08-12-2009 10:05 AM
We currently doing an evaluation of the Cisco ACE 4710 and have some sites where the backend is Tomcat and SSL is turned on. When we set Default L7 Load-Balancing Action to Load Balance with Compression Method Deflate (I haven't tried gzip yet), requests to these sites return badly mangled stuff. Like a gif image at 7,700 bytes comes back as a 7 bytes file, even default should only try compression on text/*.
Has anyone seen a similar issue?
08-14-2009 12:24 AM
You should really run version A3(2.3) because there is a huge list of defects related to ssl + compression.
If it continues to fail, you then need to open a server request so we can look at the info.
Sniffer trace + private key + config would be required to reproduce in-house.
Thanks,
Gilles.
08-14-2009 12:30 AM
It turned out the problem was a configuration issue and my understanding of the ACE works with compression, policies, etc.
In conjunction with this I seemed to have found a bug in the GUI, which is also still present in A3 (2.3). I now have a default L7 policy which just set SSL Initiation to ssl client. Added another L7 policy but when looking at the virtual server afterwards the GUI doesn't show that policy.
switch/Development# show running-config policy-map FORD-APP.PERF.AUTC.COM-l7slb
Generating configuration....
policy-map type loadbalance first-match F-APP.PERF.AUTC.COM-l7slb
class default-compression-exclusion-mime-type
serverfarm F-APP.PERF.AUTC.COM
compress default-method deflate
insert-http rl_client_ip header-value "%is"
ssl-proxy client Backend
class class-default
serverfarm F-APP.PERF.AUTC.COM
insert-http rl_client_ip header-value "%is"
ssl-proxy client Backend
See attachment with screen shot of GUI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide