Public IP address and high power consumption

Hi Justin,

However, we noticed that the APN info reported from the modem has the same IP address that the cloud server sees from the device, meaning it is NOT going through NAT, which we've never seen before.

This also sounds weird to me. Do you get API info through the "AT+CGDCONT?" command? how does the cloud server "see" the device IP?

One simple way is to check with the local cellular network provider about the public IP address concern. 

We can ping the IP address and get a response, but we don't know how to prove if the nRF9160 modem is responding or if some other network device is responding.

This should not be possible. NCS does not have library support ICMP ping response for nRF9160 by far unless you have added this function on your own. Have you checked if this IP is used by your cloud server?

See correction on comment: devzone.nordicsemi.com/.../297547

Does the nRF9160 respond to PINGs received from the cellular network? If so, is there some way to tell if that is happening without a modem trace?

No. I am not sure how much access you can get from the remote device. If it is on the field untouchable or your customer has no capability to program and get debug information, it is almost impossible to know what's wrong without getting debugging information.

Best regards,

Charlie

Charlie said:

This also sounds weird to me. Do you get API info through the "AT+CGDCONT?" command? how does the cloud server "see" the device IP?

One simple way is to check with the local cellular network provider about the public IP address concern. 

Yes, we used "AT+CGDCONT?" on the device side to get the IP. The admin console of the MQTT server in the cloud lets us see info about each client, and the IP address it reported for the client ID matched.

Charlie said:

This should not be possible. NCS does not have library support ICMP ping response for nRF9160 by far unless you have added this function on your own.

We have not added any functionality like that. It seems more likely to me that the cellular operator is doing something tricky and there is a firewall or proxy device in the path that is answering the PING.

In general, if the nRF9160 were to receive unsolicited or unexpected TCP/UDP traffic on closed ports, how would it behave? My big picture expectation is that the modem processor would handle everything, drop the traffic, and never alert the application processor. Is that more or less correct?

Hi Justin,

jbrzozoski said:

In general, if the nRF9160 were to receive unsolicited or unexpected TCP/UDP traffic on closed ports, how would it behave? My big picture expectation is that the modem processor would handle everything, drop the traffic, and never alert the application processor. Is that more or less correct?

Yes, it will ignore everything coming if there is no socket connection on a specific port.

I think you would need some on-field debugging for this issue.

Best regards,

Charlie

Hi Justin,

I discussed this with our modem firmware development team and figure out

There is actually a ping response service inside the modem firmware.

Sorry for my mistake and it is not documented anywhere. This means if your device does get a global IP from the network operator, you would be able to ping this device.

I guess the next step your need to contact the local network operator to get a different network configuration if you have security concerns.

Best regards,

Charlie 

To follow up on this we obtained a test SIM from Verizon with a public static IP and found that even without us initiating any traffic the power draw during eDRX was 10x what it normally is. With a 10.24sec eDRX cycle we normally transactions at this interval, but with the public IP the modem was being woken up very frequently and we rarely saw a full 10sec idle time.