Solved

Router blocking new TCP connections when FIN not received

Posted on 2009-04-02
8
326 Views
Last Modified: 2012-06-21
We have been doing some testing recently on a problem that we have been having with an IP camera.

The camera sits behind an ADSL router and communicates with one of our servers over HTTP. We have noticed that, on some routers only, if you power down the camera after it has been running for a while and then power it back up again it doesn't make a connection to the server for 15-20 minutes.

After tracing the traffic through Wireshark the problem seems to be that when the camera is powered down it isn't able to send a FIN. When the camera comes back up and sends a SYN to the server, the router seems to think that there is a connection still open on the source port that the camera is using and it doesn't forward the SYN packet. If we change the camera to use a different source port it then works straight away.

My question is, is there something about the way that the camera is operating that is allowing this situation to happen ? If, for example, I was browsing a site on the internet and I temporarily lost my internet connection, I don't then find that I can't get back to the same site when my connection comes back.

Can anyone help to clarify this for me ?

TIA.
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24051775
Is the device using the same source port for both connections?


0
 

Author Comment

by:ccfcfc
ID: 24055103
Yes, following the power down/up the camera uses the same source port to communicate with our server.
0
 
LVL 28

Expert Comment

by:asavener
ID: 24056021
If the router supports it, you can lower the idle timeout for established connections.
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 

Author Comment

by:ccfcfc
ID: 24057579
I can't make changes to the router, as this happens on several routers and could affect a large number of people. I need to focus on the behaviour of the camera.

Would you expect the camera to always use the same source port for the connection to my server rather than using a dynamic port or, if the camera always uses the same port, would it be better to have it send a RST to my server when it starts up to ensure that it always closes down any connection on the router that may have been left open ?
0
 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 24059280
Generally, the source port is dynamic, somewhere in the 1024-65535 range.
0
 

Accepted Solution

by:
ccfcfc earned 0 total points
ID: 24059306
That's what I would expect - that the camera uses a dynamic source port and that therefore following a hard reboot this isn't an issue.

How does a browser behave, for example ? If I am browsing a website and then just turn off my PC, when I turn it back on again and browse to the same website I don't have this issue, and I assume that's because a browser uses a dynamic source port - am I correct in assuming that ?
0
 
LVL 28

Expert Comment

by:asavener
ID: 24059340
Generally, yes.

A browser also opens multiple TCP sessions (I think IE defaults to 3 per page), and has a built-in timeout for downloading objects.  So it might not be as obvious as a device that simply tries to open a single session.

IMO, the camera is the bigger part of the problem.  It should either a) randomly choose a source port or b) keep retrying using a different source port each time.  Option b) is usually what I see when I'm troubleshooting some connection.
0
 

Author Comment

by:ccfcfc
ID: 24060590
That's my opinion too. I think that the camera behaviour needs to be modified to avoid this scenario.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Where is running-config located at in ASR9K? 3 39
DHCP Reservations 17 58
Ping in Fortigate 2 60
Linksys EA8500 3 18
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question