From: Martin KaFai Lau <ka...@fb.com> Date: Fri, 18 Aug 2017 13:51:36 -0700
> It seems like that middle box specifically drops TCP_RST if it > does not know anything about this flow. Since the flowlabel of the TCP_RST > (sent in TW state) is always different, it always lands to a different middle > box. All of these TCP_RST cannot be delivered. This really is illegal behavior. The flow label is not a flow _KEY_ by any definition whatsoever. Flow labels are an optimization, not a determinant for flow matching particularly for proper TCP state processing. I'd rather you invest all of this energy getting that vendor to fix their kit. Thank you.
