dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1067
brizna
join:2013-08-24

brizna

Member

Actiontec router drops inbound websocket connections

I don't get why people preface these types of posts with "It's a good piece of hardware, but..." It's not a good piece of hardware. The actiontec router sucks. It doesn't get me 50Mbps wireless (despite being N (Rev I)), it doesn't have any sort of logging to tell me whats going on, Verizon forces you into using it by only making coax available (the ONT isn't in my apartment and cat5 isn't an option). The default security was WEP up until just recently.

They don't need to compete on hardware and thus the quality suffers.

Anyway, if I connect to my websocket server directly via the LAN, the connection never drops. If I connect via reverse proxy (nginx), the connection never drops. But once I introduce the router into the mix and connect via my external ip address, the connection will drop after about 5-20 minutes. This is an active connection (with keep-alive packets being sent every 30 seconds or so). When it fails, neither end of the socket is notified, and the disconnection will be detected upon failure of the next keep-alive.

This sucks. It'd be manageable if it'd at least closed the connection properly and the endpoints were notified, but that's not the case and it silently drops.

The solution is to lobotomize the router into a bridge and put a linksys in front of it.

Thank you Verizon for this massive dump of a router you take on your customers. I hope google fiber makes its way to nyc at some point.

More Fiber
MVM
join:2005-09-26
Cape Coral, FL

1 edit

More Fiber

MVM

said by brizna:

When it fails, neither end of the socket is notified, and the disconnection will be detected upon failure of the next keep-alive.

With a TCP connection, the router is NOT responsible for closing the connection. That is the responsibility of the application on either end.

So if only coax is available to your apartment, how are you ever going to connect to Google fiber, should it ever become available?
brizna
join:2013-08-24

brizna

Member

The router shouldn't be closing the connection in the first place so what its responsibilities are seem to be pretty undefined. But yeah, it's an upgraded http request that doesn't close (keep/alive on steroids) (»en.wikipedia.org/wiki/WebSocket).

Verizon does NYC by installing FiOS building by building. Hopefully fiber does something similar.

guppy_fish
Premium Member
join:2003-12-09
Palm Harbor, FL

2 edits

guppy_fish to brizna

Premium Member

to brizna
websocket is not an approved protocol, is is currently in the Candidate status with W3C, expecting production routers to support it isn't realistic.

Making a protocol like http, which is stateless, carry a payload the requires the information to be statefull is the issue. From my reading websocket, keep connections active for as long as the application likes, yet Http was never intended to do this, websocket does this to keep overhead down.

What the router is likely doing, correctly I might add, is it monitors all connections, and to prevent the NAT table from filling up with what in essence a stateless connection that by http standards should never be more than a few seconds, after 5 minutes removes the NAT entree

I would suspect most routers have this issue ... when the protocol is W3C approved, then maybe there will be support in the routers to basically diable garbage clean-up for open http NAT entrees, the downside is, it will be trivial to use this method to have DOS attacks as the NAT will never close unused entrees

Updated:

I did some more reading, websocket may never make it to main stream, as I suspected, it's a substantial security threat for a number of reasons, here is a good write on it:

»asmarterplanet.com/mobil ··· per.html

Anyhow, there is nothing wrong with the Actiontech router, its functioning as designed to released standards, as it should