cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
718
Views
0
Helpful
2
Replies

ACE issue with compression when SSL Initiation is turned on?

uzimmermannatc
Level 1
Level 1

We currently doing an evaluation of the Cisco ACE 4710 and have some sites where the backend is Tomcat and SSL is turned on. When we set Default L7 Load-Balancing Action to Load Balance with Compression Method Deflate (I haven't tried gzip yet), requests to these sites return badly mangled stuff. Like a gif image at 7,700 bytes comes back as a 7 bytes file, even default should only try compression on text/*.

Has anyone seen a similar issue?

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

You should really run version A3(2.3) because there is a huge list of defects related to ssl + compression.

If it continues to fail, you then need to open a server request so we can look at the info.

Sniffer trace + private key + config would be required to reproduce in-house.

Thanks,

Gilles.

It turned out the problem was a configuration issue and my understanding of the ACE works with compression, policies, etc.

In conjunction with this I seemed to have found a bug in the GUI, which is also still present in A3 (2.3). I now have a default L7 policy which just set SSL Initiation to ssl client. Added another L7 policy but when looking at the virtual server afterwards the GUI doesn't show that policy.

switch/Development# show running-config policy-map FORD-APP.PERF.AUTC.COM-l7slb

Generating configuration....

policy-map type loadbalance first-match F-APP.PERF.AUTC.COM-l7slb

class default-compression-exclusion-mime-type

serverfarm F-APP.PERF.AUTC.COM

compress default-method deflate

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

class class-default

serverfarm F-APP.PERF.AUTC.COM

insert-http rl_client_ip header-value "%is"

ssl-proxy client Backend

See attachment with screen shot of GUI

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: