How many concurrent connections does WSA S670 appliance support.

Hi All,
Good Day!
We have an issue with our Ironport WSA S670 appliance. We have around 35K users and have access to sites like facebook.com, youtube.com etc.
The issues is that at times certain sites are not accessible via proxy. For example we cannot access youtube.com, google.com etc while we can access msn.com, espn.com etc. Moreover when we try to bypass the proxy and access the sites directly all the sites works just fine.
This issue has been repeating many times and we checked the internet link, proxy etc for any issue. In the meantime the issue gets resolved mysteriously.
The total number of connections at these times are more than 20K. The CPU utilization never goes beyond 15% but the memory is always between 70 to 90% utilized.
What is the maximum number of connections WSA S670 appliance support? Is there any configurable limit for the connections that can be established? Will it cause any issue if a lot of users are watching videos on youtube.
Also the proxy is working in one-armed design. Will that cause any issue?
Please suggest.
Cheers,
Faiz

Hi Faiz,
There are not any known issues in terms of URLs failing. I would perform a packet capture on the WSA. See my instructions below:
In order to obtain a simultaneous packet capture from the WSA & PC you will need to log into the GUI ->Support and Help -> Packet Capture -> Edit Settings -> Select the radial button No Filter.Please send me a packet capture from the WSA unfiltered. You will need to install wireshark on the PC or laptop you are testing from. It is a good idea to start the wireshark program from the PC first.  I would recommend using www.iana.org as a test as it uses only on IP address.
When you have the captures completed I would first look at the WSA packet capture and use the following filter in wireshark http contains "www.iana.org". The various streams of communication will populate in the wireshark display. What you want to focus on is the streams that show the IP of the WSA and the IP of www.iana.org 192.0.32.8. We should see the following when you right mouse click the packet which shows the IP of the WSA going to the destination IP of www.iana.org:
WSA IP -------SYN-----> www.iana.org IP
WSA IP <--SYN/ACK-- www.iana.org IP
WSA IP -------ACK-----> www.iana.org IP
If you see this instead:
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
WSA IP -------SYN-----> www.iana.org IP
Then you have a problem in your network.
Sincerely,
Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Similar Messages

  • How many concurrent connections that an ACS server version 4.2 latest patch can handle?

    I have about 50 routers and layer-3 switches that autheticate via tacacs+.  The AAA server used to be on a Linux machine running open-source tacacs+ built by me.  I have a perl script that will log into all 50 devices at the same time to collect statistics.  This script is multi-threaded.  Everything is working fine so far.
    I recently out-sourced the AAA function to a 3rd party company, not by my choice.  The 3rd party uses Cisco ACS version 4.2 with the latest patch running on Windows 2003 Enterprise Server with 16GB RAM and quad processors with quad-cores, IBM x3650-M2 hardware. The connectivity between the 3rd party and my company is through a DS-3 connection.  Maximum bandwidth over this DS-3 connection is less than 10Mbps at most.
    I noticed that for the past 3 months I have multiple failures with this perl script due to authentication failure with the ACS server.  If I just run the script again a few routers/switches, there are no issues; however, whenever I started the script to log into 50 devices all at the same time, it will fail.  If I made the configuration on all routers/switches to point back to the old open-source tacacs+ server, the issue goes away.  The minute I switched back to the
    new ACS server, the issue came back.  If I modified the script to hit one device at a time, it works fine.  I think it is the ACS server can not handle a lot
    of AAA requests at the same time.
    Does anyone know how many concurrent connections that an ACS 4.2, with latest patches on Windows 2003 Enterprise Server with lot of memory and CPU power, can handle?  I can't seem to find this anywhere on Cisco website.
    Thanks in advance.

    No, Im not saying ACS cannot cope.
    Concurrency and latency are very different things. ACS CSTacacs can handle many 100s of simple authentications/authorisations per second with users in the internal database. If 1000s of devices all send traffic in the same instant it would take some seconds to work through the backlog of traffic.
    Also, worth considering that a limited number of tasks within ACS (or threads) can actually handle a much greater number of "logins" because they are generally multi-message allowing ACS to keep lots of plates spinning.
    If users are in an external databases the latency (per authentication) can increase depending on where the users are (eg Windows AD) and if bad enough can have a serious effect on the overall authentication rate. At which point customers normally turn to load balancing.
    If your device timeouts are 20 seconds (totally reasonable) I suggest the issue is more likely to be something else... a bug, perhaps specific to v4.2?

  • How many concurrent connections can ACS handle at once?

    Hi Experts,
    Could you please let me know how many concurrent connections ACS can handle at once?
    Is there any limitation on it?
    Our ACS version is 4.0 (1) build 27.
    Thanks in advance for your help and have a nice day!
    Regards,
    Gabor

    It depends on many other factors but as far as I know ACS can handle upto 40 Auth request per second*
    *Condition Apply
    Regards,
    ~JG
    Do rate helpful posts

  • How many external displays does the 15 inch support?

    I spend 90% of my time at a desk developing, using multiple monitors.  My current Windows system can support up to 4 displays, normally I run with 3.  I was wondering how many external displays one can hook up to the 2.3GHz Macbook Pro.  I need at least 3 displays while still having a thunderbold for external drives and eithernet.  Does the Mini DisplayPort to Dual-Link DVI Adapter allow splitting the single to two different monitors?  Other then the Thunderbolt display, is there a way to get multiple monitors out of one Thunderbolt port?

    From http://support.apple.com/kb/SP690 -> "Simultaneously supports full native resolution on the built-in display and up to 2560 by 1600 pixels on up to two external displays, both at millions of colors".
    But there may be ways of driving three monitors - maybe someone with a Retina Display model will jump in. I know that on my 15" 2011 model, I can only drive two Apple Thunderbolt Displays.
    Good luck,
    Clinton

  • How many concurrent devices does home sharing on iTunes support?

    On my appleTV, if I'm watching something from my home iTunes library through home sharing, then on another device, like my iphone, I access the same shared library through home sharing, the appleTV immediately drops connection and cannot see the shared iTunes library.
    This happens across all devices, yet apple specifically mentions the need to use the same appleID across all devices.  If I cannot home share to multiple devices at once, how will this EVER work.
    Is there something I might have configured wrong?  If I enable home sharing on enough devices, you cannot possibly complete a full TV show on the appletv without at least one of them accessing the library and kicking it off.
    How would 2 appleTVs ever work at the same time to stream different programs from the itunes library?

    Hi Faiz,
    There are not any known issues in terms of URLs failing. I would perform a packet capture on the WSA. See my instructions below:
    In order to obtain a simultaneous packet capture from the WSA & PC you will need to log into the GUI ->Support and Help -> Packet Capture -> Edit Settings -> Select the radial button No Filter.Please send me a packet capture from the WSA unfiltered. You will need to install wireshark on the PC or laptop you are testing from. It is a good idea to start the wireshark program from the PC first.  I would recommend using www.iana.org as a test as it uses only on IP address.
    When you have the captures completed I would first look at the WSA packet capture and use the following filter in wireshark http contains "www.iana.org". The various streams of communication will populate in the wireshark display. What you want to focus on is the streams that show the IP of the WSA and the IP of www.iana.org 192.0.32.8. We should see the following when you right mouse click the packet which shows the IP of the WSA going to the destination IP of www.iana.org:
    WSA IP -------SYN-----> www.iana.org IP
    WSA IP <--SYN/ACK-- www.iana.org IP
    WSA IP -------ACK-----> www.iana.org IP
    If you see this instead:
    WSA IP -------SYN-----> www.iana.org IP
    WSA IP -------SYN-----> www.iana.org IP
    WSA IP -------SYN-----> www.iana.org IP
    WSA IP -------SYN-----> www.iana.org IP
    Then you have a problem in your network.
    Sincerely,
    Erik Kaiser
    WSA CSE
    WSA Cisco Forums Moderator

  • How many devices (iPods) does Wi-Fi sync support simultaneously in iOS5?

    I have 3 iPod Touch 3gen/4gen in my house.  They are setup and all work with WiFi sync individually but I can only get two to show up at any one time in iTunes and I'm not sure how it manages to decide which iPod to show and which one to not show.  Is two the maximum number of devices to show in iTunes 5 via Wi-Fi at once?  I want to make sure that they all sync at least once a day or so.  If you have multiple devices are they 'rotated' somehow by iTunes or am I gonna be stuck connected the 'odd iPod out'  (which varies from time to time) via cable to PC?.
    I want to pick up two more touches which may make the issue even more confusing.  I'd like to get it settled for three before I buy my other two.
    WIndows 7, latest iTunes.  IPod firmware all up to date and all are setup in iTunes and in the iPod's settings to sync via Wi-Fi.  Again, all work individually but only two show up on the left hand column in iTunes.
    THanks!!  Happy Halloween!!

    Post to http://www.apple.com/feedback/ if you are unhappy.  This is just a user to user forum.
    In the meantime, read this tip and find out if the features you desire are still available under 10.5:
    https://discussions.apple.com/docs/DOC-2551
    If not, many other webhosts exist on http://www.comparewebhosts.com/ and the software Chronosync many of the same features, if not with as user friendly an interface.

  • How many concurrent wireless users can the WRT54GR support

    recently I started getting problems with my WRT54GR.  my sons phone keeps disconneting and going it own phone service to get internet data. I wondered if the was a limit to the number of concurrent wifi users ?
    Solved!
    Go to Solution.

    newbee99 wrote:
    recently I started getting problems with my WRT54GR.  my sons phone keeps disconneting and going it own phone service to get internet data. I wondered if the was a limit to the number of concurrent wifi users ?
    Yes. sabretooth is right. It's around 32 connections. You might need to perform a hard reset on your router then reconfigure it back manually.
    If everyone needs to believe in something, I believe I'll have another beer..

  • How many BGP peers does the 3548 switch support?

    Is it possible to run more than 40 peers on a single switch? What is the limitation if not?

    Hi ,
     You can have 40 BGP peers , IPV4 unicast routes handled by hardware is only 24000 .Enusre all your BGP peering routing updates is within this limits . 
    http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3548-switch/data_sheet_c78-707001.html
    Table 7. Hardware Specifications Common to Both Switches
    Mode
    Normal Mode
    Warp Mode
    Hardware tables and scalability
    Number of MAC addresses
    64,000
    8000
    Number of IPv4 unicast routes
    24,000
    4000
    Number of IPv4 hosts
    64,000
    8000
    Number of IPv4 multicast routes
    8000
    8000
    Number of VLANS
    4096
    Number of ACL entries
    4096
    Number of spanning-tree instances
    Rapid Spanning Tree Protocol (RSTP): 512
    Multiple Spanning Tree (MST) Protocol: 64
    Number of EtherChannels
    24
    Number of ports per EtherChannel
    24
    Buffer size
    6 MB shared among 16 ports; 18 MB total
    Boot flash memory
    2 GB
    HTH
    Sandy

  • How to find out how many concurrent users using web application?

    Hi all,
    I have a web application deployed using 9iAS. I am trying to find out how to find out how many concurrent users are using this application at any one time. According to Oracle there is no way to see this information using the enterprise manager interface.
    Does anybody out there know how I can find out this information in real time? Failing that, are there any good analysis tools out there that display usage to the minute (all the tools I have found show usage by hour which is not sufficent for my needs).
    Any help would be much appreciated,
    Caroline

    I know I haven't heard of any software to do this, but this also sounds like a really hard problem to try and really analyze well.
    The trick is, you might "infer" how long a user is using an application based on when cookies are set and when they're set to expire. If that's a long time, though, that could count far more "concurrent" users than are actually there. A user could simply close the application at any time and stop using the application; you can't really detect that because the server isn't "told" when the user closes their browser or goes somewhere else.
    A good perl script might be able to read the Apache access log and tell you how many unique IPs asked for a given directory in which various applications are stored in any 5 minute span of time... that could be something like an indicator of "concurrent" users.
    If you don't know Perl, I'd suggest getting the O'Reilly & Associates book on Perl and learning it, because the more I think about this, the more this sounds like a textbook example for applying a Perl script.

  • ASA 5510 - how many concurrent VOIP calls can pass through?

    Hi all,
    I wonder how many concurrent VOIP calls can handle Cisco ASA 5510, any idea?
    Gegham

    hi Gegham,
    Basically what the values of  50,000 and 130000  connections indicate  are lab values  tested with 80% TCP and 20% udp  traffic. (according to table a-2 in the doc below)
    http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/specs.html#wp1170941
    RTP  is udp traffic but in case of an asa and considering a customer  scenario what happens is...
    1 voip call =  1 control connection (h323,sip,sccp)    +   2 or 4 rtp connections
    -so a call will in total  easily consume  5  or more  connections depending on control connections you have set up .
    -also this number differs depending on if the call is  voice only or video.
    So to  simply answer your  questions...
    1>the number of connections that a call  consumes depends on the above factors.
    2>Also there is no hard number on the  number of calls an asa can handle because this depends on the controls  you use ...including nat and inspections.
    Thanks,
    Karthik

  • How many concurrent users are allowed for an Azure Virtual Machine?

    How many concurrent users are allowed for an Azure Virtual Machine?
    Please share the details with the Azure VM size. Currently I have Standard VM of size D13(4 cores, 28GB RAM)

    Hi SanPSK,
    Thanks for posting here.
    I suggest you to check this article for Azure VM size
    https://msdn.microsoft.com/en-us/library/azure/dn197896.aspx
    For the concurrent users on VM - A maximum of 2 concurrent connections are supported, unless the server is configured as a Remote Desktop Services session host.
    Girish Prajwal

  • How many concurrent VPN client sessions available for cisco 2621XM?

    I have cisco router 2621XM with IOS c2600-advipservicesk9-mz.124-11.T4.
    I want to know, how many concurrent VPN client sessions can be available in this image.

      here is the configuration on PIX,
    group-policy DfltGrpPolicy attributes
    wins-server value 10.0.0.67 10.0.0.68
    dns-server value 10.0.0.67 10.0.0.68
    vpn-simultaneous-logins 20
    vpn-idle-timeout 5
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpn-acl
    default-domain value mydomain.com
    address-pools value vpnpool group-policy DfltGrpPolicy attributes
    wins-server value 10.0.0.67 10.0.0.68
    dns-server value 10.0.0.67 10.0.0.68
    vpn-simultaneous-logins 20
    vpn-idle-timeout 5
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpn-acl
    default-domain value want-want.com
    address-pools value vpnpool

  • How many Voice connections can cisco 2821 support?

    Good day.
    I have a cisco 2821 with EVM slot, NME-X slot and two HWIC slots. I have 4 port FXOs on the two HWIC slots. The EM-HDA-8FXS module on the EVM slot can handle 8 FXS connections. Please i would like to know if there is an EVM module that can do FXO connections and also how many voice connections can this router handle in total. Can the EM-HDA-8FXS module handle both FXS and FXO connections?
    Hope someone can help me out. My deadline has already passed.
    Regards,
    Obinna.

    Hi, already replied to this in the appropriate forum.
    Please do not open duplicate threads.

  • How many max connections opened do you have?

    Hello!
    I've read so many answers to these questions that, i don't really know what is the correct one. So, i would like to know what do you have. Here they are:
    1- How many max connections per torrent do you have set up?
    2- How many max opened connections do you have in mldonkey (or similar)?
    Thanks!
    Last edited by dienadel (2007-03-08 08:25:36)

    AFAIK it's arround (total connections):
    - <5 for RTC
    - <100 for slow ADSL
    - <500 for medium ADSL
    - ~1000 for high-speed ADSL (and max on Windows lol) ; went up to over 1500, without positive change.
    I use rtorrent & have a limit of <100 connections per torrent (4 leechers max per torrent so they get something)

  • Recommended spec can take how many concurrent users

    With the following recommended spec from Adobe website, how many concurrent users ?
    Flash Media Streaming Server system requirements
    OS : Windows Server 2003 SP2 or Windows 2008
    H/W Requirements
    -          3.2GHz Intel Pentium 4 Processor (dual Intel Xeon or faster recommended)
    -          2GB RAM ( 4GB recommended)
    -          1Gb Ethernet card

    Hi,
    The number of concurrent users really depends on your setup.
    You might want to read the blogpost from the FMS PM on this at: http://blogs.adobe.com/ktowes/2008/08/breaking_1gbps_on_flash_media.html
    "I’ve received a lot of requests lately about how much media can be delivered through Flash Media Server (FMS). As you may or may not know, FMS is held to the same limitations as most other streaming or HTTP servers, that is the available bandwidth, disk speed, memory and CPU power on a single server. When we introduced Flash Media Server 3 we increased the performance significantly to allow you to take full advantage of hardware and ultimately help to reduce the total cost of ownership. ........... read on"
    Greetz,
    Klaasjan

Maybe you are looking for

  • Cross reference markers are deleted for content in text insets

    Cross reference markers are deleted for content text insets. I currently have a chapter that is built from several Import by Reference files. I added an introductory paragraph with cross reference links to heading 2 titles in these text insets. Every

  • PO creation date

    Hi experts Which report or Table can give PO creation date

  • Internal Table attached as Excel file to an eMail - BCS_EXAMPLE_7 for UC

    Hi forums, SAP provided an example report to send out internal tables attached as an Excel file to a recipients eMail address. I attached the coding of the BCS_EXAMPLE_7 programm to this thread. report bcs_example_7. This report provides an example f

  • How to create an Infoset

    Dear Experts, I have to create an infoset based on 3 DSO's. I have to make sure this is exactly same as another infoset(zati01), which is available on our development system.(the only difference shold be source system). But how can i chek what join c

  • MG7520 win7 wifi - only prints a few lines.

    I have a new MG750. It prints OK via USB connected to Win 7 lap top. It prints OK over WiFi from IPad and from Google Cloud. But WiFi from the Win7 lap tops fails.  Wht happens is: the first few lines of the page print. Then it pauses adn tries again