Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
3.2 with transparent (TProxy) interception + proxy.config.http.use_client_source_port = 1
Description
As keep-alive is hop-to-hop ATS will happily support client keep-alive in instances where an Origin Server terminates the connection after each transaction.
However, when using proxy.config.http.use_client_source_port this behavior can cause some sites to break.
When the client is kept alive, subsequent requests are made rapidly and with the same 4-tuple for addressing. Since ATS is trying to match the 4-tuple (due to proxy.config.http.use_client_source_port) it enters a 3-way race between:
- the FIN, FIN/ACK packets being exchanged with the origin server and the new request packets from the client. If the OS is slow it is possible that ATS will attempt to reconnect with the same port/address before the connection is legitimately closed.
- Kernel timers for PAWS and recently closed sockets. This is different (and much shorter) than the time-wait state and there is no way to disable it
- Everything working out just fine and the connection establishing like normal
The best repro case I've seen is a slow origin server that serves pages in <frame> tags from the same host but does not support keep-alive (http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp for instance)
It is possible that simply respecting a servers keep-alive settings when using proxy.config.http.use_client_source_port would work as the original client would change the 4-tuple address for its next connection.
