Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TCP Window Size

Hi,

When downloading files from a server that connects via an SSL connetion terminated on CSS, we're seeing very slow download time. When we bypass the CSS and terminate the SSL connection directly on the server, downloads are approx. 5X faster.

The server has a TCP window size of 65535, can TCP windows be adjusted on a CSS for that particular service or content rule. What's the default TCP window size ?

Thanks.

Manjit.

3 REPLIES

Re: TCP Window Size

By default, the CSS sends a client-side or server-side TCP window size of 12,288 bytes

More details at

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/ssl/guide/terminat.html#wp1048283

Syed Iftekhar Ahmed

New Member

Re: TCP Window Size

Hi Syed,

Thanks for the link, it was very helpful...

One more thing, this is a snapshot of my SSL Proxy List config, can you let me know if you think it'll work. Especaially the TCP window size commands, does the order/placement matter here ?

ssl-proxy-list SSL1

ssl-server 1

ssl-server 1 rsakey INFO-test

ssl-server 1 rsacert INFO-test

ssl-server 1 vip address 10.10.55.10

ssl-server 1 cipher rsa-with-rc4-128-md5 10.10.55.10 88

ssl-server 1 tcp server window 40960

ssl-server 2

ssl-server 2 vip address 10.10.55.12

ssl-server 2 cipher rsa-with-rc4-128-md5 10.10.55.12 88

ssl-server 2 rsakey INFO-test-admin

ssl-server 2 rsacert INFO-test-admin

ssl-server 2 tcp server window 40960

ssl-server 1 urlrewrite 1 *

ssl-server 2 urlrewrite 2 *

ssl-server 1 ssl-queue-delay 0

ssl-server 2 ssl-queue-delay 0

ssl-server 1 tcp virtual nagle disable

ssl-server 2 tcp virtual nagle disable

ssl-server 3

ssl-server 3 rsakey INFO-test-su

ssl-server 3 rsacert INFO-test-su

ssl-server 3 vip address 10.10.55.14

ssl-server 3 cipher rsa-with-rc4-128-md5 10.10.55.14 88

ssl-server 3 urlrewrite 3 *

ssl-server 3 ssl-queue-delay 0

ssl-server 3 tcp virtual nagle disable

ssl-server 3 tcp server window 40960

active

Re: TCP Window Size

Use the following lines in your ssl services.

ssl-server <#> tcp server window 40960

ssl-server <#> tcp virtual window 40960

If it doesnt improve performance

try disabling the Nagle algorithm and setting the SSL Ack delay to

zero.

ssl-server 10 tcp virtual nagle disable

ssl-server 10 ssl-queue-delay 0

Syed

763
Views
9
Helpful
3
Replies
CreatePlease login to create content