ACE-TCP RST, ACE initiated RST

Similar Messages

• ACE TCP connection timeout

  Hello,
  our customer has a problem with correct closing TCP connections on the ACE. TCP session (HTTP protocol) is closed _correctly_ (we can see it in the sniffer output), but 'sh conn' on the ACE shows it as 'established' (session is already closed). TCP timeout is set to default (60min).
  Any new connection from the same src port (because many connection to the service) is closed after TCP session is established.
  When I try generate 200 concurrent sessions TCP sessions in my lab, this are on the ACE closed correctly. Customer's traffic is around 20-30.000 concurrent session, but I can't generate so much traffic.
  SW version on the ACE: 3.0(0)A1(3b)
  thx
  martin

  Thanks Gilles!
  The problem occurs only with traffic from WAP nodes (too many short HTTP requests).
  We try it upgrade to A1(5b), but I'm not sure, if this is our problem...
  Bug description:
  Symptom:
  With L7 LB configuration, Some times connections do not close.
  Conditions:
  SYN sent to Real server may result in ACK coming from server. ACE TCP module was not handling this ACK correctly.
  ...but our traffic is only L4 LB and we have a problem with connection state on the ACE from both sides (client and server). on the client and server side is connection closed properly, but on the ACE module ('sh conn') we can see it in 'established' state. It's closed after TCP timeout and that is not correct.
  martin

• ACE Module vs ACE Appliance

  Hello,
  What is the difference between ACE Module and ACE Appliance? why the ACE Module is better? or ACE Appliance, what is the advantage between Module and Appliance.
  anyone can explain me?
  Best Regards

  In the past Cisco has been shipping two line of Loadbalancing products
  First line ( modules dedicated for 6500/7600 chassis ) includes CSM & CSM-S & SSLSM (for ssl offloading)
  The other line comprises of appliance based CSS series products.
  ACE module is a next generation module replacing CSM modules that fits into 6500/7600 chassis.
  It gives you upto 16Gbps throughput (versus CSM's 4Gbps throughput).
  ACE appliance is a next gen replacement of CSS line of appliance based products.
  CSS appliances were used to come in different Hardware models with varied
  performance capacities. ACE appliance is a single hardware with various licenses
  used to scale the performance/features.Ace appliance supports upto 4Gbps of throughput.
  Previously CSS & CSM code terminologies & command set was different. For example a real server
  was termed as "service" in CSS & was called "real" in CSM . Similarly "probe" in CSM was "keepalive"
  in CSS.
  With ACE line of products you get the same terminologies & command sets for both
  modules & Appliances.
  ACE Appliance & ACE modules are functionality vise coming closer with every new release but
  still there are some differences.
  For example following ACE appliance features are not available in ACE module:
  Appl optimization (flash forward, Delta Encoding)
  Embedded Device manager
  Http compression
  Which one is better than the other really depends on your requirement
  From Performance perspective Module give you much higher performance then Appliance.
  SO if performance is your criteria the ACE module is better than ACE appliance.(Some performance metrics at the end of the post).
  If you are looking for Application optimization & HTTP compression along with Loadbalancing
  then it can only be achieved with ACE appliance.
  If you are not using 6500/7600 series chassis in your environment then you can only use ACE appliance
  (unless you are open to buy module+chassis due to performance requirement).
  Some performance metrics
  Ace Appliance supports 1 Million concurrent connections where as Ace Module supports 4 Million.
  Ace Appliance supports 120K L4 conn/sec where as Ace Module supports 380K L4 conn/sec.
  Ace Appliance supports 40K L7 conn/sec where as Ace Module supports 133K L7 conn/sec.
  Ace Appliance supports upto 4Gbps throughput where as Ace Module supports 16Gbps throughput .
  HTH
  Syed Iftekhar Ahmed

• Technical differences between ACE-4710-K9 & ACE-4710-BAS-SK-K9

  Hi All,
  Iam trying to find technical diff between ACE-4710-K9 with ACE-AP-01-LIC & ACE-4710-BAS-SK-K9 with ACE-AP-BAS-LIC.
  Can someone shed some light..?
  Thank you all in advance
  MS

  As per my understanding
  Both will give you same functionality
  ACE-4710-BAS-SK-K9 is a basic kit/bundle
  that Includes:
  - ACE 4710 Hardware
  - ACE Software
  - 1 Gbps Throughput License
  - 1,000 SSL TPS
  - 100Mbps Compression
  - 5 Virtual Devices
  Where as
  "ACE-4710-K9 with ACE-AP-01-LIC" is kind of La Carte option
  ACE-4710-K9 is the ACE Appliance Hardware includes(1K SSL TPS, 5 contexts, 100Mbps comp)
  With it you need to select two mandatory options
  ACE Software :ACE-AP-SW-XX Software Version XX
  Throughput License :("ACE-AP-01-LIC" 1 Gbps OR "ACE-AP-02-LIC" 2 Gbps )
  Then you can select optional licences for
  SSL TPS, Virtual Devices, compression & App acceleration...(if you need to upgrade the defaults 1K SSL TPS, 5 contexts, 100Mbps comp)
  Syed iftekhar Ahmed

• Difference between ACE module and ACE appliance

  Hi All,
  Can someone help to understand the difference between ACE module and ACE appliance, as i am observing ACE module is providing more throughput when compared the ACE appliance, Is the only advantage we getting with contexts ....
  thanks inadvance,
  Narayana Mallidi

  Hi Narayan,
  Apart from providing throughput, ACE module has more to offer ,
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_ACE_Resource_Limits
  The above link will provide a comparision of ACE module and Ace appliance interms of scalability. Apart from that legacy modules wont support compression, but ACE 30 module can support compression.
  The major advantage of ACE 30 module is with resepct to SSL throughput, SSL TPS, L4 & L7 CPS, & Concurent Connections per second, apart from the increased contexts
  ACE 4710 Data Sheet :
  http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/Data_Sheet_Cisco_ACE_4710.html
  ACE20 Data Sheet
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/product_data_sheet0900aecd8045861b.html
  ACE 30 Data Sheet
  http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/data_sheet_c78_632383.html
  Regards
  Abijith

• Difference between Ace Director and Ace Memeber

  What is the Difference between Ace Director and Ace Member?
  because recently I saw one Ace director becoming Ace Member... (John)

  You have not read the link I provided, have you ?
  Ace director are not more senior than Ace member, they have more things to commit to like "Ability to commit to participation in an honorary (noncompensated) capacity for 12 months"...
  So, I cannot tell for John, but if one cannot commit within those things, you cannot be Ace director... and it is not "depromoted", probably have less time for this.
  Nicolas.

• ACE - TCP 60 minute idle timer?

  Hi Gilles,
  is there a tcp idle timeout with exact 60 minutes within ACE Software for NON LB connections?
  I have a certain TCP Connection from a FrontendServer to a certain Backend Server which gets a TCP RST every 60 minutes.
  The application guys blame the network for this tcp reset. In my opinion all the timing values which are e.g. set in a connection map are only for the Ports designated within the corresponding loadbalancing rules.
  So if i am not wrong any other connection traversing the ACE module should be treated as "simple" connection over any other layer 2/3 switch in a network with the exception that the ace is in charge for the routing of this network.
  As i am not hundert percent sure that there isn't a timer comparable to the xlate timeout on PIX or ASA for idle sessions i thought maybe you have an idea.
  Have a look at the attached textfile.
  Thanks for reading
  Roble

  Hi,
  good information, but i have a doubt.
  I have an existing policy L3/L4 multi-match like the one below.
  I   would like to increase the inactivity timeout on every TCP  connections.  Can i nest the new class map (match all) to my policy-map,  as shown  below in bold?
  This can create problems for the existing policy?
  Can you confirm me that i can apply only one L3L4 policy map to the interface Vlan?
  In necessary to remove and apply the policy to see the effect of the new timeout?
  Thanks in advance
  Best Regards
  policy-map multi-match L4_VIP3_POLICY
    description Multi-Match VIPs on Vlan 18 to ServerFarms
    class L4-FARM-RDP
      loadbalance vip inservice
      loadbalance policy L7-FARM-RDP
      loadbalance vip icmp-reply active
    class L4-FARM-RDP-TOKYO
      loadbalance vip inservice
      loadbalance policy L7-FARM-RDP-TOKYO
      loadbalance vip icmp-reply active
    class L4-FARM-RDP-NY
      loadbalance vip inservice
      loadbalance policy L7-FARM-RDP-NY
      loadbalance vip icmp-reply active
    class L4-FARM-RDP-KUALA
      loadbalance vip inservice
      loadbalance policy L7-FARM-RDP-KUALA
      loadbalance vip icmp-reply active
    class L4-FARM-RDP-NY
      loadbalance vip inservice
      loadbalance policy L7-FARM-RDP-NY
      loadbalance vip icmp-reply active
    class TCP-CLASS
       connection advanced TCP-PARAM
  where:
  parameter-map type connection TCP-PARAM
  set timeout inactivity 36000
  class-map match-all TCP-CLASS
    match port tcp any

• Firefox does not re-initiate TCP session when receiving RST-ACK

  Hello guys,
  I’m writing to report a disparity between firefox and IE/Chrome when receiving RST-ACK.
  To mitigate SYN flood attack, one of the countermeasures of anti-ddos appliance is to reset the first 3-way handshake and expect a re-initiated new tcp session from that client. If the real client, browser for example, automatically re-initiate a new session, users won’t feel too much differences except time of delay. If a browser does not automatically start a new session, users have to manually refresh the page within an interval, like 60 seconds.
  We got reports from customers that firefox gave notifications of connection reset, as Graph 1 is. I tested with IE11, Chrome and firefox. It’s found that Chrome and IE will automatically started a new session, while firefox does not. For firefox users, they had to manually refresh the page.
  Anti-ddos appliance (A10 TPS, Arbor & HUAWEI secospace) does provide another option to avoid seeing this notification. I understand there must be consideration and good reasons for firefox to design the browser this way. May I ask whether it is possible to adjust a little on firefox to let it automatically re-fresh the page when seeing a RST-ACK please? Guess it’s quite common for firefox users to see the notification when access URLs during DDos attacks, because for A10 TPS & Arbor, the default setting is to reset the first 3-way handshake.
  Feel free to let me know if I missed something and got things wrong.
  Appreciate it much for your time!
  Graph 1 Notification seen on screen
  Graph 2 Screen shot of the captured packets
  Graph 3 How it works for Arbor TMS to authentication a client by default.

  ops, seems packets are not allowed to be uploaded. anyone willing to check my question, kindly reach me at [email protected]
  Best regards,

• ACE - TCP probe goes into INVALID state

  Hello,
  I have a problem with the following configuration of a sticky serverfarm with a backup serverfarm
  (this setup is ofcourse used only for failover purposes, not loadbalancing):
  probe tcp tcp-8888-probe
    port 8888
    interval 5
    faildetect 2
    passdetect interval 3
    passdetect count 1
  rserver host rsrv1
    ip address 10.1.2.10
    inservice
  rserver host rsrv2
    ip address 10.1.2.11
    inservice
  serverfarm host rfarm-primary
    predictor leastconns
    probe tcp-8888-probe
    rserver rsrv1 8888
      inservice
  serverfarm host rfarm-backup
    predictor leastconns
    probe tcp-8888-probe
    rserver rsrv2 8888
     inservice
  sticky http-cookie RFARM-COOKIE sticky-rfarm-1
    cookie insert browser-expire
    serverfarm rfarm-primary backup rfarm-backup
  etc....
  The problem is that every time probe state changes (from SUCCESS to FAIL or otherwise), the tcp-8888-probe on the server that changed
  the state of service, goes into INVALID state:
  #show probe tcp-8888-probe detail
  probe       : tcp-8888-probe
  type        : TCP
  state       : ACTIVE
  description :
     port      : 8888    address     : 0.0.0.0         addr type  : -
     interval  : 5       pass intvl  : 3               pass count : 1
     fail count: 2       recv timeout: 10
     conn termination : GRACEFUL
     expect offset    : 0         , open timeout     : 10
     expect regex     : -
     send data        : -
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
     serverfarm  : rfarm-backup
       real      : rsrv2[8888]
                         10.1.2.11    291        0          291        SUCCESS
     Socket state        : CLOSED
     No. Passed states   : 1         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 0
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Thu Jun 17 22:12:31 2010
     Last fail time      : Never
     Last active time    : Thu Jun 17 21:48:21 2010
     serverfarm  : rfarm-primary
       real      : rsrv1[8888]
                         10.1.2.10    0          0          0          INVALID
     Socket state        : CLOSED
     No. Passed states   : 0         No. Failed states : 0
     No. Probes skipped  : 0         Last status code  : 0
     No. Out of Sockets  : 0         No. Internal error: 0
     Last disconnect err :  -
     Last probe time     : Never
     Last fail time      : Never
     Last active time    : Never
  I have managed to get the probe into FAIL state again for a moment by removing it from serverfarm, and then reapplying, but in a few seconds it goes again from FAIL to INVAILD state, and stays in this state regardless of avaliability of probed TCP port. Only when i'm reapplying it when the port is avaliable/up, it can stay in SUCCESS state, and work till the failure of service, when INVALID state reappears.
  What can be the cause of such behavior ?
  thanks,
  WM

  Hello,
  It looks very similar to this bug: CSCsh74871
  You may need to collect a #show tech-support and do the following:
  -remove the serverfarm in question
  -reboot the ace module under a maintenance window.
  You may upgrade to a higher version since your version is kind of old.
  Jorge

• ACE - TCP Options for Proxy-Connections

  Hi all,
  I have the issue that my ACE does not seem to allow tcp options with L7 proxied connections to the servers. For the client side connection I see the TCP option timestamp for example, but unfortunately the ACE itself does not put the timestamp option into its own TCP connection to the rserver. A 'parameter-map type connection' does only seem to have an effect on L4 connections, not proxied ones. Does anybody know a way how to tell the ACE to have e.g. a timestamp option in the TCP connection to the server as part of a L7 loadbalancing?
  Any help is highly appreciated!
  Thanks,
  Daniel

  Daniel,
  we do not support timestamp at L7.
  I think we only support window scaling.
  Gilles.

• ACE TCP probe

  My costomers ask different tcp port probes for different applications. Is there such things - standard probe TCL? So every time, I just need to work on the stand TCL and apply it to the serverfarm. That way can avoid a long probe config for different ports.
  Thank you in advance,
  June Hu

  Could the soultion be that the probe is configured to terminate a TCP connection by sending a RST, with the connection term command?
  It seems that this makes the probe pass the health check.
  Br
  Geir

• ACE tcp & udp inspection

  Hi,
  I want to create a security model where one vlan is more trusted than the other (Like Pix/ASA or a router with inspection enabled). However, when i want to create a TCP or UDP inspection i can only select between a limited number of protocols.
  I've created 2 class maps :
  class-map match-all TCP_INSPECT
  2 match port tcp any
  class-map match-all UDP_INSPECT
  2 match port udp any
  The combined them into a policy-map :
  policy-map multi-match INSPECTION
  class TCP_INSPECT
  class UDP_INSPECT
  However when i enter the policy-map\TCP_INSPECT i can only choose between : dns Configure dns inspection ftp Configure ftp inspection http Configure http inspection icmp Configure icmp inspection rtsp Configure rtsp inspection
  However, i do have for example SMB traffic running from one vlan to the other. How can i inspect that traffic so i don't have to enter an extra access-list entry ?

  The ACE module comes with limited amount of security features.
  You will not have all the PIX or FWSM features on the ACE module.
  This is mostly a loadbalancer with some security features.
  Gilles.

• Server 2008 (R2) TCP/IP Stack sending RST to close short lived sessions

  Hi,
  I'm having an issue with some vendor software, but it appears to be more closely related to the way the TCP/IP stack is handling session shutdown. I'd like to know what this feature is called, any available documentation, and ideally how to disable it.
  Basically, what appears to happen, is Server 2008 is sending a Rst, Ack to terminate a short lived connection, instead of entering the standard TCP shutdown (Using FIN flags). This appears to be an attempt to avoid having short lived sessions sit in a
  TIME_WAIT state, as I can see long TCP connections properly being shutdown.
  I realize the benefits of what this is trying to accomplish, however, the software in question is making HTTP calls, and the server being rather basic, is sending HTTP responses without content-length or transfer encoding: chunked, which means the only
  way to tell the server is done sending content is for the connection to close. However, it appears that the stack is interpreting this type of Tcp shutdown as in error, and generating annoying alerts within the application that is monitoring the close state.
  Does windows have a way to disable this stack feature. I've confirmed the chimney offload doesn't appear to be in use, so this is an effect of the Windows stack itself. I don't have control of the software on either end, but do have a bug open with the vendor,
  I'm more interested in a possible workaround for the short term.
  ** Entire connection lasts ~1 second
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 0, Len: 0
  Flags: 0x02 (SYN)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 0, Ack: 1, Len: 0
  Flags: 0x12 (SYN, ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 1, Ack: 1, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 1, Ack: 2921, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 2921, Ack: 1, Len: 1234
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 1, Ack: 4155, Len: 57
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 4155, Ack: 58, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 58, Ack: 4155, Len: 1024
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 1082, Ack: 4155, Len: 1460
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 4155, Ack: 2542, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 2542, Ack: 4155, Len: 1460
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 4002, Ack: 4155, Len: 1460
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 5462, Ack: 4155, Len: 1460
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 6922, Ack: 4155, Len: 1081
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 4155, Ack: 8003, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 8003, Ack: 4155, Len: 1460
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 9463, Ack: 4155, Len: 108
  Flags: 0x18 (PSH, ACK)
  Internet Protocol, Src: 172.25.149.231 (172.25.149.231), Dst: 172.25.147.172 (172.25.147.172)
  Transmission Control Protocol, Src Port: 49740 (49740), Dst Port: 8089 (8089), Seq: 4155, Ack: 9571, Len: 0
  Flags: 0x10 (ACK)
  Internet Protocol, Src: 172.25.147.172 (172.25.147.172), Dst: 172.25.149.231 (172.25.149.231)
  Transmission Control Protocol, Src Port: 8089 (8089), Dst Port: 49740 (49740), Seq: 9571, Ack: 4155, Len: 0
  Flags: 0x14 (RST, ACK)

  Rick, this did not help as it's the approach i've already taken in testing. Albeit, I did disable the chimney offload on the NIC drivers instead of the windows options, but in the wireshark captures I'm still seeing the same behavior.
  Humand, I don't think you're issue is the same as mine, I beleive these RST, ACK's are in response to a NORMAL connection shutdown, and being interpretted as errors be the partner stack. I haven't seen this cause premature tcp shutdown, which would be you're
  dropped RDP connections.
  TCP Global Parameters
  Receive-Side Scaling State : disabled
  Chimney Offload State : disabled
  NetDMA State : enabled
  Direct Cache Acess (DCA) : disabled
  Receive Window Auto-Tuning Level : disabled
  Add-On Congestion Control Provider : ctcp
  ECN Capability : disabled
  RFC 1323 Timestamps : disabled

• ACE " tcp windows zero"

  I have one ACE configured in bridge mode. It is used to load balance between internet proxies.
  we also use sticky by source IP address. the internet is working fine with VIP and load is shared between the proxy servers.
  we have a problem with one side. it is Http side and also after authentication still be http .
  we can open that site if I used any of the proxies IP addresses as a proxy in my browser but when I use the VIP with my proxy setting the site page open and can not authenticate.
  when opening the home page of the site I will be redirected to one of teh proxy server ( sticky to my IP )  but after trying to authenticate I can not see any connection opened for my IP .
  I tried to sniff packet from my  PC I got ( tcp windows size zero )  and connection closed from the ACE.
  thanks in advance for your support

  Hi,
  May be
  CSCth39502
  Regards,

• ACE TCP offloading/ TCP Multiplexing ?

  I've found a couple of references on the documentation about this feature, often refered as TCP Multiplexing or TCP Offloading. But found no specific details on how it works or how to configure it.
  Does anyone have further datails about this feature, if it is really avaiable on ACE or just in other systems like AVS ?
  thanks
  Diogo

  Yes it is available. It is called TCP Server Reuse on the ACE.
  Have a look at following link.
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_guide_chapter09186a0080686ddf.html#wp1062919
  Roble