I am having a problem with a TCP session staying open on a server. The session is a FIX (Financial Infomation Exchange) session. Here is a synopsis of the problem.
We connect to a order routing service via BT Radianz, they NAT our internal private IP to a Radianz global 75.x.x.x, this connection is via Dublin.
I then simulate a service failure from Dublin and we now learn routes to the broker through our radianz connection in London, however we are NAT to a different global 76.x.x.x.
The FIX session stays active sending heartbeats but the firewall at the other end see's us coming from a diffrent global address. So the TCP packet has the ESTABLISHED flag send and the firewall rightly so rejects the connection.
The main problem is the nature of the FIX protocol. It may take up to 3 minutes to reset the connection.
I would like to reset the connection as it traverses the london router with the established flag set, i.e. the 3 way handsake has not taken place.
Some application/s can't handle RST which is triggered by remote host that initiates the connection to terminate it. This triggers ECONNRESET to the destination application. The application therefore waits for maximum timeout setting to expire to cleanup those ECONNRESET (in your case is 3 minutes). However, if the application received multiple RST within a 3 minute period, it "may" reach maximum number of thread and stops receiving new connections until some of it is cleared (the oldest).
This problem is usually a BUG of the application not able to handle RST. Check if there is a patch for the application. Applications should be able to handle all types of code for connection termination. i.e. ABRUPT which is RST and GRACEFUL which is FIN.
I have encountered a lot of this problem in different application (most recent is MQProxy). The root cause is usually a BUG in the application. Though remote connection/s which is terminated abruptly contributed to the problem (or exploited it), in the end its still need to fix at the application side. Think about how DDOS cause the services down.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...