Solved

Router blocking new TCP connections when FIN not received

Posted on 2009-04-02
8
321 Views
Last Modified: 2012-06-21
We have been doing some testing recently on a problem that we have been having with an IP camera.

The camera sits behind an ADSL router and communicates with one of our servers over HTTP. We have noticed that, on some routers only, if you power down the camera after it has been running for a while and then power it back up again it doesn't make a connection to the server for 15-20 minutes.

After tracing the traffic through Wireshark the problem seems to be that when the camera is powered down it isn't able to send a FIN. When the camera comes back up and sends a SYN to the server, the router seems to think that there is a connection still open on the source port that the camera is using and it doesn't forward the SYN packet. If we change the camera to use a different source port it then works straight away.

My question is, is there something about the way that the camera is operating that is allowing this situation to happen ? If, for example, I was browsing a site on the internet and I temporarily lost my internet connection, I don't then find that I can't get back to the same site when my connection comes back.

Can anyone help to clarify this for me ?

TIA.
0
Comment
Question by:ccfcfc
  • 4
  • 4
8 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 24051775
Is the device using the same source port for both connections?


0
 

Author Comment

by:ccfcfc
ID: 24055103
Yes, following the power down/up the camera uses the same source port to communicate with our server.
0
 
LVL 28

Expert Comment

by:asavener
ID: 24056021
If the router supports it, you can lower the idle timeout for established connections.
0
 

Author Comment

by:ccfcfc
ID: 24057579
I can't make changes to the router, as this happens on several routers and could affect a large number of people. I need to focus on the behaviour of the camera.

Would you expect the camera to always use the same source port for the connection to my server rather than using a dynamic port or, if the camera always uses the same port, would it be better to have it send a RST to my server when it starts up to ensure that it always closes down any connection on the router that may have been left open ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 28

Assisted Solution

by:asavener
asavener earned 250 total points
ID: 24059280
Generally, the source port is dynamic, somewhere in the 1024-65535 range.
0
 

Accepted Solution

by:
ccfcfc earned 0 total points
ID: 24059306
That's what I would expect - that the camera uses a dynamic source port and that therefore following a hard reboot this isn't an issue.

How does a browser behave, for example ? If I am browsing a website and then just turn off my PC, when I turn it back on again and browse to the same website I don't have this issue, and I assume that's because a browser uses a dynamic source port - am I correct in assuming that ?
0
 
LVL 28

Expert Comment

by:asavener
ID: 24059340
Generally, yes.

A browser also opens multiple TCP sessions (I think IE defaults to 3 per page), and has a built-in timeout for downloading objects.  So it might not be as obvious as a device that simply tries to open a single session.

IMO, the camera is the bigger part of the problem.  It should either a) randomly choose a source port or b) keep retrying using a different source port each time.  Option b) is usually what I see when I'm troubleshooting some connection.
0
 

Author Comment

by:ccfcfc
ID: 24060590
That's my opinion too. I think that the camera behaviour needs to be modified to avoid this scenario.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP: SIP vs. proprietary Broadview Networks Silnet ?? 12 96
Understanding split up wire 10 30
Add Mac address reservation to Sonicwall TZ 210 router 1 46
DHCP Server 14 65
Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now