Cisco ACE module - SSL TPS limit

Unanswered Question
Jul 6th, 2010
User Badges:

Hi


How does the ACE handle incoming requests when the SSL TPS in being breached.


The current licence is 10000 tps and we have todays deny count at 1700.


Oddly the resource count on the standby device is different to the primary one?


Thanks


Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
UHansen1976 Tue, 07/06/2010 - 12:11
User Badges:
  • Bronze, 100 points or more

Hi Mark,


Well, off hand I can think of two reasons:


1) You are indeed exceeding the maximum ssl connection-rate. If you issue a 'show resource usage', does it give any indication, that this is happening?


2) You might have hit a bug. What sw-version are you running? Going through the releasenotes, there have been reported some problems concerning

    ssl-connections. Try and have a look at the release notes here http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html


As far as the resource-counter goes, I've never thought of it myself, but I would expect the ace-modules to maintain seperate resource-counters and only display local resource-usage, since it is possible to distribute the load across both modules, when operating in an FT-pair.


Also, are you running ace in multiple context mode and if so, does this problem occur on all contexts or only a single one? If so, it might be a resource-limitation issue.


hth


/Ulrich

Actions

This Discussion