From 171c43dca8b419c5ac579e289002ff4fdb1aee3f Mon Sep 17 00:00:00 2001 From: Sun Austin Date: Mon, 5 Aug 2019 16:46:43 +0800 Subject: [PATCH] Fix Periodic message loss between VIM and Openstack REST APIs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit set net.ipv4.tcp_tw_recycle=1 to avoid dnat conntrack invalid The probe connection action before going to time_wait state. Probe connection controller pod TCP FLAG SEQ ACK controller:50538 ---> endpoint:9292 SYN 2707980036 0 controller:50538 <--- endpoint:9292 SYN ACK 1599414185 2707980037 controller:50538 ---> endpoint:9292 ACK 2707980037 1599414186 controller:50538 ---> endpoint:9292 FIN ACK 2707980037 1599414186 controller:50538 <--- endpoint:9292 ACK 1599414186 2707980038 controller:50538 <--- endpoint:9292 FIN ACK 1599414186 2707980038 controller:50538 ---> endpoint:9292 ACK 2707980038 1599414187 And for the curl command connection with same port 50538: it will be like controller pod TCP FLAG SEQ ACK controller:50538 --> service:9292 SYN 2917708674 0 controller:50538 --> endpoint:9292 SYN 2917708674 0 controller:24479 <-- endpoint:9292 SYN ACK 2742336307 2917708675 controller:50538 <-- endpoint:9292 SYN ACK 2742336307 2917708675 controller:50538 --> service:9292 ACK 2707980038 1599414187 controller:50538 --> service:9292 ACK 2707980038 1599414187 controller:50538 --> service:9292 ACK(DROP) 2707980038 1599414187 The last ACK(controller:50538-->service:9292) SEQ and ACK is same as Probe TIME_WAIT latest ACK’s. from https://github.com/torvalds/linux/blob/v3.10/net/ipv4/tcp_ipv4.c#L2002 , it only check (des ip , des port, src ip, and src port).Because this is not a correct SEQ/ACK , then it is set invalid and then dropped. If enabling tcp_tw_recycle, the previous socket should be already closed, then the issue should be gone. Closes-Bug: 1817936 Change-Id: If6e66d85f08fc99022946fd2e9f4e5756bfb7b2f Signed-off-by: Sun Austin --- base/initscripts-config/files/sysctl.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/base/initscripts-config/files/sysctl.conf b/base/initscripts-config/files/sysctl.conf index eee0bd77a..db939ccb3 100644 --- a/base/initscripts-config/files/sysctl.conf +++ b/base/initscripts-config/files/sysctl.conf @@ -69,7 +69,8 @@ net.ipv4.conf.all.rp_filter=1 # Limit local port range net.ipv4.ip_local_port_range = 49216 61000 net.ipv4.tcp_tw_reuse = 1 - +# Fix https://bugs.launchpad.net/starlingx/+bug/1817936 +net.ipv4.tcp_tw_recycle = 1 # WRL # set max socket memory ; default was 212992 net.core.rmem_max=425984