Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2420
Views
0
Helpful
2
Replies

websockets TCP RST through ASA+IPS and ACE

msantiveri
Level 1
Level 1

ā€Ž01-14-2015 03:30 AM

Hello,

We recently deployed a new websockets project within our existing web infrastructure. The websockets traffic (as all the rest of normal web traffic) is crossing an ASA + IPS module  where I do NAT and and then is forwarded to an ACE load balancer where two real server are configured in the server farm in active/standby mode (not load balancing) due the websockets nature. Everything seems to work fine but sometimes (once every 4 days or so) and based upon the server logs a TCP Reset gets the application server and bring down the whole application.

It's clear that this application as a bug but I would like to avoid that TCP reset as a workaround while application team fix the ibug as the go-live is soon. Anybody faced this issue and can help me to find where that supposed TCP reset comes from? I didn't get IPS alerts.

Server log:

"Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)"

 

Thanks,

Miquel

Labels:
0 Helpful
2 Replies 2

Kanwaljeet Singh
Cisco Employee
Cisco Employee

ā€Ž01-15-2015 07:01 AM

Hi Miquel,

A packet capture on the server shall show the origin of TCP RST. If you are natting the source traffic then take front end pcaps at front end of firewall as well as at backend and similarly for ACE, to see what is the origin of TCP RST. Normally, it should be from client if it is received on the server. LB's just forward the traffic to the server but it depends and it could be loadbalancer resetting the connection. But we don't have any details to be sure. So packet captures would be our best friend here.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

msantiveri
Level 1
Level 1
In response to Kanwaljeet Singh

ā€Ž02-05-2015 05:31 AM

Hello and thanks Knawal for your reply.

For anyone that could be interested in the future, the resets came from the load balancer because of the "connection term forced" command in the probe configuration. Those fequent resets sent from the load balancer probe was bringing the service down, the websockets software provider fixed this issue with a patch.

Kind regards,

Miquel

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents