[nsp] TCP connections randomly reset

From: Blaz Zupan (blaz@gold.amis.net)
Date: Fri Aug 03 2001 - 17:43:38 EDT


We've been running 12.0(14)S2 on a 7206VXR with a NPE400, 2FE I/O controller
and a PA-2E3. We started to experience some very weird problems. Incoming TCP
connections (like web requests for our web server or POP3 connections comming
from outside our network) were being randomly reset. Thus, if you try to
connect three times in a row, twice you just get a "Connection refused" and on
the third try the connection succeeds.

The interesting part is, that this only appears to be happening to connection
comming through one of the links on the PA-2E3. There are no ACL's on that
link in any direction, actually the only thing configured on it is the IP
address. We're not running CEF.

My first step was to upgrade to 12.0(17)S. After the reboot, everything seemed
ok, for a couple of hours. After a couple of hours, again complaints started
to pour in. This time I just rebooted the router and everything was fine
again.

I looked through the 12.0S caveats but did not find anything obvious. Anybody
seen something like this and found a solution?

I'll probably do a last try with 12.0(18)S, otherwise I'll jump to 12.2(3),
which I'll need because of VPDN anyway...

Blaz Zupan, Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:48 EDT