[HECnet] netowrk flapping....
Peter Lothberg
roll at Stupi.SE
Sun Jun 10 02:21:54 PDT 2012
With my connection, I noticed that the circuit would disconnect and
reconnect periodically. It corresponded to the timeout in my firewall
causing the UDP association to be lost. When I increased the timeout
in my firewall for these port 700 UDP "connections", that made my
circuit much more stable.
Like Peter said, Peter and I had a big debate about this at lunch today.
UDP is, by definition (or so I thought), both stateless and connectionless.
I can't understand what state or connection is being timed out in this
case....
Yes, a UDP session is connectionless, however when a firewall is doing
NAT and/or PAT (remember I mentioned that my firewall is randomizing the
source port number, so the LAN port numbers are different from the ones
sent over the internet), it needs to maintain a session table to keep
track of which IP addresses and port numbers map to which systems and
port numbers locally. Those connections time out after a while, and then
subsequent UDP packets wouldn't be recognized.
Any chance this device can be replaced with something IP compatible?
(What's the uplink interface?)
--P
More information about the Hecnet-list
mailing list