Multiple issues have been identified and resolved within RedShield Cloud which cause intermittent request delays or failures, as detailed below.
Nagle's Algorithm incompatible with TCP Delayed Acknowledgement
This issue occurs when all of the following conditions are met:
- RedShield WAN Optimised TCP profile including Nagle's algorithm has been applied to the server-side connections (this includes most RedShield customers before July 2016). Nagle's algorithm is described in https://tools.ietf.org/html/rfc896.
- Customer origin web server uses TCP Delayed Acknowledgements (https://tools.ietf.org/html/rfc1122#page-96)
This issue occurs more commonly when SSL/TLS encryption is also in use, which is commonly the case for RedShield customers.
This issue is also more common when the origin web server is behind a full TCP proxy load balancer.
TCP Multiplexing requires SSL Unclean Shutdown enabled
This issue occurs when all of the following conditions are met:
- RedShield Cloud is actively multiplexing client-side connections into fewer server-side connections (this includes most RedShield customers before July 2016).
- SSL closure notifications are sent by the server without TCP FIN
Resolution:
Customers with configurations liable to trigger these conditions have been identified and configurations updated to resolve the issue. Recent and future RedShield Cloud deployments are now also configured to resolve the issue.
Comments