Re: TCP Timeout/Resets on CSS11501

asbeech · ‎09-22-2004

Are there ways of setting maximum TCP Session lengths via the Content Switches. I have an issue with a Switch that receives a normal packet of data in and then seems to transpose this into a TCP Reset and delivers it to the destination and also then sends a TCP Reset to the Source, causing the Source to re-establish the TCP session. There is no consistency with the Resets from a time perspective but the Resets do occur when the session has been idle for a period of time (again, not a consistent period) and are prompted by the next packet following the idle time.

Gilles Dufour · ‎09-22-2004

this is the well-known garbage collection behavior of the CSS.

There are many discussions about it in this forum.

Check one of my previous answer title "CSS closes TCP sessions".

copy pasted here for your convenience

------------------

The CSS does most of the switching in hardware but has limited resources.

So it has an agressive way to delete idle flow.

The idle timeout is 16 seconds for TCP.

So, with a keepalive of 5 minutes you are way above the idle timeout.

However, it's not because a flow is idle that it is automatically deletec.

There is a process called garbage collection that decides if it is needed to kill a flow or not.

It is dependent on how many connections per second you get on this box.

There are solutions to this.

You can increase the idle timeout on the CSS.

For a CSS 110xx or 111xx you can use the command

'flow port1 443 timeout 600' to set the timeout to 10minutes.

For a CSS115xx, you can use the rule command 'flow-timeout-multiplier 20' [20 x 16 sec = 320 > 5 min].

-----------------------------------

Regards,

Gilles.