I am seeing a strange behaviour in a ACE 4710 (A5(2.1)).
I have ssl proxy configured and it mostly works. The only problem is in one provider that is changing the mss to 536, for this https connection the ACE begins sending data and then just stops. Nothing appears at the ACE logs...
After some tests, a workaround has been found, if i configure a minimum mss with: set tcp mss min 600max 1380 then it works.
Does anyone had this type of behaviour? Is there another better fix/workaround?
If this is reproducible then i would suggest opening a case with TAC to investigate further. 536 is minimum value and ACE ideally should not stop forwarding it it is getting response from server and client. How do you know it was ACE which stopped passing traffic? Do we have a pcap showing that server replied with packet which ACE received and didn't forward to the client and vice-versa?
If you have all this information and show tech during the issue i would suggest opening a case with TAC for further investigation into the matter.
I have the same problem. The problem only occurs when incoming HTTPS is converted to HTTP on the ACE using NAT configuration. In one scenario the browser (10.170.44.71) send no MSS option when the connexion with the ACE (10.170.72.23) is initiated as in A) so default value of 536 is assumed
A) Trace from Client establishing a HTTPS connection
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...