We deployed TCP Fast Open across our tlsproxies on Jun 24 2016.
The number of failed inbound TFO connections seems fairly low on all DCs except for esams. Interestingly, esams errors happen mostly from Monday to Friday, not during the weekend .
I started looking into the IPs causing TCPFastOpenPassiveFail to grow with systemtap on cp3043 and cp3042. On both machines, one specific IP was the biggest offender, causing the vast majority of the failures.
host | tfo attempts | successful | failed | failures caused by one IP |
cp3043 | 2029 | 756 | 1273 | 1045 |
cp3042 | 1497 | 166 | 1331 | 1058 |
The two IPs causing the vast majority of TCPFastOpenPassiveFails are both from AS3215 (France telecom/orange).
We want to find out whether the issue is AS3215-specific or not, and possibly fix it.