TCP Retransmission PSH ACK

asked 2019-01-21 22:09:37 +0000

Laki gravatar image

updated 2019-01-21 22:10:45 +0000

We have enabled TLSv1.2 on Apache tomcat. We have a load balances in front of 2 apache tomcat servers that are listening on port 8443. We are having trouble accessing services through load balancer. Nothing is logged in to tomcat logs indicating any requests have received from the load balancer. However we can access tomcat servers directly using server IPs and 8443 port.

I ran a tcpdump and found out that request from the load balancer is reaching tomcat servers, however tomcat server is sending numerous re-transmission calls back to the load balancer. Would you be able to explain what these calls are ? This may help me find an answer to issue we are facing.

8 0.202358 TCP 61 [TCP Retransmission] 8443 → 7868 [PSH, ACK] Seq=1 Ack=400 Win=15544 Len=7

9 0.604389 TCP 61 [TCP Retransmission] 8443 → 7868 [PSH, ACK] Seq=1 Ack=400 Win=15544 Len=7

10 1.408390 TCP 61 [TCP Retransmission] 8443 → 7868 [PSH, ACK] Seq=1 Ack=400 Win=15544 Len=7

edit retag flag offensive close merge delete



My understanding is that you have a load balancer (LB) with a virtual IP (VIP) listening on port 8443 for HTTPS traffic.

When the LB gets a packet for with a destination IP matching that VIP and destination port matching 8443, it should send it to one of the Apache Tomcat servers on their port 8443.

The Tomcat servers don't seem to be getting traffic according to their logs but you did capture some ACKs.

I have some questions:

Where are you capturing the traffic? (Apache Tomcat server? LB?)

What are the IP addresses and used for? (Client-facing interface of LB? Server-facing interface of the LB? VIP? Apache server? Client?)

Also, what is the strategy to route the packets back to the clients?

Do your Apache servers have routes for the clients subnets or only a default route?

If there ...(more)

Spooky gravatar imageSpooky ( 2019-01-30 01:32:56 +0000 )edit

Hi, Without a trace it is next to impossible to give you an answer. But maybe it is an issue with the certificates or encryption setup???

Christian_R gravatar imageChristian_R ( 2019-01-30 06:45:57 +0000 )edit

+1 on the certificates and encryption setup as possible culprit

Spooky gravatar imageSpooky ( 2019-01-31 03:53:31 +0000 )edit