Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
10
Helpful
5
Replies

tcp window exhaustion 9372 and 3172 Nexus

lecktor10
Level 1
Level 1

‎09-21-2020 07:30 AM

Greetings,

We have a small network (think nexus 9372 and 3172 w/ paloalto FW in a connection triangle with VMware 6.7 Gen10 HP servers) our connections are supposed to be 10 Gbps.  we are getting about 70-80 Mbps. Our wireshark captures show that we are seeing tcp window exhaustion. I went through lots of googling and it looks like with my switches there aren't alot options. Anyone else have this problem? should I look to the servers instead of the switches? would changing the MTU help or would that create even more trouble. 

Thank you for reading.

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎09-21-2020 07:51 AM

where do you see this error  "tcp window exhaustion"  Palo side or Switch side ? where is your capture taken ?

 

is CEF enabled ?  if you like you can change - ip tcp window size ZZZZ

 

But before changing make sure we understand the problem correctly.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lecktor10
Level 1
Level 1
In response to balaji.bandi

‎09-21-2020 08:03 AM

Hi,

 

Capture was taken on the server side on a win 2012 r2 virtual server running wireshark. the capture was of 1 oracle linux box ftp-ing data from another one. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to lecktor10

‎09-21-2020 08:09 AM

what is the MTU Settings on all the way to Server. ? try tweak.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎09-21-2020 07:55 AM

Hi,

Have a look at this Wireshark document. It could possibly be an issue on the server-side as well.

The connection gets reset by the Windows server after having exhausted its re-transmission retries trying to get the full size 1448 bytes segments to the Linux client.
This is most probably due to the MTU size available along the route being smaller than 1500, which is what both sides have defined.
Assuming have control over the server you could manually reduce the MTU size to let's say 1400 to circumvent this problem

Link;

https://ask.wireshark.org/question/2690/what-causes-a-connection-reset-after-retransmission-and-tcp-window-update/

HTH

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-21-2020 08:21 AM

BTW unless your switch (or router) is the receiving TCP host, its TCP RWIN size is not relevant.  Also, I recall [?] the usual Cisco default for RWIN is only 4 KB.  Some Cisco switches (or routers) support the "ip tcp window-size" configuration command which allows you to change the size of the RWIN.  (Don't recall if Cisco supports scaled TCP RWINs, i.e. RWIN larger than 64 KB.)  However, don't know any option to manage resources to support it.  I presume RWIN buffers are just allocated from free RAM.

Lastly, even if RWIN is "small", each TCP session gets its own, I believe.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card