ACE 4710: Config Allows all traffic except large HTTP downloads

Unanswered Question
Mar 17th, 2010
User Badges:

Hi Folks,

Got an ACE 4710 with a basic config that seems to work for all traffic except large downloads.


I've attached the current config


As I mentioned I can do normal HTTP to a standard destination like google or SSH through the ACE or ICMP


If i try to get a large file from the server side of ACE, then a trace shows that the first and subsequent 1460Byte packets dont go through ACE


I've thought of parse lengths, but i cannot see any that seem to affect the generic L4 maps that I am trying to use


Cheers

Alan

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Pablo Thu, 03/25/2010 - 22:12
User Badges:
  • Cisco Employee,

Hey,


Have you checked if the host that you're testing with is using a Windows Scale Option? You can confirm this taking a capture on the client side?


Can you get the output of show stats http ? What kind of error are you getting when the download gets cut off?



--

Pablo

Cisco TAC

Peter Koltl Fri, 03/26/2010 - 13:56
User Badges:
  • Silver, 250 points or more
  • Community Spotlight Award,

    Member's Choice, March 2016

I've seen a similar fault. I suppose a lower MSS was sent in the TCP SYN handshake packets (1300 or 1380?) and the packets exceeding that value were dropped by the ACE. This is the default behavior which can be switched to a less strict mode by either


exceed-mss allow


or


no normalization


commands.


In our case, a linux web server was whose replies wouldn't keep to the MSS limit.

Actions

This Discussion

Related Content