the odd thing is, if I point the url to the varnish right behind the haproxy - the issue goes away completely.
The dump I send you, was from over the internet (a few countries apart) - so that's probably why the MSS is the size it is :) I'll grab a dump on haproxy server tomorrow, while reproducing the problem with a local client. Lukas Tribus said the following on 02/19/2014 11:13 AM: > Hi, > > >> I have attached a dump, from the client side of the problem. >> As you can see it starts to send the reply, and then suddenly resets. > > When looking at "tcp.stream eq 0": > We RST in the middle of a HTTP response, without any apparent reason. > > When looking at "tcp.stream eq 1": > 270 ms after the ACK we already see the RST. The browser doesn't even start > to send a request. Could you try without the "timeout http-request" option > in the config? > > You said you have full MTU, but the SYN-ACK from the server announces only > 1380 Byte MSS. Any idea why? Any security software or NAT Gateways in between? > > > I think something is messing with your TCP/HTTP connections. Try reproducing > it with a Linux Live CD and on a different Internet connection (or at least a > different NAT router). > > > >> Thursday, I will do a capture on haproxy server, and capture it there, if >> necessary. > > Yes, that would be very useful as we are not sure what the server really sees. > > Best thing would be to capture on the client and the server side > simultaneously, > so that the capture can be compared. > > > > > Regards, > > Lukas > -- Regards, Klavs Klavsen, GSEC - [email protected] - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer
