I have a CentOS 3 box that appears to be having problems where a TCP SYN comes into port 80 for an Apache Tomcat web application, but the rest of the TCP "3-way handshake" isn't happening. When the error occurs, I always see this pattern in tcpdump:
* A TCP SYN comes in from the client * ~3.25 second later I get another TCP SYN from the client * ~6.5 seconds after that I get a third and final SYN before the client gives up * No TCP ACKs are returned to the client to continue the 3-way handshake
The box is accepting lots of connections on lots of different ports and everything else seems to be working, but I'm occassionally getting these errors on port 80 for the last few weeks (the box has been up for a while).
Has anyone else run into anything similar to this?
Am I correct in saying that the Linux kernel, not java and/or Tomcat, handles the TCP stack, including the 3-way handshake? If so, getting past the 3-way handshake should have nothing to do with Java or Tomcat... IOW, this issue must have something to do with the OS, right?
Suggestions welcome on this strange issue!
Thanks!
On Sat, 2006-05-06 at 15:13, hkclark@gmail.com wrote:
I have a CentOS 3 box that appears to be having problems where a TCP SYN comes into port 80 for an Apache Tomcat web application, but the rest of the TCP "3-way handshake" isn't happening. When the error occurs, I always see this pattern in tcpdump:
- A TCP SYN comes in from the client
- ~3.25 second later I get another TCP SYN from the client
- ~6.5 seconds after that I get a third and final SYN before the
client gives up
- No TCP ACKs are returned to the client to continue the 3-way handshake
The box is accepting lots of connections on lots of different ports and everything else seems to be working, but I'm occassionally getting these errors on port 80 for the last few weeks (the box has been up for a while).
Has anyone else run into anything similar to this?
Am I correct in saying that the Linux kernel, not java and/or Tomcat, handles the TCP stack, including the 3-way handshake? If so, getting past the 3-way handshake should have nothing to do with Java or Tomcat... IOW, this issue must have something to do with the OS, right?
Ultimately the application has to handle connections as fast as they come in or you are fried one way or the other. However the OS should queue pending connections (by completing the handshake) until the application accepts them according to the 'backlog' parameter to listen() when the application sets up the receiving socket. I don't know enough about tomcat to know where to look for that value, though. When the backlog value is exceeded you should see connection requests being ignored as you describe.