0

I have a small farm of web servers running Apache 2.2.15 on CentOS 6, behind a Cisco ACE load balancer, which is behind a Eudaemon FW doing NAT for web clients on Internet and web servers in the farm (and some Cisco Switches between them, of course). Somthing like this:

 __________        ____     ___     ____     ______________
| Internet |------| FW |---|SW |---| LB |---|  Catalyst SW |
|__________|      |____|   |___|   |_ACE|   |______________|
                                                    |
                                                    |
                                             _______________
                                            |Web server farm|
                                            |_______________|

My issue is that I have reports from clients complaining about slow access and/or temporary access errors to Web server (often they have to retry to get access to web pages). When check on server side (the other network elements are outside my administration) I find of TCP resets going out form TCP port 80, and I think this is due to incorrect/unexpected seq number (according to tcpdump and wireshark). Please take a look at following screenshot depicting this problem:

tcpdump capture

Would you please give some ideas about why this might be happening?

Dõùĝ Díäz
  • 21
  • 1
  • 3
  • Where was this capture taken? Would it be possible to get 2 simultaneous captures, one on the client and one on the server? – hertitu Oct 25 '16 at 18:56
  • @hertitu The capture is from tcpdump on server side (1/6 farm servers). Final clients are mobile phones... I'll try to get a capture on the client... – Dõùĝ Díäz Oct 25 '16 at 20:00
  • @hertitu I got both captures. What should I look for? – Dõùĝ Díäz Oct 25 '16 at 21:21
  • See if you can spot any difference between the two. The first thing that was very odd about the initial capture is that after the 3whs there is nothing coming in for more than a second. So first thing I would check in the client capture is what happens immediately after the 3whs. – hertitu Oct 25 '16 at 22:12
  • @Dõùĝ Díäz If you haven't got to the bottom of this issue yet, I'd be happy to take a look over the two capture files. You can email to `markopolo.stackexchange@gmail.com` if interested. – Mark Riddell Oct 29 '16 at 11:25

0 Answers0