FTP TCP DUP ACK Error

8055730
8055730 used Ask the Experts™
on
Does any one know why might be causing a a lot of TCP DUP ACK and TCP Retransmission for a FTP transfer?  We also get a "426 File transfer failed" error in the packet capture.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
DUP ACK  & RETRANSMISSION might indicate that packets are lost on the way or get through slow at times while short before going smooth.

it might also be a problem if too large packets are transmitted after a short while. enabling PMTU detection might help.
Distinguished Expert 2018

Commented:
Reason for TCP duplicated acks and retransmissions is packet loss.
Typical reasons for packet loss are:
- network congestion
- network L2 errors

Author

Commented:
Predrag: Didn't see any errors after clearing the interfaces this morning.  Although we did see some input errors over 14 days period.

Noci:  Tried enabling PMT D on the Cisco ASA through allowing icmp unreachable but that preventing us from monitoring the network so I had to disable it.

Note that this seems to impact just one ftp server and the ftp server connects just fine but when trying to download a file, it starts but never finishes.

I checked the routing path and there is no asymmetric routing issue.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018

Commented:
It does not mean anything that you don't see errors under interface. Errors, congestion can happen anywhere between host and server.

Ultra simplified version - TCP windows is 3 packets (Duplicated ACK and retransmissions).

Server sends packets 1 2 3
Host gets all packets and send ACK 3
Server sends packets 4 5 6
Host gets only packets 5 and 6 - host will again send ACK 3 again (TCP Duplicated ACK)
After server is waiting for timeout period and did not get ACK for 6, since server does not know which packets host did not get, server will send packets 4 5 6 again (TCP Retransmission)

If there would be no packet loss (packets are received by host and ACKs are received by server in timely fashion) there would not be duplicated ACKs nor Retrasmissions.

You can find excellent presentation The Transport Layer: TCP and UDP Jean-Yves Le Boudec Fall 2009
Distinguished Expert 2018

Commented:
Note that this seems to impact just one ftp server and the ftp server connects just fine but when trying to download a file, it starts but never finishes.
I just noticed marked part, I was explaining TCP and did not notice part that states that one specific ftp server is affected with specific symptoms...
Most likely ftp server is configured as active ftp, but firewall is not configured for that. Active ftp session is initiating ftp data transfer on port 20 after ftp control on port 21 is established. You can find explanation and solution for ASA in article - ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Author

Commented:
Hi Predrag,

Thanks for you trying.

The FTP server is on the outside of the ASA and the clients are on the inside.

I tried enable the inspect ftp and removing and tried the strict ftp inspection too. Same issue.

The error I get when I try to download the files are " "Failed - Network error".

It happens with all browsers.
Commented:
Fixed this issue.  I had to bypass the Firepower module for inspection for the ftp download to this server on the outside.  There may be some issues with the Firepower seeing the traffic as not normal and requires further investigation.  Thank you all for trying to help.
Distinguished Expert 2018

Commented:
For trying to help?
:)

Sorry that we were not able to help you. It will not happen ever again, at least, not from my side.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
never finishes.... ok then a transfer took longer that a firewall was prepared to  keep the port 21 (command link) open.
and the result of the transfer is never reported.... after which the local ftp has to assume failure.

Author

Commented:
Bypassed the Firepower module for inspection the FTP issue.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial