cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
751
Views
0
Helpful
3
Replies

ACE30 damages http request

p.hruby
Level 1
Level 1

I've experienced the following problem with our ACE service module.

HTTP POST request goes from client to VIP of ACE. This request consists of large amount of binary data:

 

POST /czgda-itpb/service/ HTTP/1.1

Content-Type: text/xml; charset=utf-8

LG_Header: Interaction=1Gjw9fKcZICtKfnsRgEWImkK;Locus=VdOQxx4lTOHXYSEhFO2EpA==;Flow=v2jw9fKcZICtKfnsRgEWImkK;Chain=02jw9fKcZICtKfnsRgEWImkK;UpstreamOpID=/gmrSn8gPf+xiA+WqKWgBw==;CallerAddress=sjok-esb2.cpas.cz;CalleeAddress=isv-prod.cpas.cz;

User-Agent: Java1.6.0_45

Host: isv-prod.cpas.cz

Accept: text/html, image/gif, image/jpeg, */*; q=.2

Connection: Keep-Alive

Content-Length: 115249

 

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><ns223:msg msgId="59c27338-3e81-426d-88fa-aba55fbc0dec"

... removed ...

<binaryData>JVBERi0xLjQKJeLjz9MNCjYgMCBvYmoKPDwKL1R5cGUvWE9iamVjdAovU3VidHlwZS9JbWFnZQovV2lk
dGggMjQ4MQovSGVpZ2h0IDM1MDgKL0JpdHNQZXJDb21wb25lbnQgOAovQ29sb3JTcGFjZS9EZXZp
Y2VDTVlLCi9GaWx0ZXIvRmxhdGVEZWNvZGUKL0xlbmd0aCA2MTg5NQo+PgpzdHJlYW0KeJzs3b/P

... removed ...

zbarJWNSGO7NtYb
xWtrKNZTu9bp9ZzZH166yk4pe6/a/TSnJ8t+XuuhWl6n9b6v7UvZqw2btVjxu3t9fuL4Yn9r98Ss
hi1p19Zs1lpbtmrD1tCuZc1ac7vW0rA1tmy931cAAAAAAAAAQJ80bPdHw6Zh6/350bBp2AAAAAAA
AACA41s6I7KpYRtpn8Y6n6xFGr5G1k6Qy67p03V6vB5zZ1eW8ytr8y3Xathqx9naqo393qzZkw1r
rFfbqmEbNmvl/u+1XQvxubN4hmjW0y5o16q9WUMX1tzFzWjVWmeKVlu2Je1d8nm8l/sLAAAAAACY
9vz1y4f1wXe+Nbri5wAAl9KwHZeGTcOmYdOwadgAAAAAAIClNGwAwNaq7VrSPU21bFm7VvYl8XXa
rj3+XksrcS+y6zXWpcSelY3alr3Z3NfKurSpVm3OTNDF8yU3atnG2rUtGrb42VP7mXRNvXuaIfp4
HrV7oTYndKpdKz/Tys4sbdcuWXNf+xqzRCd6taxljq/L99pbKwkAAAAAAPfuvRfPH9Z3f/aTh/Wn
f/e3n5zWf/H//cc/mrPefPmrV7Fef/7m2WnFawMAjNGw7YuGTcOmYdOwadgAAAAAAIAtaNgAgGub
266VzUI2f++thm2i4xmbIVr2KGW3tscG51JZqxYr9ijrAS9p1NZo29bu0WqzQLecC7rWLNHaDNTW
61K2a8PvxfvvafbuWPNU3t/NDVvSqS2ZIbpJu1bpxjZ5j4netaWvm2rYynWvn9cAAAAAALBX3/zx
pw9rbqu2ZH3685++c1qaNgDgRMO2Dxo2DZuGTcOmYQMAAAAAALakYQMAriWb7dbarmUN22i7k8wQ
zTqUcpUdxJFn0VVnghbXIfYw65e2bNLWnPe5xnzP6t82zJG8eFWOZcuGrbz2w/fdY0M01lZlM0TL
Pau1ay2r/KxLe7KkC8w606mVfv5e0KE1N2qNPd2chq3c9/h9M0UBAAAAAKBPc9u1mA+6ZtMWc0vf
Pf1bxN+vNcVrfvCdbz2sON9v/+WfP6wf/PoX7x9hrbppALAxDVufNGwaNg3bVzRsGjYAAAAAAOC6
NGy37880bADcm6s2bDNniMYq+5uxYz+K2nWI/c26pbH5kXP7tDV6tDVatNEGbEFHVv7tnH6pdR7u
lg1b6yqveRzL2HOyh+emfAaGnzfZjNy5M0Rb2rXW2aGtXdrU9ai91pKG7eJ2LWnZyv8GjP33oNzL
s9miWjYAAAAAAOhGdFxT7Vq0ai8/++TZaT1//fJhbdGwxfrhb3/z+rSiN1simrXo4q4xG7WHtfIt
AgCb0rD1RcOmYdOwfUXDpmEDAAAAAACuR8N2vLXyLQIAq2tqIpJ2LZs

... removed ...

 

 

==============================================================================

When this communication leaves ACE towards the final recipient (rserver) this POST message is damaged and part of <binaryData> content is moved at the beginning of http communication:

 

zbarJWNSGO7NtYb
xWtrKNZTu9bp9ZzZH166yk4pe6/a/TSnJ8t+XuuhWl6n9b6v7UvZqw2btVjxu3t9fuL4Yn9r98Ss
hi1p19Zs1lpbtmrD1tCuZc1ac7vW0rA1tmy931cAAAAAAAAAQJ80bPdHw6Zh6/350bBp2AAAAAAA
AACA41s6I7KpYRtpn8Y6n6xFGr5G1k6Qy67p03V6vB5zZ1eW8ytr8y3Xathqx9naqo393qzZkw1r
rFfbqmEbNmvl/u+1XQvxubN4hmjW0y5o16q9WUMX1tzFzWjVWmeKVlu2Je1d8nm8l/sLAAAAAACY
9vz1y4f1wXe+Nbri5wAAl9KwHZeGTcOmYdOwadgAAAAAAIClNGwAwNaq7VrSPU21bFm7VvYl8XXa
rj3+XksrcS+y6zXWpcSelY3alr3Z3NfKurSpVm3OTNDF8yU3atnG2rUtGrb42VP7mXRNvXuaIfp4
HrV7oTYndKpdKz/Tys4sbdcuWXNf+xqzRCd6taxljq/L99pbKwkAAAAAAPfuvRfPH9Z3f/aTh/Wn
f/e3n5zWf/H//cc/mrPefPmrV7Fef/7m2WnFawMAjNGw7YuGTcOmYdOwadgAAAAAAIAtaNgAgGub
266VzUI2f++thm2i4xmbIVr2KGW3tscG51JZqxYr9ijrAS9p1NZo29bu0WqzQLecC7rWLNHaDNTW
61K2a8PvxfvvafbuWPNU3t/NDVvSqS2ZIbpJu1bpxjZ5j4netaWvm2rYynWvn9cAAAAAALBX3/zx
pw9rbqu2ZH3685++c1qaNgDgRMO2Dxo2DZuGTcOmYQMAAAAAALakYQMAriWb7dbarmUN22i7k8wQ
zTqUcpUdxJFn0VVnghbXIfYw65e2bNLWnPe5xnzP6t82zJG8eFWOZcuGrbz2w/fdY0M01lZlM0TL
Pau1ay2r/KxLe7KkC8w606mVfv5e0KE1N2qNPd2chq3c9/h9M0UBAAAAAKBPc9u1mA+6ZtMWc0vf
Pf1bxN+vNcVrfvCdbz2sON9v/+WfP6wf/PoX7x9hrbppALAxDVufNGwaNg3bVzRsGjYAAAAAAOC6
NGy37880bADcm6s2bDNniMYq+5uxYz+K2nWI/c26pbH5kXP7tDV6tDVatNEGbEFHVv7tnH6pdR7u
lg1b6yqveRzL2HOyh+emfAaGnzfZjNy5M0Rb2rXW2aGtXdrU9ai91pKG7eJ2LWnZyv8GjP33oNzL
s9miWjYAAAAAAOhGdFxT7Vq0ai8/++TZaT1//fJhbdGwxfrhb3/z+rSiN1simrXo4q4xG7WHtfIt
AgCb0rD1RcOmYdOwfUXDpmEDAAAAAACuR8N2vLXyLQIAq2tqIpJ2LZs
POST /czgda-itpb/service/ HTTP/1.1

x-forwarded-for: 10.105.34.22

Content-Type: text/xml; charset=utf-8

... removed ...

===================================================================================

This of course causes "HTTP 400 Bad request" response from rserver.

It looks like ACE takes content of one packet from original (inbound) communication and moves it at the beginning of outbound communicatin to rserver.

I've attached wireshark output of inbound communication to ACE. Content of packet #735 (red coloured above)  is moved at the beginning of  outbound communication.

 

The following parametr map is applied to VIP class:

parameter-map type http ISV-PARSE
  persistence-rebalance
  length-exceed continue
  parsing non-strict

 

 

Could anyone explain me this behaviour? Is it bug?

 

Petr

 

 

 

 

 

1 Accepted Solution

Accepted Solutions

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Petr,

I cannot find any BUG and would suggest to open a TAC case to investigate further. Can you also put "set header max parse-length" to 64k and set context max parse length to 64 K and see if that makes a difference? I doubt that since ACE is positing the binary data someplace else in the packet. Do you have L7 rule on this traffic?

Regards,

Kanwal

View solution in original post

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Petr,

I cannot find any BUG and would suggest to open a TAC case to investigate further. Can you also put "set header max parse-length" to 64k and set context max parse length to 64 K and see if that makes a difference? I doubt that since ACE is positing the binary data someplace else in the packet. Do you have L7 rule on this traffic?

Regards,

Kanwal

Hi Kanwal,

those two commands (parse length to 64k) solved the issue.

Thanks!

Petr

 

Hi Petr,

I am glad it did. I wasn't hoping that would...lol. But had seen something like this before so thought no harm in trying.

Regards,

Kanwal

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: