Solved: ACE sending resets

d_p_grant · ‎07-03-2012

I have an ACE context sending TCP resets. The configuration is the same as another ACE in a different data center, and in the other data center it is working. I'm doing end-to-end SSL (SSL termination and initiation), and PCAP traces show the ACE sending the reset both to client and server. "show stats loadbalance" shows layer 7 rejections, but the layer 7 policy being matched is 'match http url .*'. Any ideas would be welcome.

Jorge Bejarano · ‎07-03-2012

Hi There,

In case everything looks good on the captures, meaning the SSL handshake and all that then perhaps you may consider to take a look of this bug and perhaps apply the workaround:

CSCtx92484

—During a Layer 7 file transfer is terminated after transferring approximately 16 kB of data. Workaround: Configure an HTTP parameter map and set the content-maxparse-length and header-maxparse-length to larger values. For example:

parameter-map type http PM-HTTP

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535
 
Hope this helps
 
Jorge

View solution in original post

cpomeroy · ‎07-03-2012

Typically we would see L7 rejections when the server rejects the request. Do you see the ssl handshake to the backend complete successfully? If there is any issue the with the handshake then we would expect to see l7 rejections.

Jorge Bejarano · ‎07-03-2012

Hi There,

In case everything looks good on the captures, meaning the SSL handshake and all that then perhaps you may consider to take a look of this bug and perhaps apply the workaround:

CSCtx92484

—During a Layer 7 file transfer is terminated after transferring approximately 16 kB of data. Workaround: Configure an HTTP parameter map and set the content-maxparse-length and header-maxparse-length to larger values. For example:

parameter-map type http PM-HTTP

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535
 
Hope this helps
 
Jorge