Hi Willy,
that sounds interesting because we are using Cisco firewall as well. So
that issue might be related to that.
Our current situation is that we switched back to apache2 with
mod_balancer since we currently haven't enough time to investigate since
a datacenter move is going on and we have to keep things stable until then.
Since we switched back, our users didn't experience upload/download
problems anymore. Not sure why it is
working now. I will have more time to investigate after our datacenter
move, which will be around June since we
are planning to switch back to haproxy. So if I can do further
investigation on that in June please let me know if I can provide you
with more data, or at least I can do more tests regarding our firewall
to make sure that we don't have an issue there.
Please find the dump of a failing download at
ftp://ftp.suse.com/pub/people/wengel/haproxy/haproxy-download.dump
Thanks for your help so far.
Regards,
Wolfgang
On 27.03.2012 20:01, Willy Tarreau wrote:
Hi Wolfgang,
On Tue, Mar 27, 2012 at 12:45:25PM +0200, Wolfgang Engel wrote:
Hi,
I just want to follow up on a thread from december 2011 where Simon
experienced problems regarding TCP retransmissions.
We are seeing this problem on our site (susestudio.com) as well for
upload/download since we are using haproxy version 1.5-dev7 on
SLES11SP1 with kernel version 2.6.32.54-0.3-default.
Not all users seems to be affected and it is hard to reproduce since it
happens randomly.
I switched off TCP segment offload like Willy suggested for testing.
I can provide tcpdump of some interrupted download transfer from our
site where you might have a look at.
Does someone else experience this problem ?
Just for the record, Simon's issue was caused by an overzealous cisco
firewall performing deep inspection but not exactly knowing the HTTP
protocol, resulting in some WebSocket communications being blocked on
port 80 (since it does not inspect other ports). Another user, Jason
Strimpel faced the exact same issue with WebSocket, this time with a
TrendMicro Officescan firewall installed on the client machine. Same
observation, by switching to another port everything went smooth.
So I'm not sure you're discussing exactly the same kind of issues,
but just in case I'd be very interested in getting a trace showing
these retransmits, and if possible a few session before related to
the same source IP. It is indeed possible that what you're seeing
is related to an incompatibility between your local TCP stack and
the other side's, which unfortunately happens to be more and more
common with mobile operators doing funny things in order to offer
connectivity to more users than they have available IP addresses.
Best regards,
Willy
