Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

Service hits not hitting my source group

d.parks
Level 1
Level 1

‎08-20-2003 09:33 AM

I've run into an interesting problem with a TCP application.

I have a content rule setup to balance TCP traffic to two servers. This is a one-armed configuration so I am NAT/PAT'ing traffic using a source group.

When the TCP session is trying to be established, I see hits to the service itself, but not to the group with that same destination service configured.

I've run sniffer traces to look at the traffic and verified that the CSS seems to be dropping the traffic.

I tried a telnet from my PC to the virtual IP and TCP port, and that traffic seemed to route perfectly, but traffic from the devices that this configuration was meant for is being dropped.

The only difference I can see between my telnet TCP socket and the actual devices in question is that they are sending a TCP window size of zero. Could the CSS be seeing this as invalid?

When the devices are pointed directly at the server, they connect fine.

Any ideas?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-20-2003 11:01 PM

The window size of zero is not good.

It tells the CSS it can't send any single byte on this connection and this could be seen as a DoS attack.

So, it is definitely your problem.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents