Cisco Cisco Web Security Appliance S170 사용자 가이드
A-7
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Hardware Issues
However, at times you may experience a noticeable reduction in upload or download speeds; for
example, when transferring large files via proxy. To illustrate: assuming a 10-Mbps line, downloading a
100-MB file that passes through a WSA can be approximately seven to eight times slower than
downloading the file directly from its server.
example, when transferring large files via proxy. To illustrate: assuming a 10-Mbps line, downloading a
100-MB file that passes through a WSA can be approximately seven to eight times slower than
downloading the file directly from its server.
In non-typical environments that include a larger proportion of large-file transfers, you can use the
networktuning
command to increase send and receive buffer size to alleviate this issue, but doing so can
also cause network memory exhaustion and affect system stability. See
for details of the
networktuning
command.
Caution
Exercise care when changing the TCP receive and send buffer control points and other TCP buffer
parameters. Use the
parameters. Use the
networktuning
command only if you understand the ramifications.
Here are examples of using the
networktuning
command on two different appliances:
On an S380
networktuning
sendspace = 131072
recvspace = 131072
send-auto = 1 [Remember to disable miscellaneous > advancedproxy > send buf auto tuning]
recv-auto = 1 [Remember to disable miscellaneous > advancedproxy > recv buf auto tuning]
mbuf clusters = 98304 * (X/Y) where is X is RAM in GBs on the system and Y is 4GB.
sendbuf-max = 1048576
recvbuf-max = 1048576
Q.
What are these parameters?
A.
The WSA has several buffers and optimization algorithms which can be altered for specific needs.
Buffer sizes are originally optimized to suit the “most common” deployment scenarios. However,
larger buffer sizes can be used when faster per-connection performance is needed, but note that
overall memory usage will increase. Therefore, buffer-size increases should be in line with the
memory available on the system. The send- and receive-space variables control the size of the
buffers available for storing data for communication over a socket. The send- and receive-auto
options are used to enable and disable dynamic scaling of send and receive TCP window sizes.
(These parameters are applied in the FreeBSD kernel.)
Buffer sizes are originally optimized to suit the “most common” deployment scenarios. However,
larger buffer sizes can be used when faster per-connection performance is needed, but note that
overall memory usage will increase. Therefore, buffer-size increases should be in line with the
memory available on the system. The send- and receive-space variables control the size of the
buffers available for storing data for communication over a socket. The send- and receive-auto
options are used to enable and disable dynamic scaling of send and receive TCP window sizes.
(These parameters are applied in the FreeBSD kernel.)
Q.
How were these example values determined?
A.
We tested different sets of values on a customer’s network where this “problem” was observed, and
“zeroed in” on these values. We then further tested these changes for stability and performance
increase in our labs. You are free to use values other than these at your own risk.
“zeroed in” on these values. We then further tested these changes for stability and performance
increase in our labs. You are free to use values other than these at your own risk.
Q.
Why are these values not the defaults?
A.
As mentioned, by default the WSA is optimized for the most-common deployments, and operating
in a very large number of locations without per-connection performance complaints. Making the
changes discussed here will not increase RPS numbers, and in fact may cause them to drop.
in a very large number of locations without per-connection performance complaints. Making the
changes discussed here will not increase RPS numbers, and in fact may cause them to drop.
Hardware Issues
•
•
•