Cisco Bug: CSCut61989 - Delays in response when parallel query+subscribe requests sent
Feb 24, 2016
- Cisco ASA Content Security and Control
Known Affected Releases
Symptom: WSA uses the query+subscribe RADIUS request to query for user name based on IP and to subscribe to changes for that specific IP (meaning CDA will send notification if the user IP is removed or changed) It has been seen that if multiple WSA devices issue these requests in parallel it can introduce delays in the response. In lab tests with 5-6 simulators running in parallel delays up to and including 2 seconds have been seen. Note that the timeout for requests from the WSA is set to 2 seconds and this can cause the timeout to be exceeded. Conditions: CDA sends CoA notifications to WSA about any mapping changes. In case the WSA does not respond to such CoA message the CDA changes the WSA state to out-of-sync. WSA then invalidates its local cache and replays the query+subscribe requests. It has been seen that if multiple WSA devices issue these requests in parallel it can introduce delays in the response.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases