SSL cookie sticky setting on CSM = Large amout of TCP retransmissions
I've been troubleshooting a problem for some time now. We have a Cat6500 with Sup720, CSM version 4.2.5 and SSL version 2.1(10). My users are accessing our intranet like this;
Client Vlan -> FWSM -> CSM Vlan -> SSL ?> CSM -> Intranet servers. The communication between the CSM and the SSL is layer2 but everything else is routed layer 3.
When I use Ethereal to sniff the CSM/SSL Vlan I notice some occasional TCP-out-of-order messages, around 1 per 10-20 packets. But when I turn on SSL cookie stickiness on the virtual server that responds to HTTPS traffic from the users and directs this to the SSL modules I notice a sharp increase in the amount of TCP retransmissions and out-of-order messages. They increases to around 4-7 per 10 packets. At the same time as this is happening I get reports of users getting ?page cannot be displayed? when their browsers are sending POST-messages to the intranet.
I?ve read the release note for SSL module 2.1(10) and noticed that this was an issue that was supposed to be solved. I don?t however think this is related since everything is fine until I turn on SSL cookie sticky on the CSM
Re: SSL cookie sticky setting on CSM = Large amout of TCP retran
CSM header or cookie insert causes a TCP checksum error when the CSM operates under a heavy load (> 1000 conn/sec).The CSM may incorrectly set the TCP checksum, causing delays due to retransmission of the packets. This checksum error appears on both the client side and the server side. This situation occurs only with a virtual server using a cookie insert sticky group or a header insert function.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.