Cisco Cisco ACE Application Control Engine Module
6
Release Note for the Cisco Application Control Engine Module
OL-26644-03
New Software Features in Version A5(3.0)
Configuration and Restrictions
The content-rewrite happens for the response data based on the amount of data that HTTP module
received from TCP. By default, HTTP receives up to 32K bytes (including headers) of response data
(Default TCP buffer share is 32K). Hence the content-rewrite works fine up to first 32K response data,
if the response data is more than 32K then ACE will send out the remaining data without doing any
content-rewrite.
received from TCP. By default, HTTP receives up to 32K bytes (including headers) of response data
(Default TCP buffer share is 32K). Hence the content-rewrite works fine up to first 32K response data,
if the response data is more than 32K then ACE will send out the remaining data without doing any
content-rewrite.
If you want to send more data from TCP to HTTP then you can increase the tcp buffer-share size to up
to 48K, then ACE will do the content-rewrite for the first 48K response data and bypasses the remaining
response data without content-rewrite.
to 48K, then ACE will do the content-rewrite for the first 48K response data and bypasses the remaining
response data without content-rewrite.
Example:
parameter-map type connection conn-tcp
set tcp buffer-share 49152
Note
We have observed ACE is taking more time to do content-rewrite for large response files, (For one GET
request of 48K byte data with content-rewrite is taking approximately 6 seconds.)
request of 48K byte data with content-rewrite is taking approximately 6 seconds.)
The ability to support basic and extended regex will depend on the support of regex parser on DP.
Content rewrite rule must have both content regex pattern and replacement pattern.
Content rewrite rule must have both content regex pattern and replacement pattern.
action-list type modify http data_rewrite
content rewrite response content-string "first" replace "last"
policy-map type loadbalance first-match NM-WEB-PROD
class WEB-SB17
serverfarm WEB-SB17
action data_rewrite
class WEB-SB16
serverfarm WEB-SB16
action data_rewrite
class class-default
serverfarm WEB-SB10
action data_rewrite
policy-map multi-match CLIENT-VIPS
class NM-WEB-PROD
loadbalance vip inservice
loadbalance policy NM-WEB-PROD
loadbalance vip icmp-reply active
nat dynamic 10 vlan 112
Support of TLS1.1 and TLS1.2
ACE Software A5(3.0) supports the newer versions of TLS (TLS 1.1 and TLS 1.2). This enables ACE
to successfully negotiate with TLS1.1 and TLS1.2 clients (in front-end and end-to-end SSL
configuration) and to also act as a TLS1.1 or TLS1.2 server (in back-end and end-to-end SSL
configuration).
to successfully negotiate with TLS1.1 and TLS1.2 clients (in front-end and end-to-end SSL
configuration) and to also act as a TLS1.1 or TLS1.2 server (in back-end and end-to-end SSL
configuration).
This feature is implemented over existing SSL/TLS software stack. The existing Handshake design or
packet flow is re-designed to support application record and handshake record interleave feature, at the
same time it does not impact existing features of SSL/TLS.
packet flow is re-designed to support application record and handshake record interleave feature, at the
same time it does not impact existing features of SSL/TLS.