cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
655
Views
0
Helpful
3
Replies

CISCO CSS 11503: Adaptive Session Redundancy + Resets

casablancag
Level 1
Level 1

Hi

we have release 7.10.206a configured with SourceGroup and ASR. I made a sniffer trace and experienced that the CSS sends a lot of RST. As well I saw that it use only 1984 source ports for the connections to the server. How can I increase the number of source Ports? .In the attachments you will find the sniffer trace with the incorrect behaviour and the configuration.

Any suggestion, idea ?

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

the 1984 source ports is explained here :

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801ef2a1.html#90166

This is due to the distributed architecture that requires the same module will see the inbound and outbound traffic for the same session.

So the source ports have been divided between the modules and each module can't use all the ports because of the hash algorithm being used.

The *solution* is to reduce the number of modules or avoid source group.

I still need to look at the trace to explain the RST.

Gilles.

Gilles Dufour
Cisco Employee
Cisco Employee

the problem of the RST seems to be the frequent reuse of the same source port.

The destination of this connection seems to be confused and ACK the new SYN with the ack number of the previous connection. This ack number is out of range from the syn sequence number so the result if a RST.

ie:

Flow1 - Syn -> packet 1

Flow1 - Last ACK -> packet 33

Flow 2 - syn -> packet 34

Flow 2 - ack (instead of syn/ack) with acknumber same is packet 33.

This triggers a RESET -> packet 36

Flow 3 - syn -> packet 55

Flow 3 - same as flow 2 issue, ack with old ack number. This triggers a RST (packet 57).

Now the 2nd issue, the CSS (I believe tpkg0x.post.ch is the CSS) sends packet for flow 2 but the end station believes flow 2 was killed with the RESET of flow 3 and the host sends a RST to the CSS (packet 59) because its connection does not exist anymore.

So the all issue is the fact that ports are being reused to quickly.

You will need to involve more people to find a workaround to the 1984 ports available [and be aware they are available but not all usable].

Work with Marco K., your sale support.

Regards,

Gilles.

Hi Gilles

I have a question regarding this issue. If I disable ASR (deleting redundant-index from the configuration) does I have more SourcePorts avalaible ?

Regards

Giuseppe

Review Cisco Networking for a $25 gift card