cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
0
Helpful
1
Replies

CSS TCP Reset

victoria.m.hale
Level 1
Level 1

client through CSS port 13059 to server

randomly stops after 20 minutes and session is stopped - sniffer shows TCP Reset

Is there a default setting for TCP Resets on a CSS?

In the "show flow 0.0.0.0" how long do these remain before they are removed?

1 Reply 1

Diego Vargas
Cisco Employee
Cisco Employee

Hi Victoria

The CSS run a process called Garbage collection, this is because when booting up the CSS allocates part of its memory into FCBs (Flow Control Blocks) which are used to allocate flows on the flow table.

If the CSS would run out of FCBs, then it would not be able to handle more flows, for that reason iddle flows are removed from the Flow table, this is what "Garbage collection" is.

The default timeout for flows to be moved from the Flow Table to a spoof table is 16sec, so it is possible that those flows are getting garbage collected.

This is a possibility, but many other things might cause the issue, you said that traces show RST, did you got traces at both sides of the CSS? is the RST showing only between the CSS and the client? is it present on the server side?

Since this traffic is on port 13059 I would guess your content rule is layer 4, if so the CSS will just pass the traffic (no spoofing) so it would be important to veirfy that the RST is actually not coming from the server itself and being just forwarded as this is also a possibility.

Could you provide the CSS configuration and/or showtech? Can I see those traces?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: