注意:我根據此後獲得的新見解編輯了該問題。
我已經在 gcloud 上創建了網頁 rl。我在 rl 下有多個其他子網路 - rlprod、rldev 等。自從我們開始使用 gcloud 以來,大概一年左右的時間,這個功能一直運作良好。在擴展網路時,我遇到了 gcloud 對該區域允許的 CPU 數量的限制,並提交了增加 CPU 限制的請求。他們增加了 CPU、實例和使用中位址的配額。
雖然我不確定這是如何連結的,但自從這項更改以來,我在透過 HTTPS 從一個實例向另一個實例獲取檔案時開始出現網路逾時。這幾個月來一直運作良好,沒有任何改變。
透過 HTTPS 的請求經常會逾時,即使透過 HTTP 的請求也確實會出現少量的停滯,但稍後會繼續正常。以下是來自客戶端的curl請求和伺服器上對應的tcpdump輸出
透過 HTTP 請求
$ curl -v --trace-time http://devops.rightleads.io/index.html -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 008:08:13.543225 * Trying 35.185.203.219...
08:08:13.543298 * TCP_NODELAY set
08:08:13.544776 * Connected to devops.rightleads.io (35.185.203.219) port 80 (#0)
08:08:13.544823 > GET /index.html HTTP/1.1
08:08:13.544823 > Host: devops.rightleads.io
08:08:13.544823 > User-Agent: curl/7.52.1
08:08:13.544823 > Accept: */*
08:08:13.544823 >
0 0 0 0 0 0 0 0 --:--:-- 0:00:31 --:--:-- 008:08:45.657191 < HTTP/1.1 200 OK
08:08:45.657240 < Date: Wed, 28 Feb 2018 08:08:13 GMT
08:08:45.657250 < Server: Apache/2.4.10 (Debian)
08:08:45.657259 < Last-Modified: Thu, 09 Feb 2017 09:03:51 GMT
08:08:45.657268 < ETag: "29cd-54815428d497e"
08:08:45.657276 < Accept-Ranges: bytes
08:08:45.657285 < Content-Length: 10701
08:08:45.657294 < Vary: Accept-Encoding
08:08:45.657302 < Content-Type: text/html
08:08:45.657311 <
08:08:45.657319 { [1153 bytes data]
10 10701 10 1153 0 0 35 0 0:05:05 0:00:32 0:04:33 23608:08:45.658408 * Curl_http_done: called premature == 0
100 10701 100 10701 0 0 333 0 0:00:32 0:00:32 --:--:-- 2756
08:08:45.658454 * Connection #0 to host devops.rightleads.io left intact
$ sudo tcpdump -n "port 80 and src 35.230.104.58"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:08:13.546229 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [S], seq 172215436, win 28400, options [mss 1420,sackOK,TS val 21806385 ecr 0,nop,wscale 7], length 0
08:08:13.547155 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 801446930, win 222, options [nop,nop,TS val 21806386 ecr 3110841935], length 0
08:08:13.547162 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [P.], seq 0:94, ack 1, win 222, options [nop,nop,TS val 21806386 ecr 3110841935], length 94: HTTP: GET /index.html HTTP/1.1
08:08:13.548043 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1, win 240, options [nop,nop,TS val 21806386 ecr 3110841936,nop,nop,sack 1 {9857:10957}], length 0
08:08:33.567182 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1, win 240, options [nop,nop,TS val 21811391 ecr 3110841936,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.659840 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 1409, win 262, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660284 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 2817, win 284, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660295 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 4225, win 306, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660637 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 5633, win 328, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660642 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 8449, win 372, options [nop,nop,TS val 21814414 ecr 3110849964,nop,nop,sack 1 {9857:10958}], length 0
08:08:45.660699 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [.], ack 10958, win 394, options [nop,nop,TS val 21814414 ecr 3110849964], length 0
08:08:45.660783 IP 35.230.104.58.42974 > 10.0.0.3.80: Flags [F.], seq 94, ack 10958, win 394, options [nop,nop,TS val 21814414 ecr 3110849964], length 0
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
透過 HTTPS 請求
$ curl -v --trace-time https://devops.rightleads.io/index.html -O
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 008:13:05.388543 * Trying 35.185.203.219...
08:13:05.388612 * TCP_NODELAY set
08:13:05.389866 * Connected to devops.rightleads.io (35.185.203.219) port 443 (#0)
08:13:05.390099 * ALPN, offering h2
08:13:05.390110 * ALPN, offering http/1.1
08:13:05.390157 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
08:13:05.397208 * successfully set certificate verify locations:
08:13:05.397517 * CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
08:13:05.397891 * TLSv1.2 (OUT), TLS header, Certificate Status (22):
08:13:05.398119 } [5 bytes data]
08:13:05.398525 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
08:13:05.398755 } [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:26 --:--:-- 008:13:31.881118 * TLSv1.2 (IN), TLS handshake, Server hello (2):
08:13:31.881139 { [98 bytes data]
08:13:31.881572 * TLSv1.2 (IN), TLS handshake, Certificate (11):
08:13:31.881600 { [2482 bytes data]
08:13:31.882172 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
08:13:31.882183 { [333 bytes data]
08:13:31.882355 * TLSv1.2 (IN), TLS handshake, Server finished (14):
08:13:31.882364 { [4 bytes data]
08:13:31.882628 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
08:13:31.882639 } [70 bytes data]
08:13:31.882663 * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
08:13:31.882671 } [1 bytes data]
08:13:31.882744 * TLSv1.2 (OUT), TLS handshake, Finished (20):
08:13:31.882753 } [16 bytes data]
08:13:31.882796 * Unknown SSL protocol error in connection to devops.rightleads.io:443
08:13:31.882811 * Curl_http_done: called premature == 1
08:13:31.882829 * stopped the pause stream!
0 0 0 0 0 0 0 0 --:--:-- 0:00:26 --:--:-- 0
08:13:31.882875 * Closing connection 0
curl: (35) Unknown SSL protocol error in connection to devops.rightleads.io:443
$ sudo tcpdump -n "port 443 and src 35.230.104.58"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:13:05.391343 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [S], seq 626835610, win 28400, options [mss 1420,sackOK,TS val 21879347 ecr 0,nop,wscale 7], length 0
08:13:05.392187 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 444717515, win 222, options [nop,nop,TS val 21879347 ecr 3110914897], length 0
08:13:05.400179 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [P.], seq 0:517, ack 1, win 222, options [nop,nop,TS val 21879349 ecr 3110914897], length 517
08:13:05.402478 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1, win 231, options [nop,nop,TS val 21879350 ecr 3110914899,nop,nop,sack 1 {2817:2938}], length 0
08:13:26.456426 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1, win 231, options [nop,nop,TS val 21884613 ecr 3110914899,nop,nop,sack 1 {2817:2939}], length 0
08:13:31.883439 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 1409, win 253, options [nop,nop,TS val 21885970 ecr 3110921520,nop,nop,sack 1 {2817:2939}], length 0
08:13:31.883808 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [.], ack 2939, win 275, options [nop,nop,TS val 21885970 ecr 3110921520], length 0
08:13:31.885078 IP 35.230.104.58.41360 > 10.0.0.3.443: Flags [P.], seq 517:643, ack 2939, win 275, options [nop,nop,TS val 21885970 ecr 3110921520], length 126
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel
答案1
這看起來需要更深入的調查。我建議你提出一個公共問題追蹤器與您的項目編號(只是數字)。請務必不要寫您的項目 ID。創建後,請向我提供問題的連結。