Solved: Retransmission flood of FIN, ACKs from DNS server...

jmaxwellUSAF · ‎01-22-2023

Please view attached image.

x.20 is a DNS server.
x.52 is my workstation.
x.1 is the default gateway.

What is the most likely cause of this TCP retransmission flood of [FIN, ACK]s from the DNS server to my workstation?

Isn't the FIN, ACK the very end of the conversation?
Why would the DNS server keep sending these FIN, ACKs?

Thank you.

MHM Cisco World · ‎01-24-2023

I run lab and as I guess from first time,
my lab R3 have default GW R1, I disable IP redirect in R1
R3 now connect to R4 (TCP traffic)
you can see many re-transmission,

so in your case you must solve Default GW and the issue will be solve.

View solution in original post

MHM Cisco World · ‎01-22-2023

why there is ICMP redirect ?
are you run HSRP or ASA HA ??

jmaxwellUSAF · ‎01-22-2023

Please standby.

MHM Cisco World · ‎01-22-2023

I always standby captain. LoL..
anyway, why I ask about icmp redirect,
icmp redirect can cause if you have L3 device better than GW to forward the packet to destination.
if we can solve this issue, I think you will not see anymore TCP retransmission.

do traceroute and check if first hop is same or there are two hops appear ??

jmaxwellUSAF · ‎01-22-2023

Traceroute to DNS server...

1 <1 ms <1 ms <1 ms (! 9300 SwitchStack x4) This is x.x.x.1 (a vlan)
2 <1 ms <1 ms <1 ms (! 2960 router on same LAN= DMVPN)
3 10 ms 10 ms 10 ms (! 2951 DMVPN router at remote campus)
4 10 ms 10 ms 11 ms (! Nexus 9K at remote campus, HSRP)
5 10 ms 11 ms 10 ms (! x.x.x.20 DNS server)

jmaxwellUSAF · ‎01-23-2023

This link is very helpful here...

Understand ICMP Redirect Messages - Cisco

jmaxwellUSAF · ‎01-24-2023

If it helps, below is the traceroute from my workstation to the DNS server...

1 <1 ms <1 ms <1 ms (! 9300 SwitchStack x4) This is x.x.x.1 (a vlan)
2 <1 ms <1 ms <1 ms (! 2960 router on same LAN= DMVPN)
3 10 ms 10 ms 10 ms (! 2951 DMVPN router at remote campus)
4 10 ms 10 ms 11 ms (! Nexus 9K at remote campus, HSRP)
5 10 ms 11 ms 10 ms (! x.x.x.20 DNS server)

May you please help?

Thank you.

MHM Cisco World · ‎01-24-2023

I run lab and as I guess from first time,
my lab R3 have default GW R1, I disable IP redirect in R1
R3 now connect to R4 (TCP traffic)
you can see many re-transmission,

so in your case you must solve Default GW and the issue will be solve.

Georg Pauwen · ‎01-25-2023

Hello,

just out of curiosity, has this been resolved ? DMVPN issues often have to do with MTU size. If the issue still exists, post the DMVPN configs you are using at the hub and the spoke.

jmaxwellUSAF · ‎01-25-2023

Thank you for your interest, Georg.

What commands would you like to see?

Georg Pauwen · ‎01-25-2023

Hello,

so the issue is still there ? What I would need to see is the output of 'sh run' of both the DMVPN hub and spoke routers...