CSS11506 TCP window size issue

soumya.sarkar · ‎05-06-2008

Under some conditions, we are seeing the TCP Window Size being cut back to 0 by our CSS11506, even though there is no abnormal load or backend issues that we can see.

Any ideas on what to look for, to debug this further?

Gilles Dufour · ‎05-08-2008

If this is a Layer 3 or Layer 4 rule, the CSS will not modify the window size.

If this is a Layer 5 (http or ssl terminated on the CSS), then the window size can go down if the traffic comes in too fast.

We'll need to look at your sniffer trace and config to give you a better explanation.

Gilles.

soumya.sarkar · ‎05-08-2008

This is layer 5 and SSL terminated at the CSS11506. We have a sniffer trace from both sides, and we have opened a case with Cisco.

We are noticing that one in about a thousand HTTP POSTs is failing.

We were wondering if any issues have already been seen by others.

Gilles Dufour · ‎05-08-2008

There are commands that can be used to adjust the ssl behavior like ack-delay, ssl-queue, and recently tcp buffer-share.

What's your case number ?

I can have a look at the data attached to the case.

Gilles.

soumya.sarkar · ‎05-09-2008

Gilles, the case no is 608570365. Thanks!

soumya.sarkar · ‎05-11-2008

We have ack-delays and ssl-queue-delay for the frontend ssl set to 0, but not tcp-buffer-share. We also do not have the tcp window specified, so left at the default.

Would resetting ssl-queue-delay to default, and increasing window size help ?