• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

Router blocking new TCP connections when FIN not received

We have been doing some testing recently on a problem that we have been having with an IP camera.

The camera sits behind an ADSL router and communicates with one of our servers over HTTP. We have noticed that, on some routers only, if you power down the camera after it has been running for a while and then power it back up again it doesn't make a connection to the server for 15-20 minutes.

After tracing the traffic through Wireshark the problem seems to be that when the camera is powered down it isn't able to send a FIN. When the camera comes back up and sends a SYN to the server, the router seems to think that there is a connection still open on the source port that the camera is using and it doesn't forward the SYN packet. If we change the camera to use a different source port it then works straight away.

My question is, is there something about the way that the camera is operating that is allowing this situation to happen ? If, for example, I was browsing a site on the internet and I temporarily lost my internet connection, I don't then find that I can't get back to the same site when my connection comes back.

Can anyone help to clarify this for me ?

TIA.
0
ccfcfc
Asked:
ccfcfc
  • 4
  • 4
2 Solutions
 
asavenerCommented:
Is the device using the same source port for both connections?


0
 
ccfcfcAuthor Commented:
Yes, following the power down/up the camera uses the same source port to communicate with our server.
0
 
asavenerCommented:
If the router supports it, you can lower the idle timeout for established connections.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
ccfcfcAuthor Commented:
I can't make changes to the router, as this happens on several routers and could affect a large number of people. I need to focus on the behaviour of the camera.

Would you expect the camera to always use the same source port for the connection to my server rather than using a dynamic port or, if the camera always uses the same port, would it be better to have it send a RST to my server when it starts up to ensure that it always closes down any connection on the router that may have been left open ?
0
 
asavenerCommented:
Generally, the source port is dynamic, somewhere in the 1024-65535 range.
0
 
ccfcfcAuthor Commented:
That's what I would expect - that the camera uses a dynamic source port and that therefore following a hard reboot this isn't an issue.

How does a browser behave, for example ? If I am browsing a website and then just turn off my PC, when I turn it back on again and browse to the same website I don't have this issue, and I assume that's because a browser uses a dynamic source port - am I correct in assuming that ?
0
 
asavenerCommented:
Generally, yes.

A browser also opens multiple TCP sessions (I think IE defaults to 3 per page), and has a built-in timeout for downloading objects.  So it might not be as obvious as a device that simply tries to open a single session.

IMO, the camera is the bigger part of the problem.  It should either a) randomly choose a source port or b) keep retrying using a different source port each time.  Option b) is usually what I see when I'm troubleshooting some connection.
0
 
ccfcfcAuthor Commented:
That's my opinion too. I think that the camera behaviour needs to be modified to avoid this scenario.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now