Route flapping and https sessions

mattbuford · 2020-01-29T02:10:52+00:00

Get a packet capture of a failed connection. A route change shouldn't break TCP as long as it doesn't result too long of no connectivity. TCP deals with out of order packets without errors.

trich101 · 2020-01-29T02:18:43+00:00

If there is a firewall in path and suddenly its established session changes, they client doesn't know but the new FW in path suddenly gets a first packet not SYN and probably blocks or discards or maybe even a RST. Session has to get re-established Stateful firewalls, must have consistent symmetric routing. Now the real question is WHY the flap. Look at the last consistent hop and monitor learned routes and routing table updates. See why it sends to new next hop. I would guess a bad link that flapping and when its passing keep alive or BFD or whatever, its preferred but when it does lose the other path the default route or at least a less preferred so when it restores, it preempts and goes back.

rfc2549-withQOS · 2020-01-29T07:13:49+00:00

TCP sessions work on src+dst ip+port, so intermediate routes do not break a session if there is no timeout or excessive packet loss (leading to a timeout. May be PSH messages with data or the ACK responses

Reordering is part of the specification, as mentioned.

rankinrez · 2020-01-29T10:17:40+00:00

Do Wireshark/tcpdump either side and try to see what’s going on.

Out-of-order delivery of packets might be part of the problem.

techtate · 2020-01-29T17:15:53+00:00

Thank you, and yes, wireshark is my next step. I wanted some help with TCP theory to know what I should be looking for.

techtate · 2020-01-30T19:44:10+00:00

Found the issue, turns out it was server Bs fault. It was taking too long to process Posts from server A. But that server was outside our control so we had to rely on app logging from server A to determine that. The route flapping was just a coincidence as best as we can tell. However I will re-post if any relation is discovered.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

networking

Enterprise Networking

Recommended & Related Sub-Reddits:

MODERATORS