From: Mo Balaa <buddybalaa@gmail.com>
To: "Tomcsanyi, Domonkos" <domi@tomcsanyi.net>
Cc: Ashish Madeti <ashish@provakil.com>,
wireguard@lists.zx2c4.com, Pulkit Anand <pulkit@provakil.com>
Subject: Re: Transient Connection Issue
Date: Tue, 10 Nov 2020 03:23:57 -0600 [thread overview]
Message-ID: <0A5C340C-6B05-4C75-9F0F-B72A56D55FBB@gmail.com> (raw)
In-Reply-To: <589074B2-A2F2-4B87-AA27-0B60704A5798@tomcsanyi.net>
Check your MTU across your paths. In my experience, transient connection issues are due to MTU oversize.
> On Nov 10, 2020, at 2:20 AM, Tomcsanyi, Domonkos <domi@tomcsanyi.net> wrote:
>
> Hi Ashish,
>
> With the amount of information given it is very hard to comment anything meaningful.
> Have you gone through standard network connectivity issue investigation steps?
> E.g.: does ping work? Do you have correct routes setup? What does wg show tell during downtime? What does tcpdump shows on the wire?
>
> Cheers,
> Domi
>
>
>> 10.11.2020 dátummal, 0:21 időpontban Ashish Madeti <ashish@provakil.com> írta:
>>
>> Hi All
>>
>> Background: I am using Wireguard VPN to secure intra-server
>> communications among my 5-6 ubuntu servers sitting in different data
>> centers.
>>
>> Today, we had a downtime of around 15 minutes because the server
>> running nginx was not able to connect to the web-application server
>> using the wireguard interface [0]. I ascertained that it was not a
>> connection issue between nginx server and web-application server by
>> trying to connect to web-application server via its public IP, which
>> worked [1]. I even tried restarting wireguard service [2] on both
>> nginx and web-application server but to no avail.
>> So, before investigating further, I decided to first route all the
>> traffic to a failover server (which was also a part of the VPN). It
>> took me around 5-10 minutes to pull the latest configuration and
>> application changes onto the failover server and then route all
>> traffic to it. Once our site was up, I again tried connecting to the
>> original web-application server from nginx server, using curl, but
>> this time it worked fine.
>>
>> Can anybody help me understand the problem or anything I should try if
>> it happens again?
>>
>> Please let me know if you need any more information.
>>
>> [0] Tried via curl. curl 10.0.0.10:8080. Received the error
>> 'Connection timed out'
>> [1] curl w.x.y.z:8080 returned the html content as expected.
>> [2] sudo service wg-quick@wg0 restart
>>
>> Regards
>> --
>> Ashish Madeti
prev parent reply other threads:[~2020-11-10 9:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-22 4:40 Ashish Madeti
2020-11-10 8:18 ` Tomcsanyi, Domonkos
2020-11-10 9:23 ` Mo Balaa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0A5C340C-6B05-4C75-9F0F-B72A56D55FBB@gmail.com \
--to=buddybalaa@gmail.com \
--cc=ashish@provakil.com \
--cc=domi@tomcsanyi.net \
--cc=pulkit@provakil.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).