[CentOS] unreachable peer

Sat May 16 17:23:17 UTC 2015
Leon Fauster <leonfauster at googlemail.com>

Am 15.05.2015 um 18:17 schrieb Gordon Messmer <gordon.messmer at gmail.com>:
> On 05/15/2015 09:02 AM, Leon Fauster wrote:
>> 
>> I have a public peer system (yy.yy.yy.yy) that is reachable 
>> via my home uplink (xx.xx.xx.xxx).
>> 
>> 15:59:30.244199 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.281931 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 0
>> 15:59:30.281945 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.305020 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 105
>> 15:59:30.344004 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 1412
>> 15:59:30.344013 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.344016 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 23
>> 
>> At the office we have a EL5 based router that can not reach the 
>> mentioned system. It does not give any hint about the problem. 
>> 
>> 15:57:51.751591 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:57:54.750834 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:00.749351 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:12.746408 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:36.740454 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:59:24.728605 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 
>> I tried to connect with a removed ecn bit [1]
>> 
>> [1] https://en.wikipedia.org/wiki/Explicit_Congestion_Notification
>> 
>> but this was not the solution.
>> 
>> Any ideas?
> 
> That's not much information to go on.  Can you run
> tcpdump on the "public peer system"?  Does it receive
> the SYN packets from your office?


Well, the destination is not in my realm (different provider). Before 
contacting them I want to be sure that my system is not causing this. 
So far i just see a "tcp retransmission" while trying to establish
a https connection (captured on our router):

office -> destination: TCP 66	54487→443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=8
office -> destination:	TCP 66	[TCP Retransmission] 54487→443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=8

from my home and office, I can see via traceroute that for the destination the entry hop is the same. 

So, the destination is not responding with SYN,ACK when the connection passes 
our router. But as I said it is reachable from my home, and this is confusing.

Thanks,
LF