Hi David,

For what it is worth, I tried replicating this in our environment while capturing traffic:
    telnet toaster 50
    vs
    telnet toaster 5050

In the first case (Frame #1-#3), the NetApp doesn't answer the TCP SYN packets from my client.  TCP sends one SYN, stalls for 3 seconds, sends another SYN, stalls for 8 seconds, sends a third SYN, stalls again, then gives up.

In the second case (starts with Frame #4), the NetApp responds immediately with a TCP RST.   [The 'SH...' host is the client; the 'RU...' host is the NetApp.]  The client tries three times and ONTAP Resets each time.



Here the behaviors of a handful of operating systems:
    Windows:  Silence for both upper and lower ports
    Linux/Solaris/OpenVMS:  TCP RSTs for both upper and lower ports
    ONTAP:  TCP RSTs for upper ports; Silence for lower ports

So, I think your question can be refined as follows:
    Is there an Option which changes the TCP stack's behavior, such that it issues a TCP RST for all TCP Ports (on which no daemon is listening), not just for the upper ports?

You might poke through the output of the CLI command 'options' ... I'm not hopeful though ... I don't see anything promising:

options | grep tcp
cifs.netbios_over_tcp.enable on         
ftpd.tcp_window_size         28960      
ip.tcp.batching.enable       on         (value might be overwritten in takeover)
ip.tcp.newreno.enable        on         (value might be overwritten in takeover)
ip.tcp.sack.enable           on         (value might be overwritten in takeover)
ndmpd.tcpnodelay.enable      off        
nfs.tcp.enable               on         
rpc.mountd.tcp.port          4046       
rpc.nlm.tcp.port             4045       
rpc.nsm.tcp.port             4047       
rpc.pcnfsd.tcp.port          4048       

--sk

Stuart Kendrick
FHCRC

On 4/30/2012 3:23 AM, David Lee wrote: 
A TCP connection towards an arbitrary high port number (>=1024) on the 
NetApp seems to return "connection refused" instantly.

By contrast, a connection towards a low port number waits for several 
minutes, then something times out.  I imagine this is related to 
assisting security etc.

As part of our transition from our previous non-NetApp fileserver, it 
would be very useful if we could persuade the NetApp to return a quick 
"connection refused" on a particular low port number.  But we cannot see 
a way to adjust this behaviour (either for a particular low port or for 
all low ports).  Is this possible?  If so, could you point us to the 
relevant documentation, please?

(If it is not possible, we can probably put a workaround in the external 
application.)

-- David Lee
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters