From: Klavs Klavsen <kl@vsen•dk>
To: Willy Tarreau <w@1wt•eu>
Cc: Eric Dumazet <eric.dumazet@gmail•com>, netdev@vger•kernel.org
Subject: Re: TCP fast retransmit issues
Date: Wed, 26 Jul 2017 16:25:29 +0200 [thread overview]
Message-ID: <0b60368890bdb9aa1cf1df4bd0bf21cf@vsen.dk> (raw)
In-Reply-To: <20170726141847.GC1737@1wt.eu>
Thank you very much guys for your insight.. its highly appreciated.
Next up for me, is waiting till the network guys come back from summer
vacation, and convince them to sniff on the devices in between to
pinpoint the culprit :)
Willy Tarreau skrev den 2017-07-26 16:18:
> On Wed, Jul 26, 2017 at 04:08:19PM +0200, Klavs Klavsen wrote:
>> Grabbed on both ends.
>>
>> http://blog.klavsen.info/fast-retransmit-problem-junos-linux (updated
>> to new
>> dump - from client scp'ing)
>> http://blog.klavsen.info/fast-retransmit-problem-junos-linux-receiving-side
>> (receiving host)
>
> So bingo, Eric guessed right, the client's sequence numbers are
> translated
> on their way to/from the server, but the SACK fields are not :
>
> Server :
> 15:59:54.292867 IP (tos 0x8, ttl 64, id 15878, offset 0, flags [DF],
> proto TCP (6), length 64)
> 192.168.32.44.22 > 62.242.222.50.35002: Flags [.], cksum 0xfe2b
> (incorrect -> 0xce0e), seq 1568063538, ack 3903858556,
> win 10965, options [nop,nop,TS val 529899820 ecr
> 774272020,nop,nop,sack 1 {3903859904:3903861252}], length 0
>
> Client :
> 15:59:54.297388 IP (tos 0x8, ttl 56, id 15878, offset 0, flags [DF],
> proto TCP (6), length 64)
> 192.168.32.44.22 > 62.242.222.50.35002: Flags [.], cksum 0xbb2c
> (correct), seq 1568063538, ack 2684453645,
> win 10965, options [nop,nop,TS val 529899820 ecr
> 774272020,nop,nop,sack 1 {3903859904:3903861252}], length 0
>
> To there's very likely a broken firewall in the middle that is waiting
> for
> a bug fix, or to have its feature disabled. Sometimes it can also
> happen
> on firewalls performing some SYN proxying except that it would mangle
> the
> server's sequence numbers instead of the client ones.
>
> Willy
--
Regards,
Klavs Klavsen, GSEC - kl@vsen•dk - http://blog.klavsen.info - Tlf.
61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
next prev parent reply other threads:[~2017-07-26 14:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-26 11:07 TCP fast retransmit issues Klavs Klavsen
2017-07-26 11:49 ` Eric Dumazet
2017-07-26 12:18 ` Klavs Klavsen
2017-07-26 13:31 ` Eric Dumazet
2017-07-26 13:42 ` Willy Tarreau
2017-07-26 14:32 ` Eric Dumazet
2017-07-26 14:50 ` Willy Tarreau
2017-07-26 16:43 ` Neal Cardwell
2017-07-26 17:06 ` Neal Cardwell
2017-07-26 18:38 ` Neal Cardwell
2017-07-26 19:02 ` Neal Cardwell
2017-07-28 22:54 ` Neal Cardwell
2017-08-01 3:17 ` Neal Cardwell
2017-07-28 6:53 ` Christoph Paasch
2017-07-26 14:08 ` Klavs Klavsen
2017-07-26 14:18 ` Willy Tarreau
2017-07-26 14:25 ` Klavs Klavsen [this message]
2017-07-26 14:38 ` Willy Tarreau
2017-07-28 6:36 ` Klavs Klavsen
2017-07-28 7:27 ` Willy Tarreau
2017-08-17 13:20 ` Jeremy Harris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b60368890bdb9aa1cf1df4bd0bf21cf@vsen.dk \
--to=kl@vsen$(echo .)dk \
--cc=eric.dumazet@gmail$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=w@1wt$(echo .)eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox