CSS TCP Reset

Unanswered Question
Feb 28th, 2008
User Badges:

client through CSS port 13059 to server


randomly stops after 20 minutes and session is stopped - sniffer shows TCP Reset


Is there a default setting for TCP Resets on a CSS?

In the "show flow 0.0.0.0" how long do these remain before they are removed?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Diego Vargas Fri, 02/29/2008 - 12:52
User Badges:
  • Cisco Employee,

Hi Victoria


The CSS run a process called Garbage collection, this is because when booting up the CSS allocates part of its memory into FCBs (Flow Control Blocks) which are used to allocate flows on the flow table.


If the CSS would run out of FCBs, then it would not be able to handle more flows, for that reason iddle flows are removed from the Flow table, this is what "Garbage collection" is.


The default timeout for flows to be moved from the Flow Table to a spoof table is 16sec, so it is possible that those flows are getting garbage collected.


This is a possibility, but many other things might cause the issue, you said that traces show RST, did you got traces at both sides of the CSS? is the RST showing only between the CSS and the client? is it present on the server side?


Since this traffic is on port 13059 I would guess your content rule is layer 4, if so the CSS will just pass the traffic (no spoofing) so it would be important to veirfy that the RST is actually not coming from the server itself and being just forwarded as this is also a possibility.


Could you provide the CSS configuration and/or showtech? Can I see those traces?


Actions

This Discussion