Internal services traffic

Keenetic routers generate service traffic during their work. The network traffic occurs periodically or constantly in the background, initiated by the router itself. This is traffic from internal system processes, services, and applications that are automatically enabled on the router, not initiated by the user.

With the default settings, the sources of service traffic from the router can be:

  • Authentication and licensing service;
  • Diagnostic module;
  • Automatic update function;
  • Cloud-based remote control and KeenDNS;
  • The 'Keenetic mobile application' module;
  • The mechanism for Internet connection status monitoring (Internet Checker);
  • The adjustable mechanism for network connection status checking (Ping Check). It turns on automatically only when a USB modem is connected;
  • Time synchronization protocol.

Below is a table showing the service traffic used by different Keenetic router's services. The figures are for the 24/7 operation of the router on default settings. Below the table, you will find a brief description of the services, from which you may learn what they are used for, how they work, and how to turn some of them off to reduce the amount of service traffic.

Traffic source

Is it enabled by default?

Can I turn it off?

Traffic volume per day/month

Authentication and Licensing Service

Yes

No

Up to 10 KB / up to 300 KB

Diagnostic module

Yes

Yes

Up to 3 KB / up to 100 KB

Automatic update function

Yes

Yes

Firmware size depends on the model and component set (6 to 12 MB on average)

Cloud-based remote control and KeenDNS

Yes

Yes

794 KB / 24 MB

The 'Keenetic mobile application' module

Yes

Yes

up to about 1 MB per day (if the mobile device is not added to the cloud) and about 40 MB (if the mobile device is added to the cloud)

The mechanism for Internet connection status monitoring (Internet Checker)

Yes

Yes

5 MB / 155 MB

The adjustable mechanism for network connection status checking (Ping Check)

No;

automatically activated only when a USB modem is connected to the router

Yes

5.5 MB / 170 MB (in 'Automatic' mode with TCP verification);

1.62 MB / 50.22 MB (with ICMP verification)

Time synchronization protocol

Yes

Yes

400 bytes / 1.6 KB


1. Authentication and licensing service
(always on, cannot be turned off).

When Keenetic is connected to the Internet, the unique service code of the device, KeeneticOS version, selected update channel and the IP address are transmitted. The information is sent to the server ndss.keenetic.ndmsystems.com via the secure HTTPS protocol within a minute after turning on the router, and when the WAN IP address is changed, and once a day if there was no IP address change. One request is up to 10 KB.

This information is used to:

  • authenticate your device to receive updates and access Keenetic services;
  • determine the warranty period by the date of the first connection to the Internet;
  • automatically obtain an SSL certificate, validated by Let's Encrypt Authority, from the keenetic.io domain for secure access to the web interface of your device. The amount of traffic when receiving a certificate is approximately 180 KB. The certificate automatically renews every three months;
  • regularly transmit the device IP address for KeenDNS service operation;
  • regularly transmit the KeeneticOS version and update channel for automatic update service operation and user notification in the device web interface.

2. Diagnostic module (enabled by default, can be disabled).

The diagnostics module generates reports on errors and critical system failures and sends them to the ndss.keenetic.ndmsystems.com server via HTTPS secure protocol as they accumulate. Each report is no larger than 10 KB. The report can include information about system resource usage, protocols and Internet connection types, USB device identifiers.

These reports allow support to diagnose problems more accurately when users contact our technical support and allow developers to continuously analyze and improve the stability of Keenetic devices and services.

Since KeeneticOS version 3.3, you can disable the report sending function in the web interface, in the 'General system settings' page, under 'Product improvement program'. In this case, the device will not send reports.

Product_improvement_program.png

3. Automatic update function (is enabled by default, can be disabled).

The function sends a request to the server ndss.keenetic.ndmsystems.com via a secure HTTPS protocol to build the operating system in the required configuration for the device, then receives the resulted file and updates it in the device memory with the subsequent reboot. The frequency of official releases is about 6-10 times a year. The amount of traffic depends on the number of operating system components. On average, when using the recommended set, the download size ranges from 6 MB (for entry-level models) to 12 MB (for advanced models).

You can disable the automatic update function in the web interface, in the 'General system settings' page, under 'Updates and component options'. In this case, the device will not perform the update without your participation.

Auto-update.png

4. Cloud-based remote control and KeenDNS (enabled by default, can be disabled).

The agent is needed to remotely access the Keenetic router via the KeenDNS domain name service and when using the Keenetic RMM cloud service.

The agent uses the UDP keep-alive mechanism to check and maintain a constant connection between the router and the udp.ndss.keenetic.ndmsystems.com server. The polling occurs every 17 seconds. UDP/9 requests of 160 bytes each are used — that's 794 KB per day or 24 MB per month. Once the router is turned on, a request to check servers on port UDP/4044 is used.

If you are not using the KeenDNS domain name on your router, disable the service to reduce service traffic. Remove the agent component from the device's operating system. You can do this on the 'General system settings' page, under 'Updates and component options' by clicking 'Component options'.

cloud_component.png

Please note that the 'Cloud-based remote control and KeenDNS' component depends on the 'SSTP VPN Server' and 'WebDAV Server' components in your system. To uninstall the agent, you will also need to uninstall these dependent components too.

