature, such as that offered by the Audio-Technica ATH-M50x which I use everyday on my main computer, although I do have a fairly extensive headphone resumé.

Ergonomics

The unit was easy to pack and unpack, the included case being a good fit although the netted portion with the cables often did not keep the cables in position after some travelling. That’s easily solved with the supplied twist-ties. Unfortunately, no adapters are provided for airline use or with 6.25mm jacks which are commonly included with noise cancelling headsets. This is probably as the unit is mainly intended for use with Bluetooth devices.

I found that the unit adjusted well to fit my (rather large) head with adequate range. The hinges allowed for a rather comfortable fit with a moderate to low clamping force. The clamping force did mean that there were occasions where the unit moved slightly on my head. The large cushions with regular foam did mean that my ears felt somewhat warmer than with other headphones, but not uncomfortably so.

As the earpads are not clearly marked as to the direction, getting the orientation of the headphones right takes slightly more work to look at the moulded plastic indicators. The main controls and cable input is on the right, which is the opposite of other units I’ve used in the past, taking a little getting used to. The same is the case for the buttons where the + (next/volume increase) is the bottom button whereas the – (previous/volume decrease) button is the top one. The edges of the button “sector” also feels a little sharp, with the button sector being rather “loose” feeling.

One of the bigger annoyances was the smell of the pleather, which smelt strongly of plastic and took a few weeks to dissipate. Another is the chunky size of the earcups which look somewhat strange aesthetically. Being mostly of plastic construction, its durability is yet to be proven – only time can tell. But these are still only minor and not deal-breakers in any way.

Connectivity

There was no problems initially pairing the headphones with my Xiaomi Mi Max, Xiaomi Redmi Note 2 or my two Windows 10 PCs, without the need for a PIN code. Unfortunately, as I don’t have an NFC-capable device, I can’t confirm whether the unit has an NFC pairing facility. In my testing, I did not receive any voice prompts either – instead, the unit had very much similar tones to the other CSR-based headphones I’ve used in the past. I suspect the specifications on the Lululook website might be a bit off, as the official specifications from Cowin make no mention of it. Even then, Cowin’s specifications are pretty scant. On the Xiaomi phone, it was possible to see the approximate battery status of the headphones, which seems to be reasonably accurate.

The unit uses the standard Bluetooth SBC codec which is the “baseline” for Bluetooth A2DP audio, not supporting the higher-quality aptX codec which my phone is also capable of. I wasn’t able to test whether other codecs are supported, which I suspect it is not. The remote control buttons on the right earcup functioned as expected – short presses for next/previous/accept call and long presses for volume up/down/re-pair.

Unfortunately, it seems the device does have a slight bug when attempting to re-pair with a different device. If the previously paired device is on and within-range, holding down the central button to re-pair will result in the Cowin E7 Pro disconnecting from the device, going into pairing mode for only a few seconds before reconnecting to the previously paired device and exiting pairing mode. As a result, you should turn off Bluetooth on the formerly paired device when attempting to pair with a new device, otherwise you may encounter difficulties.

During testing with my phone, the range was surprisingly good, as I was able to roam all around the house and even into the garden without losing the connection and only with the slightest occasional interruption. I would estimate a range over 25m if paired with a good Class 1 device without significant obstructions.

It is also possible to use external audio input through the 3.5mm stereo cable plugged into the headphones. The cable itself is 1.2m, which I find just the right length to reach my pocket, but could be on the short side for some others. This worked just fine in my experience, with the plugging in of the 3.5mm cable causing the Bluetooth audio to cut out. The headphones must be switched to the BT or NC position to operate, thus it seems that the Bluetooth circuitry is always powered in some way. While the external input is available, if the unit has run out of charge, it won’t be possible to use it. As usual with these units, the microphone is not available via the cable.

Sound Quality and Microphone Tests

The headphone sounds quite similar to some other CSR-based units I have used in the past. On the whole, I find the sound to be adequate but the SBC encoding seems to make the highs somewhat harsh and during perfectly silent sections, the chipset background noise can occasionally be discerned. The volume of the Cowin E7 Pro has quite a range, reaching levels which are high enough to be uncomfortable and drowning out commute noise with ease. Sound leakage was not significant, which is good news for your fellow commuters.

