Cisco Bug: CSCuw41269 - PSN01 is down/ PSN02 slow response causing iPEP dropping the session
Jun 09, 2016
- Cisco Identity Services Engine
Known Affected Releases
Symptom: -- Http Sessions are not getting redirected. Conditions: -- ASA ----- IPN ----- PSN01 ----- PSN02 -- Tuning timers on iPEP as 2 secs and 1 retry before is fails over to PSN02. Which means if ASA sends AAA request it receives a response after 4 seconds. (while PSN01 is down). But the interim update packet from ASA is arriving on iPEP within 2 seconds. There is no way to achieve that quick failover on IPEP. The order is like this: T+0 Secs ASA sends Accounting Start request T+2 Secs ASA sends Accounting Interim update request T+4 Secs iPEP responds to Accounting request T+6 Secs iPEP responds to Interim update request. The issue here is iPEP is not processing the Interim update till it finishes processing the initial Accounting request. Hence though there are sufficient details about the client, the http sessions are not getting redirected (dropped with jetty errors).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases