tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: ipv6 IPSEC TCP ISSUE



  Still no luck on connection drops though I disabled SACK and mtudisc.
  I have a question here:

  In case of TCP re-transmission I am seeing that length is getting
  changed, will that lead to a problem in the first place? Currently my
  telnet sessions are getting closed when a re-transmission when a
  different length happens. I my opinion is that the packet shouldn't
  get changed on re-transmission in any respect, right?

TCP doesn't retransmit packets; it retransmits segments which are newly
assembled into packets.  The new transmission being a different length
is a clue that the sender is doing PMTU-D.   It could be that there is a
broken firewall involved, but it could be a bug in NetBSD.

So, my advice, which will require significant effort to follow, is:

  take tcpdumps at both ends of the *entire connection*, using 'tcpdump
  -w' to a file.

  install xplot-devel from pkgsrc.   Read all the READMEs.

  Read the TCP specs, both base, congestion control and PMTU-D including
  blackhole detection, if you don't already understand all of this well.

  Do "tcpdump -S -tt -r SENDER | tcpdump2xplot".
    Perhaps netbsd-6 tcpdump has changed; fix tcpdump2xplot and send a
    pach if so.

  Repeat in a different directory with the RECEIVER tcpdump.

  Look at the plots: xplot -x -y -tile sender.xplot receiver.xplot,
  so that you look at the same direction from two network places at the
  same time.  In particular, you want to understand loss, and TCP's
  response to loss.  Keep in mind that both data and acks can be lost.


Attachment: pgpZZ3jTXIA_4.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index