and timesync is disabled:
# vmware-toolbox-cmd timesync status
Disabled
Klavs Klavsen said the following on 02/20/2014 11:06 AM:
> Lukas Tribus said the following on 02/20/2014 10:16 AM:
>> Hi,
>>
>>
>>>> Can you tell us more about this server? What OS is running? Any firewalls
>>>> (software or hardware)? Any other "security" product in between?
>>>> The server is announcing 1380 Byte MSS to me here as well, so this was
>>>> not something on your client side, but this is server side and thats not
>>>> very common. There must be some 'interesting' detail about this server
>>>> that we don't know yet.
>>>
>>> Not that I know of.
>>>
>>> It's all virtual servers, running CentOS 6. we have lots of servers with
>>> websites, running in the same environment - without ever having seen
>>> this issue :(
>>>
>>> These are behind a hardware firewall, in dmz (which nat's to the
>>> internal address) - but that's it.
>>
>> The TCP handshake on the capture (server side) you sent me completes within
>> 0,1ms. So what your firewall is doing is intercepting the tcp session. Its
>> not
>> just "source nat and destination nat".
>>
>> I assume you never see the real client's IP address in your log files?
>>
> Yes I do. And the dump I sent you - I had set the ip of the site url in
> my hosts file, to point directly to the internal address of haproxy - so
> there is no dest. natting in that either.
>
>> But thats not the real problem. The real problem is that HAProxy sends the
>> "408 Request Time-out" response to the client 31ms after the TCP handshake
>> ("tcp.stream eq 32" in with-http-client-timeout.pcap), prior to the client
>> sendings its request, although it should only sends this error after 10
>> seconds. Is it possible that your OS is jumping forwards and backwards in
>> time?
>>
> haproxy server is running ntp.
>
> ntpdate -q 10.x.x.x
> server 10.x.x.x, stratum 2, offset -0.000244, delay 0.02614
> 20 Feb 10:46:56 ntpdate[19786]: adjust time server 10.47.47.47 offset
> -0.000244 sec
>
>> Try reproducing the 408 while running through "strace -tt" to confirm this.
>>
> Attached strace.
>
>> Checkout [1] for advise on timejumps in a VM.
>>
> Yes - we follow recommendations from
> http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006427
> (which your link refers to as well)
>
>
--
Regards,
Klavs Klavsen, GSEC, kl...@enableit.dk - Tlf. +45 612 812 00
EnableIT - Open Source Server, Security and Network Consulting
"Open Source Software - Sometimes you get more than you paid for."
