FTP TCP DUP ACK Error

Does any one know why might be causing a a lot of TCP DUP ACK and TCP Retransmission for a FTP transfer?  We also get a "426 File transfer failed" error in the packet capture.
8055730Asked:
Who is Participating?
 
8055730Connect With a Mentor Author Commented:
Fixed this issue.  I had to bypass the Firepower module for inspection for the ftp download to this server on the outside.  There may be some issues with the Firepower seeing the traffic as not normal and requires further investigation.  Thank you all for trying to help.
0
 
nociSoftware EngineerCommented:
DUP ACK  & RETRANSMISSION might indicate that packets are lost on the way or get through slow at times while short before going smooth.

it might also be a problem if too large packets are transmitted after a short while. enabling PMTU detection might help.
0
 
JustInCaseCommented:
Reason for TCP duplicated acks and retransmissions is packet loss.
Typical reasons for packet loss are:
- network congestion
- network L2 errors
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
8055730Author Commented:
Predrag: Didn't see any errors after clearing the interfaces this morning.  Although we did see some input errors over 14 days period.

Noci:  Tried enabling PMT D on the Cisco ASA through allowing icmp unreachable but that preventing us from monitoring the network so I had to disable it.

Note that this seems to impact just one ftp server and the ftp server connects just fine but when trying to download a file, it starts but never finishes.

I checked the routing path and there is no asymmetric routing issue.
0
 
JustInCaseCommented:
It does not mean anything that you don't see errors under interface. Errors, congestion can happen anywhere between host and server.

Ultra simplified version - TCP windows is 3 packets (Duplicated ACK and retransmissions).

Server sends packets 1 2 3
Host gets all packets and send ACK 3
Server sends packets 4 5 6
Host gets only packets 5 and 6 - host will again send ACK 3 again (TCP Duplicated ACK)
After server is waiting for timeout period and did not get ACK for 6, since server does not know which packets host did not get, server will send packets 4 5 6 again (TCP Retransmission)

If there would be no packet loss (packets are received by host and ACKs are received by server in timely fashion) there would not be duplicated ACKs nor Retrasmissions.

You can find excellent presentation The Transport Layer: TCP and UDP Jean-Yves Le Boudec Fall 2009
0
 
JustInCaseCommented:
Note that this seems to impact just one ftp server and the ftp server connects just fine but when trying to download a file, it starts but never finishes.
I just noticed marked part, I was explaining TCP and did not notice part that states that one specific ftp server is affected with specific symptoms...
Most likely ftp server is configured as active ftp, but firewall is not configured for that. Active ftp session is initiating ftp data transfer on port 20 after ftp control on port 21 is established. You can find explanation and solution for ASA in article - ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example
0
 
8055730Author Commented:
Hi Predrag,

Thanks for you trying.

The FTP server is on the outside of the ASA and the clients are on the inside.

I tried enable the inspect ftp and removing and tried the strict ftp inspection too. Same issue.

The error I get when I try to download the files are " "Failed - Network error".

It happens with all browsers.
0
 
JustInCaseCommented:
For trying to help?
:)

Sorry that we were not able to help you. It will not happen ever again, at least, not from my side.
0
 
nociSoftware EngineerCommented:
never finishes.... ok then a transfer took longer that a firewall was prepared to  keep the port 21 (command link) open.
and the result of the transfer is never reported.... after which the local ftp has to assume failure.
0
 
8055730Author Commented:
Bypassed the Firepower module for inspection the FTP issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.