search cancel

WSS agent randomly switching between TCP and UDP protocols

book

Article ID: 216279

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Roaming users accessing internet via WSS, using the WSS agents

No issues seen establishing connections to WSS from the agent

WSS agent however is not consistent in terms of the transport layer protocol (TCP and UDP) into WSS - uses UDP predominantly but occasionally sees TCP.

Ideally we want to use UDP for performance reasons (better buffering and lower transport layer overhead)

Environment

WSS agent

Windows or MacOS platforms

Cause

The authentication phase of the tunnel establishment challenges user for credentials, and is done using 100 byte messages within the UDP datagrams. As a result of these small messages, we need quite a few to complete the authentication. If any of these small messages get dropped, and we don't retransmit at the application level fast enough, a switch to TCP will be done automatically.

Resolution

WSS back end increase the size of the message buffer to be in line with MTU settings and now the authentication can complete within a few packet exchanges. The changes of dropping packets during this exchange are minimised, as is the changes of failing back to TCP because of drops.