How cisco CSM parses packets?

Answered Question
Oct 29th, 2009
User Badges:

Hi all, Some days ago i had a problem with a Cisco CSM configuration. The short history is that i had to change the parse-length (virtual server submode) command to the max. 4000 bytes value for this implementation to work, if i dont do this the CSM sends resets to the client. what i would like to know is if someone knows how the CSM parses packets when it is "searching" for a string,cookie,etc, i am having some difficulties finding info about this.

Correct Answer by Gilles Dufour about 7 years 4 months ago

The parse length on the CSM is the amount of bytes we can store to find the needed information (ie: cookie).

So when we get an HTTP request or response the CSM will buffer everything it received up to max parse-len or header limit (\r\n\r\n).

Once we reached the end of the HTTP header we stop buffering.

While buffering we also start looking for the info that we need.

If we do find it we also stop buffering.


There is nothing magic here.

If the HTTP header gets so big that the info we are looking for goes beyond the max-parse-len when we start buffering looking for the info, we endup using all the buffer space allocated to the connection and decide to drop the connections as we don't know if the info is just not there, or somewhere further in the header but we don't have space to buffer more.


When the CSM was created a long time ago, 2000bytes for the header was normal.

Nowadays, http header tends to be bigger and it is very often require to bump the parse length even further than 4000 bytes.

This can be done with a variable.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Fri, 10/30/2009 - 03:50
User Badges:
  • Cisco Employee,

The parse length on the CSM is the amount of bytes we can store to find the needed information (ie: cookie).

So when we get an HTTP request or response the CSM will buffer everything it received up to max parse-len or header limit (\r\n\r\n).

Once we reached the end of the HTTP header we stop buffering.

While buffering we also start looking for the info that we need.

If we do find it we also stop buffering.


There is nothing magic here.

If the HTTP header gets so big that the info we are looking for goes beyond the max-parse-len when we start buffering looking for the info, we endup using all the buffer space allocated to the connection and decide to drop the connections as we don't know if the info is just not there, or somewhere further in the header but we don't have space to buffer more.


When the CSM was created a long time ago, 2000bytes for the header was normal.

Nowadays, http header tends to be bigger and it is very often require to bump the parse length even further than 4000 bytes.

This can be done with a variable.


Gilles.

Actions

This Discussion