Am 15.05.2015 um 18:17 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 05/15/2015 09:02 AM, Leon Fauster wrote:
I have a public peer system (yy.yy.yy.yy) that is reachable via my home uplink (xx.xx.xx.xxx).
15:59:30.244199 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0 15:59:30.281931 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 0 15:59:30.281945 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0 15:59:30.305020 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 105 15:59:30.344004 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 1412 15:59:30.344013 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0 15:59:30.344016 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 23
At the office we have a EL5 based router that can not reach the mentioned system. It does not give any hint about the problem.
15:57:51.751591 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0 15:57:54.750834 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0 15:58:00.749351 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0 15:58:12.746408 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0 15:58:36.740454 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0 15:59:24.728605 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
I tried to connect with a removed ecn bit [1]
[1] https://en.wikipedia.org/wiki/Explicit_Congestion_Notification
but this was not the solution.
Any ideas?
That's not much information to go on. Can you run tcpdump on the "public peer system"? Does it receive the SYN packets from your office?
Well, the destination is not in my realm (different provider). Before contacting them I want to be sure that my system is not causing this. So far i just see a "tcp retransmission" while trying to establish a https connection (captured on our router):
office -> destination: TCP 66 54487→443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=8 office -> destination: TCP 66 [TCP Retransmission] 54487→443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=8
from my home and office, I can see via traceroute that for the destination the entry hop is the same.
So, the destination is not responding with SYN,ACK when the connection passes our router. But as I said it is reachable from my home, and this is confusing.
Thanks, LF