Guest

Cisco SCA 11000 Series Secure Content Accelerators

Field Notice: *Expired* FN - 16871 - Cisco CSS SCA Version 3.0.5 Software Can Cause the SCA to Panic and Reboot


Revised November 27, 2007

December 10, 2001

NOTICE:

THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

  • CSS-SCA-2FE-K9

Problem Description

If a client submits an HTTP method, such as get or post, with data exceeding a total of five kilobytes, the buffering routine used in the SCA's SSL proxy subsystem will fail to handle the data correctly. This data can include URLs, headers, cookies, or any other attached data. This failure will cause the SCA to panic and reboot. . The unit will return to service in under 15 seconds, and will remain operational until another large amount (exceeding 5 kilobytes) of data is sent by the client.

Problem Symptoms

Version 3.0.5.3 of the Secure Content Accelerator will cause the device to panic and reboot when the client browser sends a request larger than 5 kilobytes.

Workaround/Solution

Solution

Apply version 3.0.6 of the SCA code. Version 3.0.6 revises the way in which the SCA allocates memory to the process of reading data from the client. A side effect of this stability enhancement is a reduction in the total number of concurrent connections that the SCA can handle from 1600 to prior performance levels of 800 concurrent connections.

Performance Considerations

Although version 3.0.6 reduces the concurrent SSL handling performance of the SCA to its original levels, version 3.1 with its completely rewritten SSL proxy subsystem will boost concurrent performance to 5000 connections with no data size limitations.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.