ACE issue with compression when SSL Initiation is turned on?

Unanswered Question
Aug 12th, 2009

We currently doing an evaluation of the Cisco ACE 4710 and have some sites where the backend is Tomcat and SSL is turned on. When we set Default L7 Load-Balancing Action to Load Balance with Compression Method Deflate (I haven't tried gzip yet), requests to these sites return badly mangled stuff. Like a gif image at 7,700 bytes comes back as a 7 bytes file, even default should only try compression on text/*.

Has anyone seen a similar issue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 08/14/2009 - 00:24

You should really run version A3(2.3) because there is a huge list of defects related to ssl + compression.

If it continues to fail, you then need to open a server request so we can look at the info.

Sniffer trace + private key + config would be required to reproduce in-house.

Thanks,

Gilles.

uzimmermannatc Fri, 08/14/2009 - 00:30

It turned out the problem was a configuration issue and my understanding of the ACE works with compression, policies, etc.

In conjunction with this I seemed to have found a bug in the GUI, which is also still present in A3 (2.3). I now have a default L7 policy which just set SSL Initiation to ssl client. Added another L7 policy but when looking at the virtual server afterwards the GUI doesn't show that policy.

switch/Development# show running-config policy-map FORD-APP.PERF.AUTC.COM-l7slb

Generating configuration....

policy-map type loadbalance first-match F-APP.PERF.AUTC.COM-l7slb

class default-compression-exclusion-mime-type

serverfarm F-APP.PERF.AUTC.COM

compress default-method deflate

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

class class-default

serverfarm F-APP.PERF.AUTC.COM

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

See attachment with screen shot of GUI

Actions

This Discussion