Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2658
Views
10
Helpful
3
Replies

ACE parse length and lengh exceed query

Go to solution
rcullum
Level 1
Level 1

‎08-30-2011 05:11 PM

A couple of questions about parse length and its use in making a L7 lb decision. According to A3(2.7) docs, the ACE 4710 parses headers/urls upto  4096 bytes by default  . From my reading, If the header/url exceeds this, ACE drops the packet unless the length-exceed continue parameter is used.
What I want to know is two things, assuming we are using default parse length values:

If the length-exceed continue parameter is set, does the ACE still only parse the first 4096 bytes or does it now parse the entire header/url?

If only the first 4096 bytes are still parsed, will the ACE still be able to make a match against a policy-map if the content to match is in that first 4096 bytes  or will it only now be able to match against the default class because the header/url is >4096 bytes?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Fabrizio Pedracini
Cisco Employee
Cisco Employee

‎08-31-2011 08:34 AM

Hi,

for question 1, the ACE still stops parsing after the first 4096 bytes. The difference when "length-exceed continue" is used" is that the connection is not dropped but rather load balanced to a less specific match, like class-default if configured. After that, all the subsequent GET requests are not parsed anymore.

In general the ACE stops parsing once it finds what it needs, when it hits the end of the header, or when it hits the max-header-parse-length. So if there's a match in the first 4096 bytes of the header the connection should be load balanced to the proper sfarm. Anyway you can easily test this by sending specific headers to a test VIP.

hope this helps,

Fabrizio

View solution in original post

Go to solution
Fabrizio Pedracini
Cisco Employee
Cisco Employee
In response to rcullum

‎09-05-2011 05:39 AM

Hi Richard,

I mean that the connection will be using the class-default sfarm unless a match is found on the fisrt 4096 bytes of the header. Without "length exceed continue" the connection is dropped unless a match is found in the first 4096 bytes.

hope this helps,

Fabrizio

View solution in original post

3 Replies 3

Go to solution
Fabrizio Pedracini
Cisco Employee
Cisco Employee

‎08-31-2011 08:34 AM

Hi,

for question 1, the ACE still stops parsing after the first 4096 bytes. The difference when "length-exceed continue" is used" is that the connection is not dropped but rather load balanced to a less specific match, like class-default if configured. After that, all the subsequent GET requests are not parsed anymore.

In general the ACE stops parsing once it finds what it needs, when it hits the end of the header, or when it hits the max-header-parse-length. So if there's a match in the first 4096 bytes of the header the connection should be load balanced to the proper sfarm. Anyway you can easily test this by sending specific headers to a test VIP.

hope this helps,

Fabrizio

Go to solution
rcullum
Level 1
Level 1
In response to Fabrizio Pedracini

‎09-01-2011 03:33 AM

Hi Fabrizio

Sorry but can I just confirm what you are saying.  If 'length exceed continue' "is used" then will that connection always be load-balanced to a less specific match, like class-default if configured, instead of  being load-balanced correctly if a match is found in the first 4096 bytes?

cheers

Richard

0 Helpful

Go to solution
Fabrizio Pedracini
Cisco Employee
Cisco Employee
In response to rcullum

‎09-05-2011 05:39 AM

Hi Richard,

I mean that the connection will be using the class-default sfarm unless a match is found on the fisrt 4096 bytes of the header. Without "length exceed continue" the connection is dropped unless a match is found in the first 4096 bytes.

hope this helps,

Fabrizio

Customers Also Viewed These Support Documents