No longer able to download video from Itunes - Cisco 877

Unanswered Question
May 4th, 2008

Whenever I attempt to download a video from Itunes the TCP session is dropped somewhere during the transfer. This will happen on any computer connecting using this router.

000103: May 2 14:22:29.998 PCTime: %FW-6-DROP_PKT: Dropping tcp session 166.70.146.135:80 192.168.1.5:2098 due to Stray Segment with ip ident 12279 tcpflags 0x5010 seq.no 434208296 ack 1820613202

I do NOT see other errors when a session is dropped such as out of order packets, etc. There are no CRC errors on the interface.

My understanding of this error is that one or more unexpected TCP packets are being detected during the file transfer that causes the session to be dropped. However, this wasn't a problem prior to 04/28.

The problem might be with Akamai or with a Router bug but I could use some advice on avoiding the problem.

Errors occur in a different point in each video's download but always in the exact same spot for a given video.

In Itunes the error shows up as "Err 8008" which is the code for a corrupted download.

For files over 10MB Itunes downloads 10MB blocks via http over port 80. At the end of each 10MB block the block is validated and, if valid, the block is appended to a temporary download file. It is at the end of a 10MB block, likely during the validation, that the TCP session is dropped. If I start a video over by deleting the temporary file then the TCP session will be dropped at exactly the same point. Some videos don't get past the first 10MB block,and thus don't even create a temporary file, while others nearly complete. I *have* had a rare video that downloads completely but this is extremely unlikely.

I have been downloading quite a few videos over Itunes with my Cisco 877 for about 6 months. Previously I was successfully using a Cisco 857. The last time downloads worked without issues was on April 26, 2008. The next download I attempted on April 28th failed as have about 95% of them since.

Orignally I had IOS 12.4(15)T3 since 02/26. After the problem started I installed 12.4(15)T4 but that made no difference. No router changes were made on my end between the time Itunes was working and when the router started dropping sessions. No Itunes updated had taken place during that time on my end either. I am connecting to an ISP via ADSL and am not using a vpn connection when downloading from Itunes.

166.70.146.135 is a166-70-146-135.deploy.akamaitechnologies.com and is the Itunes store IP address that I use at my location. There is no option for me to force Itunes to use a different IP address.

Itunes support has no solution but they have had a few users who could not resolve this. The only suggestion they have is to download from another network.

I have many, many firewall rules generally with one for vpn access for my customers or incoming connections for tests, etc. Nothing in the router had been changed recently prior to the dropped session problem.

Disabling IP inspection completely doesn't seem to be feasable since apparently I'd have to totally redesign all of my firewall rules into Zones. I'd rather figure out why the error occurs or find a way to avoid it.

Example Videos:

Torchwood Season 2 episode "Meat" drops the TCP session after the first 10MB block.

Ugly Betty Season 2 episode "Burning Questions" fails at 100MB.

EDIT:

Apparently the problem only affects ITunes content added on 04/29/2008 or later. Anything on or before 04/28/2008 (so far) has no issues.

Also, I figured out that changing my name server changes the Akamai server I am assigned. I *did* find a server that doesn't cause errors and by changing my DNS to qwest.net.

Akamai is actually directly connected to my ISP for my default connection to 166.70.146.135 so it's not latency. The network that *did* work is neither the slowest nor the fastest connection I tried.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Fri, 05/09/2008 - 07:38

The reason for the error "%FW-6-DROP_PKT: Dropping tcp session" may be one of the following:

1)In a congested network, where retransmitted packets reach firewall

after session closes.

2)When one end point sends RST, othe end-point sends RST at the same

time.(Firewall seeing two RSTs).

3)due to RST inside current window

4)due Retransmitted Segment with Invalid Flags

5)due to Stray Segment

6)due to Invalid Segment.

using version 12.4.11T2 may solve the issue with tcp packet drops as this version solved the issue in a bug filed for a similar case.

wysiwyg_bill Fri, 05/09/2008 - 08:02

Thanks for the suggestion, I'll try 12.4(11)T2.

Also, the problem is worse than ITunes. Any file I download via http may be affected. I get bad zip files, failed checksums, etc. I opened up an issue with Cisco yesterday and am waiting to hear back.

Why this started suddenly I don't know since I hadn't change the router in a couple of months.

Actions

This Discussion