Bohdan Biehov
2018-10-11 16:33:03 UTC
---------- Forwarded message ---------
From: Bohdan Biehov <***@gmail.com>
Date: Wed, 10 Oct 2018 at 18:38
Subject: Question about RST from client not propagated to the server
To: <***@1wt.eu>
Hello mister Willy,
Sorry for disturbing you with yet another question but I realized that I am
stuck and can't find proper information to resolve my issue.
I am a guy who is configuring haproxy in our small team and currently I am
debugging a case where I see ( in network dump ) that after client sent RST
to haproxy that RST is not propagated to the server, instead haproxy starts
to retrasmitting TLS1.2 Encrypted Alert and server keep re-sending DUP
ACK, there always 9 cycles and it takes 52 seconds :
I will show it from TLS perspective, network capture on haproxy VM.
client -> haproxy "Client Hello"
haproxy -> server "Client Hello"
sever -> haproxy "server hello, certificate"
haproxy -> client "server hello, certificate"
client -> haproxy "key exchange"
haproxy -> server "key exchange"
after some time of exchanging data
client -> TLS.1.2 Encrypted Alert
client -> haproxy [RST]
haproxy -> server [FIN, ACK ]
server -> haproxy [ACK]
After this line I don't understand the nature of following retransmissions :
haproxy -> retransmit [FIN, ACK]
server -> haproxy [DUP ACK]
repeats 9 times for 52 seconds and finally stops.
I wonder if you can help me to understand why those retransmissions take
place, and where should I dig, should I look for sysctl netowrk
configuration or am I missing any important parameter in haproxy config.
Last time I was looking for this very important option:
on-marked-down shutdown-sessions
Maybe there similar option but that works in different direction: so if
client disconnects from haproxy then kill haproxy->server session
Thanks in advance
From: Bohdan Biehov <***@gmail.com>
Date: Wed, 10 Oct 2018 at 18:38
Subject: Question about RST from client not propagated to the server
To: <***@1wt.eu>
Hello mister Willy,
Sorry for disturbing you with yet another question but I realized that I am
stuck and can't find proper information to resolve my issue.
I am a guy who is configuring haproxy in our small team and currently I am
debugging a case where I see ( in network dump ) that after client sent RST
to haproxy that RST is not propagated to the server, instead haproxy starts
to retrasmitting TLS1.2 Encrypted Alert and server keep re-sending DUP
ACK, there always 9 cycles and it takes 52 seconds :
I will show it from TLS perspective, network capture on haproxy VM.
client -> haproxy "Client Hello"
haproxy -> server "Client Hello"
sever -> haproxy "server hello, certificate"
haproxy -> client "server hello, certificate"
client -> haproxy "key exchange"
haproxy -> server "key exchange"
after some time of exchanging data
client -> TLS.1.2 Encrypted Alert
client -> haproxy [RST]
haproxy -> server [FIN, ACK ]
server -> haproxy [ACK]
After this line I don't understand the nature of following retransmissions :
haproxy -> retransmit [FIN, ACK]
server -> haproxy [DUP ACK]
repeats 9 times for 52 seconds and finally stops.
I wonder if you can help me to understand why those retransmissions take
place, and where should I dig, should I look for sysctl netowrk
configuration or am I missing any important parameter in haproxy config.
Last time I was looking for this very important option:
on-marked-down shutdown-sessions
Maybe there similar option but that works in different direction: so if
client disconnects from haproxy then kill haproxy->server session
Thanks in advance
--
from: ***@gmail.com
Best Regards, Bohdan Biehov
--
from: ***@gmail.com
Best Regards, Bohdan Biehov
from: ***@gmail.com
Best Regards, Bohdan Biehov
--
from: ***@gmail.com
Best Regards, Bohdan Biehov