Guest

Preview Tool

Cisco Bug: CSCut61989 - Delays in response when parallel query+subscribe requests sent

Last Modified

Feb 24, 2016

Products (1)

  • Cisco ASA Content Security and Control

Known Affected Releases

1.0(0.12)

Description (partial)

Symptom:
WSA uses the query+subscribe RADIUS request to query for user name based on IP and to subscribe to changes for that specific IP (meaning CDA will send notification if the user IP is removed or changed)

It has been seen that if multiple WSA devices issue these requests in parallel it can introduce delays in the response. In lab tests with 5-6 simulators running in parallel delays up to and including 2 seconds have been seen. Note that the timeout for requests from the WSA is set to 2 seconds and this can cause the timeout to be exceeded.

Conditions:
CDA sends CoA notifications to WSA about any mapping changes. In case the WSA does not respond to such CoA message the CDA changes the WSA state to out-of-sync. WSA then invalidates its local cache and replays the query+subscribe requests. It has been seen that if multiple WSA devices issue these requests in parallel it can introduce delays in the response.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.