Hello network folks,
We have this end user who talks to this application. For everyone else it works, but this one end user when connects to the application and I do a pcap, I see a crazy amount of TCP keep-alives and an even more crazy amount of "Ignored Unknown record" packets (never seen this one in a pcap before and online shows not much info about it). This has actually hit a point where the server is getting overloaded by this 1 end user. I first start at the switchport to see if I can any L1/2 issues (input/output drops, CRC or anything like that) all good there. One thing I noticed is that the end user is the one who is sending more of the keep-alives and the server just keeps responding keep-alive ACK. The picture I attached shows the story a little better with the WireShark IO graph. So then I thought maybe it's their circuit across our MPLS that is causing this and I did iperf along with making ACLs on both side of the circuit to count packets to see if there is any packet loss. There is about .001% packet loss. I understand that TCP can be adversely affected by packet loss, but it's such a negligable amount that I don't think it would be causing this big of a problem. And we also have other branches of users that use this software and they are not affected. I'm kind of out of options, I don't really know what to look at anymore and was wondering if anyone suggested any changes to make maybe to the TCP stack? or to look in the TCP stack? I guess I can replace the PC as last resort, but wanted to dig a little more first. thank you
No comments:
Post a Comment