First ping probe timeout

Hello,
May be silly question but...
When I check connectivity between two neighbour Cisco devices (routers and switches) using standart ping command with default parameters, I frequently see, what first ping probe is timeout and next four are successfull
I suppose what on Ethernet links this is due ARP mechanism. But default ping timeout 2s, ARP Requst/Reply roundtrip on 100 Mbit/s Ethernet is ~ 100 us (I have observed with analyzer).
The same situation on serial point-to-point links, where no ARP exists.
Any Idea, why first ping probe is timeout?
Also I have found this question in Cisco BCMSN Course LAB Guide
On some pings, there was one lost packet (.) and then four good packets. You should know why that occurred.
Best Regards,
Tomas

Tomas
To understand this behavior I suggest that you start with show arp and look for the destination that you will ping. Then run debug arp and debug ip icmp. Then try the ping. This should help to clarify what the router does if the destination is not in the arp table and how that impacts the first ping.
HTH
Rick

Similar Messages

ACE ping probe

Hi,
I have a strange problem on my ACE in one-arm design.
I have a real server which I can ping from the ACE, but a ping probe always fails:
server : APACHE4
10.144.131.6 28 28 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 4 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Server reply timeout (no reply)
Last probe time : Sat Dec 9 11:42:57 2006
Last fail time : Sat Dec 9 11:29:57 2006
Last active time : Never
ace/INTRANET# ping 10.144.131.6
Pinging 10.144.131.6 with timeout = 2, count = 5, size = 100 ....
Response from 10.144.131.6 : seq 1 time 0.335 ms
Response from 10.144.131.6 : seq 2 time 0.181 ms
Response from 10.144.131.6 : seq 3 time 0.340 ms
Response from 10.144.131.6 : seq 4 time 0.266 ms
Response from 10.144.131.6 : seq 5 time 0.341 ms
5 packet sent, 5 responses received, 0% packet loss
I have a couple of other real servers which do not have this problem.
Any ideas?
According to netflow on the 6500 the server answers correctly.
There are no syslog messages.
interface vlan 552
ip address 10.144.130.3 255.255.255.0
alias 10.144.130.1 255.255.255.0
peer ip address 10.144.130.2 255.255.255.0
no normalization
no icmp-guard
access-group input PERMIT
service-policy input MANAGEMENT
service-policy input SLB
no shutdown
probe icmp PING
interval 2
faildetect 5
passdetect interval 30
passdetect count 2
rserver host APACHE1
ip address 10.144.131.131
probe PING
inservice
rserver host APACHE2
ip address 10.144.131.132
probe PING
inservice
rserver host APACHE3
ip address 10.144.131.133
probe PING
inservice
rserver host APACHE4
ip address 10.144.131.6
probe TEST
probe PING
inservice
probe tcp TEST
port 22
interval 2
faildetect 5
passdetect interval 30
passdetect count 2
ace/INTRANET# sh probe
probe : PING
type : ICMP, state : ACTIVE
port : 0 address : 0.0.0.0 addr type : -
interval : 2 pass intvl : 30 pass count : 2
fail count: 5 recv timeout: 10
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
rserver : APACHE1
10.144.131.131 2312 0 2312 SUCCESS
rserver : APACHE2
10.144.131.132 2311 0 2311 SUCCESS
rserver : APACHE3
10.144.131.133 2311 0 2311 SUCCESS
rserver : APACHE4
10.144.131.6 38 38 0 FAILED
rserver : IIS1
10.144.131.129 2311 0 2311 SUCCESS
rserver : IIS2
10.144.131.130 2311 0 2311 SUCCESS
probe : TEST
type : TCP, state : ACTIVE
port : 22 address : 0.0.0.0 addr type : -
interval : 2 pass intvl : 30 pass count : 2
fail count: 5 recv timeout: 10
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
rserver : APACHE4
10.144.131.6 557 0 557 SUCCESS
I have 3.0(0)A1(3b)

Hi,
unfortunately your URL did not help me.
I found out that the sup720-3b adds a 23bytes zero-byte padding to exact the frames corresponding to the failing ping probe. I saw this by spanning the internal te4/1 port from the switch to the ACE to a sniffer.
The strange thing is that the frame is padded although it's larger than the minimum frame size of 64 bytes.
When I configure a log-input ACL on the sup720-3b to force the traffic to be routed by the MSFC3 instead of the PFC3 then the ping probe works and the same frames are not padded any more!!
We run IOS modularity on the sups and according to the 12.2SX release notes they do not support the ACE. I suppose that's the root cause. We will change the sup sw ASAP.

Getting PROBE TIMEOUT Error....please help me out...It is urgent

Hello,
I'm running a stored procedure in oracle 10G that select data from one table and inserts the selected data into another table. The procedure populates for a short while and then I get the following messages:
1. probe: timeout Occurred
2. probe: Exception raised in the DBMS_DEBUG package
Why is this happening and what should I do to resolve the above issue?
Please help me out....This is really urgent...
Thanks a lot in advance....
Regards,
Suranjita

Please check Database alert log to see if any error is raised ?

Iterator moves to first row on Timeout

I've been finally able to reproduce an issue that has randomly popped up in my application where some of the datapoints in my page seem to point to the 'first' row and not to the 'current' row.
Please consider the following test scenario:
- My taskflow consists on 2 pages: the first one automatically runs a query and shows a bunch or clickable results (Parent1, Parent2, etc). Upon clicking on any of the results page #2 displays the details.
- Page #2 is organized such that the top section shows datapoints coming from a Parent record and the bottom section render a bunch of tabs(showDetailItem) components where the children's datapoints reside.
- Now this is the issue I'm facing: If I go to the details page for let's say row #10 I can see as expected the datapoints for Parent10 as well as its correspondent child records. So far so good but if I leave the page unattended for about an hour and then try to switch to a different tab to my surprise what I see are the children of Parent1. The end result is that the top section is pointing to Parent10 but the bottom section which is the one that was refreshed after an hour now points to Parent1 in the previous screen.
It seems to me that I'm having a timeout issue that's causing the current ViewState to get lost.
My web.xml session timeout setting is set for 3 hours so I don't think this is the issue. Where else should I set this value?
Another alternative would be that regardless of the timeout setting I would like to catch this timeout event and automatically redirect the user to the login page but I'm not sure how to do this in ADF.
Any pointers are greatly appreciated.
Thanks,
MV

Hi MV,
There are 2 places were you can set the timeout one is the web.xml and the other one is the weblogic.xml. The former takes precedence over the latter, however I think your current timeout might be cause by weblogic.xml given that your web.xml already has 3 hours. In any case if you would like to redirect to another page after timeout, you need to create a PagePhaseListener, see this blog post for an example:
http://www.baigzeeshan.com/2011/07/how-to-automatically-redirect-to.html
Let us know how it goes,
Juan C.

Integration Broker: Ping Node Timeouts

Hey,
I'm trying to configure IB but I'm having problems with the node. Running PeopleSoft HR 9.1 with tools 8.50.11. I can sucessfully ping the gateway and it comes back with a status of active. Then I go to setup the node using the default node, PSFT_HR, and I ping the node. The process starts but never ends. After a few minutes the process timesout and the system kicks out. If I enter incorrect information, such as the wrong username/password, the process will end normally and give me a message.
Has anyone experienced this problem? Are there steps in the configuration I am missing?
Thanks in advance...

under advanced gateway setup, did u setup the local node with the right application server name and port number, right tools patch.
USERname and pswd should match from PSOPRDEFN, account should be unlocked.
gateway ping active status has nothing to do with the local node ping. check that out and update this discussion.
Thanks!

First serious prob w/Mac Pro -- errors galore

New to mac, got this a few months ago, using Final Cut Pro a fair amount, which was my impetus for getting it.
Earlier this week I went to http://www.brother-usa.com/ptouch/ and downloaded the mac version of the p-touch printer program, so I can run it (runs fine from my PCs). I installed, didn't seem to work, uninstalled.
Then the fun began. Suddenly other programs wouldn't open...dreamweaver, adobe acrobat, compressor in final cut pro, then final cut pro.
So I reinstalled these programs, not all worked, so I did my best to delete the original version, then reinstalled again, and each one seems to be working okay now, except for adobe having some probs (but after effects and photoshop cs2 never had problems and I haven't had to reinstall).
Anyhow, I feel like things are still off and not sure how to check, if there's a program I should be running. For example, when I look at
/user/library/preferences/
I see files like "DivX Decoder 6.0 Preferences" and "Roxio Toast Prefs" which under "kind" say they are "Microsoft Entourage preferences" -- and quite a number of the files in this library are listed as "Microsoft Entourage preferences" which I know is not right. I do have a microsoft office package installed, which all seems to run fine at the moment (though I can no longer print PDF files, which used to be an option...).
So is there some virus in here? Or something that has changed the "kind" for certain files so that they stop being correctly recognized and don't work right?
Would appreciate any advice or insight since, as I said, I'm a total newbie to mac and hardly know where to begin understanding my prob. Thanks.

Mac OS X - it is essential when installing software to launch Disk Utility and run Repair Permissions.
Command + I when you click on an item, bring up the "Open With..." and change it to the correct default.
Sounds like might need to update the Launch Services database or something.
I use Applejack and use to use Tiger Cache Cleaner to keep mac healthy, along with use of Disk Utility, Disk Warrior, and some bootable backups (no limit on how many drives can have a boot volume).
New to Mac? Try "Missing Manual" for OS X or look:
http://www.apple.com/macosx/resources/
And check out some of the tutorials and reports.
http://www.macfixit.com/ - excellent tutorials, troubleshooting
http://www.macintouch.com/ - lots of user feedback reports that are easy to search

ACE Health probe for SIP

I've setup a SIP probe to check the health of a Microsoft OCS. The health of this server is always failed. What am I missing? I also tried it with a telnet probe on port 5061, but got the same result. A telnet from ACE to the server on port 5061 works fine.
See below a show probe SIP detail and the relevant configuration.
ACE21_Secondary/MOCS# sh probe SIP det
probe : SIP
type : SIP
state : ACTIVE
description :
port : 5061 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 10 pass count : 3
fail count: 3 recv timeout: 4
request-method : OPTIONS
conn termination : GRACEFUL
expect offset : 0 , open timeout : 2
expect regex : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
rserver : OCS_11
10.105.11.70 5061 -- 7566 7566 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 0
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Server reply timeout (no reply)
Last probe time : Thu Oct 30 14:18:42 2008
Last fail time : Tue Oct 28 16:31:30 2008
Last active time : Never
ACE21_Secondary/MOCS# sh run
probe sip tcp SIP
port 5061
interval 10
passdetect interval 10
receive 4
expect status 200 200
open 2
rserver host OCS_11
ip address 10.105.11.70
probe SSL
probe PING
probe SIP
probe SIP_TELNET
inservice
Cheers
Peter

Peter,
make sure to NOT run version A2(1.1a) as SIP probes are broken in that specific release.
If your version is something else, get a sniffer trace on the server to see what is going on.
Seems like we don't get a reply according to the line :
"Last disconnect err : Server reply timeout (no reply) "
Gilles.

Multiple health probes on CSM

We have a CSM blade in a 6509, IOS 12.2(18)SXF7, CSM softvare version 4.2(7);
We'd like to create a serverfarm, where servers are checked for several ports and only considered as working when all probes succeed.
Although Cisco docs state that there should be a possibility to associate multiple probes with a serverfarm, I haven't managed to do so.
Here's what I've tried:
probe PING icmp
interval 5
failed 10
receive 4
probe TCP-1234 tcp
interval 10
retries 2
failed 25
port 1234
real PROBE-TEST-R
address 1.2.3.4
serverfarm PROBE-TEST-SF
real name PROBE-TEST-R
health probe PING
health probe TCP-1234
but when trying to add the second probe, I get:
% You must first disassociate from probe PING.
Any ideas, how multiple probes could be implemented?

Configure them as probe under the serverfarm..not health probe.
serverfarm PROBE-TEST-SF
probe PING
probe TCP-1234
Gilles.

I need a timer function to ping the server every 5 secs??using threads.

I need a timer function to ping the server every 5 secs??
using threads...i have to use a thread coz i cant use Timer and Timer Task coz clients r on the JDK1.2 version.I have created a thread which keeps checking th ping msg & any server msg is pings 4 the1st time properly but then it just waits to read the response from server but it doesnt but the server shows that it has send the msgs to client???PLEASE HELP URGENT

Few things are not clear from your post, like, are you using sockets and if you are, how are u reading writing to them (ur sample code would help)...
Anyways if you are, are you doing accept on your socket in a while(true) loop or just once... If you do it only once you will get the first ping message but none afterwards if the other side closes and opens new sockets for every send... What I am suggesting is something like the following:
ss = new ServerSocket(port);
while(true)
     s = ss.accept();
     is = s.getInputStream();
     os = s.getOutputStream();
     reader = new BufferedReader(new InputStreamReader(is));
     writer = new BufferedWriter(new OutputStreamWriter(os));
     String in = reader.readLine();
        // do something with this string
        s.close();
        // put some check here to break out of this infinite loop
}// end of While

CSM 4.2(5): Reoccuring failed health probes

Hi all
I've finally started to investigate an issue I have with our CSM setup. Several times a day I get the below syslog message from the 6500
10:49:11: %CSM_SLB-6-RSERVERSTATE: Module 4 server state changed: SLB-NETMGT: TCP health probe failed for server
Then a few seconds later
10:49:41: %CSM_SLB-6-RSERVERSTATE: Module 4 server state changed: SLB-NETMGT: TCP health probe re-activated server
I never seems to catch the event in action and can never verify if the real server is indeed failed or if this is only a probe timeout. I have both layer 2 and layer 3 server farms in operation and this problem occurs on all of my server farms a few times a day.
No pattern and I have no other indications of any problems. I have most of the probes set on 1 repeat and 30sec timeout. Increase the probe timeouts perhaps?
Regards
Fredrik

Those error messages are related to probing the CSM does when determining server health. For a TCP probe, this means that the CSM either gets a TCP RST from the server or it does not see a SYN-ACK coming from the server.

Ping blocks when looking up reverse dns PTR/RR

Hi!
If someone could shed some light on this behaviour, it would really make my day!
When using ping -s to ping an ip address that doesn't have a PTR RR, ping will timeout until dns timeout.
This would be fine, except that when the replys do show, it's response times are off the roof:
PING 80.79.163.74: 56 data bytes
64 bytes from 80.79.163.74: icmp_seq=0. time=5.65 ms
64 bytes from 80.79.163.74: icmp_seq=1. time=1.38e+05 ms
64 bytes from 80.79.163.74: icmp_seq=2. time=1.37e+05 ms
64 bytes from 80.79.163.74: icmp_seq=3. time=1.36e+05 ms
64 bytes from 80.79.163.74: icmp_seq=4. time=1.35e+05 ms
64 bytes from 80.79.163.74: icmp_seq=5. time=1.34e+05 ms
64 bytes from 80.79.163.74: icmp_seq=6. time=1.33e+05 ms
64 bytes from 80.79.163.74: icmp_seq=7. time=1.32e+05 ms
64 bytes from 80.79.163.74: icmp_seq=8. time=1.31e+05 ms
64 bytes from 80.79.163.74: icmp_seq=9. time=1.30e+05 ms
64 bytes from 80.79.163.74: icmp_seq=10. time=1.29e+05 ms
64 bytes from 80.79.163.74: icmp_seq=139. time=236. ms
64 bytes from 80.79.163.74: icmp_seq=140. time=5.92 ms
however, snooping while ping is busy with dns shows that packages do get transmitted and recieved, ping without -s works fine, ping -sn also works fine.
I can reproduce this on 8,9 and 10 of solaris, so I assume this is expected behaviour, although I cannot find any information about this issue, do you know more?
br, Christofer.
Edited by: oholiks on Jun 30, 2008 1:03 AM
added ping example.

Try to debug this:
nslookup -debug hostname
user@server# nslookup -debug aaa.aaa.aaa.aaa vld-dc-1
Server: domain-controller-1
Address: xxx.xxx.xxx.xxx#yy
QUESTIONS:
aaa.aaa.aaa.aaa.in-addr.arpa, type = PTR, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> aaa.aaa.aaa.in-addr.arpa
origin = domain-controller-1
mail addr = admin.ru
serial = 26
refresh = 900
retry = 600
expire = 86400
minimum = 900
ADDITIONAL RECORDS:
** server can't find aaa.aaa.aaa.aaa. in-addr.arpa: NXDOMAIN
The solutions:
1) add correct dns records to resolve host names
2) add IP in /etc/hosts

Slow ping latency with Time Machine

Time Machine router is slowing ping speeds substantially over the last few months, now it is getting ridiculous. Using speedtest.net I get ping readings averaging 998ms when it used to be 30ms.
A direct Ethernet connection from Time Machine also has slow pings, yet when I bypass Time Machine and connect directly from the cable modum to iMac the speed ping tests are the same. TC is slowing ping activity and it is frustrating. Could this have something to do with DNS address changing for ISP?

A direct Ethernet connection from Time Machine also has slow pings, yet when I bypass Time Machine and connect directly from the cable modum to iMac the speed ping tests are the same. TC is slowing ping activity and it is frustrating. Could this have something to do with DNS address changing for ISP?
As I read that sentence it says pings are poor on the TC (not TM that is software on the computer). And when I do direct cable modem "ping tests are the same." Same as the TC? Sorry can you please clarify the English.
If it has something to do with DNS ping by IP and not URL name.
ie first ping an address by name.. please copy and paste the result here.
Then ping by IP, that will avoid using dns. Copy and paste the result here.
Then ping the identical address by name and IP direct to the cable modem. Copy and paste the result here.
Then ping the TC direct. Use a traceroute command to the URL you pinged (one that is important to you and is causing issues due to slow speed.)

Application connects only after Ping test...

I have quite a strange situation happening. We have a remote administration application that connects to a server via IP, the connection will not happen and I get a "Server Not Found" error message anytime I try to launch the app. However, if I will first ping the host, which the host replies successfully, then try and launch the app, the connection happens...
Any ideas????

Before u do the ping, can u check to see if there's already a mac-address resolution to the IP u're connecting to?
And when u launch ur application, and when it fails, can u also check n see if a mac-address resolution to the IP is already in the arp cache of ur host?
What i think is, when u do a ping, it checks its arp cache and not find an entry for the destination ip, hence does an arp for the mac. Once resolved the dst. IP to mac, ur application then knows how to connect to it.
Somehow, in any normal circumstance, the launching of any application will arp for the dst. host mac if the local host does not already have an arp entry for the dst. ip.
If ur dst. ip is located in a different network crossing a gateway, the local host should then arp for the gateway's mac.

ACE20 Module with Exchange 2010 Configuration

Hello all,
I have deployed the following configuration for Exchange 2010, if all services are up on the two servers it functions good but if a service goes down on one server (especially outlook) some clients are disconnected (stickiness) ...
Stickiness is needed for all services by ip source sticky and by coockies for OWA.
Because all services are on the same server (ip address) the configured sticky causes problems !!! when a service is down the ACE usually forwards requests to it !!!! Any help please.
Configuration :
XXXXX-ACE1/CTXT-EXCHANGE(config)# do sh run
Generating configuration....
access-list BPDU-Allow ethertype permit bpdu
access-list EXCH-LB line 10 extended permit ip any any
probe http HTTP-GET
interval 10
passdetect interval 10
request method get url /iisstart.htm
expect status 200 202
probe icmp PING
interval 3
probe tcp abport
port 7575
interval 2
faildetect 2
passdetect interval 10
passdetect count 1
connection term forced
probe tcp epmap
port 135
interval 2
faildetect 2
passdetect interval 10
passdetect count 1
connection term forced
probe tcp http
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe http http-probe
interval 60
passdetect interval 60
passdetect count 2
request method get url /exchweb/bin/auth/owalogon.asp
expect status 400 404
probe tcp https
port 443
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe http https-probe
interval 60
passdetect interval 60
passdetect count 2
request method get url /owa/auth/login.aspx
expect status 400 404
probe tcp imap
port 143
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp imaps
port 993
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe udp ipsec
port 500
interval 2
passdetect interval 2
passdetect count 1
probe icmp ping
interval 2
passdetect interval 2
passdetect count 1
probe tcp pop3
port 110
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp pop3s
port 995
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp rpcport
port 7576
interval 2
faildetect 2
passdetect interval 10
passdetect count 5
connection term forced
probe tcp smtp
port 25
interval 2
passdetect interval 2
passdetect count 1
connection term forced
rserver host CAS1
ip address 172.22.101.74
inservice
rserver host CAS2
ip address 172.22.101.76
inservice
rserver host HUB1
ip address 172.22.101.75
inservice
rserver host HUB2
ip address 172.22.101.77
inservice
rserver redirect RPC-REDIRECT
rserver redirect SSLREDIRECT
webhost-redirection https://mail.tunisiana.com/owa 302
inservice
serverfarm host CAS-Outlook
probe PING
probe abport
probe epmap
probe rpcport
fail-on-all
rserver CAS1 135
    inservice
rserver CAS1 7575
    inservice
rserver CAS1 7576
    inservice
rserver CAS2 135
    inservice
rserver CAS2 7575
    inservice
rserver CAS2 7576
    inservice
serverfarm host CAS-http
probe HTTP-GET
probe PING
rserver CAS1 80
    inservice
rserver CAS2 80
    inservice
serverfarm host CAS-https
probe https
probe ping
rserver CAS1 443
    inservice
rserver CAS2 443
    inservice
serverfarm host CAS-imap
probe PING
probe imap
rserver CAS1 143
    inservice
rserver CAS2 143
    inservice
serverfarm host CAS-imaps
probe imaps
probe ping
rserver CAS1 993
    inservice
rserver CAS2 993
    inservice
serverfarm host CAS-ipsec
probe ipsec
probe ping
rserver CAS1
    inservice
rserver CAS2
    inservice
serverfarm host CAS-pop3
probe ping
probe pop3
rserver CAS1 110
    inservice
rserver CAS2 110
    inservice
serverfarm host CAS-pop3s
probe ping
probe pop3s
rserver CAS1 995
    inservice
rserver CAS2 995
    inservice
serverfarm host CAS-smtp
probe ping
probe smtp
fail-on-all
rserver CAS1 25
    inservice
rserver CAS2 25
    inservice
serverfarm host HUB
probe ping
probe smtp
rserver HUB1
    inservice
rserver HUB2
    inservice
serverfarm redirect RPC-REDIRECT
serverfarm redirect SSLREDIRECT
rserver SSLREDIRECT
    inservice
parameter-map type http STICKY
persistence-rebalance
parameter-map type connection TCP_IDLE_30min
set timeout inactivity 1800
sticky ip-netmask 255.255.255.255 address source HUB-ST
timeout 30
replicate sticky
serverfarm HUB
sticky ip-netmask 255.255.255.255 address source CAS-http-ST
timeout 30
replicate sticky
serverfarm CAS-http
sticky ip-netmask 255.255.255.255 address source CAS-https-ST
timeout 30
replicate sticky
serverfarm CAS-https
sticky ip-netmask 255.255.255.255 address source CAS-imap-ST
timeout 30
replicate sticky
serverfarm CAS-imap
sticky ip-netmask 255.255.255.255 address source CAS-imaps-ST
timeout 30
replicate sticky
serverfarm CAS-imaps
sticky ip-netmask 255.255.255.255 address source CAS-smtp-ST
timeout 30
replicate sticky
serverfarm CAS-smtp
sticky ip-netmask 255.255.255.255 address source CAS-pop3-ST
timeout 30
replicate sticky
serverfarm CAS-pop3
sticky ip-netmask 255.255.255.255 address source CAS-pop3s-ST
timeout 30
replicate sticky
serverfarm CAS-pop3s
sticky ip-netmask 255.255.255.255 address source CAS-ipsec-ST
timeout 30
replicate sticky
serverfarm CAS-ipsec
sticky ip-netmask 255.255.255.255 address source CAS-Outlook-ST
timeout 30
replicate sticky
serverfarm CAS-Outlook
sticky http-cookie sessionid exchange-sticky-sessionid-grp
timeout 20
serverfarm CAS-http
sticky http-cookie cookie OWA-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm CAS-http
sticky http-header Authorization CAS-RPC-HTTP
serverfarm CAS-http
class-map match-any CAS-OUTL-MAPI-VIP
2 match virtual-address 172.22.101.69 tcp any
class-map match-any CAS-Outlook-VIP
2 match virtual-address 172.22.101.69 tcp eq 135
3 match virtual-address 172.22.101.69 tcp eq 7575
4 match virtual-address 172.22.101.69 tcp eq 7576
class-map match-any CAS-http-VIP
2 match virtual-address 172.22.101.69 tcp eq www
class-map match-any CAS-https-VIP
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-any CAS-imap-VIP
2 match virtual-address 172.22.101.69 tcp eq 143
class-map match-any CAS-imaps-VIP
2 match virtual-address 172.22.101.69 tcp eq 993
class-map match-any CAS-ipsec-VIP
2 match virtual-address 172.22.101.69 udp eq 500
class-map match-any CAS-pop3-VIP
2 match virtual-address 172.22.101.69 tcp eq pop3
class-map match-any CAS-pop3s-VIP
2 match virtual-address 172.22.101.69 tcp eq 995
class-map match-any CAS-smtp-VIP
2 match virtual-address 172.22.101.69 tcp eq smtp
class-map match-all CAS_SERVERS
2 match source-address 172.22.101.64 255.255.255.192
class-map match-any HUB-VIP
2 match virtual-address 172.22.101.80 any
class-map match-all HUB_SERVERS
2 match source-address 172.22.101.64 255.255.255.192
class-map match-all OWA-OUTLOOKANYWHERE-SSL
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-all OWA-SSL-CM
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-all OWAREDIRECT
2 match virtual-address 172.22.101.69 tcp eq www
class-map type management match-any REMOTE-MGT
201 match protocol snmp any
202 match protocol http any
203 match protocol https any
204 match protocol icmp any
205 match protocol ssh any
206 match protocol telnet any
policy-map type management first-match REMOTE-MGT
class REMOTE-MGT
    permit
policy-map type loadbalance first-match CAS-Outlook-policy
class class-default
    sticky-serverfarm CAS-Outlook-ST
policy-map type loadbalance first-match CAS-http-policy
class class-default
    sticky-serverfarm CAS-http-ST
policy-map type loadbalance first-match CAS-https-policy
class class-default
    sticky-serverfarm CAS-https-ST
policy-map type loadbalance first-match CAS-imap-policy
class class-default
    sticky-serverfarm CAS-imap-ST
policy-map type loadbalance first-match CAS-imaps-policy
class class-default
    sticky-serverfarm CAS-imaps-ST
policy-map type loadbalance first-match CAS-ipsec-policy
class class-default
    serverfarm CAS-ipsec
policy-map type loadbalance first-match CAS-pop3-policy
class class-default
    sticky-serverfarm CAS-pop3-ST
policy-map type loadbalance first-match CAS-pop3s-policy
class class-default
    sticky-serverfarm CAS-pop3s-ST
policy-map type loadbalance first-match CAS-smtp-policy
class class-default
    serverfarm CAS-smtp
policy-map type loadbalance first-match HUB-policy
class class-default
    serverfarm HUB
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
policy-map type loadbalance first-match OWA-SSL-PM
class class-default
    sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
class class-default
    serverfarm SSLREDIRECT
policy-map multi-match CAS-Outlook-POLICY-MAP
class CAS-Outlook-VIP
    loadbalance vip inservice
    loadbalance policy CAS-Outlook-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-http-POLICY-MAP
class CAS-http-VIP
    loadbalance vip inservice
    loadbalance policy CAS-http-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-https-POLICY-MAP
class CAS-https-VIP
    loadbalance vip inservice
    loadbalance policy CAS-https-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-imap-POLICY-MAP
class CAS-imap-VIP
    loadbalance vip inservice
    loadbalance policy CAS-imap-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-imaps-POLICY-MAP
class CAS-imaps-VIP
    loadbalance vip inservice
    loadbalance policy CAS-imaps-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-ipsec-POLICY-MAP
class CAS-ipsec-VIP
    loadbalance vip inservice
    loadbalance policy CAS-ipsec-policy
    loadbalance vip icmp-reply
policy-map multi-match CAS-pop3-POLICY-MAP
class CAS-pop3-VIP
    loadbalance vip inservice
    loadbalance policy CAS-pop3-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-pop3s-POLICY-MAP
class CAS-pop3s-VIP
    loadbalance vip inservice
    loadbalance policy CAS-pop3s-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-smtp-POLICY-MAP
class CAS-smtp-VIP
    loadbalance vip inservice
    loadbalance policy CAS-smtp-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match EXCH-POLICY
class CAS-imap-VIP
    loadbalance vip inservice
    loadbalance policy CAS-imap-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-imaps-VIP
    loadbalance vip inservice
    loadbalance policy CAS-imaps-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-pop3-VIP
    loadbalance vip inservice
    loadbalance policy CAS-pop3-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-pop3s-VIP
    loadbalance vip inservice
    loadbalance policy CAS-pop3s-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-smtp-VIP
    loadbalance vip inservice
    loadbalance policy CAS-smtp-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-http-VIP
    loadbalance vip inservice
    loadbalance policy CAS-http-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-https-VIP
    loadbalance vip inservice
    loadbalance policy CAS-https-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
class CAS-OUTL-MAPI-VIP
    loadbalance vip inservice
    loadbalance policy CAS-Outlook-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
policy-map multi-match HUB-POLICY-MAP
class HUB-VIP
    loadbalance vip inservice
    loadbalance policy HUB-policy
    loadbalance vip icmp-reply
    connection advanced-options TCP_IDLE_30min
interface vlan 52
description #### vlan client side EXCHANGE ####
bridge-group 1
access-group input BPDU-Allow
access-group input EXCH-LB
service-policy input REMOTE-MGT
service-policy input HUB-POLICY-MAP
service-policy input EXCH-POLICY
no shutdown
interface vlan 54
description #### vlan client side ACE_EXCHANGE ####
bridge-group 1
access-group input BPDU-Allow
access-group input EXCH-LB
service-policy input REMOTE-MGT
service-policy input HUB-POLICY-MAP
service-policy input EXCH-POLICY
no shutdown
interface bvi 1
ip address 172.22.101.123 255.255.255.192
peer ip address 172.22.101.122 255.255.255.192
description EXCHANGE-Bridged-vlans
no shutdown
ip route 0.0.0.0 0.0.0.0 172.22.101.126
Best Regards

Thank you for your email. I am out of the office until March 25th, I will have limited access to my e-mail during this period.
In my absence, please feel free to contact Mr Akram Allani : [email protected]
Thank you for your understanding.
Best regards,
Youssef Boukari

ACE 4710 VIP not pingable even with "always" selected.

Hello, I have a somewhat complicated setup in order to allow one particular VIP to answer for the same serverfarm on two different ports (this was a previous question here.) Here is the scrubbed config below. The setup works, but the issue is that the VIP does not reply to pings. We use both the servers and the vip for monitoring internally. It is still operational on the ports it is balancing, but no setting for ping seems to work (Active, Primary, or Always.) What am I doing wrong here? The other sites I use stickys with respond for their VIPs. I'm assuming this one does not due to the more complicated policy map.
probe http HTML-Site-Up_200
description This probe is to verify HTTP operation via site-up.html check
port 80
interval 5
faildetect 2
passdetect interval 10
request method get url /site-up.html
expect status 200 200
open 2
probe icmp ICMP-Ping
interval 5
faildetect 2
passdetect interval 10
probe tcp RAW-TCP-81
port 81
interval 10
faildetect 2
passdetect interval 20
connection term forced
open 1
rserver host psc-us-EQUIPprd1
description EQUIP Prod, server 1
ip address 10.1.1.84
inservice
rserver host psc-us-EQUIPprd2
description EQUIP Prod, server 2
ip address 10.1.1.85
inservice
serverfarm host EQUIPPROD
description EQUIP Prod Server Pool
predictor leastconns
probe HTML-Site-Up_200
probe ICMP-Ping
probe RAW-TCP-81
rserver psc-us-EQUIPprd1
    probe ICMP-Ping
    probe HTML-Site-Up_200
    probe RAW-TCP-81
    inservice
rserver psc-us-EQUIPprd2
    probe ICMP-Ping
    probe HTML-Site-Up_200
    probe RAW-TCP-81
    inservice
serverfarm host EQUIPPROD-CUSTOMER-81
description EQUIP Customer Site Server Pool, port 81
predictor leastconns
probe RAW-TCP-81
rserver psc-us-EQUIPprd1 81
    probe RAW-TCP-81
    inservice
rserver psc-us-EQUIPprd2 81
    probe RAW-TCP-81
    inservice
sticky ip-netmask 255.255.255.255 address source Sticky_EQUIPPROD
timeout 180
replicate sticky
serverfarm EQUIPPROD
class-map type http loadbalance match-all EQUIP_81_Redirect
2 match http header Host header-value ".*equiponline.com"
class-map type http loadbalance match-all EQUIP_81_Redirect_Full
2 match http header Host header-value ".*www.equiponline.com"
class-map match-all VIP-EQUIPPROD
2 match virtual-address 10.1.1.97 any
policy-map type loadbalance first-match VIP-EQUIPPROD-l7slb
class EQUIP_81_Redirect
    serverfarm EQUIPPROD-CUSTOMER-81
class EQUIP_81_Redirect_Full
    serverfarm EQUIPPROD-CUSTOMER-81
class class-default
    sticky-serverfarm Sticky_EQUIPPROD
policy-map multi-match global
class VIP-EQUIPPROD
    loadbalance vip inservice
    loadbalance policy VIP-EQUIPPROD-l7slb
    loadbalance vip icmp-reply
    nat dynamic 13 vlan 1000
interface vlan 1000
nat-pool 13 10.1.1.97 10.1.1.97 netmask 255.255.255.0 pat

Output from that class from the show service-policy command. And no, it doesn't appear to be pingable from the ACE.
    class: VIP-EQUIPPROD
      nat:
        nat dynamic 13 vlan 1000
        curr conns       : 361       , hit count        : 116690
        dropped conns    : 5
        client pkt count : 4815293   , client byte count: 739114009
        server pkt count : 7281612   , server byte count: 8753101386
        conn-rate-limit      : 0         , drop-count : 0
        bandwidth-rate-limit : 0         , drop-count : 0
     VIP Address:    Protocol: Port:
     10.1.1.97    any
      loadbalance:
        L7 loadbalance policy: VIP-EQUIPPROD-l7slb
        Regex dnld status    : SUCCESSFUL
        VIP ICMP Reply       : ENABLED
        VIP State: INSERVICE
        VIP DWS state: DWS_DISABLED
        Persistence Rebalance: ENABLED
        curr conns       : 392       , hit count        : 134300
        dropped conns    : 431
        client pkt count : 4869950   , client byte count: 741545220
        server pkt count : 7281612   , server byte count: 8753101386
        conn-rate-limit      : 0         , drop-count : 0
        bandwidth-rate-limit : 0         , drop-count : 0
        L7 Loadbalance policy : VIP-EQUIPPROD-l7slb
          class/match : EQUIP_81_Redirect
            LB action :
               primary serverfarm: EQUIPPROD-CUSTOMER-81
                    state: UP
                backup serverfarm : -
            hit count        : 12602
            dropped conns    : 0
            compression      : off
          class/match : EQUIP_81_Redirect_Full
            LB action :
               primary serverfarm: EQUIPPROD-CUSTOMER-81
                    state: UP
                backup serverfarm : -
            hit count        : 0
            dropped conns    : 0
            compression      : off
          class/match : class-default
            LB action: :
               sticky group: Sticky_EQUIPPROD
                  primary serverfarm: EQUIPPROD
                    state:UP
                  backup serverfarm : -
            hit count        : 107831
            dropped conns    : 5
            compression      : off
      compression:
        bytes_in : 0                          bytes_out : 0
        Compression ratio : 0.00%
                Gzip: 0               Deflate: 0
      compression errors:
        User-Agent : 0               Accept-Encoding    : 0
        Content size: 0               Content type       : 0
        Not HTTP 1.1: 0               HTTP response error: 0
        Others      : 0
pscaceinside01/Prod# ping 10.1.1.97
Pinging 10.51.221.97 with timeout = 2, count = 5, size = 100 ....
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss
For what it's worth, none of my VIP's are pingable from the ACE. I think that has to do with me being in one-arm configuration, and using the NAT addresses per VIP. But all other VIPs are pingable from other sources on the subnet. With the exception of this VIP.

First ping probe timeout

Similar Messages

Maybe you are looking for