Comment 351 for bug 417757

Cisco have confirmed that this is a timing related bug, fixed in ACE software 1.5. The Cisco bug number is CSCsw52831.

I have also found another interesting behaviour, which I'll document here for reference; we have a 2nd DNS IP that passes through our ACE (but is not handled by the ACE). This was also suffering problems, but my test script was not.

The difference appears to be in the use of connected versus unconnected UDP sockets. Specifically, unconnected UDP sockets seem (under Linux) to always have an IP ID==0, and pass through the ACE fine. Connected UDP sockets seem to have incrementing IP IDs, and seem to get treated in a session-aware manner, and subject to the same timing bug.

glibc seems to use connected sockets, and thus hits the bug.

I hope this info is of interest. If someone knows which version of the F11 glibc RPM contains the "only 1st lookup is slow" fix, that would be useful.