fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Loadbalancers
  • Cisco
  • Upgrading to Cisco CSS 8.20.3.03 (or higher) results in slow network performance

Upgrading to Cisco CSS 8.20.3.03 (or higher) results in slow network performance

Symptoms

Slow network performance when accessing back-end servers through a Cisco CSS running 8.20.3.03 (or higher).

Background

Cisco CSS 8.20.3.02 (and lower) did not support window scaling. This meant that the initial window scale option announced within the 3 way handshake was not propagated to the server.
This issue was resolved within 8.20.3.03 (CSCsk92868), however even though the initial window scale (WS) option is propagated to the back-end server, the WS response from the back-end server is cleared and set to 0 by the CSS.

Below shows this behaviour (via the 3 way handshake):

CLIENT.3202 > SERVER.80: Flags [S], cksum 0xf7eb (correct), seq 1112270373, win 65535, options [mss 1260,nop,wscale 1,nop,nop,sackOK], length 0
SERVER.80 > CLIENT.3201: Flags [S.], cksum 0x5d1b (correct), seq 2130167885, ack 33254730, win 8760, options [mss 1380,wscale 0,eol], length 0

This results in a breakdown in the announcement of the TCP window size and in turn network delays.

Solution

In resolve this issue there are 2 configuration options available (based on your CSS software level):

  • Cisco CSS 8.20.5.01 (and higher)  - on the CSS run the command - flow tcp-window-scale disabled
  • Cisco CSS 8.20.3.02 up to 8.20.5.01 - on the server run the command - netsh interface tcp set global autotuning=disabled

Note : The command flow tcp-window-scale disabled is only configured on Cisco CSS 8.20.5.01 (and higher) due to caveat CSCtf70895.

Reference - Cisco Caveats

-- Software Version 8.20.3.03 Resolved Caveats
CSCsk92868--The Windows Vista Operating System (OS) can use the TCP Window Scale (WS) option in the TCP SYN.
The TCP WS option is not propagated to the back-end server and this may cause the application to fail.

-- Software Version 8.20.5.01 Resolved Caveats
CSCtf70895--If you configure the flow tcp-window-scale disabled command, the CSS may incorrectly send the TCP Window Scale (WS) Option to the backend server.

Tags: Cisco, CSS, WindowScaling

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001