由于乱序,我们看到大量的数据包被丢弃。 这些数字足够大,可能会对networking性能产生影响。
我们已经把它分成了几个内部IP,并且这些连接似乎在443上触及Google的服务器。下面的Gist中显示的两台计算机都运行Chrome和环聊扩展; 就像公司里的其他人一样。 一个是Mac,一个是PC。
试图弄清楚到底发生了什么,我什么也没有做。 任何人都可以帮我解释一下这个或下一步做什么?
要点下面,用日志 :
house200-fw01# sh asp drop Frame drop: No route to host (no-route) 56 Flow is denied by configured rule (acl-drop) 1459 First TCP packet not SYN (tcp-not-syn) 37 TCP failed 3 way handshake (tcp-3whs-failed) 351 TCP RST/FIN out of order (tcp-rstfin-ooo) 530 TCP packet SEQ past window (tcp-seq-past-win) 167 TCP Out-of-Order packet buffer full (tcp-buffer-full) 15421 TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 1950 TCP RST/SYN in window (tcp-rst-syn-in-win) 2 TCP dup of packet in Out-of-Order queue (tcp-dup-in-queue) 1874 Dropped pending packets in a closed socket (np-socket-closed) 4 - 848: 11:15:37.578903 173.194.46.86.443 > 33.33.33.33.29847 - PAT Global 33.33.33.33(29847) Local 10.55.55.109(52294) - 827: 11:15:05.322386 207.238.18.142.443 > 33.33.33.33.23232 - PAT Global 33.33.33.33(23232) Local 10.55.55.79(49555) - capture drop type asp-drop tcp-dup-in-queue buffer 3344556 1: 11:07:38.267442 173.194.57.120.443 > 33.33.33.33.49558: . 195566822:195568202(1380) ack 598914623 win 386 2: 11:07:38.267564 173.194.57.120.443 > 33.33.33.33.49558: . 195570962:195572342(1380) ack 598914623 win 386 3: 11:07:38.267671 173.194.57.120.443 > 33.33.33.33.49558: . 195573722:195575102(1380) ack 598914623 win 386 4: 11:07:38.267793 173.194.57.120.443 > 33.33.33.33.49558: . 195576482:195577862(1380) ack 598914623 win 386 5: 11:07:38.267915 173.194.57.120.443 > 33.33.33.33.49558: . 195577862:195579242(1380) ack 598914623 win 386 6: 11:07:38.268144 173.194.57.120.443 > 33.33.33.33.49558: . 195583382:195584762(1380) ack 598914623 win 386 7: 11:07:38.268250 173.194.57.120.443 > 33.33.33.33.49558: . 195587522:195588902(1380) ack 598914623 win 386 8: 11:07:38.268403 173.194.57.120.443 > 33.33.33.33.49558: . 195590282:195591662(1380) ack 598914623 win 386 9: 11:07:38.268601 173.194.57.120.443 > 33.33.33.33.49558: . 195594422:195595802(1380) ack 598914623 win 386 10: 11:07:38.268723 173.194.57.120.443 > 33.33.33.33.49558: . 195597182:195598562(1380) ack 598914623 win 386 11: 11:07:38.292511 173.194.57.120.443 > 33.33.33.33.49558: . 195599942:195601322(1380) ack 598914623 win 386 12: 11:07:38.292862 173.194.57.120.443 > 33.33.33.33.49558: . 195604082:195605462(1380) ack 598914623 win 386 13: 11:07:38.292984 173.194.57.120.443 > 33.33.33.33.49558: . 195605462:195606842(1380) ack 598914623 win 386 14: 11:07:38.293090 173.194.57.120.443 > 33.33.33.33.49558: . 195606842:195608222(1380) ack 598914623 win 386 15: 11:07:38.293212 173.194.57.120.443 > 33.33.33.33.49558: . 195608222:195609602(1380) ack 598914623 win 386 16: 11:07:38.293335 173.194.57.120.443 > 33.33.33.33.49558: . 195609602:195610982(1380) ack 598914623 win 386 17: 11:07:38.293441 173.194.57.120.443 > 33.33.33.33.49558: . 195610982:195612362(1380) ack 598914623 win 386 18: 11:07:38.293563 173.194.57.120.443 > 33.33.33.33.49558: . 195612362:195613742(1380) ack 598914623 win 386 19: 11:07:38.293685 173.194.57.120.443 > 33.33.33.33.49558: . 195613742:195615122(1380) ack 598914623 win 386 20: 11:07:38.293792 173.194.57.120.443 > 33.33.33.33.49558: . 195615122:195616502(1380) ack 598914623 win 386 21: 11:07:38.293914 173.194.57.120.443 > 33.33.33.33.49558: . 195616502:195617882(1380) ack 598914623 win 386 22: 11:07:38.294494 173.194.57.120.443 > 33.33.33.33.49558: . 195623402:195624782(1380) ack 598914623 win 386 23: 11:07:38.294616 173.194.57.120.443 > 33.33.33.33.49558: . 195624782:195626162(1380) ack 598914623 win 386 - capture drop type asp-drop tcp-buffer-timeout buffer 3344556 1: 11:10:36.636762 173.194.57.120.443 > 33.33.33.33.7417: . 3709341327:3709342707(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 2: 11:10:36.636884 173.194.57.120.443 > 33.33.33.33.7417: . 3709339947:3709341327(1380) ack 2239501518 win 556 3: 11:10:36.636975 173.194.57.120.443 > 33.33.33.33.7417: . 3709338567:3709339947(1380) ack 2239501518 win 556 4: 11:10:36.637097 173.194.57.120.443 > 33.33.33.33.7417: . 3709337187:3709338567(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 5: 11:10:36.637219 173.194.57.120.443 > 33.33.33.33.7417: . 3709330287:3709331667(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 6: 11:10:36.637326 173.194.57.120.443 > 33.33.33.33.7417: . 3709328907:3709330287(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 7: 11:10:36.637448 173.194.57.120.443 > 33.33.33.33.7417: . 3709327527:3709328907(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 8: 11:10:36.637570 173.194.57.120.443 > 33.33.33.33.7417: . 3709326147:3709327527(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 9: 11:10:36.638562 173.194.57.120.443 > 33.33.33.33.7417: . 3709324767:3709326147(1380) ack 2239501518 win 556 10: 11:10:36.638730 173.194.57.120.443 > 33.33.33.33.7417: . 3709323387:3709324767(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 11: 11:10:36.638837 173.194.57.120.443 > 33.33.33.33.7417: . 3709322007:3709323387(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 12: 11:10:36.638959 173.194.57.120.443 > 33.33.33.33.7417: . 3709320627:3709322007(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 13: 11:10:36.727028 173.194.57.120.443 > 33.33.33.33.7417: . 3709559367:3709560747(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 14: 11:10:36.727150 173.194.57.120.443 > 33.33.33.33.7417: . 3709557987:3709559367(1380) ack 2239501518 win 556 Drop-reason: (tcp-buffer-timeout) TCP Out-of-Order packet buffer timeout 15: 11:10:36.727257 173.194.57.120.443 > 33.33.33.33.7417: . 3709551087:3709552467(1380) ack 2239501518 win 556 我们遇到了同样的问题,但有一个不同的协议。
使用IOS版本8.x(不记得确切的版本),检查有一个问题,将扰乱中继数据包的顺序。
你有HTTP / HTTPS检查启用?
如果是这样的话,你可以创build一个ACL,仅仅为了testing的目的而从检查中“排除”一台或两台机器。