Configuring Fast DDS Discovery Server to use TCP to bypass firewall UDP flood protection

[yjcrocks]

Robot Model

Turtlebot4 Standard

ROS distro

Jazzy

Networking Configuration

Discovery Server

OS

Ubuntu 24.04

Built from source or installed?

Installed

Package version

$ dpkg -s ros-jazzy-turtlebot4-navigation
Package: ros-jazzy-turtlebot4-navigation
Status: install ok installed
Priority: optional
Section: misc
Installed-Size: 2472
Maintainer: Chris Iverach-Brereton <civerachb@clearpathrobotics.com>
Architecture: arm64
Version: 2.1.1-1noble.20251110.214833
Depends: ros-jazzy-nav2-bringup, ros-jazzy-nav2-simple-commander, ros-jazzy-slam-toolbox, ros-jazzy-ros-workspace
Description: Turtlebot4 Navigation

Type of issue

Networking

Expected behaviour

ROS 2 topics should be shared reliably between the Remote Host and the TurtleBot 4 using the Fast DDS Discovery Server, without triggering network security rules.

Actual behaviour

• The remote teleop host is configured with a static IP address.
• The robot is operating behind a Wi-Fi router. The router itself has a static IP, and port forwarding is correctly configured.
• Basic tests, such as ros2 run demo_nodes_cpp talker on the host and ros2 run demo_nodes_cpp listener on the robot, execute successfully.
• Launching the localization stack works as expected; the system remains stable.
• Launching RViz functions correctly without issues.
• The Issue: Immediately upon launching the navigation stack, a critical network failure occurs.
• All UDP connections between the remote host and the robot are dropped.
• All external TCP connectivity (internet access) from both the robot and the host is lost.
• Crucially, external internet connectivity is also lost for all other devices connected to the same Wi-Fi router.
• Only the local TCP connection between the host and the robot remains active, as both devices reside on the same university subnet.
• Hypothesis: The university's network firewall or security system appears to be blocking the router's WAN IP and the remote teleop host's IP, identifying the surge in traffic generated by the navigation stack as a potential UDP Flood/DDoS attack. This conclusion was reached after extensive troubleshooting and observing that the block affects the entire router.
• We are currently in the process of contacting the network administrator to confirm if the specific IPs were blocked due to automated "UDP Flood" detection (pending confirmation).

Error messages

To Reproduce

This issue is specific to my university's network environment, so it may be difficult to reproduce elsewhere. However, I am providing my current configuration files below.

Remote Teleop Host

#  /etc/turtlebot4/setup.bash

export ROS_DOMAIN_ID=1
export RMW_IMPLEMENTATION="rmw_fastrtps_cpp"
export ROS_DISCOVERY_SERVER="127.0.0.1:11811;turtlebot:11811;"
export ROS_SUPER_CLIENT=True

. /opt/ros/jazzy/setup.sh

$ systemctl status fast-discovery-server-backup.service
● fast-discovery-server-backup.service - Fast DDS Discovery Server (ID 0; localhost only)
     Loaded: loaded (/etc/systemd/system/fast-discovery-server-backup.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-02-04 18:08:44 KST; 4h 13min ago
   Main PID: 219 (fast-discovery-)
      Tasks: 9 (limit: 19124)
     Memory: 23.7M (peak: 44.2M)
        CPU: 12.599s
     CGroup: /system.slice/fast-discovery-server-backup.service
             └─219 /opt/ros/jazzy/bin/fast-discovery-server -i 0 -l 127.0.0.1

Feb 04 18:08:44 NCLab-Youngjae systemd[1]: Started fast-discovery-server-backup.service - Fast DDS Discovery Server (ID>
Feb 04 18:08:45 NCLab-Youngjae bash[219]: Warning: the number of specified ports doesn't match the ip
Feb 04 18:08:45 NCLab-Youngjae bash[219]:          addresses provided. Locators share its port number.
Feb 04 18:08:45 NCLab-Youngjae bash[219]: ### Server is running ###
Feb 04 18:08:45 NCLab-Youngjae bash[219]:   Participant Type:   SERVER
Feb 04 18:08:45 NCLab-Youngjae bash[219]:   Security:           NO
Feb 04 18:08:45 NCLab-Youngjae bash[219]:   Server ID:          0
Feb 04 18:08:45 NCLab-Youngjae bash[219]:   Server GUID prefix: 44.53.00.5f.45.50.52.4f.53.49.4d.41
Feb 04 18:08:45 NCLab-Youngjae bash[219]:   Server Addresses:   UDPv4:[127.0.0.1]:11811

Turtlebot4

# /etc/turtlebot4/setup.bash

export FASTRTPS_DEFAULT_PROFILES_FILE="/etc/turtlebot4/fastdds_rpi.xml"
export ROBOT_NAMESPACE=""
export ROS_DOMAIN_ID="1"
export ROS_DISCOVERY_SERVER=";127.0.0.1:11811;"
export RMW_IMPLEMENTATION="rmw_fastrtps_cpp"
export TURTLEBOT4_DIAGNOSTICS="1"
export WORKSPACE_SETUP="/opt/ros/jazzy/setup.bash"
[ -t 0 ] && export ROS_SUPER_CLIENT=True || export ROS_SUPER_CLIENT=False
export ROBOT_SETUP=/etc/turtlebot4/setup.bash

source $WORKSPACE_SETUP

<!--/etc/turtlebot4/fastdds_rpi.xml-->

<?xml version="1.0" encoding="UTF-8"?>
<dds xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
    <profiles xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
        <participant profile_name="turtlebot4_default_profile" is_default_profile="true">
            <rtps/>
        </participant>
    </profiles>
</dds>

