RST's while connecting to the Fastly CDN

Greetings, I am having an issue downloading content from various services (repo1.maven.org, PiPi, RubyGems, etc…) that all use Fastly CDN as their CDN (confirmed via DNS). Attempting it with multiple OS installs, a large variety of URL’s, and many other things.

What is directly happening is that the server starts randomly sending RST packets during a connection, sometimes at the start, sometimes in the middle of a download, etc… I have a multitude of packet dumps showing this issue:

1    0.000000    172.17.0.116    213.186.33.99    DNS    75    Standard query 0xc1b2  A repo1.maven.org
2    0.000096    172.17.0.116    213.186.33.99    DNS    75    Standard query 0x2376  AAAA repo1.maven.org
3    0.018222    213.186.33.99    172.17.0.116    DNS    297    Standard query response 0xc1b2  CNAME central.maven.org CNAME sonatype.map.fastly.net A 23.235.46.209
4    0.018443    213.186.33.99    172.17.0.116    DNS    206    Standard query response 0x2376  CNAME central.maven.org CNAME sonatype.map.fastly.net
5    0.027585    172.17.0.116    23.235.46.209    TCP    70    59001 > http [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=406823371 TSecr=0
6    0.056000    23.235.46.209    172.17.0.116    TCP    70    http > 59001 [SYN, ACK] Seq=0 Ack=1 Win=13680 Len=0 MSS=1380 SACK_PERM=1 TSval=2613348758 TSecr=406823371
7    0.056034    172.17.0.116    23.235.46.209    TCP    66    59001 > http [ACK] Seq=1 Ack=1 Win=29200 Len=0 TSval=406823378 TSecr=2613348758
8    0.056088    172.17.0.116    23.235.46.209    HTTP    220    GET /maven2/org/scala-lang/scala-library-all/2.11.5/scala-library-all-2.11.5.pom HTTP/1.1 
9    0.070357    23.235.46.209    172.17.0.116    TCP    54    http > 59001 [RST] Seq=1 Win=0 Len=0
10    0.070384    23.235.46.209    172.17.0.116    TCP    54    http > 59001 [RST] Seq=1 Win=0 Len=0
11    1.269781    23.235.46.209    172.17.0.116    TCP    70    [TCP Retransmission] http > 59001 [SYN, ACK] Seq=0 Ack=1 Win=13680 Len=0 MSS=1380 SACK_PERM=1 TSval=2613349062 TSecr=406823371
12    1.269812    172.17.0.116    23.235.46.209    TCP    54    59001 > http [RST] Seq=1 Win=0 Len=0

I can supply the full pcap file if requested as well, but that should make it fairly obvious above.

Needless to say, this issue is preventing me from setting up a discourse forum, update my java servers, amongst a whole host of other issues. This has been occuring for many weeks now and it happens with no other service that I have tested to date. Is this an issue with Fastly CDN, or is it an issue with a multitude of different servers with different IPs in multiple locations that I have tested that run a multitude of different OS’s, or…? How can this get fixed? How can it be prevented in the future?

Rogier Mulhuijzen

March 01, 2015 01:50

Hi,

Considering the nature of the issue, can you send an email to support@fastly.com describing the issue, and attach a couple of the pcaps? And can you also include the output from both http://www.fastly-debug.com/ and https://www.fastly-debug.com/ ?

That way a support ticket will be created and this issue will get the attention it deserves.

OvermindDL1

March 01, 2015 02:19

[quote="drwilco, post:2, topic:299, full:true"] Hi,

That way a support ticket will be created and this issue will get the attention it deserves. [/quote] Thank you. I was also speaking in IRC and performed a number of tests asked of me, included those results and emailed on. Many of us are looking forward to getting this resolved due to how many it affects. Thank you all for your help!

July 11, 2015 03:34

There was yes, but is was discovered it was caused by Level3's backbone line having an issue I think, hard to fix... I kind of deal with it now a little painfully. Would still love it fixed though...

Comments