Switches, Hubs, and Modems
1748053 Members
4685 Online
108758 Solutions
New Discussion

HP OfficeConnect 1820 Auto DOS (Prevent Invalid TCP Flags Attack) killing NFS4

 
BernhardMM
Collector

HP OfficeConnect 1820 Auto DOS (Prevent Invalid TCP Flags Attack) killing NFS4

Hi, our new HP OfficeConnect 1820 (48port) switch has been causing some troubles, and to get down to the bottom of the (random packet loss, connectivity) problems, I enabled the Auto DOS feature, hoping to get some log info in case something weird happens.

Well, weird stuff happend, but not as I expected. Luckily, we had to restart NFS connections soon after enabling the switch, and that failed (Ubuntu 18.04 -> Freenas 11.3). After trying a plethora of things, by chance we found out that using the "noresvport" function on the NFS shares works, at the expense of not using <1024 ports for NFS. After some more thoughts, we identified the "Auto DOS" feature as one of the things that changed - we switched that off, and all the sudden, NFS connections were possible, again. Specifically, it was the "Prevent Invalid TCP Flags Attack" which killed NFS - it would be great if HP engineers look into that, and also put out some logging info in case of attacks or other "dropping" info (log level set to debug, and all I get is admin login and some STP changes as if everything works fine). Also, with almost zero traffic (maybe 100mbit in total, when idle), the switch has 30+% CPU usage...

Software Version PT.02.09 Operating System Linux 3.6.5 Serial Number CN90GMX0PH

To add: Freenas is on baremetal, Ubuntu is on ESXi 6.5 - I'll try some packet captures later.

Seems to happen for other setups, too: https://forums.centos.org/viewtopic.php?t=65772

 

Cheers, 

Bernhard