08-30-2011 05:11 PM
A couple of questions about parse length and its use in making a L7 lb decision. According to A3(2.7) docs, the ACE 4710 parses headers/urls upto 4096 bytes by default . From my reading, If the header/url exceeds this, ACE drops the packet unless the length-exceed continue parameter is used.
What I want to know is two things, assuming we are using default parse length values:
If the length-exceed continue parameter is set, does the ACE still only parse the first 4096 bytes or does it now parse the entire header/url?
If only the first 4096 bytes are still parsed, will the ACE still be able to make a match against a policy-map if the content to match is in that first 4096 bytes or will it only now be able to match against the default class because the header/url is >4096 bytes?
Solved! Go to Solution.
08-31-2011 08:34 AM
Hi,
for question 1, the ACE still stops parsing after the first 4096 bytes. The difference when "length-exceed continue" is used" is that the connection is not dropped but rather load balanced to a less specific match, like class-default if configured. After that, all the subsequent GET requests are not parsed anymore.
In general the ACE stops parsing once it finds what it needs, when it hits the end of the header, or when it hits the max-header-parse-length. So if there's a match in the first 4096 bytes of the header the connection should be load balanced to the proper sfarm. Anyway you can easily test this by sending specific headers to a test VIP.
hope this helps,
Fabrizio
09-05-2011 05:39 AM
Hi Richard,
I mean that the connection will be using the class-default sfarm unless a match is found on the fisrt 4096 bytes of the header. Without "length exceed continue" the connection is dropped unless a match is found in the first 4096 bytes.
hope this helps,
Fabrizio
08-31-2011 08:34 AM
Hi,
for question 1, the ACE still stops parsing after the first 4096 bytes. The difference when "length-exceed continue" is used" is that the connection is not dropped but rather load balanced to a less specific match, like class-default if configured. After that, all the subsequent GET requests are not parsed anymore.
In general the ACE stops parsing once it finds what it needs, when it hits the end of the header, or when it hits the max-header-parse-length. So if there's a match in the first 4096 bytes of the header the connection should be load balanced to the proper sfarm. Anyway you can easily test this by sending specific headers to a test VIP.
hope this helps,
Fabrizio
09-01-2011 03:33 AM
Hi Fabrizio
Sorry but can I just confirm what you are saying. If 'length exceed continue' "is used" then will that connection always be load-balanced to a less specific match, like class-default if configured, instead of being load-balanced correctly if a match is found in the first 4096 bytes?
cheers
Richard
09-05-2011 05:39 AM
Hi Richard,
I mean that the connection will be using the class-default sfarm unless a match is found on the fisrt 4096 bytes of the header. Without "length exceed continue" the connection is dropped unless a match is found in the first 4096 bytes.
hope this helps,
Fabrizio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide