Dear all,
I have a Solaris 10 system with a bunch of zones on it. My issue is the following:
- I have application A and B running in the same zone: i.e. they communicate via loopback interface. Application A tries to connect to application B, usually listening on port X. If application B is down, i.e. the port X is not listening, Application A hangs for a while, until eventually a timeout occurs.
If I issue a "netstat -an | grep X" during the communication attempt I can see the SYN_SENT status of the communication.
My guess is that app A is not receiving any RST packet from the OS, but why? The timeout I observe is in fact the SYN_SENT one.
You might say this is a classic firewall issue, but ipf is down and I checked the hosts.deny and hosts.allow files and everything is fine. I even flushed them (and restarted inetd) without luck. :wall:
Since I cannot snoop loopback interface on Solaris, I cannot be sure the issue is that, but I have no other ideas.
Do you have any suggestion?
Thank you in advance
After few minutes of googling I found this DTrace script posted by Sanjeev Bagewadi. It seems to show network traffic going through loopback interface.
Re: [dtrace-discuss] Capture of loopback interface messages
thank you, I'll give it a try tomorrow. In the meantime, assuming the RST is not sent back to the app... What could be the cause?
---------- Post updated 17-06-11 at 02:39 PM ---------- Previous update was 16-06-11 at 11:38 PM ----------
The snoop results are the following:
/root# telnet localhost 805
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection timed out
Trying ::1...
telnet: Unable to connect to remote host: Network is unreachable
In the meanwhile the snoop output is:
Using device nxge3 (promiscuous mode)
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
source -> dest TELNET C port=46234
...
Doing the same on a system where I have no issues:
$telnet localhost 805
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying ::1...
telnet: Unable to connect to remote host: Network is unreachable
the snoop output is:
source -> dest TELNET C port=60535
dest -> source TELNET R port=60535
At the moment I am looking into nddconfig params...
I am curious. Maybe I am missing something. Why are you expecting the OS to sent a RST to application A if application B is not up? My expectation is that application A simply times out as seems to be the case.
Thanks for your interest.
I believe if no port filtering (or similar) is active the connection attempt should be immediately refused (as it happens on other systems I have, see the example I posted) and should not go in timeout.
I hope this clarifies the situation.
Update: I tried to modify nddconfig params and I eventually disabled the service (and rebooted) in both the local and the global zones. Still no joy 
SOLVED!
Solaris patch IDR147303-02 was creating the issue. Removing that solved my problem
Thank you for the update. Glad you found a solution!