Shrinking TCP Window Size to 0 on Cisco ASA
Posted
by
Brent
on Server Fault
See other posts from Server Fault
or by Brent
Published on 2011-01-13T19:20:46Z
Indexed on
2011/01/13
20:54 UTC
Read the original article
Hit count: 1024
Having an issue with any large file transfer that crosses our Cisco ASA unit come to an eventual pause.
Setup
Test1: Server A, FileZilla Client <- 1GBPS -> Cisco ASA <- 1 GBPS -> Server B, FileZilla Server
TCP Window size on large transfers will drop to 0 after around 30 seconds of a large file transfer. RDP session then becomes unresponsive for a minute or two and then is sporadic. After a minute or two, the FTP transfer resumes, but at 1-2 MB/s.
When the FTP transfer is over, the responsiveness of the RDP session returns to normal.
Test2: Server C in same network as Server B, FileZilla Client <- local network -> Server B, FileZilla Server
File will transfer at 30+ MB/s.
Details
ASA: 5520 running 8.3(1) with ASDM 6.3(1)
Windows: Server 2003 R2 SP2 with latest patches
Server: VMs running on HP C3000 blade chasis
FileZilla: 3.3.5.1, latest stable build
Transfer: 20 GB SQL .BAK file
Protocol: Active FTP over tcp/20, tcp/21
Switches: Cisco Small Business 2048 Gigabit running latest 2.0.0.8
VMware: 4.1
HP: Flex-10 3.15, latest version
Notes
All servers are VMs.
Thoughts
Pretty sure the ASA is at fault since a transfer between VMs on the same network will not show a shrinking Window size.
Our ASA is pretty vanilla. No major changes made to any of the settings. It has a bunch of NAT and ACLs.
Wireshark Sample
No. Time Source Destination Protocol Info
234905 73.916986 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131981791 Win=65535 Len=0
234906 73.917220 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234907 73.917224 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234908 73.917231 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131984551 Win=64155 Len=0
234909 73.917463 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234910 73.917467 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234911 73.917469 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234912 73.917476 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131988691 Win=60015 Len=0
234913 73.917706 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234914 73.917710 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234915 73.917715 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131991451 Win=57255 Len=0
234916 73.917949 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234917 73.917953 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234918 73.917958 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131994211 Win=54495 Len=0
234919 73.918193 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234920 73.918197 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234921 73.918202 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131996971 Win=51735 Len=0
234922 73.918435 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234923 73.918440 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234924 73.918445 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=131999731 Win=48975 Len=0
234925 73.918679 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234926 73.918684 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234927 73.918689 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132002491 Win=46215 Len=0
234928 73.918922 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234929 73.918927 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234930 73.918932 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132005251 Win=43455 Len=0
234931 73.919165 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234932 73.919169 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234933 73.919174 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132008011 Win=40695 Len=0
234934 73.919408 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234935 73.919413 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234936 73.919418 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132010771 Win=37935 Len=0
234937 73.919652 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234938 73.919656 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234939 73.919661 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132013531 Win=35175 Len=0
234940 73.919895 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234941 73.919899 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234942 73.919904 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132016291 Win=32415 Len=0
234943 73.920138 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234944 73.920142 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234945 73.920147 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132019051 Win=29655 Len=0
234946 73.920381 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234947 73.920386 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234948 73.920391 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132021811 Win=26895 Len=0
234949 73.920625 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234950 73.920629 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234951 73.920632 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234952 73.920638 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132025951 Win=22755 Len=0
234953 73.920868 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234954 73.920871 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234955 73.920876 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132028711 Win=19995 Len=0
234956 73.921111 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234957 73.921115 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234958 73.921120 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132031471 Win=17235 Len=0
234959 73.921356 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234960 73.921362 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234961 73.921370 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132034231 Win=14475 Len=0
234962 73.921598 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234963 73.921606 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234964 73.921613 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132036991 Win=11715 Len=0
234965 73.921841 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234966 73.921848 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234967 73.921855 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132039751 Win=8955 Len=0
234968 73.922085 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234969 73.922092 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234970 73.922099 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132042511 Win=6195 Len=0
234971 73.922328 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234972 73.922335 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234973 73.922342 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132045271 Win=3435 Len=0
234974 73.922571 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234975 73.922579 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 1380 bytes
234976 73.922586 1.1.1.1 2.2.2.2 TCP ftp-data > ivecon-port [ACK] Seq=1 Ack=132048031 Win=675 Len=0
234981 75.866453 2.2.2.2 1.1.1.1 FTP-DATA FTP Data: 675 bytes
234985 76.020168 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0
234989 76.771633 2.2.2.2 1.1.1.1 TCP [TCP ZeroWindowProbe] ivecon-port > ftp-data [ACK] Seq=132048706 Ack=1 Win=65535 Len=1
234990 76.771648 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindowProbeAck] [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0
234997 78.279701 2.2.2.2 1.1.1.1 TCP [TCP ZeroWindowProbe] ivecon-port > ftp-data [ACK] Seq=132048706 Ack=1 Win=65535 Len=1
234998 78.279714 1.1.1.1 2.2.2.2 TCP [TCP ZeroWindowProbeAck] [TCP ZeroWindow] ftp-data > ivecon-port [ACK] Seq=1 Ack=132048706 Win=0 Len=0
© Server Fault or respective owner