The mystery of the resetting connections

Thursday I mentioned a bit of home network troubleshooting I was looking in to.
At home I've been noticing some persistent connections have been getting resets. A couple of times now I'll be VPNed into work here, and the connection will drop. Other times I've noticed telnet connections to weird ports will get reset sporadically. What's going on?

At home I'm on that network that's gotten some grief about discriminating against BitTorrent users, which I won't name here but you probably know.
I now have a high quality network sniff, and there is plenty of gun-smoke.

It ain't Comcast.

The problem is the Linksys router.

Looking at the network trace a particular pattern is repeated five times over the course of six hours. The Linksys router (a BEFSR41 v4.2 model) renews its DHCP lease, which it does every hour since Comcast sets the leases to last 2 hours. Immediately afterwards there is a slew of various Instant Messaging service login traffic, and more particularly the other application also re-logs in. Those connections were not FIN/ACKed, they were just plain dropped. In one case after the DHCP renewal there were a series of TCP retransmits from the internet that went unACKed by the router.

What is clearly happening is that the Network Address Translation (NAT) table is being reset whenever the DHCP lease renews. I can understand that happening if the address it receives from the DHCP server is different than the one it already has, but clearly it is resetting whenever it gets ANY address from the DHCP server.

What this means is that it is impossible for me to maintain a persistent connection to anything longer than 60 minutes. This is VPN, IM, IMAP, IRC, you name it. Several of those protocols have reconnection logic in them which can hide this sort of network instability, but others (VPN) aren't so lucky.

Problem solved. Looks like I'll be in the market for a new home router! Something that isn't Linksys, since I need this problem solved NOW not in a few months when they get around to issuing a firmware update. A friend has already said that this could explain why some of his network gaming sessions always seem to crash after about an hour.


You should check out Astaro... you can get a free home license with all the fixin's...

Most SOHO routers are total garbage. Once the manufacturers ship them, they have no incentive to keep updating the firmware. On the residential side of things, we're seeing students with Dlink routers where the DHCP daemon dies at arbitrary times. I wouldn't ditch Linksys entirely though, the WRT54GL is an excellent router. Combined with 3rd party firmware like tomato or dd-wrt, and they're a joy to use.I'm using one in production at a smaller non-profit with over two months of uptime. Restek is using a similar model made by Buffalo (with open source firmware) at our off-campus Adrik apartments, they're working well.Having used these things for the last three years, I'd never buy anything else.