ACE issue with compression when SSL Initiation is turned on?

Unanswered Question
Aug 12th, 2009
User Badges:

We currently doing an evaluation of the Cisco ACE 4710 and have some sites where the backend is Tomcat and SSL is turned on. When we set Default L7 Load-Balancing Action to Load Balance with Compression Method Deflate (I haven't tried gzip yet), requests to these sites return badly mangled stuff. Like a gif image at 7,700 bytes comes back as a 7 bytes file, even default should only try compression on text/*.

Has anyone seen a similar issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Fri, 08/14/2009 - 00:24
User Badges:
  • Cisco Employee,

You should really run version A3(2.3) because there is a huge list of defects related to ssl + compression.

If it continues to fail, you then need to open a server request so we can look at the info.

Sniffer trace + private key + config would be required to reproduce in-house.



uzimmermannatc Fri, 08/14/2009 - 00:30
User Badges:

It turned out the problem was a configuration issue and my understanding of the ACE works with compression, policies, etc.

In conjunction with this I seemed to have found a bug in the GUI, which is also still present in A3 (2.3). I now have a default L7 policy which just set SSL Initiation to ssl client. Added another L7 policy but when looking at the virtual server afterwards the GUI doesn't show that policy.

switch/Development# show running-config policy-map FORD-APP.PERF.AUTC.COM-l7slb

Generating configuration....

policy-map type loadbalance first-match F-APP.PERF.AUTC.COM-l7slb

class default-compression-exclusion-mime-type

serverfarm F-APP.PERF.AUTC.COM

compress default-method deflate

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

class class-default

serverfarm F-APP.PERF.AUTC.COM

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

See attachment with screen shot of GUI


This Discussion