Knowledgebase

  2. Home
  4. Knowledgebase
  6. TCP-X Asymmetric Route Detection

TCP-X Asymmetric Route Detection

 

TCP-X-AsymmetricRouteDetection

TCP-X Asymmetric Route Detection
Asymmetry Detection Methods<
Full Asymmetry
Server-Side Asymmetry
Client-Side Asymmetry

 

TCP-X Asymmetric Route Detection

Asymmetric routing occurs when packets take one path from the source to the destination but take a different path from the destination back to the source. When this occurs the TCP sessions cannot be accelerated with TCP-x since only one way traffic is visible on the Wanos instance.

Recommended action:

  1. Avoid asymmetric routing when TCP-x is enabled.
  2. If asymmetric routing is unavoidable and permanent, do not enable TCP-x or disable the TCP-x full transparency with the wanos.conf config option: 
    PEP_TCP_FULL_TRANSPARENT=false
  3. Where asymmetric routing is unavoidable and temporary due to network outages, enable TCP-x Asymmetric Route Detection with the wanos.conf config option: 
    PEP_TCP_TRACK_ASYM=true

TCP-X Asymmetric Route Detection is supported from v.4.2.6 onward. When enabled, TCP sessions will be tracked for certain error conditions that indicate that asymmetric routing may be present. When a session is flagged as asymmetric, the Client and Server IP address pair is added to a TCP-x bypass list for 4 hours. Further sessions between between the IP address pair will not be forwarded to the TCP accelerator until the 4 hour timeout expires.

Wanos is able to detect most asymmetric routing scenarios. The following implementation details apply to asymmetric routing detection as implemented in Wanos:

  • This first time asymmetric routing is detected between two hosts, that specific TCP flow will timeout/reset. However, the IP address pair (Host A and B) is then marked to be bypassed in TCPX and any TCP sessions between these two hosts after the detection will be bypassed from TCPX.

  • Flagging of TCP sessions for asymmetric routing is based on IP address pairs. Once asymmetric routing is detected between two hosts, any TCP traffic (any TCP ports) between host A and host B will be bypassed from TCPX.

  • By default, the IP address pair entry will be kept in the bypass table for 4 hours, after which it will be removed to kick off the detection process again.

 

Asymmetry Detection Methods

Wanos currently utilizes three methods to detect asymmetric routing conditions. These methods allow detection of most asymmetric routing scenarios. The methods used are:

  1. Receiving a TCP SYNACK on the LAN interface where Wanos has not seen any other packets for the flow before.

  2. SYN retransmits from Wanos to the LAN interface.

  3. SYN retransmits from Wanos to the WAN interface.

For methods 2 and 3 detection is triggered on the 3rd SYN packet, that is the initial SYN packet with two SYN retransmits.

Irrespective of which method is used, Wanos will inform its remote Wanos peer (if one exists) to also apply the IP address pair bypass rule.

The following diagrams illustrates specific asymmetric routing scenarios and highlights which of the above methods is used to detect asymmetric routing.

 

Full Asymmetry

http://wanos.co/docs/wp-content/uploads/2018/11/TCP-X_Full_Asymmetry.png
Figure 1- Full Asymmetry – A -> B

Here a TCP session is initiated from host A to host B. All packets from A to B go through both Wanos appliances, but bypass both Wanos appliances on the return path.

Detection Method (2) – SYN retransmits from Wanos to the LAN is used on the B side Wanos appliance for detection as the SYNACK from server B will never reach Wanos B.

TCP-X_Full_Asymmetry_B-A
Figure 2- Full Asymmetry – B -> A

TCP sessions initiated from B to A will bypass both Wanos appliances on packets from B to A, but flow through both Wanos appliances on the return path.

Detection Method (1) – Receiving a TCP SYNACK on the LAN interface where Wanos has not seen any other packets for the flow before is used on the A side Wanos appliance.

 

Server-Side Asymmetry

TCP-X_Server-Side-Asymmetry_A-B
Figure 3 – Server-Side – A -> B

In this scenario, the session is initiated from A to B and all packets from A to B traverse both Wanos appliances, but bypass the B side Wanos appliance on the return path.

Detection Method (2) – SYN retransmits from Wanos to the LAN is used on the B side Wanos appliance for detection as the SYNACK from server B will never reach Wanos B.

TCP-X_Server-Side-Asymmetry_A-B
Figure 4- Server-Side – B -> A

In the current release, Wanos does not support Server-Side asymmetry for sessions initiated from the server (host B) to the client (host A) as illustrated in the above diagram. Support for this scenario is scheduled for the next release.

 

Client-Side Asymmetry

TCP-X_Client-Side-Asymmetry_A-B
Figure 5- Client-Side Asymmetry – A -> B

With client-side asymmetry where the TCP session is initiated from host A to host B, packets from A to B goes through both Wanos appliances, but bypass the A side Wanos appliance on the return path.

Detection Method (3) – SYN retransmits from Wanos to the WAN interface is used on the A side Wanos appliance for detection as the SYNACK will never reach Wanos A.

TCP-X_Client-Side-Asymmetry_B-A
Figure 6 – Client-Side Asymmetry – B -> A

TCP sessions initiated from B to A will bypass the A side Wanos appliances for packets from B to A, but flow through both Wanos appliances on the return path.

Detection Method (1) and (3) will both detect asymmetric routing in this scenario. Method (1) will be used on Wanos A, where method (3) will be used on Wanos B.




Was this article helpful to you? Yes No

How can we help?