CSS11506 Reverse Proxy question

dclee · ‎12-06-2007

Currently using a CSS11506 in reverse proxy mode. Right now it is handling the front end SSL connection for approx 19 backend web server connections.

I am using 1 Public IP to mask all of these inbound connections via the group command. We are experiencing intermittent

drops client side. Is there a best practice of how many connections the CSS will handle via the NAT process. Is the 20 configured servers a bit to much to be masking via one public IP ?

Any help would be appreciated.

Cheers

Dave

Gilles Dufour · ‎12-07-2007

Dave,

I would suggest to do some troubleshooting before jumping to conclusion.

The number of servers does not matter.

What is important is the number of connections.

1 connection per server means 20 ports being used and you have 55k available.

So, in this example this is definitely not a problem.

Most of the times, client drops on a CSS are due to the aggressive idle timeout. 16 sec.

So, either you try to bump the timeout with the command 'flow-timeout-multiplier' or you capture sniffer traces showing the drops with couple of show tech and we try to confirm the cause of the problem.

Gilles.