Field Notice: FN - 72188 - Application Delivery Platform TCP Connection Times Out When Behind NAT - Software Upgrade Recommended
Available Languages
Notice
THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
13-May-21 |
Initial Release |
Products Affected
| Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
|---|---|---|---|---|
NON-IOS |
Base Software |
RI |
RI.2020.07, RI.2020.10, RI.2020.11, RI.2020.12, RI.2021.01, RI.2021.02, RI.2021.03 |
Cisco BroadWorks Release Independent |
Defect Information
| Defect ID | Headline |
|---|---|
| CSCvy14798 | BEMS01279522 After an upgrade from R21 to ADP, WebContainer worker threads can grow past 11.5k limit |
Problem Description
The Application Delivery Platform (ADP) TCP connection times out when it is behind network address translation (NAT).
Background
This problem can occur when both of these conditions are true:
-
All incoming TCP connections come from the same IP address, or they appear to come from the same IP address because the ADP is behind NAT;
- And the net.ipv4.tcp_tw_recycle system option is set to 1 (enabled) on the ADP server.
The net.ipv4.tcp_tw_recycle system option activates fast TCP socket recycling based on TCP timestamps (rather than the default mechanism, which waits two minutes for the socket to be recycled). When the net.ipv4.tcp_tw_recycle system option is enabled, the ADP server rejects packets that would create new connections because it misidentifies them as delayed packets from a previous connection.
In the affected releases, the net.ipv4.tcp_tw_recycle system option is set to 1 (enabled) upon installation of the ADP server.
Note: Linux kernels later than 4.12 (RHEL 8+) do not support the net.ipv4.tcp_tw_recycle system option and are unaffected.
Problem Symptom
This problem can cause HTTP(S) connections to fail to be established, which can result in other problems such as unexpected failures of XSI requests. However, since the connection is blocked at the kernel level, there is no evidence of failures in the web container access logs or the application logs.
To rule out the similar condition of a connection exhaustion in the web container, check the bwConnectorConnectionCount for the HTTP(S) connector. If the problem is caused by the net.ipv4.tcp_tw_recycle system option, the bwConnectorConnectionCount should stay below the configured maximum connection count when this problem occurs.
Workaround/Solution
This issue is fixed in ADP release 2021.04 and later: The net.ipv4.tcp_tw_recycle system option is set to 0 (disabled) instead of 1 (enabled).
Therefore, an upgrade to ADP release 2021.04 or later fixes the problem without the need to upgrade the Linux kernel.
BroadWorks ADP Release RI 2021.04
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)
This Document Applies to These Products
Unleash the Power of TAC's Virtual Assistance