2

One of our clients uses Netscaler as a balancer middleware between Fuse server and our Tomcat-hosted software. Currently we are experiencing strange communication behavior between our software and netscaler (we're making SOAP-request using Spring-WS): after some time, since a request to netscaler is being made and response is being awaited, netscaler sends ACK,RST packet to our server, and, consequently, Java throws "connection reset" IOException. The tcp dump is as follows: fireshark screenshot

As per netscaler docs, Win field of reset packet contains error code which is 9300 in this situation and means 'cleanup of idle connections', which in it's turn means that netscaler runs "zombie" process, which cleans up idle connections and that this process has recognized our connection as being idle.

Why would connection be treated as being idle by netscaler in this case?

UPDATE Here is more complete communication log: enter image description here

Askar Kalykov
  • 2,553
  • 1
  • 22
  • 43

2 Answers2

0

What is the time delta between the server and the reset packet? You can tune the idle timeout values on the netscaler vserver for clients that go idle and on the service for servers that take a long time to respond.

Ronan
  • 36
  • 1
  • there were setting for killing hung connections, and question has arisen mainly because the lack of knowledge (please see my answer) – Askar Kalykov Dec 03 '15 at 06:23
0

Ok, this is what I have read and have been said:

  1. On TCP level there is no problem for the protocol for the connections to be hung (i.e., nothing is sent during extended period of time, and there was no connection termination sequence);
  2. Nevertheless, the problem rises at higher levels (system resources are allocated for each connection), and to address this there is an unofficial (for it is error prone) workaround for hung connections: in order to terminate connection gracefully, either side of the connection might send keepalive packets (probes) and take action after several packets are sent and no response from other side is received.
  3. Netscaler responds to the problem of hung connections with two ways: it either closes hung connections after certain (configurable) amount of time, or it can use keepalive-probe apporach (and there are configurable parameters on that one also)

Although our clients did found deeper problems that are buried in the service implementations (long request processing), we could also apply keepalive-probes approach in order to cease connection resets.

Links:

http://www.tcpipguide.com/free/t_TCPConnectionManagementandProblemHandlingtheConnec-3.htm

https://www.citrix.com/blogs/2012/07/26/netscaler-10-keep-alive-value-add-to-the-tcp-stack-with-profiles/

Askar Kalykov
  • 2,553
  • 1
  • 22
  • 43