cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1213
Views
0
Helpful
5
Replies

TCP Splicing

mahendra.raj
Level 1
Level 1

Hi

Please can you tell me what is TCP splicing and how it works / helps.

I am having issue in HTTP redirect using CSM.

After my investigation I suspect the CSM takes age to reply SYN_ACK for SYN packets because of that internmittently redirect is not working.

I hope some one should have had the same issue, can you please share with how to fix this?

Thanks

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

TCP Splicing is explained here :

http://www.linuxvirtualserver.org/software/tcpsp/index.html

But it is not related to your issue.

Do you have a sniffer trace showing the problem ?

The only reason for the CSM not to respond immediately to a SYN is if it is overloaded.

It could also be because the SYN is dropped in the network.

Several 'show mod csm x tech' should show if the box is overloaded. Check counter with words like fifo, overflow, ...full.

Gilles.

Hi - Thanks for your reply.

I have attached the sniff traffic (Public IP is hidden)...

when ever I get the page time out.. I am seeing a firewall (Nokia) log saying

"tcp packet out of state first packet isn't syn tcp_flags syn-ack"

At the same time I can see on the CSM Conns = 1 under Vserver

#######################################################

sh module csm 3 vservers name MY_WEB-RD detail

MY_WEB-RD, type = SLB, state = OPERATIONAL, v_index = 52

virtual = 10.10.10.10/32:80 bidir, TCP, service = NONE, advertise = FALSE

idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4

max parse len = 2000, persist rebalance = TRUE

ssl sticky offset = 0, length = 32

conns = 1, total conns = 574

current load = 2, transition count = 0

Default policy:

server farm = HTTP_REDIRECT, backup =

sticky: timer = 0, subnet = 0.0.0.0, group id = 0

Policy Tot matches Client pkts Server pkts

-----------------------------------------------------

(default) 556 868 343

######################################################

Please advice this CSM is on our core, how safe it is to run the tech-support on this? I am bit afraid to run tech-support....!!!

In addition to that... I have bypassed the Nokia firewall and I tried it works perfectly no drops at all.. But I have this issue only when I go through the Nokia Firewall...!!!

Thanks for your help in advance...

do you have active and standby firewall ?

Is it possible that the CSM response goes to the wrong firewall ?

I know nokia firewalls use multicast mac-address which the CSM does not like very much...is the csm directly connected to the firewall ? Could you put the MSFC in between and route between msfc and firewall ?

G.

well.. the CSM is in Bridge mode and MSFC routes all the traffic to NOKIA...!!

Hi All,

Any further lights on this for me to fix this...please?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: