My blog
My LinkedIn Profile

BOOKS i'm reading

Napoleon Hill Keys to Success: The 17 Principles of Personal Achievement, Napoleon Hill, ISBN: 978-0452272811
The 4-Hour Workweek: Escape 9-5, Live Anywhere, and Join the New Rich (Expanded and Updated), Timothy Ferriss, ISBN: 978-0307465351
The Fountainhead, Ayn Rand, ISBN: 0452273331


TCP RST flag subtleties


Permalink 09:43:23 am, by lano1106, 516 words, 7077 views   English (CA)
Categories: TCP/IP

TCP RST flag subtleties

Comments, Pingbacks:

Comment from: Joe Beckner [Visitor] Email · http://www.UniplexNetworks.com
I think I am experiencing the problem you are referring to in this blog.

I should preface my comment by stating that I am not a software programmer, I am a network hardware person who sells, install and maintains Cisco network switches, routers and firewalls for small and medium businesses.

I am troubleshooting an intermittent problem for a client who has about 100 users on gmail. They experiencing intermittent periods where one or more users cannot access their gmail. All other internet traffic (web, etc.)is ok. Resetting the Cisco3825 router firewall on the T1 line clears the problem. I did not believe that this was really a router problem. All sessions are terminated when the router restarts which is probably why it clears.

I have some Wireshark captures from when users are experiencing problems. What I am seeing is an immediate TCP RST coming back from the Google gmail server after the successfull TCP 3 way session initiation for HTTPS. There are no HTTP codes coming back from the server. This repeats over and over.
PermalinkPermalink 03/26/10 @ 09:59
Comment from: lano1106 [Member]
Hi John,

it seems to be different. In the scenario I am describing, the client TCP/IP stack do receive the server reply. It is the application that do not sees it because a RST is immediately following the reply and is received by the TCP/IP stack before the application has the chance to read the reply from the stack.

This is not the problem that you have because if it was, you would see the reply precedes the RST segment with Wireshark.

In your situation, if you were asking me my opinion, I would suspect your router to be a NAT device and gmail server must have an internal limit that makes it refuse a single IP address to initiate more than a certain number of connections to protect itself against spammers.

I see some avenues to solve the problem:

1. If possible, configure your router to have more than 1 public IP address on the external NIC and make the router NAT module load balance the connections among the available public IP addresses.

2. Here is what my DNS server returns me for gmail.com:

Non-authoritative answer:
Name: gmail.com
Name: gmail.com
Name: gmail.com
Name: gmail.com

You could tweek your DNS server to let it do the load balance for your users.

Please report back here if this has helped you to fix the problem.
PermalinkPermalink 03/26/10 @ 10:47
Comment from: Joe Beckner [Visitor] Email · http://www.UniplexNetworks.com
Thank you, you are right, the router with IOS Firewall is doing NAT/PAT on the single IP address of the outside T1 interface. So the Google servers will see all users with the same IP address and different TCP port numbers. I will take a look at this some more.
PermalinkPermalink 03/26/10 @ 12:42

Comments are closed for this post.

Olivier Langlois's blog

I want you to find in this blog informations about C++ programming that I had a hard time to find in the first place on the web.

October 2015
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31


Custom Search


XML Feeds

What is RSS?

Who's Online?

  • Guest Users: 2

powered by