[prev in list] [next in list] [prev in thread] [next in thread] 

List:       loadbalancing-l
Subject:    [load balancing] Anyone using Cisco's SCA (secure content accelerator) have problem with
From:       Lynn Walton <waltonl () franklin ! edu>
Date:       2002-12-29 1:02:19
[Download RAW message or body]

Hi all,

We have one Cisco SCA in a one-armed non transparent configuration with our CSS
11150.  It's not live yet but was supposed to go live today. But we got
unlucky.  Today, it hung, so badly that even the digi unit we have serially
connected to it for remotely accessing could allow us to access.
We couldn't reach it to issue a reboot . After trying in vain to get our co-lo
center's staff to power it off for us (apparently they are to lame to follow
verbal instructions with us via the phone and they claim they powered off both
power buttons but we don't think they did), we had to go in and turn it off and
on ourselves to get control back.

We had a problem with it hanging a while back and needing rebooted and we
opened a TAC case. Then we were on 3.2.0.20  After several weeks, just a little
over a week ago the TAC engineer's wrote us and told us we needed to go to
3.2.0.28 to fix that hanging issue ... here's a quote of what they told us:
--------------
It looks like you are hitting a bug that was fixed in 3.20 Build 28

 Fix: Device hang when an exportable client browser issues a TCP RST -
 During SSL session negotiation.  If an exportable client browser
issues a TCP RST while negotiating an SSL session, a bug was found where a
connection
in a particular transition state could become stuck in the execution queue
forever leading
to a device hang.  Serial console access may still be available but the
device does not respond
to SSL traffic and needs to be rebooted.  This bug was verified and fixed.

Please upgrade to this new release to make sure this does not happen again.
If you have any other questions please send them to me. I am putting this
case in a close-pending state. Let me know if it is ok to close this case.
Thanks,

Kevin J. Shea
Cisco Systems Australia
----------------

So we were going to upgrade but it took us more than the whole next week
talking to numerous TACs because they never made that build they were
recommending available for download.  Finally different TAC engineers told us
we should just go to 4.1.0.12  instead because it fixed those known hangs and
was available and had been through more regression testing.

So, we did that upgrade a day or two ago and today we are hung again and can't
even get serial console access to reboot.

Cisco's 4.1 docs says:
----------- quote ----------------
Operational Notes
<snip first two bullet points>
* The 4.x and previous versions of Netscape can “hang” when client
authentication fails. If this
happens, the server must be rebooted.
-----------------------------------

When we asked about it, we held for over an hour while they called Sonic Wall
(the makers of the unit) to verify, and finally we were told that it had
definitely been fixed.

So my question is of people running SCA's out there what builds are you using
and how often if at all do you get hangs?   Looks like they've had hanging
issues around for a lot of builds now.    I'm thinking I'd like to ask Cisco
(or Sonic Wall) to  GIVE me a second unit to load balance between, until they
really have their hanging issues fixed. ;-)     So our ssl sites won't be
inaccessible while we send our people over to the co-lo to power on and off
this device.

Thanks for any and all input,
Lynn




____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com

[prev in list] [next in list] [prev in thread] [next in thread]