I have an openvpn server, there are two client connection came in, both between the client and the server directly via TCP test rate is normal, but between two clients via TCP test rate is abnormal, the rate is very low, through caught found to have a lot of packet loss, and the need of retransmission packet retransmission many times, How should this problem check
Related
I am using a simulator. in this simulator when a client sends a tcp syn request to a server and server responds it with RST packet (when the requesting port is close) the same client sends tcp syn retransmission to the same server (and the same port) for four times. i want to know real networks do the same? i mean in real networks if a client sends a tcp syn to a server and recieve RST , do that client sends tcp syn retransmission to that server for four times?
It totally depends on the client implementation. If you program a client to respond to a server's RST with a SYN 4 times, then that's what it will do. It might be that the server is sending an RST because it's detecting a SYN flood (if you keep on sending SYNs unsuccessfully, eventually heuristics will class it as such).
You may want to play with Scapy so you can easily write the client for these kinds of questions.
I have a server with multiple clients. The simulated network is in heavy congestion. What I found is that the server reset some TCP connections after received the ACK segment of three-way handshake. But it doesn't happen when the network is in good condition.
What I found is that the ACK of three-way handshake is received about 3.5s later than the SYN-ACK.
Is that because the three-way handshake SYN-ACK time-out? If SYN-ACK time out, why not resend SYN-ACK.
Thank you for any suggestions.
This looks like related to SYN cookies.
SYN cookies
When a Linux host receives too much SYN traffic, it activates the SYN cookies mechanism.
When SYN cookies is enabled, a server answers to SYN by issuing a SYN-ACK segment with specific data encoded in the TCP sequence field. In that field it encodes the timestamp, the MSS and a cryptographic hash of the two endpoints (local and remote IPs and ports) plus the timestamp.
This is done so that the server does not have to store anything about the connection at this point, it simply send the answer and forget about it.
Then, when the client answer with its ACK, the server checks the hash in the ack field (the ack of the client is the sequence of the server). If it is correct, it creates the connection with the data stored in the field.
SYN cookies explain why the server does not resend SYN-ACK packets when they timeout.
But, why the reset after receiving the ACK?
Maybe clients (or server) are behind a NAT that modifies ports and the NAT also gets congested, so that it cannot link the final ACK to the previous SYN, and assigns a new source port. When the server receives it, it resets the connection (it does not matter if SYN cookies are enabled or not).
Or maybe the server process is not accepting connections at the same speed they are arriving, the kernel queue has filled and newer ones are discarded that way.
I am using apache netty module to receive udp packets.
Under load it does not seem to accept all sent udp packets.
I tested it by running a dummy udp server (non-camel, just counts number of received packets) and sent 1000 packets per second from localhost, this dummy udp server accepted and counted all. However sending 1000 packets per second from localhost to my camel udp port, I can see that some (1-5%) never show up.
What camel netty configuration should I play with to resolve this issue?
BTW I am sending udp packets in tight loop
Update: I am now providing following default threadProfile.
<threadPoolProfile id="myDefaultProfile"
defaultProfile="true"
poolSize="20"
keepAliveTime="25"
maxPoolSize="50"
maxQueueSize="100000"/>
Still get packet loss.
I have around 20 clients communicating together with a central server in the same LAN. The clients can make transaction simultaneously with the server. The server forward each transaction to external appliance in the network. Sometimes it works, sometimes my application shows a "time out" message in a client screen (randomly)
I mirrored all traffic and found TCP Retransmission after TCP Reset packets for the first TCP Sequence. I immediately thought about packet loss but all my cables/NIC are fine, and I do not see DUP ACK in the capture.
It seems that RST packets may have different significations.
What causes those TCP Reset?
Where should I focus my investigation: network or application design ?
I would appreciate any help. Thanks in advance.
Judging by the capture, I assume your central server is 137.56.64.31. What's happening is the clients are initiating a connection to the server with a SYN packet and the server responds with a RST. This is typical if the server has no application listening on that particular port e.g. the webserver application isn't running and a client tries to connect to port 80.
The clients are all connecting to different ports on the server, which is unusual for an central server, but not unheard of. The destination ports the clients are connecting to on the server are: 11007, 11012, 11014, 11108, and 11115. Is that normal for the application? If not, the clients should be connecting to whatever port the application server is listening on.
The reason for the retransmits is that instead of giving up on the connection upon receiving a RST from the server, the client tries to initiate the connection again so Wireshark considers it a retransmission.
The SYN packet has the same source dest IP address & port with the established connection, so what will happen in this case?
The server will silently drop the packet since it already has a connection in the ESTABLISHED state, one of the four values from (client-ip, src-port, server-ip, dest-port) must be different for the new SYN to be accepted.
The server will attempt a new connection.
in tech terms it will send a syn,ack packet and wait for the client to finish the tcp handshake
and open the connection.
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
will explain the process alot better than me.
the server will send some information to identify the connection in its syn,ack packet.
and that information is used to keep that connection seperate from others.
Most the time, the ports will not be the same
but when it is, it can cause problems with low grade nat routers,
They try to rewrite that ports that are used, and can get the connections confused.