For the majority of the time, I had the active noise-cancelling engaged. With it switched on, the character of the Cowin E7 Pro is quite appealing to me, similar to the Audio-Technica headphones I use regularly. The character is somewhat on the bright analytical side with surprisingly sharp treble definition and decent mid-range. The bass suffers slightly, feeling slightly shallow but sufficient for a very enjoyable listening experience. It’s not quite at the same level as the Audio-Technica’s for definition, but it’s not that far off especially compared with the other Bluetooth headsets I’ve tried. The soundstage seems to contract somewhat as a result of the noise-cancelling, sometimes feeling like you have a cold and clogged sinuses. However, this is a rather common side-effect with many active noise-cancelling systems. In return, the active noise-cancelling system reduces the background noise, especially in the low-end rumble, allowing for more comfortable listening at lower volumes.

While the audio is quite good with noise-cancelling switched on, it’s not without some disadvantages. With noise-cancelling switched on, the battery life is reduced and a small amount of hiss is introduced. The hiss is a little louder than that on my ANC9, but not loud enough to be intrusive. The noise-cancelling does work, but it also seems to be more limited in the frequency range where cancellation is effective, so it doesn’t seem as effective as the ANC9 by comparison. Unfortunately, the big problem with noise-cancelling with the Cowin E7 Pro is the tendency for the noise cancelling to saturate with loud external noises, big pressure changes or movement of earcups. This results in a plopping noise followed by a short burst of hiss every time a train door closes, you reposition your ear-cup or every time you take a heavy step while jogging down the road. This isn’t such a big issue with my ANC9 unless it’s a very windy day. This can be quite distracting and fatiguing, which is why the unit allows you to turn off the noise cancelling.

When noise cancelling is turned off, the character of the headphone changes quite significantly. The headphone has a much more boomy character, showing some resonance in the bass overpowering the treble, making the presentation somewhat dark as if you’re in a carpeted room. I find this sound signature much less appealing, although it does get over the plopping and offers deeper bass response. In many regards, the sound quality with noise cancelling turned off is extremely average but does have some detail. This is quite similar to what I experienced with my first active-noise cancelling headset, the ANC7 – it seems the feedback from the noise cancelling circuitry allows the unit to “self-correct” for its own acoustic deficiencies to make it sound better. As a result, I recommend leaving it switched on whenever possible.

A sample of the microphone quality was made by recording my voice using my Windows 10 computer with the unit paired to a machine running a CSR-based Bluetooth stack and a Broadcom-based Bluetooth stack. The voice quality was also tested on a voice call. While the audio was intelligible, it seemed to be somewhat biased towards the bass-end with a bit of uneven frequency response. During recording on the Windows machines, there were noticeable glitches and the amplitude was also slightly low. As a result, it’s probably not an ideal unit to be using if you’re going to be on calls all the time, but it’s good enough in case you need to handle an occasional call.

Battery Life and Charging

During intermittent listening, I determined the battery life to be about 27 hours with active noise cancelling switched on before the low-battery indication beep came on. The headphones continued to operate for a further 15 minutes before shutting down. This is slightly short of the claimed 30 hour runtime, but not significantly so. It will definitely last long enough for most travel needs and can be charged while playing using the standard USB micro-B connector, so running out of power is not a big concern. During testing of battery charging, the initial current was about 360mA, with the bulk of the charging completed at around 300-340mA. Charge time was just shy of 3.5 hours from empty to full without using the headphones, with the bulk of the charging occurring within 2 hours (~73%). The total delivered charge was 856mAh although some of this may have been lost to the charging LED, so it seems perfectly in agreement with the claimed 800mAh battery capacity.

Teardown

The exciting part of the review, as always, is the teardown. Opening this unit is quite a challenge owing to its multi-chamber construction. I do not recommend taking the unit apart as it can be destructive. I started from the earcup side, first removing the ear cushions which are clipped in at the edges and self-adhered with double-sided tape.

The design of the cup is rather interesting, with a grille that provides clearance around the driver, a recess for the noise-cancelling microphone offset to the side and a channel around the outside which doesn’t extend all the way around the driver. A shaped foam insert is inserted into this channel, covering the driver and the microphone holes.

The drivers themselves are unmarked and are mounted into the front plastic plate which is held in place by screws. The plate has an odd-shaped foam-sealed surround which forms the cavity behind the driver with five port-holes covered by some fabric tape.

The enamel coated wires go through the rear plastic assembly, which has a vent hole connected to the external port as well to allow for some outside noise to come in (for the noise cancelling and possibly for bass extension).

A PCB is mounted in this cup which is responsible for charging the battery and marshalling connections for power and noise-cancelling microphone through the cable over-the-head into the other earcup.

Repeating the same for the other side, the cable is very taught and thus the top plastic plate could not be removed. As a result, I undid the Torx screw to view the rear chamber on this side.

The rear cup has the main PCB, a bit of separating foam and the exterior button assembly. The large size of each earcup is explained as only part of the volume is used for the driver and most of it is reserved for the PCB or battery.

This PCB is marked with 100-00000-643R E7 ANC MAIN V2.6, dated 25th December 2017. I wonder who was busy working on the design on Christmas Day? The unit uses a printed trace as the antenna, connected to a CSR8635 BlueCore Stereo Bluetooth v4.0 chipset with a Puya P24C128 I2C EEPROM providing the configuration data. The noise cancelling module with two adjustment trimpots occupies most of the upper part of the PCB, with U7 being a Shanghai Belling BL1554 quad-SPDT analog switch seemingly being used to switch the audio path.

The underside has a few smaller unidentified SMD chips and capacitors, with two 3Peak TP1542-SR dual 1.3Mhz Rail-to-Rail Op-Amps which may be responsible for driving the speakers. A flexible flat cable is used to connect the control PCB on this side.

This PCB contains the mode switch, microphone for voice calls and external 3.5mm stereo input.

Unfortunately, I wasn’t able to open up the rear of the other earcup, where the battery presumably resides. Regardless, I was still able to ascertain the capacity was in-line with expectations.

Conclusion

The Cowin E7 Pro Active Noise Cancelling Wireless Headphones are a rather interesting proposition – namely active-noise cancelling and Bluetooth wireless connectivity at a reasonable price of AU$121.97. It definitely sounds great with active noise-cancelling switched on – it’s relatively sharp, bright and analytical. The unit has good Bluetooth wireless range, a decent 27-hour tested internal rechargeable battery life, an honest battery capacity, acceptable charging speed and reasonable comfort. It even comes with a travel case and worked well with all my devices.

On the downside, the active noise-cancelling tends to saturate with any big pressure changes resulting in plopping and hiss. With the noise-cancelling turned off, the sound quality is rather ordinary. The microphone output was a little low in amplitude and the earcups are rather large, chunky and plasticky in its construction. The button arrangement is a little unusual and the edges were a little sharp.

But when you consider the price and what is being offered, the downsides are quite acceptable, as you are getting much better audio quality, better isolation and more comfortable listening at lower volumes at a price-point where some regular headsets are being sold. Cowin may not be a well-known brand, but as far as I know, most of the branded alternatives offering a similar complement of features charge over twice as much.

In fact, I do like it enough that I take it with me on my commutes now instead of my ATH-ANC9 – even though it’s not quite as good, it’s close enough and the convenience of being free of disposable AAA batteries and cables is great. It’s also quite a lot cheaper …

Thanks to Lululook for providing the unit for review – if you’re interested in picking one up for yourself, Lululook is running a 10% off promotion just by using the code “10lululook”.

Posted in Audio, Tablet, Telecommunications, Travel | Tagged , , , , , , , , , | Leave a comment

Tested: MINI-360 (MP2307-based) “3A” Buck Converter Module

As mentioned in my earlier Canton-Power buck-boost module review, voltages from batteries are rarely exactly the voltages you need to safely and reliably power your electronic creations. While that converter was rather acceptable, the efficiency wasn’t exactly stellar. In the case your input voltage is always above the output voltage, it is possible to choose a buck converter module, which might be more efficient than a buck-boost converter as it only has a single converter stage.

As a result, I went looking for buck converter modules on eBay and it seems there is a lot of listings for a rather generic module with “MINI-360” written on the underside. It advertises being based on the MP2307 with 1-17V output, 4.75V-23V input, 1.8A current (3A maximum) and up to 96% conversion efficiency all for the princely sum of AU$1.00 each. I couldn’t resist having a few around just in case so I ordered a few.

Was this a wise decision or not? Lets find out.

The Module

The module itself, true to its word, is tiny – about the size of two thumbnails (quite literally). The module comprises only a limited selection of resistors, capacitors, a trimpot, an enclosed inductor and a Monolithic Power Solutions MP2307 3A, 23V, 340khz Synchronous Rectified Step-Down Converter IC. The module has four pads at the corners for input – in the picture, I have soldered header pins for ease of use.

The MP2307 chip claims to have an integrated MOSFET which can provide 3A continuously, over a 4.75V to 23V operating range. Outputs of 0.925V to 20V are available with up to 95% efficiency with cycle-by-cycle overcurrent protection and under-voltage lock-out. While the chip may be capable of this, it all depends on the design of the module and its supporting components as well. This may explain the confusing listings which claim outputs only up to 17V, or current ratings of 3A but only 1.8A continuous.

The unit uses a rather cheap open-frame trimpot to set the output voltage. Because of its size, I suspect it will be rather difficult to set and maintain an accurate output voltage as external influences such as shock, vibration, heating/cooling cycles, atmospheric contaminants and dirt affect the set resistance.

The underside is a completely flat plane with silkscreened indication of conversion direction and polarity. The module itself is not reverse polarity protected and according to the listing, is not short circuit protected although the chip does seem to offer it. With the exception of the “MINI-360” moniker, the module is otherwise anonymous.

From the side, we can see the module has a pretty small profile too, which makes it quite attractive for compact projects. Being such a simple module, it doesn’t seem like there is much that could go wrong.

Methodology

Testing methodology uses the same Keysight E36103A programmable power supply, B&K Precision Model 8600 DC Electronic Load and 4-wire sensing based breadboard set-up as used in the test of the Canton-Power module. The Panasonic 1000uF electrolytic capacitor to provide local input power decoupling is visible to the right.

Because the unit can output a variable voltage set by the trimpot, I decided to test it at a few commonly used output voltages – 1.8V, 2.5V, 3.3V, 5V and 12V. Input voltages used were 5V, 6V, 9V, 10.8V, 12V, 13.8V, 14.4V, 15V, 18V and 20V (upper limit due to power supply used).

Results

The first thing I tested as soon as I got it out of the anti-static bag was the quiescent current consumption.

At first, I thought I wasn’t reading my instruments correctly. Then, I thought I must have had a bad module, so I hurriedly unpacked another and soldered pins to it. Surprise surprise – they both were equivalently bad.

How bad? How about consuming up to 60mA just sitting idle depending on input/output voltage settings? Yikes. That’s like constantly running a “regular” Arduino board with no power saving at all. It’s not looking good, as this is going to affect the efficiency figures especially at low loads. Even looking at 12V to 5V, the quiescent is about 41mA which tells me you’re probably better off using a linear regulator if you’re only looking to power something small.

In light of that, it’s probably better stated as quiescent power. On this metric, we see the lower voltages being quite similar – 1.8V and 2.5V are below 0.4W quiescent, whereas 3.3V and 5V are around 0.5W quiescent for the most part. At 12V, the quiescent current approaches 0.9W, meaning that the module is likely to get noticeably hot just idling. As a result, while the chip might be capable of the voltage, maybe the module has been “undone” by poor inductor choice.

For 1.8V output, we see the efficiency lines are at best around 60% at 500mA load, but only 10% for a 20mA load. Above 500mA loading, the unit struggles to maintain a consistent output voltage and at 750mA, occasionally shuts down and restarts indicating overheat or overcurrent protection has kicked in. There are some “bumps” in the curve around the 12-15V region, as it seems the converter wasn’t too stable and the output voltage did seem to have “jumps”.

As the output voltage is set with the trimpot, I did my best over a long time to get the voltage dialled in as closely as possible. It was tough, as the backlash in the trimpot and effects of temperature and vibration caused the voltage to drift significantly. In testing, it seemed that the output voltage fell as the input voltage increased (except for 500mA). At higher loads, the output voltage was low at the low-end of the input voltage. Regulation is thus not particularly tight.

Increasing the output voltage to 2.5V sees slight improvements in efficiency, but still, peaking at shy of 70% under 500mA of load.

The trend of regulation issues at low input voltages and high load currents repeats, but now it seems that the output voltage increases as a function of the input voltage. While I did try my best to set a steady 2.5V, it proved to be nearly impossible by hand, so 2.55V was as good as I managed.

At 3.3V, the efficiency improves slightly yet again. This is a rather useful voltage – looking at the efficiency, for a 500mA load, around 70% efficiency is achieved, but at 20mA, it’s more like 10-20%. For a non-sleeping ESP8266 which might operate around 100mA, the efficiency is about 44% which isn’t great. A quick calculation seems to show that you’re better off with an LDO linear regulator going from 5V to 3.3V at even 250mA as it’s simpler and it’s going to be about 66% efficient. At 100mA, the input voltage would have to be 7.5V or above to “break even” with the losses in a linear regulator.

