Hi all In aggressive mode and with Intercept mode, the retransmission timeout will reduce to half. In the highlighted snippet, it is stated that the timeout will be 2, 4,8 and 16. Why is it increasing? It should be in reverse right? I know, I am missing something. Please comment.
Snippet from http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_tcp_intercpt_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1000893 Changing the TCP Intercept Aggressive Thresholds Two factors determine when aggressive behavior begins and ends: total incomplete connections and connection requests during the last one-minute sample period. Both thresholds have default values that can be redefined. When a threshold is exceeded, the TCP intercept assumes the server is under attack and goes into aggressive mode. When in aggressive mode, the following occurs: •Each new arriving connection causes the oldest partial connection to be deleted. (You can change to a random drop mode.) •The initial retransmission timeout is reduced by half to 0.5 seconds, and so the total time trying to establish the connection is cut in half. (When not in aggressive mode, the code does exponential back-off on its retransmissions of SYN segments. The initial retransmission timeout is 1 second. The subsequent timeouts are 2 seconds, 4 seconds, 8 seconds, and 16 seconds. The code retransmits 4 times before giving up, so it gives up after 31 seconds of no acknowledgment.) •If in watch mode, the watch timeout is reduced by half. (If the default is in place, the watch timeout becomes 15 seconds.) With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
