Very odd, indeed. We have analysed the traffic on both ends and we have found that the problem is probably in PIX. As I have read in LKML (http://lkml.org/lkml/2007/7/29/174) CISCO works really badly with SACK packets and these are then recognized as INVALID and dropped. We still don't know what is wrong and why SACKs are produced but I suspect PIX too. The workaround is and some explanation is mentioned in LKML. As we have found there is not problem only in PG, but in Oracle too (it seems that DB server or drivers deals with this problem better). So this is not only PG-related. Now after turning SACKs off seems connection stabile. But we'll try to figure out why are such packets produced. But it will probably take time... Thanks, Lukas -----Original Message----- From: pgsql-general-owner@xxxxxxxxxxxxxx [mailto:pgsql-general-owner@xxxxxxxxxxxxxx] On Behalf Of Craig Ringer Sent: Thursday, May 07, 2009 3:02 AM To: Slansky Lukas Cc: pgsql-general@xxxxxxxxxxxxxx Subject: Re: PGSQL x iptables Slansky Lukas wrote: >> Craig Ringer wrote: >> >> After a long period of inactivity, perhaps? > > Is 15 seconds long period? I don't think so. No. If you see a connection that was working 15 and active seconds ago suddenly die, it's not due to time-based state table expiry. Do you see anything in `dmesg'? Have you used wireshark to trace activity on the interface and analyzed the dumps? You can often learn a lot about what's actually happening that way. > To John: I know it's related to iptables but this state seems to be only > on PG connections :-) Very odd. -- Craig Ringer -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general