1

I have an app running in a k3s cluster (flannel CNI). The app runs TCP+TLS requests in a loop and I've noticed that some of them are randomly timing out.

I've captured the traffic w/ tcpdump on the outgoing interface and I've noticed a pattern that repeats on every such timeout.

Below attached one of the conversations. I can see that there was a request (packet 48676), a response (packet 48680) and then connection closure (FIN, ACK -> ACK).

Although... the client keeps sending SYN for some reason which server won't respond to (connection is supposed to be closed). The application however waits and eventually timeouts.

is this pattern of packets familiar and known case?

enter image description here

Mike
  • 152

1 Answers1

2

Although... the client keeps sending SYN for some reason which server won't respond to (connection is supposed to be closed).

No, the purpose of SYN is always to open a new connection (with a new seq). Such port reuse is legal, as the old connection has been closed and therefore no longer relevant.

Though usually the port reuse delay (TIME_WAIT) is a little longer – at least 60 seconds, I think – while your client is reusing the port after only 27 seconds. I am not 100% sure how TIME_WAIT functions, but I think it's possible that the server ignores the attempt due to still considering the port number as being within the TIME_WAIT delay on its side. The net.ipv4.tcp_tw_reuse sysctl could be relevant.

grawity
  • 17,092