Environment
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3 Linux Access Gateway
Novell Access Manager 3 Linux Access Gateway
Situation
Access Manager 3.1 SP 1 setup and running fine. Several simple reverse proxies are set up to accelerate different back end applications. Initial tests from both the main corporate headquarter network and from certain users homes indicated that these applications work. However, from some remote office locations and other individual home locations, users experienced problems where application pages would only partially load, or application errors were visible on the browser.
Resolution
Disable NIC on board TCP checksumming using ethtool. The exact syntax for doing this is 'ethtool -K ethX tso off' where X corresponds to the interface number of the NICs on the system eg. eth0, eth1. For more details, check out http://www.linuxfoundation.org/collaborate/workgroups/networking/tso
Additional Information
The Linux Access Gateway is an appliance that is based on SLES 9 SP3 OS. This version of the OS has issues with certain NICs that have the on board TCP checksumming functionality enabled eg. many broadcom drivers. Such issues cause random dropping of packets that can cause the above application errors.
Access Manager 3.1 Support Pack 2 will have a SLES11 based Linux Access Gateway appliance, and this problem will not exist on that platform.
Access Manager 3.1 Support Pack 2 will have a SLES11 based Linux Access Gateway appliance, and this problem will not exist on that platform.