5. The 'Keenetic mobile application' module (enabled by default, can be disabled).

The module provides remote access to the device from the Keenetic mobile application.

It communicates with Keenetic Cloud. The module logs to the cloud controller in the *.keenetic.cloud domain every 30 seconds. After adding a device to your account, keenetic.cloud starts sending system events (Internet connection change, router restart, etc.) and telemetry data on traffic, CPU and memory load to the cloud controller. The data is transmitted in encrypted form using the AES and Curve25519 technologies and is stored in compliance with the legislation on protecting personal data. Daily traffic is less than 1 MB when not added to keenetic.cloud and about 40 MB when added to the cloud service.

If you are not using remote access to the router via the mobile app, disable the Keenetic Cloud service to reduce service traffic. You can do this in the web interface, on the 'General system settings' page, under 'Keenetic Cloud service for mobile applications'.

cloud_service.png

To completely disable the Keenetic Cloud service, remove the 'Keenetic mobile application' component from your device's operating system. You can do this on the 'General system settings' page, under 'Updates and component options', by clicking 'Component options'.

keenetic_app_component.png

6. Internet connection status monitoring (Internet Checker) (enabled by default, can be disabled).

The system mechanism for checking the availability of the Internet. According to its results, the system determines the current state of the Internet connection. It controls the globus.png LED on the device body (lit — Internet connection established, off — no connection to the Internet).

Requests are made every 10 seconds to google.com. DNS/53 + TCP/80 connection is used without data transfer. One request is 580 bytes, that's about 5 MB per day or 155 MB per month.

You can disable Internet Checker via the command-line interface (CLI) of your Keenetic.

To disable it, run the following commands:

no service internet-checker
system configuration save


After disconnecting, the Internet connection will be checked by ARP polling the default gateway (local traffic will be used).

7. Network connection status checking (Ping Check) (disabled by default, turns on automatically only when a USB modem is connected; otherwise, it is turned on by the user).

Ping Check is used for connection redundancy and automatic power control of USB modems. The operation of this mechanism depends entirely on its parameters: the checking type (ICMP requests or TCP port check), the interval between checks, the number of failed checks. By default, the 'Check interval' (time in seconds between checks) is 10 seconds. The default value of 'Trigger threshold' (number of unsuccessful checks) is 5.

When using the Automatic check mode, one of the google.com, facebook.com, or yahoo.com servers is polled. A DNS/53 + TCP/443 connection is used without transferring data to nodes. One request is 650 bytes, which is 5.5 MB per day or 170 MB per month.

You can disable Ping Check via the web interface on the connection type page ('4G/3G modem', 'Wired', 'Wireless ISP', 'DSL connection') on which it is enabled. Under 'Check the availability of the Internet (Ping Check)', set the 'Mode' field to 'Disabled'.

ping_check.png

If you want to leave Ping Check enabled, you can use ICMP Internet Availability Check to reduce service traffic. ICMP requests will be less in traffic volume: one request will be 200 bytes, which is 1.62 MB per day or 50.22 MB per month.

ping_check_icmp.png

For more information, see the Ping Check fine-tuning manual.

8. NTP time synchronization (enabled by default, you can disable or change the preset interval).

The service automatically sets the time in the router. The 'Set time automatically' option is enabled by default. The device attempts to synchronize with one of the preset NTP servers, pool.ntp.org, immediately after powering on and sends a request every 10 seconds until it successfully synchronizes. The request takes place over the NTP protocol. DNS/53 + NTP (UDP/123) are used. The amount of traffic used for time synchronization is 400 bytes.

After the clock is synchronized, the time is counted by the internal counter, and the next synchronization will be done in 7 days. The time synchronization service uses only 1.56 KB per month.

We do not recommend that you disable this service. If necessary, you can increase the synchronization interval to 28 days. To do this, in the Keenetic command-line interface (CLI), run the following commands:

ntp sync-period 40320
system configuration save

 

Summary

The Keenetic router uses service traffic for its internal system services. It automatically transmits information about your device over the Internet only for technical support and warranty service and accesses the servers of our online services. We do not collect information about websites you visit, search engine queries or any other personal information in full compliance with the Personal Information Protection Act.

The router itself cannot block access to Keenetic cloud servers and core system services unless you disable them as described above. These connections are necessary for stable, secure operation of the router and reliable assessment of its performance by the cloud services. The operation of these services does not architecturally imply any permanently open ports and backdoors, which intruders can use. Connections are established in short secure sessions, and no outside scanners will see open ports or vulnerabilities.

The bulk of service traffic is used by Internet availability and network connectivity checking mechanisms (Internet Checker and Ping Check) and cloud service agents. We remind you that Ping Check is automatically activated only when a USB modem is connected. Keep it in mind if you use the Internet tariff with a small amount of provided traffic, which has to be saved.

If you notice excessive Internet traffic consumption, the first thing to look at is user traffic. Today's operating systems and applications actively use various online services and can generate a significant amount of traffic from devices connected to your Keenetic router in the background. You can get detailed information about the traffic consumption of your connected devices over the past 24 hours from the device's Host traffic monitor.

 

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.