cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1478
Views
0
Helpful
16
Replies
Highlighted

TLS CLOSEWAIT problem - can not connect to router

Hi,

We have a onep application which usually works just fine. Now, we are having a problem connecting to the router. It seems like the router does not clean up the state sufficiently. As can be seen below, there has been an error for a connection and now there are many TCP connections (port 15002 for TLS) in the CLOSEWAIT state.

It seems like a reboot of the router is necessary to get back to a normal state? Is this a known problem?

R2#show onep session all

R2#show onep statistics

Active sessions: 0

Established sessions: 18

Total session disconnects: 18

  Admin initiated disconnects: 0

  Remote disconnects: 0

  Error disconnects: 18

Total errors: 1

  Authentication errors: 0

  Duplicate application name error 1

  Memory errors 0

  Internal errors 0

Rate limiting:

  Total TCP connects: 37

  Rejected connects: 0

  Accepted connects: 0

  Unaffected connects: 37

Most recent failed connection attempts:

Connection #1 attempted Sun Sep 21 08:48:49 2014

  Remote host: 20.5.2.242

  Reason: Internal system error, API Channel failed to transition to Connecting state for session test.app-UCS-E-R2-9454

  Reason code: 0

  Connection sequence number: 37

R2#

R2#show tcp brief

TCB       Local Address               Foreign Address             (state)

21DD9EC8  20.5.2.241.15002           20.5.2.242.45802            CLOSEWAIT

C195FFDC  20.5.2.241.23              20.5.2.242.58036            ESTAB

3DD524E8  20.5.2.241.15002           20.5.2.242.45803            CLOSEWAIT

21E3D0E4  20.5.2.241.15002           20.5.2.242.45805            CLOSEWAIT

41158A64  20.5.2.241.15002           20.5.2.242.45804            CLOSEWAIT

40CD3424  20.5.2.241.15002           20.5.2.242.45800            CLOSEWAIT

C01E14A8  20.5.2.241.15002           20.5.2.242.45806            CLOSEWAIT

R2#

R2#show onep status

Status: enabled by: Config

Version: 1.2.0

Transport: tls; Status: running; Port: 15002; localcert: TP-self-signed-3937507470; client cert validation disabled

Certificate Fingerprint SHA1: 90F9692E 942D0DD4 274D7632 EDAC0467 5AE43F70

Transport: tipc; Status: disabled

Session Max Limit: 10

CPU Interval: 0 seconds

CPU Falling Threshold: 0%

CPU Rising Threshold: 0%

History Buffer: Enabled

History Buffer Purge: Oldest

History Buffer Size: 32768 bytes

History Syslog: Disabled

History Archived Session: 16

History Max Archive: 16

Trace buffer debugging level is info

Service Set: Base               State: Enabled     Version 1.2.0

Service Set: Vty                State: Disabled    Version 0.1.0

Service Set: Mediatrace         State: Disabled    Version 1.0.0

R2#

R2#show version

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(2)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2014 by Cisco Systems, Inc.

Compiled Wed 26-Mar-14 14:14 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

R2 uptime is 2 weeks, 4 days, 18 hours, 14 minutes

16 REPLIES 16
Highlighted
Hall of Fame Cisco Employee

Viktor, if this is still a problem for you, can you collect those onePK infrastructure debugs that Atul mentioned when it happens again?  Development is asking for those logs before they can make progress on the root cause.  Thanks.

Highlighted

Hi Joseph,

Thanks for following up. We have not seen this TLS closewait issue since we reported it. However, we have moved to the latest versions of SDK and IOS images:

sdk-c64-1.3.0.181, earlier we used sdk-c64-1.2.1.194

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.4(3)M, RELEASE SOFTWARE (fc1)

, earlier we used Version 15.4(2)T

Also, currently we do not use the onep reconnect functionality (to make sure that the router gets back to an initial state when loosing the connection). Actually, we enabled the reconnect functionality as we experienced frequent TLS connection drops, but that turned out to be related to running the application with profiling enabled. I am not sure if any changes have been made to address that issue. See:

https://communities.cisco.com/thread/46316

https://communities.cisco.com/thread/46397

We will get back in case we observe the problem again.

Best regards

Viktor

Content for Community-Ad
Cisco Community October 2020 Spotlight Award Winners
This widget could not be displayed.