Blog‎ > ‎

Python IPv4/IPv6 TCP timeout, CloudFlare, Zerto, BI / SLQ / ETL, VDSL2, Linux Sec, Pen

posted Sep 1, 2015, 7:29 AM by Sami Lehtinen   [ updated Sep 1, 2015, 7:30 AM ]
  • Slow TCP connection, time exceeds timeout but works(!) - Today I encountered really interesting issue with Python networking. I try to connect a server which does have A and AAAA records. Yet the software running on server is so silly that it provides service on different TCP port depending if it's being connected using IPv4 or IPv6. What's even stranger? I noticed in many logs that connection time to server was like 5 seconds 16 milliseconds. But wait, didn't I configure 5 second timeout? How it's possible it's 5 seconds and 16 milliseconds? In many cases the normal time for non IPv6 servers was around 16 milliseconds. So I noticed immediate pattern. 5 seconds + 16 milliseconds, ok? But does that make any sense? I was trying to connect port X yet the IPv6 (which is preferred) uses only port Y. Yet it seems that after the connection to X failed using IPv6 Python tried to connect the server using IPv4 and port X. Ok? That's nice, now it's working? Potential trap? If you set time out to 10 seconds, it's possible that the connection attempt timeouts after 20 seconds? Why? Well first 10 seconds was used trying to use IPv6 and second 10 seconds is used trying to connect the server using IPv4. It's nice to have IPv6 -> IPv4 fall back, but it can surprise you at times. I guess this is documented, but I just haven't happened to read such documentation.
  • CloudFlare just continues incredible adding of PoPs.
  • Checked out Zerto - Virtual Replication Business continuity and Disaster recovery (BCDR) solutions. Which is hypervisor level based replication. Currently I didn't find a need for it due to facts how many systems are designed to work. But it's good to be aware about available solutions if and when those are required.
  • BI consultants making extremely bad / heavy SQL queries bringing the system down. Nothing new, they don't bother to think what's the smartest way to get the data. They just try to pull everything out potentially causing huge lock contention.
  • Again encountered some admins that seem to be unaware that Windows contains a proxy server by default. netsh interface portproxy.
  • VDSL2, FEC, CRC, HEC, Interleave, Latency, VDSL2 - Reminded my self error correction (Reed-Solomon), DMT Modulation and Interleaving & latency things.
  • Linux workstation security checklist - A good read.
  • Some history, how ball point pen killed cursive? - Also checked out gel pen and rollerball pen.
There's a lot more. I'm just posting smaller chunks now. And not more than one / day.