04-17-2009 03:44 PM
Hi,all,
I am testing ACE module@7606,
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1_69.bin
installed license: ACE-SSL-05K-K9.
I wanta know if it is caused by license,Please help~~:)
Phenomenon:
1. Client sends a HTTP request to server
2. server returns a HTTP response to Client, the response contains a HTTP URL and HTTP body, server sends HTTP URL first, then sends HTTP body right now.
3. Client receives the HTTP URL first, after about 200ms, Client receives the HTTP body.
. Root cause:
1. If ACE receives the HTTP URL from rserver, it forwards the URL to Client. Then ACE will wait for a TCP ACK from client, before ACE receive the TCP ACK from client, it will not forward the HTTP body following to Client, the action is caused by TCP Slow Start algorithm. Windows Client will send the TCP ACK to ACE after about 200ms(40ms for Linux), the action is caused by TCP Delayed ACK algorithm. So from client side, it costs more than 200ms(or 40ms) to receive the entire HTTP response.
. Solution:
1. Disable Slow Start algorithm to VIP on ACE
. Existing Issue:
1. After disable Slow Start algorithm, the response time will be normal if Client access WAPI by VIP with SSL(means HTTPS). But the issue still exist if Client access server by VIP without SSL(means HTTP).
2. I associate a policy of stickiness to VIP, both SSL and non-SSL. If I remove the policy of stickiness, the response time will be normal. It seems the policy of stickiness will make Slow Start algorithm enable.
Solved! Go to Solution.
04-19-2009 10:01 PM
It should work.
Send your complete config and sniffer trace.
Also, since your internal cisco employee why don't you try our internal alias ??
G.
04-19-2009 08:03 AM
slowstart is disabled by default on ACE.
switch/Admin# show parameter-map AllowMss
Parameter-map : AllowMss
Type : connection
nagle : disabled
slow start : disabled
buffer-share size : 32768
inactivity timeout (seconds) : TCP: 3600, UDP: 120, ICMP: 2
embryonic timeout (seconds) : 5
ack-delay (milliseconds) : 200
But the ack-delay is indeed 200msec.
Try to set the ack-delay to a lower value and see if that improves the situation.
Gilles.
04-19-2009 06:20 PM
Thank you Gilles,
I changed ack-delay to 1, not work; seems ace take 200ms to waitting for client's response
aeneas
04-19-2009 10:01 PM
It should work.
Send your complete config and sniffer trace.
Also, since your internal cisco employee why don't you try our internal alias ??
G.
04-19-2009 10:40 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide