cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
0
Helpful
5
Replies

CSS11506 TCP window size issue

soumya.sarkar
Level 1
Level 1

Under some conditions, we are seeing the TCP Window Size being cut back to 0 by our CSS11506, even though there is no abnormal load or backend issues that we can see.

Any ideas on what to look for, to debug this further?

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

If this is a Layer 3 or Layer 4 rule, the CSS will not modify the window size.

If this is a Layer 5 (http or ssl terminated on the CSS), then the window size can go down if the traffic comes in too fast.

We'll need to look at your sniffer trace and config to give you a better explanation.

Gilles.

This is layer 5 and SSL terminated at the CSS11506. We have a sniffer trace from both sides, and we have opened a case with Cisco.

We are noticing that one in about a thousand HTTP POSTs is failing.

We were wondering if any issues have already been seen by others.

There are commands that can be used to adjust the ssl behavior like ack-delay, ssl-queue, and recently tcp buffer-share.

What's your case number ?

I can have a look at the data attached to the case.

Gilles.

Gilles, the case no is 608570365. Thanks!

We have ack-delays and ssl-queue-delay for the frontend ssl set to 0, but not tcp-buffer-share. We also do not have the tcp window specified, so left at the default.

Would resetting ssl-queue-delay to default, and increasing window size help ?

Review Cisco Networking for a $25 gift card