Yup, that's basically a deficiency I've got...
Yeah, but the next question is "Are you the only one", or do other
people's routers have similar timeout issues?
Bob
Ok, I looked thru 36 hours of OPERATOR.LOG on LEGATO for listener receive timeout adjacency down/adjacency up ( flapping as Peter calls it). Here s what I found
The Multinet connection to SG1 flaps all the time, almost like clockwork, with a period of about 20 minutes.
The Multinet connection to GORVAX flapped once in that same 36 hour period.
The Multinet connection to STUPI never flapped, although it did suffer from one corrupted packet error.
The Multinet connections to CIERE and FRUGAL never, ever, flapped nor suffered any corrupted packets.
So, what s it mean?? Bob
I guess that's the issue - you (or your router) really needs a way to
statically define these associations (at least in some specific cases). I
sort of assumed all routers could do that, but maybe I expect too much.
Yup, that's basically a deficiency I've got... well, that and the fact that I can't stop it from changing my source port numbers. I needed this kind of router for VLAN support, so I'm missing a few features that lower-end models would offer like UPnP.
--Marc
it needs to maintain a session table to keep track of which
IP addresses and port numbers map to which systems and port numbers
locally.
I guess that's the issue - you (or your router) really needs a way to
statically define these associations (at least in some specific cases). I
sort of assumed all routers could do that, but maybe I expect too much.
Bob
With my connection, I noticed that the circuit would disconnect and
reconnect periodically. It corresponded to the timeout in my firewall
causing the UDP association to be lost. When I increased the timeout
in my firewall for these port 700 UDP "connections", that made my
circuit much more stable.
Like Peter said, Peter and I had a big debate about this at lunch today.
UDP is, by definition (or so I thought), both stateless and connectionless.
I can't understand what state or connection is being timed out in this
case....
Yes, a UDP session is connectionless, however when a firewall is doing NAT and/or PAT (remember I mentioned that my firewall is randomizing the source port number, so the LAN port numbers are different from the ones sent over the internet), it needs to maintain a session table to keep track of which IP addresses and port numbers map to which systems and port numbers locally. Those connections time out after a while, and then subsequent UDP packets wouldn't be recognized.
--Marc
Marc Chametzky wrote:
With my connection, I noticed that the circuit would disconnect and
reconnect periodically. It corresponded to the timeout in my firewall
causing the UDP association to be lost. When I increased the timeout
in my firewall for these port 700 UDP "connections", that made my
circuit much more stable.
Like Peter said, Peter and I had a big debate about this at lunch today.
UDP is, by definition (or so I thought), both stateless and connectionless.
I can't understand what state or connection is being timed out in this
case....
Bob
The Internet between two end-systems is by arkitekture completely state less when it comes to
knewing anything about what the packets are all about... Unfortenly people love to break that
model to *add value*... -:)
-P
Marc Chametzky wrote:
With my connection, I noticed that the circuit would disconnect and
reconnect periodically. It corresponded to the timeout in my firewall
causing the UDP association to be lost. When I increased the timeout
in my firewall for these port 700 UDP "connections", that made my
circuit much more stable.
Like Peter said, Peter and I had a big debate about this at lunch today.
UDP is, by definition (or so I thought), both stateless and connectionless.
I can't understand what state or connection is being timed out in this
case....
Bob
and Bob A has a home gw (forgot what it
was) that he claims do the right thing, (not decnet routing..)
Well, I have a Netgear FVS338. It's a "SOHO" box - somewhere between a
turnkey home router and a fancy Cisco box. I never thought of it as all
that great, but it does allow me to set up static routes. In particular I
can map specific external ports/Internet IPs to internal ports/IPs
independent of the NAT.
Bob
With my connection, I noticed that the circuit would disconnect and
reconnect periodically. It corresponded to the timeout in my firewall
causing the UDP association to be lost. When I increased the timeout in
my firewall for these port 700 UDP "connections", that made my circuit
much more stable.
Unfortunately, my firewall (a SonicWALL NSA 240) is also stupid in that
it *must* randomize the source port for outgoing packets, so I'm not
able to connect to HECnet because MultiNet insists that the source port
must also be 700 and mine are coming through with random port numbers.
--Marc
IP and UDP is connection-less.. -:)
Throw the firewall away. Find a real router that can do DECnet routing
and NAT and Firewall somwhere. ..
We had this discussion at DCL, and Bob A has a home gw (forgot what it
was) that he claims do the right thing, (not decnet routing..)
-P
