Many many thanks! Since VPP started, the Nginx processes on the two BVI interfaces have been utilizing 100% of the CPU. Could there be an error in my VCL or VPP configuration files?
When communication is interrupted, port reuse does not occur every time. Florin Coras via lists.fd.io <[email protected]> 于2025年11月26日周三 17:15写道: > Hi, > > Inline. > > > On Nov 25, 2025, at 11:26 PM, Guo Huiliang via lists.fd.io > <[email protected]> wrote: > > > > My traffic flow is as follows: > > > > Client browser → Decryption Nginx (bound to a BVI interface on loop0) > > After TLS decryption, the traffic is forwarded to Encryption Nginx > (bound to another BVI interface in a separate bridge domain on loop1) > > Then it accesses the backend HTTPS server. > > The entire pipeline works fine under normal conditions. When I refresh > the page in the browser (using regular F5), it succeeds every time—no > matter how many times I refresh. > > > > However, when I perform a hard refresh (Ctrl+F5): > > > > The first and second attempts still load the webpage successfully. > > But starting from the third Ctrl+F5, the page fails to load. > > Packet capture analysis shows that between the backend server and the > Encryption Nginx, there are massive TCP retransmissions, and even port > reuse occurs. After a certain number of retransmissions, both sides send > RST packets to terminate the connection. > > Hard to tell what is going on but given that you’re seeing port reuse, > maybe linux side is refusing the handshake because of the initial sequence > number. A bit surprised this is happening because port selection on vpp > side should be relatively random, so pretty small chance of reuse with a > few connections. > > > > > From the command line, I observe that: > > > > Both the Decryption Nginx and Encryption Nginx processes are consuming > 100% CPU. > > If this is showing only after the bad condition is happening, maybe check > with gdb what exactly is looping. Maybe it’s a side effect of some nginx > socket option that’s not currently supported by the ldp shim. > > > Both loop0 (used by Decryption Nginx) and loop1 (used by Encryption > Nginx) show significant packet drops. > > Those drops look like protocol drops, not interface or tcp drops. Check > “sh error” and that will hopefully clarify what they are. Maybe they’ll > explain the tcp issues as well. > > > What is the root cause of this failure triggered specifically by Ctrl+F5? > > Guess the http connections (or at least more of them) are re-established > instead of using cached content. > > Regards, > Florin > > > > > How can this issue be resolved? > > > > <475ea392-3170-41a2-a0ff-a4f669bcff36.png> > > > > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#26555): https://lists.fd.io/g/vpp-dev/message/26555 Mute This Topic: https://lists.fd.io/mt/116482254/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
