i’ve set up a VRRP cluster with two CCRs, both of em connected to a Cisco SG Stack with a bonding of 2 on each Tik (802.3ad and LACP).
Everything works fine, both bonding links (Cisco ↔ VRRP master) are used, but i find it very odd that i see multiple TCP connections for one and the same source and destination. As an example, if a client visits a website, i see around 10 different TCP connection in the firewall connections list, with different source Ports, but the same destination/port.
example, if a client visits a website, i see around 10 different TCP connection in the firewall connections list, with different source Ports, but the same destination/port.
no, 192.168.0.10 is just a sample client IP that access any other ip on any other network (here some WAN address) through the forward chain.
The question is, why do i see multiple TCP connects from the same client and to the same WAN IP, and might that be expected behavior with bonding (Fragmentation or whatever)?
Let’s forget about VRRP, that doesn’t really come into concideration here. Everything runs through the master as expected.
The question is, why do i see multiple TCP connects from the same client and to the same WAN IP, and might that be expected behavior with bonding (Fragmentation or whatever)?
if you were alone on your lan, just you and your computer browsing MT website using multiple tabs - you will have that behavior.
if your lan was really crowded - you will see those countless.
This is the expected behavior, but it has nothing to do with bonding! You will see this on a plain ethernet connection as well.
It is not determined by the network but by the software running on the client. Normally when a client loads a webpage, it will load the different elements in parallel over a couple of different connections.
thank you for your help.
Multi-Tab crossed my mind, but i witnessed the same phenomenon, when i simply access the frontend of a device (single tab Switch or Printer interface).
Here’s an example of me accessing a device via Browser (device on another subnet, traffic is passing through Mikrotik; MIkrotik opens a ton of TCP connections in the “time wait” state, until one or two change to “established”. It’s not just me, it happens across the network with other clients and i’m not sure anymore if this was always the case.
It doesn’t feel normal that one TCP connection is trying to open this many streams; it feels like connections through the mikrotik are coming from different directions, and only one SYN gets a dice? Which is why set my attention to a potential bonding problem.
Might be wort mentioning, that i filter the input and forward chains with new connection state only, then allow established at the bottom and drop anything else. Perhaps network problems or fragmentation triggers this, because i don’t allow invalid or related connections within MT (accept for ftp stuff).
NO. TCP connections are not “opened in the time wait state”. TCP connections are not “opening many streams”.
What you see is your BROWSER opening SEVERAL TCP connections to the same device, to get all kinds of elements from the webpage it wants to use (HTML, CSS, images, scripts).
“time wait” state means “the connection is already closed”, that is the state you will see after the webpage element has been transferred and the browser has closed the connection. In your example, that happened 7 seconds ago. So probably you looked at it 7 seconds after you opened the page. When that time has increased (to the value configured in the router for connection tracking “TCP Time Wait” timeout), those lines will disappear. But the traffic has already stopped 7 seconds ago.
In some cases a connection is left open to interact with the page, or to be prepared for a next transfer (click).
All this is normal. Bonding is not at all related to this, and more important: MikroTik (your router) is NOT involved in this!
It is all decided by your computer and/or the server (device) it connects to, not by the router inbetween.