Why does SCA wait for ACK before sending #2 packet
I have a setup using a SCA11000 (220.127.116.11) SSL offloader and a CSS11052 (6.10.004) loadbalancer with a L5 rule. Let us assume that the users access the SCA via SSL, that decrypts and sends cleartext HTTP data to the loadbalancer.
If I enter in my browser a very long url (https://ip/1800caracters_URL) to this SCA and thereby creating a HTTP GET that spans multiple packet to the loadbalancer, I see with a Sniffer that the SCA send the first part of the request to the loadbalancer and then wait until the loadbalancer ACKs the TCP packet before it sends the second part of the HTTP GET.
At that point the loadbalancer has a complete request and can choose a backend server to serve the request.
The fact that the SCA waits for a TCP ACK before sending the second part of the HTTP GET introduces an unnecessary delay for 200 msecs for each of these kinds of requests.
I have tried to disable TCP slowstart on the SCA for that secure server, but it did not change this behaviour. TCP windows wide open.
Some Win2003 servers ACKs every second packet (acking packet #2 as the first one) or after 200 msek which causes the same delay because the SCA wants an acknowledgement before sending the second half of this long request. This behaviour can be changed on the server with a hotfix and a registrysetting which makes the server ACK every packet and not every second packet.
The SCA has a default retransmit timer of 100 msek, causing retransmitions which in some setups further prospones the final reply to the user. That can be easily adjusted thou.
Does anyone know how to get rid of these 200 msecs by tuning the SCA instead of the server and CSS (if possible) which I do not find very scalable. The SCA should send the complete request without delay as long as the TCP window allows it ?
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...