cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

189
Views
0
Helpful
3
Replies
Beginner

WSA - TCP Port Exhaustion

When client initiate the web browsing , the request will forward to WSA (P1)

WSA will make web request on client behalf using WSA P2 IP address as source to destination web server.

If there are 2000 clients initiate a lot TCP session (let say 50 session per client), this mean total of 100K sessions. But WSA P2 have only one IP adress. and each IP can support up to 64K ports only. This mean it will facing port exhaustion , and drop the rest of sessions.

 

Can WSA P2 interface configure with 2 or more seconday IP , to load balance usage of the source IPs to increase the capacity of ports.

 

Thanks.

 

Everyone's tags (1)
3 REPLIES 3
Cisco Employee

Re: WSA - TCP Port Exhaustion

Hello, 

 

I believe you are using the P1 as the incoming interface and you would like to add a secondary IP on the P2 interface for outgoing interface. If this is the case, you can create a Vlan using "etherconfig" on the CLI and bind the Vlan to the P2 interface. Once you have committed this, on the GUI , under Network --> Interfaces, you will be able to assign an ip for the VLAN. 

 

Hope this answers to your query. 

 

Thanks

Ash

Beginner

Re: WSA - TCP Port Exhaustion

Please refer to attached pptx diagram.

Is this the solution to have more IP addresses to increase the capacity of ports ?

 

Cisco Employee

Re: WSA - TCP Port Exhaustion

Hi There,

 

I believe we are talking about typical internet browsing. Based on your example 2000 clients with 50 sessions per each:

1. these 50 sessions will not be destined to the one webserver and will be shared between different destinations;

2. WSA will be trying to re-use existing session to the one destination for multiple clients requests;

 

In summary, 65K limit applies for one source-destination pair. Let say if you had an upstream proxy configured in your WSA you might face some port exhaustion issues since downstream WSA would be opening sessions for every request to one IP:port of upstream WSA.

 

Let me know if you have any further questions. 

 

If you find the reply helpful please mark it accordingly.