Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11506 TCP window size issue

Under some conditions, we are seeing the TCP Window Size being cut back to 0 by our CSS11506, even though there is no abnormal load or backend issues that we can see.

Any ideas on what to look for, to debug this further?

5 REPLIES
Cisco Employee

Re: CSS11506 TCP window size issue

If this is a Layer 3 or Layer 4 rule, the CSS will not modify the window size.

If this is a Layer 5 (http or ssl terminated on the CSS), then the window size can go down if the traffic comes in too fast.

We'll need to look at your sniffer trace and config to give you a better explanation.

Gilles.

New Member

Re: CSS11506 TCP window size issue

This is layer 5 and SSL terminated at the CSS11506. We have a sniffer trace from both sides, and we have opened a case with Cisco.

We are noticing that one in about a thousand HTTP POSTs is failing.

We were wondering if any issues have already been seen by others.

Cisco Employee

Re: CSS11506 TCP window size issue

There are commands that can be used to adjust the ssl behavior like ack-delay, ssl-queue, and recently tcp buffer-share.

What's your case number ?

I can have a look at the data attached to the case.

Gilles.

New Member

Re: CSS11506 TCP window size issue

Gilles, the case no is 608570365. Thanks!

New Member

Re: CSS11506 TCP window size issue

We have ack-delays and ssl-queue-delay for the frontend ssl set to 0, but not tcp-buffer-share. We also do not have the tcp window specified, so left at the default.

Would resetting ssl-queue-delay to default, and increasing window size help ?

206
Views
0
Helpful
5
Replies
CreatePlease to create content