[f-nsp] foundry serveriron HTTP1.1 issues

arne van theemsche arnevt at gmail.com
Fri Aug 29 05:12:27 EDT 2008 

Dear group

we are using foundry for quiet some time, but we have an issue regarding 
enabling http 1.1 (port http keep-alive) on a virtual IP

we noticed that the real servers gave a better performance than the 
virtual IP, after debugging it seemed that the VIP didn't reuse it's tcp 
sessions, and that this was solvable by enabling the HTTP 1.1 feature 
through "port http keep-alive"

this did indeed solve the performance issue, but we created new ones. 
After some time, sessions on the page started to "hang". In 
wireshark/tcpdump I could see 2 things. I did a tcpdump before and after 
the serveriron

1) for big request packets (POST from client -> server) which were 
fragmented somewhere (don't know where, could be the serveriron itself) 
the serveriron suddenly started to send tcp-ack's in name of the 
webserver (there where before in the session all the ack's were send by 
the webserver). The problem is he only send an ACK for the first 
fragment (1500 bytes of a 2300 bytes packet). Because of the retransmit, 
the webserver seemed to got confused and suddenly sended an ACK for the 
byte-position BEFORE the big backet. So the client first got an ACK for 
N+1500 from the foundry (where he sended N+2300), and a few seconds 
later he got an ACK for N (from the webserver). No doubt that this 
messed up everything, and only got solved by an tcp-reset after a few 
seconds. During those seconds, the session of course hung, which was not 
the meaning

2) in other cases (read other browsers?) the packet (not a big one) was 
sended, but never got it behind the foundry (also resulting in the same 
experience (website hangs for a few seconds)

are there known issues to using http 1.1 in layer7 switching?

this is the relevant info

 SW: Version 10.0.00bTD4 Copyright (c) 1996-2007 Foundry Networks, Inc.
      Compiled on Aug 04 2007 at 13:40:20 labeled as WXR10000b
  HW: ServerIronGT C-Series Router, SYSIF version 21, Serial #: Non-exist
==========================================================================
SL 1: WSM6-SSL Management Module, SYSIF 2, M6, ACTIVE
      Serial #:  
    0 MB SHM, 1 Application Processors
16384 KB BRAM, SMC version 5, BM version 21
  SW: (1)10.0.00bTF3
==========================================================================
SL 2: J-BxGC16 JetCore Gig Copper Module, SYSIF 2
      Serial #: 
 4096 KB BRAM, JetCore ASIC IGC version 49, BIA version 8a
32768 KB PRAM and 2M-Bit*1 CAM for IGC  4, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  5, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  6, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  7, version 0449
==========================================================================
SL 3: J-BxGC16 JetCore Gig Copper Module, SYSIF 2
      Serial #: 
 4096 KB BRAM, JetCore ASIC IGC version 49, BIA version 8a
32768 KB PRAM and 2M-Bit*1 CAM for IGC  8, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC  9, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC 10, version 0449
32768 KB PRAM and 2M-Bit*1 CAM for IGC 11, version 0449
==========================================================================
Active management module:
  1.0 GHz Power PC processor 750GX (version 7002/0102) 66 MHz bus
  512 KB boot flash memory
16384 KB code flash memory
  512 KB SRAM
  512 MB DRAM
The system uptime is 265 days 20 hours 7 minutes 49 seconds
The system started at 13:44:55 GMT+01 Fri Dec 07 2007


VIP configuration

server virtual WEB-VIP 1.2.3.4
 sym-priority 100
 sym-active
 predictor round-robin
 port http
 port http cookie-name "webnn"
 port http cookie-switching
 port http insert-cookie
 bind http S1 http S3 http S4 http S5 http

More information about the foundry-nsp mailing list