Hi, Inline.
> On Nov 25, 2025, at 11:26 PM, Guo Huiliang via lists.fd.io > <[email protected]> wrote: > > My traffic flow is as follows: > > Client browser → Decryption Nginx (bound to a BVI interface on loop0) > After TLS decryption, the traffic is forwarded to Encryption Nginx (bound to > another BVI interface in a separate bridge domain on loop1) > Then it accesses the backend HTTPS server. > The entire pipeline works fine under normal conditions. When I refresh the > page in the browser (using regular F5), it succeeds every time—no matter how > many times I refresh. > > However, when I perform a hard refresh (Ctrl+F5): > > The first and second attempts still load the webpage successfully. > But starting from the third Ctrl+F5, the page fails to load. > Packet capture analysis shows that between the backend server and the > Encryption Nginx, there are massive TCP retransmissions, and even port reuse > occurs. After a certain number of retransmissions, both sides send RST > packets to terminate the connection. Hard to tell what is going on but given that you’re seeing port reuse, maybe linux side is refusing the handshake because of the initial sequence number. A bit surprised this is happening because port selection on vpp side should be relatively random, so pretty small chance of reuse with a few connections. > > From the command line, I observe that: > > Both the Decryption Nginx and Encryption Nginx processes are consuming 100% > CPU. If this is showing only after the bad condition is happening, maybe check with gdb what exactly is looping. Maybe it’s a side effect of some nginx socket option that’s not currently supported by the ldp shim. > Both loop0 (used by Decryption Nginx) and loop1 (used by Encryption Nginx) > show significant packet drops. Those drops look like protocol drops, not interface or tcp drops. Check “sh error” and that will hopefully clarify what they are. Maybe they’ll explain the tcp issues as well. > What is the root cause of this failure triggered specifically by Ctrl+F5? Guess the http connections (or at least more of them) are re-established instead of using cached content. Regards, Florin > > How can this issue be resolved? > > <475ea392-3170-41a2-a0ff-a4f669bcff36.png> > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26554): https://lists.fd.io/g/vpp-dev/message/26554 Mute This Topic: https://lists.fd.io/mt/116482254/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
