7 Replies Latest reply on Aug 1, 2010 7:27 AM by tmedema

    Connecting to Stratus fails 95% of the times

    tmedema

      Almost everytime I try to setup a NetConnection to my stratus URL, I have to wait about 90 seconds after which I get a connect failure. However, sometimes, about 5 out of 100 times I have to wait 30 seconds and then get a success message (even though 30 seconds is way too long).

       

      I asked other people to run my application, and they do get a success almost instantly.

       

      When I go to http://cc.rtmfp.net/ they are all green except:

      - Knows public IP address of self (no NAT)

      - Can Receive from same IP address, different UDP port number

      - Can receive from different IP address, different UDP port number

       

      I tried looking in my netgear router config, nothing special there.

       

      Also, the funny thing is that I sometimes do get a success after 30 seconds (very rarely).

       

      Finally, in other threads you said you cannot do much yourself about the P2P problems. My question is why applicatlions like Skype and MSN never have P2P problems, if you say this is impossible.

       

      Best regards,

      Tom

        • 1. Re: Connecting to Stratus fails 95% of the times
          tmedema Level 1

          Update: when it fails I mean that NetConnection status event returns NetConnection.Connect.Failed.

           

          Also, the 3 items that were not green are orange (not red).

           

          Finally, I did a tracert stratus.rtmfp.net:

           

          Tracing route to stratus.rtmfp.net [216.104.221.5]

          over a maximum of 30 hops:

           

            1    <1 ms    <1 ms    <1 ms  192.168.1.1

            2     6 ms     7 ms     5 ms  10.222.48.1

            3     7 ms    38 ms     9 ms  gn-rc0002-cr101-irb-201.core.as9143.net [213.51.133.225]

            4    12 ms    13 ms    11 ms  asd-lc0006-cr101-ae2-0.core.as9143.net [213.51.158.142]

            5    11 ms    11 ms    11 ms  ams-sara-cor-1.peer1.net [195.69.145.209]

            6    18 ms    19 ms    19 ms  oc48-so2-1-0.ldn-teleh-dis-1.peer1.net [216.187.115.49]

            7   110 ms   113 ms   111 ms  216.187.115.33

            8   134 ms   134 ms   133 ms  10ge.xe-1-0-0.chi-eqx-dis-1.peer1.net [216.187.114.161]

            9   183 ms   182 ms   184 ms  oc48.so-3-1-0.sea-coloc-dis-1.peer1.net [216.187.89.129]

          10   408 ms   409 ms   199 ms  10ge.ten1-2.sj-mkp16-dis-1.peer1.net [216.187.88.202]

          11   202 ms   201 ms   199 ms  10ge.ten1-2.sj-mkp2-dis-1.peer1.net [216.187.88.134]

          12   295 ms   210 ms   215 ms  10ge-ten1-3.la-600w-cor-1.peer1.net [216.187.88.130]

          13   209 ms   212 ms   209 ms  69.172.231.125

          14   214 ms   207 ms   212 ms  216.104.221.5

           

          Trace complete.

          • 2. Re: Connecting to Stratus fails 95% of the times
            remoteitservices

            You don`t want this but opening all udp traffic ports does the trick.

             

            What you can do is to setup a TURN/STUN proxy server your self for using stratus behind a nat/firewall

             

            Direct UDP traffic is always attempted and the TURN proxy is only used as a backup: it is used for UDP traffic that cannot flow between Flash Player and Stratus (in case of UDP blocking firewall) or between Flash Player endpoints

             

            I have a online TURN proxy for you so you can test this :

             

            no-pxs2.realtunnel.com

             

            Set this adres in your mms.cfg file wich is on your C:/ drive

             

            It should look like :

             

            RTMFPTURNProxy=no-pxs2.realtunnel.com

             

            if you want to build a TURN server by yourself you can take a look at the PJNATH package

            • 3. Re: Connecting to Stratus fails 95% of the times
              tmedema Level 1

              remoteitservices wrote:

               

              You don`t want this but opening all udp traffic ports does the trick.

               

              What you can do is to setup a TURN/STUN proxy server your self for using stratus behind a nat/firewall

               

              Direct UDP traffic is always attempted and the TURN proxy is only used as a backup: it is used for UDP traffic that cannot flow between Flash Player and Stratus (in case of UDP blocking firewall) or between Flash Player endpoints

               

              I have a online TURN proxy for you so you can test this :

               

              no-pxs2.realtunnel.com

               

              Set this adres in your mms.cfg file wich is on your C:/ drive

               

              It should look like :

               

              RTMFPTURNProxy=no-pxs2.realtunnel.com

               

              if you want to build a TURN server by yourself you can take a look at the PJNATH package

              Hmm, some questions: why would I need to do this when others don't? Why do I get a success message after 30 seconds about 5 out of 100 times?

               

              Anyway, I tried to add your line to C:\mms.cfg, homefolder\mms.cfg and homefolder\mm.cfg and it did not seem to help at all. Not sure if it even used this file though...

              • 4. Re: Connecting to Stratus fails 95% of the times
                Michael Thornburgh Adobe Employee

                given what you've reported, and in particular that you can connect to cc.rtmfp.net but not reliably to Stratus, here's what i think is going on:

                 

                your NAT/firewall has a (mis)behavior that i've only seen one other time.  if a packet comes in from an unexpected source (different from an address and port to which you've *first* sent a packet), then that source is permanently blacklisted *even if* you later send a packet to that source (which *should* open up bidirectional communication).

                 

                your connections to cc.rtmfp.net succeed because there's no initial redirection step like there is with Stratus.  there's a single server for CC, so your initial connection attempt goes directly to it.  however, with Stratus, your first packet goes to a front-end redirector, which sends a command back to your client to have it try a different address (one of the many nodes in the Stratus cluster), and also forwards your connection request to that cluster node (note: in real life the forwards and redirects are to several cluster nodes for load balancing and redundancy, but that's not important right now).  the redirect back to your client should cause it to begin opening to the indicated cluster node and send a packet to it, which would allow return traffic through your firewall.  however, if the response from the cluster node back to your client beats your client's outbound packet, then that first response will cause the cluster node to become blacklisted by your NAT's firewall.  and then even though you send traffic out toward that node, its responses are blocked and can't get back to you.

                 

                if occasionally your outbound packet to the cluster node (in response to the redirect message) goes out before the return message from the cluster node (in response to the forwarded message from the redirector), then the connection to Stratus may succeed.  this will be highly timing dependent and intermittent.

                 

                this firewall behavior is a buggy implementation of "stateful firewall".  it may be possible to disable this "feature" depending on the make and model of your NAT/firewall device.  check with your NAT/firewall manufacturer, make sure the firmware is up-to-date, and file a bug report against your device.

                 

                note that even in those few instances where your Stratus connection succeeds, you probably wouldn't be able to make P2P connections because they are facilitated by Stratus in a very similar fashion to how the initial connection works.

                • 5. Re: Connecting to Stratus fails 95% of the times
                  tmedema Level 1

                  This is very helpful. Thanks a lot, I will investigate the matter and report

                  back when I have some time.

                   

                  Regards,

                  Tom

                  • 6. Re: Connecting to Stratus fails 95% of the times
                    tmedema Level 1

                    I have an update to the situation, but it's not a good one I think.

                     

                    I did find an option in my router config to disable SPI. SPI is described as:

                    "Disable SPI Firewall - The SPI (Stateful Packet Inpection) Firewall protects your LAN against Denial of Service attacks. This should only be disabled in special circumstances."

                     

                    This seems to be the stateful firewall you were talking about and thus, after disabling, my connection to stratus should work.

                     

                    The bad news is that after disabling this firewall, nothing changes. I still experience the exact same problem.

                    • 7. Re: Connecting to Stratus fails 95% of the times
                      tmedema Level 1

                      Final update:

                       

                      I updated my router's firmware and now everything works.

                       

                      It does seem like a router bug.

                       

                      However, I never had problems with other P2P software. It is a shame that Flash's P2P scheme is not as aggressive when it comes to finding ways to establish a P2P connection anyway (like Skype).

                       

                      Regards,

                      Tom