The trend of high-currents and low input voltages being an issue continues, but otherwise, the voltages seem fairly well maintained across a range of input voltages.

Moving up to 5V, it didn’t make sense to test the module with a 5V input as it would not be able to regulate at that level. As a result, testing started at 6V, even though it seemed that it probably didn’t regulate that well with such a small difference, resulting in (potentially) slightly inflated efficiencies. At lower input voltages, there is definitely a trend-up in the efficiency levels – in the case of 500mA, it’s within a stone’s throw of reaching 90%. But at higher voltages, it still doesn’t surpass 70% by much even at 500mA. At the low end of the load (20mA), efficiencies are still about 18% mostly.

I set the voltage as closely as possible, and I guess I didn’t do a bad job. However, it seems that having 6V input and expecting 5V out may be a bit too much to expect, hence there are visible regulation issues across all the input voltages. Otherwise, the trends remain fairly similar.

Finally, pushing all the way to 12V, the module does hit 90% efficiency, although at a point where regulation is probably not being enforced. At 500mA, the efficiency stays around 80% while at 20mA, the efficiency just scrapes past 20%.

Some significant voltage deviations are seen at various currents and this is suspected due to the increased heating when operating with output set to 12V.

As with the Canton-Power module, I did not look at the dynamic (changing load) performance, ripple and noise or thermal performance. However, I don’t think that’s entirely necessary given what is already presented above.

Conclusion

The MINI-360 is a cheap and small buck converter. But unfortunately, that’s where the good news ends. It seems to have quite a high quiescent consumption which affects its conversion efficiency quite severely, especially for light loads below 100mA, which makes using linear regulators potentially even more efficient in those circumstances or when the difference in voltage is small.

Other than that, at higher loads, the module output is unstable showing drifting voltage probably due to thermal effects on the trimpot combined with thermal effects on the chip’s internal MOSFET channel resistance.

During testing, it was shown that overheat/overcurrent protection seemed to be functional, as loads of 750mA or above in open-air caused the output to trip and cycle on-and-off, which is unfortunate, as the efficiency is higher at greater currents.

As a result, while it does work, it doesn’t quite live up to expectations on the 3A or 1.8A current delivery due to thermal limitations and is definitely not a power-efficient choice. This is not an indictment against the MP2307 as such, as other modules may perform better. This is probably because this particular module skimped on the inductor (high DC resistance or lossy inductance at the operating frequency perhaps) or has some flaw with the design or PCB, but I can’t recommend this module for use with battery-powered systems as it would mean wasting energy for no good reason.

Posted in Electronics | Tagged , , , , , | 2 Comments

Investigating: Vodafone & Kogan Mobile Data Connection Issues

Access to the internet is so important nowadays that we rarely stop and think of the consequences of not having access to the internet until it stops working. Because of my recent relocation, getting access to the internet was an issue. At this premises, there hasn’t been a phone line in years and the distance to the exchange means that ADSL2+ would be at a crawl (expecting about 3Mbit/s at best). Cable is available, but it’s fairly pricey and the install fees wouldn’t make sense since NBN HFC is apparently coming in mid-next-year.

As a result, the only logical conclusion was to opt for a wireless connection to the internet. For any self-respecting nerd, the idea of being on a wireless connection feels a little “wrong”, as we know from experience that such systems are often variable in performance due to shared-medium congestion, interference, sometimes poor signal levels, etc. In fact, as this area is adjacent to a number of new property developments which also are not served by copper nor NBN (yet), congestion had reached such a high point in the 3G-era that Optus 3G was slower than dial-up. But compared to not having a connection, a wireless connection is definitely preferable and the advent of LTE has provided a much needed boost to available bandwidth.

Because of a number of rather lucrative deals, I’ve spent the past few months having my primary data connection being routed through Vodafone Pre-Paid and most recently, through Kogan Mobile which is carried through the Vodafone network (and is practically the same stuff). This experience has been rather interesting to say the least.

Connection Problems and Strangeness

One unexpected side effect of being on Vodafone or Kogan Mobile is that the connections are routed through a corporate-grade NAT.

Your device is issued an IP within the 10.x.x.x private network segment, as a result, meaning that your device is not directly exposed to the internet. Unfortunately, this breaks the end-to-end connectivity model of the internet, but seems to be a more common approach as IPv4 address exhaustion continues to be a potential issue and IPv6 migration is still not as far advanced as many would like.

The outside facing address is shown to be part of a NAT pool, which surprisingly, in my case terminated in VIC despite being in NSW. Depending on the data session, it can jump around between different pools from time to time. Unfortunately, as the devices are behind CGNAT, direct port-forwarding for running servers is not possible and other technologies are a mixed whether they work or not. While I had no issues with SIP (surprisingly), I did run into troubles with FTPS which meant that I had to either revert to plain (insecure) FTP or go over my own VPN to my other fixed-line-connection. This may just be down to the NAT’s ALG interfering with the transaction.

Oddly enough, my first data plan was with Lycamobile which also seemed to have a CGNAT of its own, but FTPS worked just fine even with the same internal networking structure which adds two NATs into the path (i.e. mobile phone tethering NAT + household main router NAT). FTPS also seems to work through my other mobile broadband connections, so this was a bit inconvenient.

But the bigger annoyance was that from time to time, very important “big” sites would just stop working.

On my mobile phone, Facebook would complain that it can’t connect and even visiting mail.google.com via Chrome complains of connection refused. At first, I dismissed this as transient, but it seemed to recur without any noticeable pattern. Sometimes rebooting the equipment worked and other times it didn’t.

Initially, I was lazy and just waited it out – it seemed to fix itself after a few hours. But after not being able to check my e-mail in the middle of job application season, I decided to work around the issue by routing out of an alternate connection. The alternative via Telstra always seemed to work just fine – it just cost a lot more in comparison, so I didn’t want to rely on it more than necessary.

On the desktop, things were even more dire as it warned me that something might be tampering with my secure connections and it refuses to connect as the pinned certificate does not match. This is both curious and rather cryptic.

Early on, I had a feeling that the DNS was part of the problem and I was being redirected elsewhere. As a result, I flushed all the DNS resolver caches on my PC, in my router and set the router to ignore Vodafone’s own DNS and instead use the Google Public DNS servers at 8.8.8.8 and 8.8.4.4.

This seemed to solve the problem for a few days, but then today, the same thing happened again. I got tired of switching connections, so it was time to understand the problem.

Playing the Detective

The scenario is as follows – I couldn’t load my e-mail with the load failing to connect to mail.google.com with an HSTS error. The connection goes through Ethernet via a Mikrotik router (NAT), via USB 2.0 to my Xiaomi Redmi Note 4X (NAT) and into Vodafone’s infrastructure (Kogan Mobile). The router is configured to ignore peer DNS and use Google Public DNS only. Caches on the router and locally have been cleared to no effect.

At first, I thought it could be malware – so I tried using a different device on the same network. The result was the same, meaning it was unlikely to be device specific.

The first thing is to see why the HSTS error is occurring – so where are we being sent to when we attempt to load mail.google.com? The answer to this should come from the DNS. Bringing out nslookup reveals something strange:

The left side shows the queries for mail.google.com being sent to the router first, then to Google Public DNS (primary) and Google Public DNS (secondary) before sending it to Cloudflare DNS. The right side shows the responses for mail.google.com when routing out of my secondary Telstra connection. In all cases, the one on the right shows valid responses, whereas Vodafone somehow seems to be returning the loopback address as where mail.google.com resides.

This also explains why I get the HSTS error on my desktop, as I am running VMWare Workstation which binds locally to the HTTPS port 443, thus my browser’s request for mail.google.com is being sent to VMWare which replies with its self-signed certificate triggering the HSTS error (as it should).

I didn’t take any screenshots, but using Google Public DNS to resolve other domain names didn’t have any issues – it seemed specific to mail.google.com and also instagram.com as of that moment. This seems highly suggestive that something is tampering with the DNS queries, but where is it and what is it?

I tried to solve this question by using traceroute, but it didn’t seem to show anything anomalous. In the case of Vodafone, it goes through their network and straight to Google. In the case of Telstra, it’s pretty much the same. This makes sense, because they are probably peering with Google as one of the major destinations of the internet – but this means that whatever the culprit is wasn’t caught by a traceroute. This makes me suspicious there is some deep packet inspection “catching” only DNS queries regardless of destination and spoofing replies.

