Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does the Local Director answer syn's on behalf of a server.

I have a PIX with static's to virtual IP's on my local director. The PIX's embryonic connection limit is 50.

My probelm is that the Local Director is sometimes showing a very large number of syn's and the pix shows none.

From what I have read the PIX will increment the embyonic limit when it recieves a SYN and will not decrement until it gets the ACK from the Client.

The Local Director seems to Proxy the SYN and respond to the Client - this would pass through the PIX to the Client - the Client would respond - the PIX would recieve the ACK and decrement the Embrionic.

At the same time, The Local Director sends the SYN to the WEB Server and if the server does not respond the Local Director increments it's SYN count.

Could this be why the PIX does not have a high number of SYN's and the Local Director does.

Can anyonetell me exactly what the SYNGUARD feature in the Local Director does - it claims that it "protects" the real server - what does that mean - how does it protect it.

I am correct in saying that the Local Director answers syn's on behalf of a server.

Cisco Employee

Re: Does the Local Director answer syn's on behalf of a server.

the local director will respond to the SYN on behalf of the real server if it needs more information to do the loadbalancing.

For example if you have cookie-sticky or loadbalancing based on url.

Regarding SYNGUARD, I don't know exactly.

I'll do some research.

However, I would suggest to ask this question separately so the subject

really indicates what you're asking.


CreatePlease to create content