IPA Issue - Downlink Throughput Degradation
Problem
In the customer environment, the downlink throughput will drop to 30% after 8-12 hours.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
The workaround to resolve this issue is to reboot or rescan.
Preliminary Observation
- When the traffic is sent by TCP, IPA will learn the rule and send the traffic by this rule. (The maximum rule number for IPA is 500)
- Ideally, this rule should be deleted shortly after the traffic is finished.
- But in fact, the rule was not deleted and timeout showed five days, so the rule number will increase until it hits the limit.
Workaround
- To mitigate this issue, we modify the timeout manually from five days to ten minutes.
Root Casue
- The ipacm daemon will periodically update the timeout of the conntrack that it has recorded.
- This action is used to prevent the conntrack from being removed because the Linux kernel is unaware of the traffic that go through IPA directly.
Solution
- To resolve this race condition, the timeout of conntrack must be updated only when its state is
ESTABLISHED
.
- And we found there are some fixes for this issue in qcom-opensource repositories.
(The ipanat library has been separated into another repository in newer versions)
- dataipa, data-ipa-cfg-mgr
- The patch used to solve this problem is located at the
~/mojito-sdk/trunk/buildroot/external/package/SdxPkgs/meta-qti-data/data-ipa-cfg-mgr/LE.UM.4.4.2.r1-02200-SDX55/0006-check-redirect-flag-for-nat-entry.patch
, which combines the above two fixes from qcom
opensource repository.