I am having a problem with my core network.
Currently I have a DELL PowerConnect 5524 which has a SFP+ (10Gbe) Module connected to another 5524 (Same transceiver on both) which is also stacked with a Powerconnect 5548 (via HDMI)
Like this:
However, I was recently doing some investigation into why our transatlantic IPSEC VPN so performing so badly and started doing some Wireshark packet captures and tcpdumps from the Watchguard.
I noticed huge amounts of TCP Re-transmissions and Duplicate ACKs (which after the 4th ACK triggers a re-transmit (SACKs).
However, I connected my laptop directly to the 5524 on the left and SSH'd into the device, whilst running a packet capture. Still getting lots of the above errors.
Can anyone help me? or tell me why the think that even after connecting directly to the switch and talking to the switch itself would give me these results?
I've turned off practically all Layer 3 features on the port my laptop is using and still the errors remain.
UPDATE Example PacketCap Uploaded Here: https://www.cloudshark.org/captures/882b8189541d
Best Answer
You're (192.168.0.164 ) directly connected to the switch (10.168.0.106) you're SSH'in into and you get dup ACK and retransmit... There is something not right , seems that the Network Gremlins are hungry.
What does the switches error counters say?
Also note that some devices puts traffic to/from the control plane at a lower priority than the data plane. SSH directly to the switch might not reveal the problem you think it's revealing. What about connecting to something else on the switch, do you see the same symptoms?