Opened 5 years ago
Closed 5 years ago
#12102 closed Bug report (rejected)
SFTP uploads to Cerberus Server of 1GB+ fail
Reported by: | Rapidity | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | FileZilla Client |
Keywords: | SFTP fileshare Cerberus | Cc: | |
Component version: | Pro 3.46.3 | Operating system type: | Windows |
Operating system version: | Client 7/10 Server 2012r2/2019 |
Description
Our clients cannot upload large files to our Cerberus server v11 - anything 1 Byte over 1GB from a fileshare fails. Connection seems to reset and FZPro thinks the file is already there and asks to overwrite etc. If the file is on the computer local to FZPro the transfer works.
As far as I can tell this issue started with v3.46.1 – 3.46.0 worked OK. Issue happens with older versions of Cerberus too – tried a rolledback version of our server using v10 and the same issue.
A quick fix is to turn FileZilla's default connection timeout of 20 seconds off but our client does not see that as an acceptable solution (their users are prevented from making changes in the client - they are a financial institution).
Logs attached of a failed transfer (filezilla20sectimeout.log), a successful transfer (filezilla20sectimeout) and the corresponding Cerberus server log. File used was a 4GB Windows 10 installer – tested the successful upload by downloading it and doing an install from it.
Filezilla version is Filezilla Pro 3.46.3 and Cerberus version is 11.0.8.0 on a fully patched Windows Server 2019 AWS instance.
Attachments (3)
Change History (4)
by , 5 years ago
Attachment: | filezillanotimeout.log added |
---|
by , 5 years ago
Attachment: | cerberus.server.1.log added |
---|
by , 5 years ago
Attachment: | filezilla20sectimeout.log added |
---|
comment:1 by , 5 years ago
Resolution: | → rejected |
---|---|
Status: | new → closed |
Let's analyze the log, first the client:
From the client's perspective, the transfer starts normally, and eventually it initiates a key re-exchange after 1 GiB has been sent. It is a blocking command to which a reply is needed before the client can do anything else.
It took the server over 2 minutes to reply to the key exchange request.
Very quickly the client sends enough data to require another key exchange.
Eventually the transfer succeeds though.
Now the server:
That is a bizarrely large window.
This delay is very strange, why isn't this basically instant? This requires further investigation by the server administrator or the server vendor.
The bizarre window becomes grotesque.
Eventually the transfer succeeds.
Observations:
Conclusion: Too big of a window. The window size should not grow larger than than the bandwidth delay product. To illustrate, with this large of a window, at a network latency of as high as 200ms, a window of 4GB would require a network link capable of 160GBit/s to saturate
Solution: The server needs to advertise a much smaller window more suitable for its capabilities, additionally it probably should not buffer so much data to begin with and only take a packet from the network if its buyffers are mostly empty.