CentOS - May 2015 - unreachable peer

Hey all,

I have a public peer system (yy.yy.yy.yy) that is reachable 
via my home uplink (xx.xx.xx.xxx).

15:59:30.244199 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
15:59:30.281931 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 0
15:59:30.281945 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
15:59:30.305020 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 105
15:59:30.344004 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 1412
15:59:30.344013 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
15:59:30.344016 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 23

 
At the office we have a EL5 based router that can not reach the 
mentioned system. It does not give any hint about the problem. 


15:57:51.751591 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
15:57:54.750834 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
15:58:00.749351 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
15:58:12.746408 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
15:58:36.740454 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
15:59:24.728605 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0

I tried to connect with a removed ecn bit [1]

[1] https://en.wikipedia.org/wiki/Explicit_Congestion_Notification

but this was not the solution.

Any ideas? 

--
Thanks in advance!

LF

On 05/15/2015 09:02 AM, Leon Fauster wrote:
> Any ideas?
That's not much information to go on.  Can you run tcpdump on the 
"public peer system"?  Does it receive the SYN packets from your
office?

Am 15.05.2015 um 18:17 schrieb Gordon Messmer <gordon.messmer at
gmail.com>:
> On 05/15/2015 09:02 AM, Leon Fauster wrote:
>> 
>> I have a public peer system (yy.yy.yy.yy) that is reachable 
>> via my home uplink (xx.xx.xx.xxx).
>> 
>> 15:59:30.244199 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.281931 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 0
>> 15:59:30.281945 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.305020 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 105
>> 15:59:30.344004 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 1412
>> 15:59:30.344013 IP xx.xx.xx.xxx.42958 > yy.yy.yy.yy.https: tcp 0
>> 15:59:30.344016 IP yy.yy.yy.yy.https > xx.xx.xx.xxx.42958: tcp 23
>> 
>> At the office we have a EL5 based router that can not reach the 
>> mentioned system. It does not give any hint about the problem. 
>> 
>> 15:57:51.751591 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:57:54.750834 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:00.749351 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:12.746408 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:58:36.740454 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 15:59:24.728605 IP o.ff.i.ce.50902 > yy.yy.yy.yy.https: tcp 0
>> 
>> I tried to connect with a removed ecn bit [1]
>> 
>> [1] https://en.wikipedia.org/wiki/Explicit_Congestion_Notification
>> 
>> but this was not the solution.
>> 
>> Any ideas?
> 
> That's not much information to go on.  Can you run
> tcpdump on the "public peer system"?  Does it receive
> the SYN packets from your office?

Well, the destination is not in my realm (different provider). Before 
contacting them I want to be sure that my system is not causing this. 
So far i just see a "tcp retransmission" while trying to establish
a https connection (captured on our router):

office -> destination: TCP 66	54487?443 [SYN] Seq=0 Win=5840 Len=0 MSS=1460
SACK_PERM=1 WS=8
office -> destination:	TCP 66	[TCP Retransmission] 54487?443 [SYN] Seq=0
Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=8

from my home and office, I can see via traceroute that for the destination the
entry hop is the same.

So, the destination is not responding with SYN,ACK when the connection passes 
our router. But as I said it is reachable from my home, and this is confusing.

Thanks,
LF