两个人使用位于同一 NAT 盒后面的不同 PC。他们经常访问托管在其他地方的同一个网站。偶尔,其中一个人会发现网站需要几分钟才能加载。另一个人仍然可以以正常速度访问该网站。这种情况会持续到 PC 重新启动后,然后速度恢复正常。这种缓慢可能会影响两台设备中的任何一台,但(到目前为止)不会同时影响两台设备。
在 Web 服务器上运行 tcpdump 确认由于某种原因,Linux 直到恰好七个 SYN 之后才发送 SYN/ACK 数据包来响应 SYN。
第八个 SYN 数据包不包含 TCP 时间戳。来自同一 NAT 盒后面的其他连接(来自另一台 PC)会立即得到响应,并且 TCP 时间戳存在,但远远早于问题 PC 上的时间戳。我猜这是相关的。
这是 PAWS 的作用吗?如果是,有解决方法吗?如果没有,可能是什么原因?
以下是一些示例。首先,连接速度很慢。
14:08:07.030430 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098862 ecr 0,sackOK,eol], length 0
14:08:07.940504 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098871 ecr 0,sackOK,eol], length 0
14:08:08.939792 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098881 ecr 0,sackOK,eol], length 0
14:08:09.940510 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098891 ecr 0,sackOK,eol], length 0
14:08:10.942483 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098901 ecr 0,sackOK,eol], length 0
14:08:11.942386 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098911 ecr 0,sackOK,eol], length 0
14:08:13.942542 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755098931 ecr 0,sackOK,eol], length 0
14:08:17.954887 IP 79.97.132.108.56423 > DSQ4003-45.tagadab.com.www: Flags [S], seq 1211796088, win 65535, options [mss 1460,sackOK,eol], length 0
14:08:17.954902 IP DSQ4003-45.tagadab.com.www > 79.97.132.108.56423: Flags [S.], seq 1999044177, ack 1211796089, win 5840, options [mss 1460,nop,nop,sackOK], length 0
这是另一个慢速连接:
14:11:07.663535 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100668 ecr 0,sackOK,eol], length 0
14:11:08.634437 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100677 ecr 0,sackOK,eol], length 0
14:11:09.635522 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100687 ecr 0,sackOK,eol], length 0
14:11:10.635860 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100697 ecr 0,sackOK,eol], length 0
14:11:11.637469 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100707 ecr 0,sackOK,eol], length 0
14:11:12.637582 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100717 ecr 0,sackOK,eol], length 0
14:11:14.637423 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,nop,wscale 3,nop,nop,TS val 755100737 ecr 0,sackOK,eol], length 0
14:11:18.639374 IP 79.97.132.108.56486 > DSQ4003-45.tagadab.com.www: Flags [S], seq 3598517192, win 65535, options [mss 1460,sackOK,eol], length 0
14:11:18.639386 IP DSQ4003-45.tagadab.com.www > 79.97.132.108.56486: Flags [S.], seq 559871738, ack 3598517193, win 5840, options [mss 1460,nop,nop,sackOK], length 0
下面是来自同一个 NAT 盒、不同主机的正常连接(请注意,尽管时间戳值早于其他两个示例,但时间戳值较大):
14:07:26.288656 IP 79.97.132.108.65146 > DSQ4003-45.tagadab.com.www: Flags [S], seq 4164516354, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS val 908816007 ecr 0,sackOK,eol], length 0
14:07:26.288669 IP DSQ4003-45.tagadab.com.www > 79.97.132.108.65146: Flags [S.], seq 1207614459, ack 4164516355, win 5792, options [mss 1460,sackOK,TS val 14867019 ecr 908816007,nop,wscale 9], length 0
答案1
尝试按照此处的建议禁用窗口缩放:为什么服务器不会发送 SYN/ACK 数据包来响应 SYN 数据包
sysctl net.ipv4.tcp_window_scaling