As I have used nslookup directly to target 8.8.8.8/8.8.4.4/1.1.1.1, it seems highly suggestive that whatever is tampering with it is probably not local to my network. To be sure, I decided to investigate the router’s DNS cache. By flushing it and querying mail.google.com from my desktop through the router, the router’s cache contains the bad response.

This tells me that the bad DNS replies are not the fault of the router, so might it be because of the phone I am using to tether with? The phone feeds the router, so logically I rebooted the phone, reconnected it and saw no change in behaviour.

In fact, I installed termux on the phone itself and used the phone itself to make a direct DNS query and got exactly the same result. Alas, it seems that Vodafone is indeed giving us a reply that gives a loopback address – how strange.

Digging further using the Fing app, it seemed that the phone could correctly resolve the address for mail.google.com, but how?

The answer seems that the Android apps are using Vodafone’s own DNS servers in their own network to resolve addresses.

By the time I came this far in my investigation, the problems with resolving mail.google.com were slowly subsiding. At first, the replies to queries to 8.8.8.8 began producing a valid IPv4 reply (but not IPv6). This is enough to get me back into my mailbox. Vodafone’s own DNS is making correct replies.

So you might ask – why don’t I just use Vodafone’s DNS servers? The problem was that in the past, the exact same issue occurred using Vodafone’s DNS servers. The responses indicated various sites were at 127.0.0.1 resulting in a failure to connect/load/HSTS errors. I swapped to Google Public DNS to try and evade these issues, and while it seemed to work for a while, today even that method seemed to fail. So while I could go back to using “peer DNS” and prioritise responses from Vodafone’s own DNS, I would probably run into the same trouble sooner or later.

Why is this happening? I have absolutely no idea. I expect my data to pass through the internet “verbatim” without being tampered – the evidence seems to suggest one of several possibilities:

  • maybe there’s a misconfiguration or a bug somewhere in Vodafone’s NAT equipment that is corrupting DNS requests from time to time or caching incorrect responses.
  • maybe Vodafone’s NAT or routing equipment is configured to intercept and respond to DNS by “proxy” as a means to ensure the court-ordered content blocks are less easily circumvented and this equipment is problematic.
  • maybe there’s an active attempt to poison any caches along the way resulting in the propagation of incorrect responses back down the chain.
  • maybe there’s something wrong with Google and Cloudflare’s DNS servers at the exact moment (extremely unlikely).
  • maybe there’s something wrong with my phone that I use to tether (even though it works fine with other carriers, a prospect I feel is unlikely).

Ironically, as I was writing this, the problem came back for a few minutes and my cache got polluted again. To get around it for now, I’ve added a static DNS binding for mail.google.com to just one of their server IPs. While it won’t help with their load balancing, it should ensure I can continue to reach the site.

At least I’m happy that I understand where the problem appears to be and it’s not something that I can do much about. These are still all issues which I generally didn’t face on such a regular basis while on a fixed line connection (maybe once or twice a year rather than everyday for a few hours).

Speed and Bandwidth Quotas

Coming from a household that had only 9/1 on ADSL2+, I thought we had it bad. Being on “Lightning-Fast Vodafone” was supposed to be a treat, although a treat that would only last so long as the bandwidth quota allowed. Living life as a digital citizen with a bandwidth quota really does limit the amount of indulgence you can have (if you don’t want to break the bank), but the need for such quotas is understandable especially in a shared medium context.

I haven’t used Vodafone in many years – they just weren’t competitive and the VodaFail era really did deflate their image quite significantly. After a period of heavy network investment, they came back “all-guns-blazing” with such offers such as $7 starter SIMs offering 18Gb over 35 days (double-data) and occasionally, even Kogan managed a $0.99 SIM with 23Gb over 30 days. At these prices, it seems inevitable that Vodafone would at least see some curious people give them another go.

As a result, I employ my Xiaomi Redmi Note 4X (MTK edition) as my means of accessing the Vodafone network. Featuring an LTE Cat6 (300/50Mbit/s) modem with LTE-A capability and support for all bands that Vodafone operate on, it’s not a bad match. Using USB 2.0 tethering (to avoid Wi-Fi slow-downs) to a Mikrotik hAP cabled to the PC and placed up high for a full five bar signal with LTE+ indication (i.e. carrier aggregation), I did my absolute best to optimize my internet.

Despite this, while browsing, the internet still felt somewhat slow compared to the old fixed line, especially in the evenings. At first, I thought it was my imagination, but I wanted to check so while reviewing the Fingbox, I also used a bit of my excess quota and the Internet Speed feature to record some data to analyze.

In all, speed tests occurred during the period of 9th June through to 21st June (Vodafone) and 26th June to 1st July (Kogan Mobile). Speed was tested at 12am, 9am, 12pm, 3pm, 6pm and 9pm (at a random time within the hour) but not on all days. Results for each time are aggregated to show the trend – a total of 16, 17, 16, 16, 15, 16 samples respectively.

This is not intended to be a highly scientific appraisal of the performance of the Vodafone network – the performance will vary depending on location, signal strength, signal quality, interference, equipment used, number of carriers in use, local congestion, speed test server congestion and transit-link bandwidth just to name a few variables. However, this is what I seem to experience in my location.

A look at the mean (dark line) and median (grey line) shows there is a clear downward trend in speeds as the day progresses. Around midnight, the traffic loading should be relatively low and speeds peaking around 42Mbit/s have been observed, averaging about 24Mbit/s. However, at 9pm, we see that the speeds top out at around 14Mbit/s and average around 8.5Mbit/s. Despite that, we can see there are a number of samples that read below the 10Mbit/s line and a few under 5Mbit/s as well, meaning the service isn’t quite as fast as even the base-level NBN standard connection would be. On the upside, I think this means there might be quite a few Vodafone customers around here.

To some degree, a limited speed is expected due to the nature of the shared medium and Vodafone’s spectrum availability, however, it does pale to my previous analysis of Telstra during “We’re Sorry” day where even my older Cat4 LTE device supporting only 1800Mhz was able to deliver 100+Mbit/s in the evening and stay above 25Mbit/s (mostly) during the day, albeit at a different location. As a result, for the proponents who think that wireless can be an adequate replacement for cabled technologies, I think this is highly dependent on what level of quality you expect from the service.

The upload speed is more even and mainly hovers around 8-9Mbit/s during the day with peaks of 16Mbit/s. The lower rate is expected as the radio is only capable of 50Mbit/s upstream (ideally), but this suggests that upload bandwidth is not as contented as download bandwidth. Nothing unexpected there.

Unlike 3G-era technologies, LTE offers much improved and relatively stable ping times – the median ping time is about 34-41ms throughout the whole day, although the mean ping time is skewed significantly by a few outliers which corresponded with low-points on the download speed test. These events may be symptomatic of base-station outages, interference, extremely high loading, etc.

Conclusion

Most of the time, the internet just works and we don’t think about it. But not having the internet really puts a downer on productivity and enjoyment – it’s become vital to modern day living. As a technology enthusiast, the internet is probably even more important to me, so when it does go wrong, I try to find out why.

It seems that Vodafone uses a CGNAT of sorts and this breaks my FTPS. Oh well, not much I can do about that. At least SIP works fine … and I still have a fixed line elsewhere I can tunnel my data through.

It seems that Vodafone might be sending incorrect DNS replies breaking access to some sites from time to time. I tried changing to Google Cloud DNS, but that broke today along with Cloudflare DNS suggesting Vodafone or an intermediary may be somehow tampering with DNS requests to other servers “in flight” (caching? proxying?) or (less likely) something is wrong with both DNS servers at the same time when reached from Vodafone or my particular phone which works fine with other carriers.

Maybe there is an active DNS poisoning attack resulting in bad replies being cached, but if I’m querying Google Public DNS, I expect an answer from them (not a proxy) and I would expect Google wouldn’t let their own subdomain records be poisoned. At least I know how to clear my DNS caches and can make a bind a static DNS entry for the most affected sites to continue along (or edit some HOSTS files).

Vodafone and their resellers, including Kogan Mobile, have offered relatively irresistible plans and that has kept me online for the most part, so I am thankful. But sometimes, there are issues with such deals, in this case, the speed doesn’t seem to be quite as fast as their rivals. Can’t have it all …

Update – 5/7/18

It seems that today, while posting an article, DNS poisoning happened again resulting in requests to Facebook and Yahoo being misdirected to 127.0.0.1 loopback address. For now, I’ve removed the Google Public DNS and only rely on Vodafone’s internal DNS to see if it helps but it’s not a configuration I prefer and I remain unconvinced that Google Public DNS is to blame.

Posted in Computing, Telecommunications | Tagged , | Leave a comment