WORKAROUND Client with non-standard MTU cannot connect to Highland servers
Posted: Fri Nov 29, 2024 3:39 pm
The client on one of my FAH hosts could not connect to the Highland servers. The client had no issues connecting to the other FAH servers.
The MTU for the client host was set to 9,000. An MTU of 1,500 is more common. After the MTU on the host was changed to 1,500 the connections succeeded.
What is puzzling about this is that it only appeared to affect connections to the Highland servers.
The issue was reproducable at the OS level. Tools like 'openssl s_client -connect' and ssldump showed the SSL connection would get stuck after the SSL client sent the 'client hello' message. A 'server hello' message is expected in response but is never received. Doing an on-line search on this behavior suggested the MTU size can affect the SSL handshake process, which prompted a review of the network interface configuration on the host.
SSL connections to other servers from the same host work fine with the MTU at 9,000. The FAH client can connect to other FAH servers, and generic SSL connections such as from browsers from the same host work as well.
All's well that ends well of course, but it makes me wonder what is different about the Highland servers to cause this.
Below is the start of the client log, in case people are intersted in the client host configuration.
The MTU for the client host was set to 9,000. An MTU of 1,500 is more common. After the MTU on the host was changed to 1,500 the connections succeeded.
What is puzzling about this is that it only appeared to affect connections to the Highland servers.
The issue was reproducable at the OS level. Tools like 'openssl s_client -connect' and ssldump showed the SSL connection would get stuck after the SSL client sent the 'client hello' message. A 'server hello' message is expected in response but is never received. Doing an on-line search on this behavior suggested the MTU size can affect the SSL handshake process, which prompted a review of the network interface configuration on the host.
SSL connections to other servers from the same host work fine with the MTU at 9,000. The FAH client can connect to other FAH servers, and generic SSL connections such as from browsers from the same host work as well.
All's well that ends well of course, but it makes me wonder what is different about the Highland servers to cause this.
Below is the start of the client log, in case people are intersted in the client host configuration.
Code: Select all
00:30:29:I1: Version: 8.3.18
00:30:29:I1: Author: Joseph Coffland <joseph@cauldrondevelopment.com>
00:30:29:I1: Org: foldingathome.org
00:30:29:I1: Copyright: 2023-2024, foldingathome.org
00:30:29:I1: Homepage: https://foldingathome.org/
00:30:29:I1: License: GPL-3.0-or-later
00:30:29:I1: URL: https://v8-3.foldingathome.org/
00:30:29:I1: Date: Jul 12 2024
00:30:29:I1: Time: 13:26:31
00:30:29:I1: Revision: 99ae953ee7b1c0b3070161cfcf9150184f76bd96
00:30:29:I1: Branch: master
00:30:29:I1: Compiler: GNU 8.3.0
00:30:29:I1: Options: -Wsuggest-override -faligned-new -std=c++17 -fsigned-char
00:30:29:I1: -ffunction-sections -fdata-sections -O3 -funroll-loops -fno-pie
00:30:29:I1: Platform: linux 4.19.0-26-cloud-amd64
00:30:29:I1: Bits: 64
00:30:29:I1: Mode: Release
00:30:29:I1: Args: --config=/etc/fah-client/config.xml
00:30:29:I1: --log=/var/log/fah-client/log.txt
00:30:29:I1: --log-rotate-dir=/var/log/fah-client/
