Reputation: 11
I have a host (jenkins-builder) running in the Google Cloud Platform. I'm running on Debian Buster, the VM is behind the NAT gateway.
If I execute many HTTP requests to some external host, for instance, http://example.com - source host networking will be "blocked" for a certain time == 30 seconds.
I've captured traffic via tcpdump, and now I can see that there are no ACK packets during time "blocked" time: http://app.ep4sh.cc/paste/MLxciufIus
I do see multiple [S] but lack of [ACK] - I've double-checked the behavior on the neighbor hosts - there is no such issue on them. So in my opinion it's a particular host issue.
I've also tried to perform curl command with ---trace, please see the output: http://app.ep4sh.cc/paste/nAbkcHNiXL
I wonder why does it try to accomplish IPv6 connection (I double-checked it is disabled):
cat /etc/sysctl.conf | grep -vP "^#"
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
Could somebody suggest how to find out the root cause? Thank you in advance!
Upvotes: 0
Views: 675
Reputation: 11
The issue was in Google Cloud Nat Gateway settings, in my case the NAT Gateway was created by Terraform, by default Terraform provider enables Endpoint Independent mapping (which differs from the Google cloud docs):
That makes sense why only 64 connections were available for any foreign host. It was a default value for port allocation.
Upvotes: 1