07-18-2008 11:40 AM
Hi,
When downloading files from a server that connects via an SSL connetion terminated on CSS, we're seeing very slow download time. When we bypass the CSS and terminate the SSL connection directly on the server, downloads are approx. 5X faster.
The server has a TCP window size of 65535, can TCP windows be adjusted on a CSS for that particular service or content rule. What's the default TCP window size ?
Thanks.
Manjit.
07-18-2008 02:09 PM
By default, the CSS sends a client-side or server-side TCP window size of 12,288 bytes
More details at
Syed Iftekhar Ahmed
07-21-2008 07:55 AM
Hi Syed,
Thanks for the link, it was very helpful...
One more thing, this is a snapshot of my SSL Proxy List config, can you let me know if you think it'll work. Especaially the TCP window size commands, does the order/placement matter here ?
ssl-proxy-list SSL1
ssl-server 1
ssl-server 1 rsakey INFO-test
ssl-server 1 rsacert INFO-test
ssl-server 1 vip address 10.10.55.10
ssl-server 1 cipher rsa-with-rc4-128-md5 10.10.55.10 88
ssl-server 1 tcp server window 40960
ssl-server 2
ssl-server 2 vip address 10.10.55.12
ssl-server 2 cipher rsa-with-rc4-128-md5 10.10.55.12 88
ssl-server 2 rsakey INFO-test-admin
ssl-server 2 rsacert INFO-test-admin
ssl-server 2 tcp server window 40960
ssl-server 1 urlrewrite 1 *
ssl-server 2 urlrewrite 2 *
ssl-server 1 ssl-queue-delay 0
ssl-server 2 ssl-queue-delay 0
ssl-server 1 tcp virtual nagle disable
ssl-server 2 tcp virtual nagle disable
ssl-server 3
ssl-server 3 rsakey INFO-test-su
ssl-server 3 rsacert INFO-test-su
ssl-server 3 vip address 10.10.55.14
ssl-server 3 cipher rsa-with-rc4-128-md5 10.10.55.14 88
ssl-server 3 urlrewrite 3 *
ssl-server 3 ssl-queue-delay 0
ssl-server 3 tcp virtual nagle disable
ssl-server 3 tcp server window 40960
active
07-21-2008 03:18 PM
Use the following lines in your ssl services.
ssl-server <#> tcp server window 40960
ssl-server <#> tcp virtual window 40960
If it doesnt improve performance
try disabling the Nagle algorithm and setting the SSL Ack delay to
zero.
ssl-server 10 tcp virtual nagle disable
ssl-server 10 ssl-queue-delay 0
Syed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: