Re: WAAS - Server Blacklist

johng231 · ‎07-22-2009

Hello Everyone,

Just wondering why I'm seeing this show up on a couple of our remote locations under the "show stat conn all", I did a trace route to the IP address in question, It's not behind a firewall and Asymmetric routing is happening. I'm able to connect to the IP address from another location and it doesn't get marked Server Blacklisted.

Anyone has any ideas of why certain traffic will be marked Server Blacklisted? Is it safe to turn it off?

tstanik · ‎07-28-2009

For the 'Server Blacklist' stat, WAE can handle situations in which TCP setup packets that have options are blocked or not returned to the WAE device. This can occur from network devices that block TCP setup packets that have options and from asymmetric routes. The WAE can keep track of origin servers (such as those behind firewalls) that cannot receive optioned TCP packets and learns not to send out TCP packets with options to these blacklisted servers.

When a server IP address is added to the blacklist, it remains there for configured hold time. After that time, subsequent connection attempts will again include TCP options so that the WAE can redetermine if the server can receive them. It is useful to retry sending TCP options periodically because network packet loss may cause a server to be erroneously blacklisted.

Since here we know that the server should not be blacklisted (because most of the time, connections between the same peer are fully optimized) and we see no other servers in there, I suggest we turn off blacklisting altogether:

conf t

no tfo auto-discovery blacklist enable

This will make sure that the TCP auto-discovery remains active for this server.