cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sequence number gap rate and SSL traffic decryption relation

rsharma374
Contributor

Hello Guys,

I need to know if there is any relation between a high sequence gap rate and SSL traffic not getting decrypted on DC RUM. We are experiencing a high SNGR and also the traffic flowing through the netscalers is not getting decrypted.


6 REPLIES 6

Krzysztof_Ziemi
Dynatrace Pro
Dynatrace Pro

Sure there will be a direct correlation: SSL decryption requires 100% packets successfully delivered to the AMD, otherwise decryption wouldn't work, by the nature of SSL. Sequence gaps means that some packets are lost on the way, most probably it may be because of overladed switch/NPB interfaces dropping packets or high duplicate packet ratio and duplicates overflowing de-dup buffers on AMD.


Thanks Kris, we are currently experiencing sngr of min 0.5% to max 80/90 % which keeps on fluctuating. should this be 0% all the time ?


Krzysztof_Ziemi
Dynatrace Pro
Dynatrace Pro

Some noise may be present, single-percenates can be expected. Sure 0% is initial, but hardly possible. Fluctuation may indicate some interface overload conditions indeed. It would probably be good to scrutinize with your network team how exactly are the packets obtained from the network, at what interfaces, with what interface utilizations on the way. Look for e.g. 1 Gbps interfaces to which 4x 1Gbps traffic is sent. Or similar misconfigs.


I know you told me already that high sngr would affect the SSL traffic decryption but since it is fluctuating and not always high should we expect the ssl decryption to work when the sngr is low during the fluctuations ?


Krzysztof_Ziemi
Dynatrace Pro
Dynatrace Pro

Unfortunately the answer is - it depends. SSL sessions can be decrypted when they are seen complete from the very beginning, without missing packets, including session establishment . So if you have sessions that start when traffic quality is still good - decryption should work for these sessions. But it's a sideway discussion, really. Without good monitored traffic quality the measurements can't be reliable, garbage in - garbage out:-)


Thank you for the explanation Kris.