While going through some of my old notes I came across some notes from a few years ago on hung TCP sessions on some of our routers. These hung sessions where due to the latency differences on a Multi-link T1 connection that was in place. Below are the notes (generalized IP and Names) on how to detect and reset these connections.It is my hope for you to never have to use these commands, but since there is little out there on them I figured I would share.
1) We saw this error (connection queue limit reached) on the terminating gateway (10.10.3.5) during an incoming call attempt:
R1#
R1#debug ip tcp trans
TCP special event debugging is on
R1#term mon
R1#
Mar 6 04:49:55 PHL: TCP0: bad seg from 10.11.3.20 — connection queue limit reached: seq 3379916701 ack 0 rcvnxt 0 rcvwnd 4128 len 0
Mar 6 04:49:57 PHL: TCP0: bad seg from 10.11.3.20 — connection queue limit reached: seq 3379916701 ack 0 rcvnxt 0 rcvwnd 4128 len 0
Mar 6 04:50:01 PHL: TCP0: bad seg from 10.11.3.20 — connection queue limit reached: seq 3379916701 ack 0 rcvnxt 0 rcvwnd 4128 len 0
Mar 6 04:50:09 PHL: TCP0: bad seg from 10.11.3.20 — connection queue limit reached: seq 3379916701 ack 0 rcvnxt 0 rcvwnd 4128 len 0
R1#
2) Take a look at: R1#sh tcp brief TCB Local Address Foreign Address (state) 6353F5E8 10.10.3.5.1720 10.11.3.24.12871 SYNRCVD 63555A14 10.10.3.5.1720 10.11.3.23.12814 SYNRCVD 6353AEFC 10.10.3.5.1720 10.11.3.24.12872 SYNRCVD 6350B2DC 10.10.3.5.1720 10.11.3.24.12875 SYNRCVD 63488D44 10.10.3.5.23 10.11.3.23.11265 ESTAB 63571718 10.10.3.5.1720 10.11.3.24.12914 SYNRCVD All of the TCB's associated with TCP port 1720 are 'hung' (SYNRCVD). The associated TCP Control Block (TCB) are highlighted in a PINKISH colour.
3) To clear them, clear the associated TCB:
R1#clear tcp tcb 6353F5E8
[confirm]y
[OK]
R1#
R1#clear tcp tcb 63555A14
[confirm]y
[OK]
R1#
R1#clear tcp tcb 6353AEFC
[confirm]y
[OK]
R1#
R1#clear tcp tcb 6350B2DC
[confirm]y
[OK]
R1#
R1#clear tcp tcb 63571718
[confirm]y
[OK]
R1#
And the router started processing calls again.
Thank you for posting this blog.
There is a bug in Cisco 3700 where the ping use to expire when I use to ssh into it but generally it was missing pings.
We need to upgrade the IOS.
My co-worker showed me this commands:
!
cli clear tcp tcb *
!
Untill we get a window to upgrade I am automatically clearing the tcp/ip tcb sessions.
!
Conf t
kron occurrence Daily at 0:00 recurring
policy-list clear-tcp
!
kron policy-list clear-tcp
cli clear tcp tcb *
!
Cheers!!
Thank you for posting this blog.
There is a bug in Cisco 3700 where the ping use to expire when I use to ssh into it but generally it was missing pings.
We need to upgrade the IOS.
My co-worker showed me this commands:
!
cli clear tcp tcb *
!
Untill we get a window to upgrade I am automatically clearing the tcp/ip tcb sessions.
!
Conf t
kron occurrence Daily at 0:00 recurring
policy-list clear-tcp
!
kron policy-list clear-tcp
cli clear tcp tcb *
!
Cheers!!