<!-- /etc/turtlebot4/fastdds_discovery_create3.xml -->

<?xml version="1.0" encoding="UTF-8"?>
<dds xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles">
    <profiles>
        <!-- UDPv4 Transport profile -->
        <transport_descriptors>
            <transport_descriptor>
                <transport_id>udp_transport</transport_id>
                <type>UDPv4</type>
                <!-- Reduce socket buffer size -->
                <sendBufferSize>32768</sendBufferSize>
                <receiveBufferSize>32768</receiveBufferSize>
                <!-- Reduce max message size, otherwise the participant creation fails -->
                <maxMessageSize>8192</maxMessageSize>
            </transport_descriptor>
        </transport_descriptors>

        <!-- Domain Participant Profile -->
        <participant profile_name="domainparticipant_profile_name" is_default_profile="true">
            <rtps>
                <!-- Use user defined UDPv4 transport -->
                <userTransports>
                    <transport_id>udp_transport</transport_id>
                </userTransports>
                <!-- Disable builtin transports -->
                <useBuiltinTransports>false</useBuiltinTransports>
            </rtps>
        </participant>

        <!-- Default publisher profile -->
        <data_writer profile_name="default_publisher_profile" is_default_profile="true">
            <topic>
                <!-- Tune initial allocations -->
                <resourceLimitsQos>
                    <max_samples>0</max_samples>
                    <allocated_samples>0</allocated_samples>
                </resourceLimitsQos>
            </topic>
        </data_writer>

        <!-- Default subscriber profile -->
        <data_reader profile_name="default_subscriber_profile" is_default_profile="true">
            <topic>
                <!-- Tune initial allocations -->
                <resourceLimitsQos>
                    <max_samples>0</max_samples>
                    <allocated_samples>0</allocated_samples>
                </resourceLimitsQos>
            </topic>
        </data_reader>
    </profiles>
</dds>

$ systemctl status discovery
● discovery.service - FastDDS discovery server
     Loaded: loaded (/usr/lib/systemd/system/discovery.service; enabled; preset: enabled)
     Active: active (running) since Wed 2026-02-04 21:40:55 KST; 46min ago
   Main PID: 14590 (bash)
      Tasks: 12 (limit: 4388)
     Memory: 25.7M (peak: 26.9M)
        CPU: 1min 7.266s
     CGroup: /system.slice/discovery.service
             ├─14590 /bin/bash -e /usr/sbin/discovery
             ├─14617 sh /opt/ros/jazzy/bin/fastdds discovery -i 1 -l 0.0.0.0 -p 11811
             ├─14619 python3 /opt/ros/jazzy/bin/../tools/fastdds/fastdds.py discovery -i 1 -l 0.0.0.0 -p 11811
             └─14621 /opt/ros/jazzy/bin/fast-discovery-server -i 1 -l 0.0.0.0 -p 11811

Feb 04 21:40:55 turtlebot1 systemd[1]: Started discovery.service - FastDDS discovery server.
Feb 04 21:40:56 turtlebot1 bash[14621]: ### Server is running ###
Feb 04 21:40:56 turtlebot1 bash[14621]:   Participant Type:   SERVER
Feb 04 21:40:56 turtlebot1 bash[14621]:   Security:           NO
Feb 04 21:40:56 turtlebot1 bash[14621]:   Server ID:          1
Feb 04 21:40:56 turtlebot1 bash[14621]:   Server GUID prefix: 44.53.01.5f.45.50.52.4f.53.49.4d.41
Feb 04 21:40:56 turtlebot1 bash[14621]:   Server Addresses:   UDPv4:[0.0.0.0]:11811

Other notes

I believe the most robust solution for this environment is to force Fast DDS Discovery Server to use TCP connections only.

Could you provide guidance or an example XML configuration on how to:

• Configure the TurtleBot 4 (Server) to listen on a TCP port instead of UDP?
• Configure the Remote Host (Client) to connect via TCP?
• Ensure these settings are correctly applied to the standard turtlebot4.service and discovery.service?

Any help in converting the transport layer to TCP would be greatly appreciated.

[smatarCPR]

Hello @yjcrocks
Thank you for reaching out on the Turtlebot 4 Github page. I am very sorry to hear that your Turtlebot 4 is not meeting expectations.

Based on the details provided I have the following questions/recommendations:

• Reviewing the setup.bash files provided, it appears that some of the details do not line up with the standard parameters generated using our script generation tool. Of particular interest is the use of the hostname for the Turtlebot for the setup.bash file on the remote host computer. To verify, is the IP address used, and it has been omitted for security purposes when opening this Github ticket?
• In addition, there appears to be a lack of a ROS namespace being used for the Turtlebot, does the use of a namespace affect the outcome of the navigation stack launching?
• What sort of additional network securities are present on the university network? If a mobile hotspot is used in lieu of the university network, with identical configuration settings, do you encounter the network disconnect behaviour?
• Are you otherwise able to echo ROS topics from the Turtlebot 4 prior to launching the navigation stack?

Let me know the results of these checks. Looking forward to hearing from you soon.
Best Regards,
Saif