netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Glen Turner <gdt@gdt.id.au>
To: James Nichols <jamesnichols3@gmail.com>
Cc: Jan Engelhardt <jengelh@computergmbh.de>,
	Eric Dumazet <dada1@cosmosbay.com>,
	linux-kernel@vger.kernel.org,
	Linux Netdev List <netdev@vger.kernel.org>
Subject: Re: After many hours all outbound connections get stuck in SYN_SENT
Date: Fri, 21 Dec 2007 15:21:26 +1030	[thread overview]
Message-ID: <1198212686.5904.17.camel@andromache> (raw)
In-Reply-To: <83a51e120712200837p9e3d1a4g15b5f4763597073e@mail.gmail.com>


> I do have TCP Sequence # Randomization enabled on my router.

Huh?  Do you mean a PIX blade in a Cisco switch-router chassis? It
would be very useful if you could be less vague about the
equipment in use.

>  However,
> if this was causing an issue, wouldn't it always occur and cause
> connection issues, not just after 38 hours of correct operation?

That depends more on your customers' networking attributes
then you are sharing or perhaps even know.  Perhaps your customer
base is very Window-skewed and you simply aren't seeing any Sack
Permitted negotiations for the first 37.999 hours. Or
perhaps you've had a network glitch, and all of your
connections have done a Selective Ack, which the firewall
has trashed, leaving all the connections in a wacko state,
not just a few which you haven't noticed.

The actual failure mode needs a packet trace to determine,
but you should be able to do this yourself (or ask your
local network engineering staff).

If your firewall is trashing the Sack field, then it needs
to be fixed.  Time to raise a case with the Cisco TAC and
ask them directly if your PIX version has bug CSCse14419.
You can't expect Sack to work when it's being fed trash,
so it is important to make sure that is not happening.

Cheers, Glen
#include <network_engineer.h>
#undef KERNEL_HACKER


  parent reply	other threads:[~2007-12-21  4:58 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <83a51e120712141239u52d2dd68p1b6ee7ed08f2cecf@mail.gmail.com>
     [not found] ` <Pine.LNX.4.64.0712180009390.32270@fbirervta.pbzchgretzou.qr>
     [not found]   ` <83a51e120712180734i334399dbl51f44fe32d815f7d@mail.gmail.com>
     [not found]     ` <Pine.LNX.4.64.0712181704380.4422@fbirervta.pbzchgretzou.qr>
     [not found]       ` <83a51e120712180845k6cadf67bn5dd66fb2d3ac72d4@mail.gmail.com>
     [not found]         ` <Pine.LNX.4.64.0712181818360.4422@fbirervta.pbzchgretzou.qr>
     [not found]           ` <83a51e120712181009pf954f43mcb63ea4dab638458@mail.gmail.com>
     [not found]             ` <Pine.LNX.4.64.0712181910580.4422@fbirervta.pbzchgretzou.qr>
     [not found]               ` <83a51e120712181021p4c4c2a13g8820271f1e00361b@mail.gmail.com>
     [not found]                 ` <4768123A.7040603@cosmosbay.com>
     [not found]                   ` <83a51e120712181144l65633b32r72cc369f9d012f47@mail.gmail.com>
2007-12-18 20:37                     ` After many hours all outbound connections get stuck in SYN_SENT Eric Dumazet
2007-12-18 21:20                       ` Jan Engelhardt
2007-12-19 16:53                       ` James Nichols
2007-12-19 17:07                         ` Eric Dumazet
2007-12-19 17:43                           ` James Nichols
2007-12-19 17:58                             ` Jan Engelhardt
2007-12-19 18:12                               ` James Nichols
2007-12-20 14:41                               ` Glen Turner
2007-12-20 16:37                                 ` James Nichols
2007-12-20 21:05                                   ` Ilpo Järvinen
2007-12-21  6:06                                     ` Jan Engelhardt
2007-12-21  4:51                                   ` Glen Turner [this message]
2007-12-21 13:57                                     ` James Nichols
2007-12-19 18:03                             ` Eric Dumazet
2007-12-19 21:27                               ` Ilpo Järvinen
2007-12-20 16:08                               ` James Nichols
2007-12-20 20:44                                 ` Ilpo Järvinen
2007-12-20 20:49                                 ` Justin Banks
2007-12-16 16:34 James Nichols
2007-12-17 16:27 ` James Nichols
2007-12-19 12:54 ` Ilpo Järvinen
2007-12-19 17:38   ` James Nichols
2007-12-19 18:32     ` Ilpo Järvinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1198212686.5904.17.camel@andromache \
    --to=gdt@gdt.id.au \
    --cc=dada1@cosmosbay.com \
    --cc=jamesnichols3@gmail.com \
    --cc=jengelh@computergmbh.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).