[users@httpd] TCP session close

["Jeroen Wolff" <jeroen.wolff@xxxxxxxxx>]

Hi,

Since we upgraded our IBM HTTP Server (apache 2.0.47) we see that Apache start to teardown the tcp session, and also our client (loadbalancer) tries to teardown the tcp session. 

In the first session (frames 28-37), it's the loadbalancer
(10.132.32.124), that started the teardown of the TCP
session at frame #33.

But in the second session (frames 51-59,71), it's the upgraded
webserver (10.132.32.97) that started the teardown of
the TCP session at frame #56.   Frame #57 is where the client
(the loadbalancer) attempts the session teardown request
that is similar to frame #33 of your first session.


De loadbalancer is doing a health chech with a:

GET /  HTTP1.1
Host: 
10.132.32.124
Connection: close

 

Webserver1: 10.132.32.97

Loadbalancer: 10.132.32.124

This is the flow before the upgrade:
 

No.     Time        Source                Destination           Protocol Info
     28 6.281687    10.132.32.124         10.132.32.97          TCP      63264 > 50110 [SYN] Seq=0 Len=0
     29 6.281764    10.132.32.97          10.132.32.124         TCP      50110 > 63264 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1460
     30 6.284956    10.132.32.124         10.132.32.97          TCP      63264 > 50110 [ACK] Seq=1 Ack=1 Win=8192 Len=0
     31 6.285819    10.132.32.124         10.132.32.97          HTTP     GET / HTTP/1.1
     32 6.286340    10.132.32.97          10.132.32.124          HTTP     HTTP/1.1 200 OK (text/html)
     33 6.289605    10.132.32.124         10.132.32.97          TCP      63264 > 50110 [FIN, ACK] Seq=90 Ack=605 Win=8192 Len=0
     34 6.289649    10.132.32.97          10.132.32.124         TCP      50110 > 63264 [ACK] Seq=605 Ack=91 Win=32768 Len=0
     35 6.289691    10.132.32.97          10.132.32.124         TCP      50110 > 63264 [FIN, ACK] Seq=605 Ack=91 Win=32768 Len=0
     36 6.293661    10.132.32.124         10.132.32.97          TCP      [TCP Dup ACK 33#1] 63264 > 50110 [ACK] Seq=91 Ack=605 Win=8192 Len=0
     37 6.294571    10.132.32.124          10.132.32.97          TCP      63264 > 50110 [ACK] Seq=91 Ack=606 Win=8192 Len=0

And this is the flow after upgrade:

No.     Time        Source                Destination           Protocol Info
     51 10.000206   10.132.32.124         10.132.32.97          TCP      63378 > 50110 [SYN] Seq=0 Len=0
     52 10.000345   10.132.32.97          10.132.32.124         TCP      50110 > 63378 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=1460
     53 10.003637   10.132.32.124         10.132.32.97          TCP      63378 > 50110 [ACK] Seq=1 Ack=1 Win=8192 Len=0
     54 10.004307   10.132.32.124         10.132.32.97          HTTP     GET / HTTP/1.1
     55 10.004993   10.132.32.97          10.132.32.124          HTTP     HTTP/1.1 200 OK (text/html)
     56 10.005111   10.132.32.97          10.132.32.124         TCP      50110 > 63378 [FIN, ACK] Seq=624 Ack=90 Win=32768 Len=0
     57 10.014761   10.132.32.124         10.132.32.97          TCP      63378 > 50110 [FIN, ACK] Seq=90 Ack=624 Win=8192 Len=0
     58 10.014820    10.132.32.97          10.132.32.124         TCP      50110 > 63378 [FIN, ACK] Seq=624 Ack=91 Win=32768 Len=0
     59 10.016232   10.132.32.124         10.132.32.97          TCP      63378 > 50110 [ACK] Seq=91 Ack=625 Win=8192 Len=0
     71 12.180680   10.132.32.124         10.132.32.97          TCP      63378 > 50110 [RST] Seq=92 Len=0

 

Can anybody see or know why Apache 2.0.47 starts to teardown the session?
Would be great! Thanks!

-- 
----
Regards,

Jeroen