I have a little tricky behavior I can't explain. I have a virtual machine running Ubuntu 20.04
, docker
19.03.6and a
rediscontainer. Hosted on a
Windows 2019` Hyper-V machine.
There's a second virtual machine (same network but different physical server) running W2k19 and a redis-client
connecting to the redis
instance.
Due to bad configuration from time to time redis
overwhelms the Ubuntu machine, using too much memory, and producing thousands of *connection timed out*
exception in the redis-client
.
When this happens, all connections between machines stop working. If I try to connect via ssh
from the W2k19 machine to Ubuntu or using telnet
from the same machine on any port, I get a *connection timed out*
.
Like if something on the Linux machine did an auto ban of the IP address of the w2k19 machine. From any other machine I can connect via ssh
, telnet
and so on.
Ufw
is turned off- We dont't have
fail2ban
installed iptables
is configured with all ports open
But we still can't connect. We reproduced the behavior on another machine, a second VM with W2k19
and the same redis-client
.
What we found out would reestablish the connections between those machine was a restart of the ssh
service on the Ubuntu machine combined with a reboot of the W2k19
machine.
Just the single sudo service sshd restart
is not enough, and just a reboot of the W2k19
machine is not enough. I can't figure out what's going on, and we cannot accept as a standard procedure in these cases to restart the ssh
service and reboot the machine.
But so far we are not being able to figure out what rule/configuration whatsoever is blocking the connections. It has to do something with the ssh
service probably, since restarting it does contribute to restore the connections, but how?
And why restarting the ssh
service (and rebooting the W2k19
machine) is actually unblocking the connection to the redis
6379 port?
!!! UPDATE !!! I tried tcpdump on the ubuntu machine and see no traffic from the other VM. I configured network mirroring for the ubuntu machine, and analyzed traffic with wireshark, no traffic from the other VM either. I disabled firewalls everywhere (ubuntu VM, client VM, hyper-v hosts) while analyzing the traffic.
Something is blocking the traffic before it reach the VM, but I can't figure out what.