-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when doing a ping from a ipsec container #9377
Comments
Steps to reproduce:
Open multiple exec sessions to run the following:
on C2:
on C3:
Steps to install
|
Add @niusmallnan 's health checking tool here: https://github.com/niusmallnan/network-healthcheck |
@niusmallnan Can you try to reproduce the issue and see if your health checking tool works as expected? |
Test image/catalog:
|
When there is a high speed traffic on AWS, the packets from one host to another seem to arrive out of order. This seems to upset ipsec containers tracking the order/sequence numbers, which causes the |
We were running into similar problems earlier this week. After fixing a bug, that created high network traffic, everything went down to normal. I'd like to provide information on this, but unfortunately my ipsec-router containers don't have a /proc/net/xfrm_stat i could share. |
On the problematic machine the following command
any suggestion ? thanks. |
@niusmallnan Did you get a chance to try your tool after reproducing the above error? |
Fixed in |
oops, accidental close |
@leodotcloud @yasker
|
Tested with rancher-server version- v1.6.8-rc4 with rancher/net:v0.11.9 |
Tested with rancher-server version- v1.6.8-rc4 with rancher/net:v0.11.9
When a similar run was done on rancher-server version- v1.6.7 , even within few minutes of starting the run , we see the |
Continued to have the above setup running for couple of days. Inter host connectivity continues to work as expected in the setup and XfrmInStateSeqError in ipsec containers as reported by /proc/net/xfrm_stat raise is still 0. |
While doing a ping of a remote container from a ipsec container, got this error:
ping: sendmsg: Value too large for defined data type
The text was updated successfully, but these errors were encountered: