Connections stall, fail, or take a long time to complete due to excessive TCP retransmissions

Solution Verified - Updated -

Issue

  • When using iptables, a lot of retransmissions are performed, the connection is reset.
  • When using firewalld, connections are stalled (hung) for long periods of time and may be reset.
  • TCP packets/segments containing select acknowledgement (SACK) options are ignored when iptables is being used
  • System is not sending TCP Fast Retransmissions/Retransmits after receiving three Duplicate Acknowledgements when iptables is used
  • SCP transfers are intermittently failing
  • TCP transfer stalls and eventually disconnects with "broken pipe" (EPIPE) message
  • In Wireshark/tshark, SACK Left Edge (SRE) and SACK Right Edge (SRE) on Dup-ACK packets are much larger than the relative SEQ and ACK numbers

Environment

  • Red Hat Enterprise Linux
  • TCP (Transmission Control Protocol)
  • SACK (Selective Acknowledgements)
  • iptables or firewalld firewall

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.