Connections stall, fail, or take a long time to complete due to excessive TCP retransmissions

Solution Verified - Updated -

Issue

  • When using iptables, a lot of retransmissions are performed, the connection is reset.
  • When using firewalld, connections are stalled (hung) for long periods of time and may be reset.
  • TCP packets/segments containing select acknowledgement (SACK) options are ignored when iptables is being used
  • System is not sending TCP Fast Retransmissions/Retransmits after receiving three Duplicate Acknowledgements when iptables is used
  • SCP transfers are intermittently failing
  • TCP transfer stalls and eventually disconnects with "broken pipe" (EPIPE) message
  • In Wireshark/tshark, SACK Left Edge (SRE) and SACK Right Edge (SRE) on Dup-ACK packets are much larger than the relative SEQ and ACK numbers

Environment

  • Red Hat Enterprise Linux
  • TCP (Transmission Control Protocol)
  • SACK (Selective Acknowledgements)
  • iptables or firewalld firewall

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content