Shrinking TCP Window Size to 0 on Cisco ASA

Posted by Brent on Server Fault See other posts from Server Fault or by Brent
Published on 2011-01-13T19:20:46Z Indexed on 2011/01/13 20:54 UTC
Read the original article Hit count: 1024

Filed under:
|
|
|
|

Having an issue with any large file transfer that crosses our Cisco ASA unit come to an eventual pause.

Setup

Test1: Server A, FileZilla Client <- 1GBPS -> Cisco ASA <- 1 GBPS -> Server B, FileZilla Server

TCP Window size on large transfers will drop to 0 after around 30 seconds of a large file transfer. RDP session then becomes unresponsive for a minute or two and then is sporadic. After a minute or two, the FTP transfer resumes, but at 1-2 MB/s.

When the FTP transfer is over, the responsiveness of the RDP session returns to normal.

Test2: Server C in same network as Server B, FileZilla Client <- local network -> Server B, FileZilla Server

File will transfer at 30+ MB/s.

Details

ASA: 5520 running 8.3(1) with ASDM 6.3(1)

Windows: Server 2003 R2 SP2 with latest patches

Server: VMs running on HP C3000 blade chasis

FileZilla: 3.3.5.1, latest stable build

Transfer: 20 GB SQL .BAK file

Protocol: Active FTP over tcp/20, tcp/21

Switches: Cisco Small Business 2048 Gigabit running latest 2.0.0.8

VMware: 4.1

HP: Flex-10 3.15, latest version

Notes

All servers are VMs.

Thoughts

Pretty sure the ASA is at fault since a transfer between VMs on the same network will not show a shrinking Window size.

Our ASA is pretty vanilla. No major changes made to any of the settings. It has a bunch of NAT and ACLs.

Wireshark Sample

No.     Time        Source                Destination           Protocol Info

234905 73.916986 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131981791 Win=65535 Len=0

234906 73.917220 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234907 73.917224 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234908 73.917231 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131984551 Win=64155 Len=0

234909 73.917463 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234910 73.917467 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234911 73.917469 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234912 73.917476 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131988691 Win=60015 Len=0

234913 73.917706 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234914 73.917710 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234915 73.917715 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131991451 Win=57255 Len=0

234916 73.917949 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234917 73.917953 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234918 73.917958 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131994211 Win=54495 Len=0

234919 73.918193 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234920 73.918197 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234921 73.918202 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131996971 Win=51735 Len=0

234922 73.918435 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234923 73.918440 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234924 73.918445 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131999731 Win=48975 Len=0

234925 73.918679 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234926 73.918684 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234927 73.918689 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132002491 Win=46215 Len=0

234928 73.918922 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234929 73.918927 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234930 73.918932 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132005251 Win=43455 Len=0

234931 73.919165 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234932 73.919169 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234933 73.919174 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132008011 Win=40695 Len=0

234934 73.919408 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234935 73.919413 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234936 73.919418 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132010771 Win=37935 Len=0

234937 73.919652 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234938 73.919656 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234939 73.919661 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132013531 Win=35175 Len=0

234940 73.919895 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234941 73.919899 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234942 73.919904 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132016291 Win=32415 Len=0

234943 73.920138 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234944 73.920142 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234945 73.920147 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132019051 Win=29655 Len=0

234946 73.920381 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234947 73.920386 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234948 73.920391 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132021811 Win=26895 Len=0

234949 73.920625 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234950 73.920629 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234951 73.920632 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234952 73.920638 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132025951 Win=22755 Len=0

234953 73.920868 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234954 73.920871 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234955 73.920876 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132028711 Win=19995 Len=0

234956 73.921111 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234957 73.921115 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234958 73.921120 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132031471 Win=17235 Len=0

234959 73.921356 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234960 73.921362 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234961 73.921370 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132034231 Win=14475 Len=0

234962 73.921598 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234963 73.921606 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234964 73.921613 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132036991 Win=11715 Len=0

234965 73.921841 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234966 73.921848 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234967 73.921855 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132039751 Win=8955 Len=0

234968 73.922085 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234969 73.922092 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234970 73.922099 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132042511 Win=6195 Len=0

234971 73.922328 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234972 73.922335 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234973 73.922342 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132045271 Win=3435 Len=0

234974 73.922571 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234975 73.922579 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes

234976 73.922586 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132048031 Win=675 Len=0

234981 75.866453 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 675 bytes

234985 76.020168 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0

234989 76.771633 2.2.2.2 1.1.1.1 TCP [TCP ZeroWindowProbe] ivecon-port > ftp-data [ACK] Seq=132048706 Ack=1 Win=65535 Len=1

234990 76.771648 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindowProbeAck] [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0

234997 78.279701 2.2.2.2 1.1.1.1 TCP [TCP ZeroWindowProbe] ivecon-port > ftp-data [ACK] Seq=132048706 Ack=1 Win=65535 Len=1

234998 78.279714 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindowProbeAck] [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0

© Server Fault or respective owner

Related posts about firewall

Related posts about cisco