cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
305
Views
5
Helpful
2
Replies

Sorry server connection much slower

wilson_1234_2
Level 3
Level 3

I have a CSS configured for server failover in one armed mode on the ouside Interface of PIX firewall.

During failover the secondary server is at DR site, so data path is through PIX to inside network across DS3 to DR PIX DMZ.

The path from PIX through inside network to PIX is encapsulated in a VPN tunnel for security of client information.

The secondary during failover is extremely slow from Internet.

I am thinking there could be an MTU issue and fragmentation.

pinging with "do not fragment" flag set shows only 990 bytes getting through without fragmentation.

Is there anything that can be done on the CSS to help this issue?

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

why do you think this is a CSS issue ??

From your information, there is no evidence the css is doing anything wrong.

I would suggest to perform a test from a controlled client, capture sniffer traces at different places and see where the delay is coming from.

Gilles.

I wasn't thinking the CSS was causing the problem, but was asking if there was something that could be done if there is packet fragmentation.

The HQ side server responds normally, the DR on is slow.

I captured a trace from my workstation and can see fragmentation of the packets.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: