注: その後、新たな知見を得て質問を編集しました。
gcloud にネットワーク rl を作成しました。rl の下には、rlprod、rldev など、複数のサブネットがあります。prod、dev などの環境に属するマシンのセットごとに 1 つのサブネットがあります。これは、おそらく 1 年ほど前から gcloud を開始して問題なく動作しています。ネットワークを拡張しているときに、このリージョンで許可されている CPU の数で gcloud の制限に達したため、CPU 制限の増加をリクエストしました。CPU、インスタンス、使用中のアドレスの割り当てが増加しました。
これがどのように関連しているかはわかりませんが、この変更以降、HTTPS 経由で 1 つのインスタンスから別のインスタンスにファイルを取得するときにネットワーク タイムアウトが発生するようになりました。これは何ヶ月も正常に動作しており、何も変わっていません。
HTTPS 経由のリクエストは頻繁にタイムアウトします。HTTP 経由のリクエストでも、少しの遅延は見られますが、その後は問題なく継続します。以下は、クライアントからの curl リクエストと、それに対応するサーバー上の tcpdump 出力です。
HTTP経由のリクエスト
$ curl -v --trace-time http://devops.rightleads.io/index.html -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 008:08:13.543225 * Trying 35.185.203.219...
08:08:13.543298 * TCP_NODELAY set
08:08:13.544776 * Connected to devops.rightleads.io (35.185.203.219) port 80 (#0)
08:08:13.544823 > GET /index.html HTTP/1.1
08:08:13.544823 > Host: devops.rightleads.io
08:08:13.544823 > User-Agent: curl/7.52.1
08:08:13.544823 > Accept: */*
08:08:13.544823 >
0 0 0 0 0 0 0 0 --:--:-- 0:00:31 --:--:-- 008:08:45.657191 < HTTP/1.1 200 OK
08:08:45.657240 < Date: Wed, 28 Feb 2018 08:08:13 GMT
08:08:45.657250 < Server: Apache/2.4.10 (Debian)
08:08:45.657259 < Last-Modified: Thu, 09 Feb 2017 09:03:51 GMT
08:08:45.657268 < ETag: "29cd-54815428d497e"
08:08:45.657276 < Accept-Ranges: bytes
08:08:45.657285 < Content-Length: 10701
08:08:45.657294 < Vary: Accept-Encoding
08:08:45.657302 < Content-Type: text/html
08:08:45.657311 <
08:08:45.657319 { [1153 bytes data]
10 10701 10 1153 0 0 35 0 0:05:05 0:00:32 0:04:33 23608:08:45.658408 * Curl_http_done: called premature == 0
100 10701 100 10701 0 0 333 0 0:00:32 0:00:32 --:--:-- 2756
08:08:45.658454 * Connection #0 to host devops.rightleads.io left intact
$ sudo tcpdump -n "port 80 and src 35.230.104.58"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:08:13.546229 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [S], seq 172215436, win 28400, options [mss 1420,sackOK,TS val 21806385 ecr 0,nop,wscale 7], length 0
08:08:13.547155 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 801446930, win 222, options [nop,nop,TS val 21806386 ecr 3110841935], length 0
08:08:13.547162 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [P.], seq 0:94, ack 1, win 222, options [nop,nop,TS val 21806386 ecr 3110841935], length 94: HTTP: GET /index.html HTTP/1.1
08:08:13.548043 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1, win 240, options [nop,nop,TS val 21806386 ecr 3110841936,nop,nop,sack 1 {9857:10957}], length 0
08:08:33.567182 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1, win 240, options [nop,nop,TS val 21811391 ecr 3110841936,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.659840 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1409, win 262, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660284 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 2817, win 284, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660295 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 4225, win 306, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660637 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 5633, win 328, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660642 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 8449, win 372, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660699 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 10958, win 394, options [nop,nop,TS val 21814414 ecr 3110849964], length 0
08:08:45.660783 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [F.], seq 94, ack 10958, win 394, options [nop,nop,TS val 21814414 ecr 3110849964], length 0
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
HTTPS経由のリクエスト
$ curl -v --trace-time https://devops.rightleads.io/index.html -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 008:13:05.388543 * Trying 35.185.203.219...
08:13:05.388612 * TCP_NODELAY set
08:13:05.389866 * Connected to devops.rightleads.io (35.185.203.219) port 443 (#0)
08:13:05.390099 * ALPN, offering h2
08:13:05.390110 * ALPN, offering http/1.1
08:13:05.390157 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
08:13:05.397208 * successfully set certificate verify locations:
08:13:05.397517 * CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
08:13:05.397891 * TLSv1.2 (OUT), TLS header, Certificate Status (22):
08:13:05.398119 } [5 bytes data]
08:13:05.398525 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
08:13:05.398755 } [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:26 --:--:-- 008:13:31.881118 * TLSv1.2 (IN), TLS handshake, Server hello (2):
08:13:31.881139 { [98 bytes data]
08:13:31.881572 * TLSv1.2 (IN), TLS handshake, Certificate (11):
08:13:31.881600 { [2482 bytes data]
08:13:31.882172 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
08:13:31.882183 { [333 bytes data]
08:13:31.882355 * TLSv1.2 (IN), TLS handshake, Server finished (14):
08:13:31.882364 { [4 bytes data]
08:13:31.882628 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
08:13:31.882639 } [70 bytes data]
08:13:31.882663 * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
08:13:31.882671 } [1 bytes data]
08:13:31.882744 * TLSv1.2 (OUT), TLS handshake, Finished (20):
08:13:31.882753 } [16 bytes data]
08:13:31.882796 * Unknown SSL protocol error in connection to devops.rightleads.io:443
08:13:31.882811 * Curl_http_done: called premature == 1
08:13:31.882829 * stopped the pause stream!
0 0 0 0 0 0 0 0 --:--:-- 0:00:26 --:--:-- 0
08:13:31.882875 * Closing connection 0
curl: (35) Unknown SSL protocol error in connection to devops.rightleads.io:443
$ sudo tcpdump -n "port 443 and src 35.230.104.58"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:13:05.391343 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [S], seq 626835610, win 28400, options [mss 1420,sackOK,TS val 21879347 ecr 0,nop,wscale 7], length 0
08:13:05.392187 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 444717515, win 222, options [nop,nop,TS val 21879347 ecr 3110914897], length 0
08:13:05.400179 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [P.], seq 0:517, ack 1, win 222, options [nop,nop,TS val 21879349 ecr 3110914897], length 517
08:13:05.402478 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1, win 231, options [nop,nop,TS val 21879350 ecr 3110914899,nop,nop,sack 1 {2817:2938}], length 0
08:13:26.456426 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1, win 231, options [nop,nop,TS val 21884613 ecr 3110914899,nop,nop,sack 1 {2817:2939}], length 0
08:13:31.883439 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1409, win 253, options [nop,nop,TS val 21885970 ecr 3110921520,nop,nop,sack 1 {2817:2939}], length 0
08:13:31.883808 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 2939, win 275, options [nop,nop,TS val 21885970 ecr 3110921520], length 0
08:13:31.885078 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [P.], seq 517:643, ack 2939, win 275, options [nop,nop,TS val 21885970 ecr 3110921520], length 126
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel
答え1
これはもっと深く調査する必要があるようです。公開問題トラッカープロジェクト番号(数字のみ)を入力してください。プロジェクト ID を記入しないでください。作成後、問題へのリンクをお知らせください。