yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #75825
[Bug 1804327] [NEW] occasional connection reset on SNATed after tcp retries
Public bug reported:
When neutron ports are connected to DVR routers that are without
floating ip, the traffic is going via SNAT on the network node.
In some cases when the tcp connections that are nat'ed end up
retransmitting, sometimes a packet is being retransmitted by the remote
that is outside what the Linux kernel connection tracking considers part
of valid tcp window. When this happens, the flow is receiving a RST,
terminating the connection on the sender side, while leaving the
receiver side (the neutron port attached VM) hanging.
A similar issue is described elsewhere, e.g.
https://github.com/docker/libnetwork/issues/1090 and the workaround
documented there of setting ip_conntrack_tcp_be_liberal seems to help in
avoiding conntrack to dismiss packets outside the observed tcp window
size which lets the tcp retransmit logic to eventually recover the
connection.
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1804327
Title:
occasional connection reset on SNATed after tcp retries
Status in neutron:
New
Bug description:
When neutron ports are connected to DVR routers that are without
floating ip, the traffic is going via SNAT on the network node.
In some cases when the tcp connections that are nat'ed end up
retransmitting, sometimes a packet is being retransmitted by the
remote that is outside what the Linux kernel connection tracking
considers part of valid tcp window. When this happens, the flow is
receiving a RST, terminating the connection on the sender side, while
leaving the receiver side (the neutron port attached VM) hanging.
A similar issue is described elsewhere, e.g.
https://github.com/docker/libnetwork/issues/1090 and the workaround
documented there of setting ip_conntrack_tcp_be_liberal seems to help
in avoiding conntrack to dismiss packets outside the observed tcp
window size which lets the tcp retransmit logic to eventually recover
the connection.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1804327/+subscriptions
Follow ups