00:30:29:I1: Config: /etc/fah-client/config.xml
00:30:29:I1:****************************** CBang ******************************
00:30:29:I1: Version: 1.7.2
00:30:29:I1: Author: Joseph Coffland <joseph@cauldrondevelopment.com>
00:30:29:I1: Org: Cauldron Development
00:30:29:I1: Copyright: Cauldron Development, 2003-2024
00:30:29:I1: Homepage: https://cauldrondevelopment.com/
00:30:29:I1: License: LGPL-2.1-or-later
00:30:29:I1: Date: Jun 24 2024
00:30:29:I1: Time: 13:29:44
00:30:29:I1: Revision: 1b05ea96f0ed3043c32b78a66dbf50a9b2002289
00:30:29:I1: Branch: master
00:30:29:I1: Compiler: GNU 8.3.0
00:30:29:I1: Options: -Wsuggest-override -faligned-new -std=c++17 -fsigned-char
00:30:29:I1: -ffunction-sections -fdata-sections -O3 -funroll-loops -fno-pie
00:30:29:I1: -fPIC
00:30:29:I1: Platform: linux 4.19.0-26-cloud-amd64
00:30:29:I1: Bits: 64
00:30:29:I1: Mode: Release
00:30:29:I1:***************************** System ******************************
00:30:29:I1: CPU: AMD Ryzen Threadripper 1920X 12-Core Processor
00:30:29:I1: CPU ID: AuthenticAMD Family 23 Model 1 Stepping 1
00:30:29:I1: CPUs: 24
00:30:29:I1: Memory: 15.45GiB
00:30:29:I1:Free Memory: 11.87GiB
00:30:29:I1: OS Version: 6.8
00:30:29:I1:Has Battery: false
00:30:29:I1: On Battery: false
00:30:29:I1: Hostname: threadripper
00:30:29:I1: UTC Offset: -5
00:30:29:I1: PID: 9902
00:30:29:I1: CWD: /var/lib/fah-client
00:30:29:I1: Exec: /usr/bin/fah-client
00:30:29:I1:*******************************************************************
00:30:29:I2:<config>
00:30:29:I2: <!-- Server -->
00:30:29:I2: <connection-timeout v='120'/>
00:30:29:I2:
00:30:29:I2: <!-- User Information -->
00:30:29:I2: <passkey v='*****'/>
00:30:29:I2: <team v='***'/>
00:30:29:I2: <user v='***'/>
00:30:29:I2:</config>
00:30:29:I1:Opening Database
00:30:29:I1:F@H ID = *****
00:30:29:I3:Loading default group
00:30:29:I3:Loading default resource group
00:30:29:I1:Listening for HTTP on 127.0.0.1:7396
00:30:29:I3:WU2:Loading work unit 2 with ID C2s9gYppePqLsnhUuryaEb5aMf2dy4HINTlPJqv-Ko0
00:30:29:I3:Loaded 1 wus.
00:30:29:I3:gpus = {
00:30:29:I3: "gpu:07:00:00": {
00:30:29:I3: "vendor": 4318,
00:30:29:I3: "type": "nvidia",
00:30:29:I3: "description": "NVIDIA GeForce RTX 3050",
00:30:29:I3: "uuid": "b22faafa-7aaf-b078-ce58-865d0fdd1036",
00:30:29:I3: "opencl": {"platform": 0, "device": 1, "compute": "3.0", "driver": "550.120"},
00:30:29:I3: "cuda": {"platform": 0, "device": 1, "compute": "8.6", "driver": "12.4"},
00:30:29:I3: "device": 9479,
00:30:29:I3: "supported": true
00:30:29:I3: },
00:30:29:I3: "gpu:08:00:00": {
00:30:29:I3: "vendor": 4318,
00:30:29:I3: "type": "nvidia",
00:30:29:I3: "description": "NVIDIA GeForce GTX 1660 SUPER",
00:30:29:I3: "uuid": "c4bc720c-30f9-496d-8edb-fb2b4a6a5847",
00:30:29:I3: "opencl": {"platform": 0, "device": 2, "compute": "3.0", "driver": "550.120"},
00:30:29:I3: "cuda": {"platform": 0, "device": 2, "compute": "7.5", "driver": "12.4"},
00:30:29:I3: "device": 8644,
00:30:29:I3: "supported": true
00:30:29:I3: },
00:30:29:I3: "gpu:65:00:00": {
00:30:29:I3: "vendor": 4318,
00:30:29:I3: "type": "nvidia",
00:30:29:I3: "description": "NVIDIA GeForce RTX 3060 Ti",
00:30:29:I3: "uuid": "f936634c-b097-a12b-16a4-5055f81704fa",
00:30:29:I3: "opencl": {"platform": 0, "device": 0, "compute": "3.0", "driver": "550.120"},
00:30:29:I3: "cuda": {"platform": 0, "device": 0, "compute": "8.6", "driver": "12.4"},
00:30:29:I3: "device": 9236,
00:30:29:I3: "supported": true
00:30:29:I3: }
00:30:29:I3:}