StarlingX

Bug #1817936
Comment #28

Comment 28 for bug 1817936

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-08-27: Fix merged to integ (master)

#28

Reviewed: https://review.opendev.org/674719
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=171c43dca8b419c5ac579e289002ff4fdb1aee3f
Submitter: Zuul
Branch: master

commit 171c43dca8b419c5ac579e289002ff4fdb1aee3f
Author: Sun Austin <email address hidden>
Date: Mon Aug 5 16:46:43 2019 +0800

Fix Periodic message loss between VIM and Openstack REST APIs

set net.ipv4.tcp_tw_recycle=1 to avoid dnat conntrack invalid

    The probe connection action before going to time_wait state.
    Probe connection
    controller pod TCP FLAG SEQ ACK
    controller:50538 ---> endpoint:9292 SYN 2707980036 0
    controller:50538 <--- endpoint:9292 SYN ACK 1599414185
    2707980037
    controller:50538 ---> endpoint:9292 ACK 2707980037
    1599414186
    controller:50538 ---> endpoint:9292 FIN ACK 2707980037
    1599414186
    controller:50538 <--- endpoint:9292 ACK 1599414186
    2707980038
    controller:50538 <--- endpoint:9292 FIN ACK 1599414186
    2707980038
    controller:50538 ---> endpoint:9292 ACK 2707980038
    1599414187

    And for the curl command connection with same port 50538: it will be
    like
    controller pod TCP FLAG SEQ ACK
    controller:50538 --> service:9292 SYN 2917708674 0
    controller:50538 --> endpoint:9292 SYN 2917708674 0
    controller:24479 <-- endpoint:9292 SYN ACK 2742336307
    2917708675
    controller:50538 <-- endpoint:9292 SYN ACK 2742336307
    2917708675
    controller:50538 --> service:9292 ACK 2707980038
    1599414187
    controller:50538 --> service:9292 ACK 2707980038
    1599414187
    controller:50538 --> service:9292 ACK(DROP) 2707980038
    1599414187

    The last ACK(controller:50538-->service:9292) SEQ and ACK is same as
    Probe TIME_WAIT latest ACK’s.
    from
    https://github.com/torvalds/linux/blob/v3.10/net/ipv4/tcp_ipv4.c#L2002 ,
    it only check (des ip , des port, src ip, and src port).Because this is
    not
     a correct SEQ/ACK , then it is set invalid and then dropped.

If enabling tcp_tw_recycle, the previous socket should be already
closed, then the issue should be gone.

Closes-Bug: 1817936

Change-Id: If6e66d85f08fc99022946fd2e9f4e5756bfb7b2f
Signed-off-by: Sun Austin <email address hidden>

Reviewed:  https://review.opendev.org/674719
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=171c43dca8b419c5ac579e289002ff4fdb1aee3f
Submitter: Zuul
Branch:    master

commit 171c43dca8b419c5ac579e289002ff4fdb1aee3f
Author: Sun Austin <austin.sun@intel.com>
Date:   Mon Aug 5 16:46:43 2019 +0800

Fix Periodic message loss between VIM and Openstack REST APIs
    
    set net.ipv4.tcp_tw_recycle=1 to avoid dnat conntrack invalid
    
    The probe connection action before going to time_wait state.
    Probe connection
    controller               pod        TCP FLAG      SEQ           ACK
    controller:50538 ---> endpoint:9292     SYN       2707980036       0
    controller:50538 <--- endpoint:9292   SYN ACK     1599414185
    2707980037
    controller:50538 ---> endpoint:9292     ACK       2707980037
    1599414186
    controller:50538 ---> endpoint:9292   FIN ACK     2707980037
    1599414186
    controller:50538 <--- endpoint:9292     ACK       1599414186
    2707980038
    controller:50538 <--- endpoint:9292   FIN ACK     1599414186
    2707980038
    controller:50538 ---> endpoint:9292     ACK       2707980038
    1599414187
    
    And for the curl command connection with same port 50538: it will be
    like
    controller              pod          TCP FLAG         SEQ          ACK
    controller:50538 -->  service:9292     SYN        2917708674        0
    controller:50538 --> endpoint:9292     SYN        2917708674        0
    controller:24479 <-- endpoint:9292   SYN ACK      2742336307
    2917708675
    controller:50538 <-- endpoint:9292   SYN ACK      2742336307
    2917708675
    controller:50538 -->  service:9292     ACK        2707980038
    1599414187
    controller:50538 -->  service:9292     ACK        2707980038
    1599414187
    controller:50538 -->  service:9292     ACK(DROP)  2707980038
    1599414187
    
    The last ACK(controller:50538-->service:9292) SEQ and ACK is same as
    Probe TIME_WAIT latest ACK’s.
    from
    https://github.com/torvalds/linux/blob/v3.10/net/ipv4/tcp_ipv4.c#L2002 ,
    it only check (des ip , des port, src ip, and src port).Because this is
    not
     a correct SEQ/ACK , then it is set invalid and then dropped.
    
    If enabling tcp_tw_recycle, the previous socket should be already
    closed, then the issue should be gone.
    
    Closes-Bug: 1817936
    
    Change-Id: If6e66d85f08fc99022946fd2e9f4e5756bfb7b2f
    Signed-off-by: Sun Austin <austin.sun@intel.com>