07-03-2012 07:42 AM
I have an ACE context sending TCP resets. The configuration is the same as another ACE in a different data center, and in the other data center it is working. I'm doing end-to-end SSL (SSL termination and initiation), and PCAP traces show the ACE sending the reset both to client and server. "show stats loadbalance" shows layer 7 rejections, but the layer 7 policy being matched is 'match http url .*'. Any ideas would be welcome.
Solved! Go to Solution.
07-03-2012 04:42 PM
Hi There,
In case everything looks good on the captures, meaning the SSL handshake and all that then perhaps you may consider to take a look of this bug and perhaps apply the workaround:
CSCtx92484
—During a Layer 7 file transfer is terminated after transferring approximately 16 kB of data. Workaround: Configure an HTTP parameter map and set the content-maxparse-length and header-maxparse-length to larger values. For example:
parameter-map type http PM-HTTP
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
Hope this helps
Jorge
07-03-2012 07:58 AM
Typically we would see L7 rejections when the server rejects the request. Do you see the ssl handshake to the backend complete successfully? If there is any issue the with the handshake then we would expect to see l7 rejections.
07-03-2012 04:42 PM
Hi There,
In case everything looks good on the captures, meaning the SSL handshake and all that then perhaps you may consider to take a look of this bug and perhaps apply the workaround:
CSCtx92484
—During a Layer 7 file transfer is terminated after transferring approximately 16 kB of data. Workaround: Configure an HTTP parameter map and set the content-maxparse-length and header-maxparse-length to larger values. For example:
parameter-map type http PM-HTTP
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
Hope this helps
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide