ACE 4710 send Connection:Close when should be Keep-Alive

Similar Messages

• Can ACE 4710 send ICMP-dest-unreachable?

  Dear Community!
  We have previously configured an ACE context for implementing redundant corporate DNS service and now testing a transparent ACE context and HA configuration.One virtual-IP is configured for UDP/53, listening for DNS requests. Behind the VIP, there are 3 DNS server. The next step of our testing process, we have shut down all real-server instance behind the virtual-IP while inspecting DNS clients behaviour. Besides the DNS clients requesting the virtual-IP DNS service need ICMP-destination-unreachable packet to switchover the secondary DNS server.
  Can ACE 4710 send ICMP-dest-unreachable?
  Thanks in advance!
  Regards,
  Belabacsi
  from Hungary

  Unfortunately the 4710 does not send icmp unreachable when a vserver is down.
  If you have backup dns service, you can configure it on ace itself.
  Gilles.

• Shouldn't ACE 4710 ignore cookie stickiness when the server is down?

  Hello,
  I have implemented sticky load balancing with cookies. The problem is that if one of my two servers in the server farm is down (and even if the ace recognizes it as down via a probe) it keeps sending the requests to the server that is down, obviously because it has set a cookie for this server,
  Shouldn't the ACE ignore the cookie when the server is down?
  Is there a command to ignore cookie stickiness if the server is down? Is there another workaround?
  an example of my config is
  serverfarm host SF_Ebanking
    rserver RS_IAS_1 XXXX
      conn-limit max 4000000 min 4000000
      probe http_probe_ebanking
      inservice
    rserver RS_IAS_2 XXXX
      conn-limit max 4000000 min 4000000
      probe http_probe_ebanking
      inservice
  sticky http-cookie ACE_COOKIE ebanking_sticky
    cookie insert
    replicate sticky
    serverfarm SF_Ebanking
    16 static cookie-value "server01" rserver RS_IAS_1
    24 static cookie-value "server02" rserver RS_IAS_2
  thanks,
  george

  This is not as obvious as you seem to believe.
  ACE will not select a server that is down !!!! Even if the cookie points to that server.
  What might be happening is that the connection from the browser to the ACE has not been killed, so when client sends a new request it reuses the existing connection and ACE does allow an existing connection to be maintain with a dead server by default.
  Try the command 'failaction purge' under the serverfarm.
  This should kill the active connections with the dead server and allow a new connection to be open with the other server even if the cookie points to the dead one.
  Regards,
  Gilles.

• ACE 4710 SSL connection rate

  What exactly happens when the SSL connection rate is exceeded. Is the connection dropped, queued or what ?
  Defined as the SSL TPS. In our case 1000 but upgradeable to 5000

  Hi,
  The connection will be denied once the SSL connection rate is exceeded.
  That can be identified by using the command :
  show resource usage all
  You will see something like this :
          Resource         Current       Peak        Min        Max       Denied
  ssl-connections rate        995       1000          0       1000     28975
  You will notice that the deny counter will start increasing once the rate is exceeded.
  hope that helps.
  regards,
  Ajay Kumar

• TS3276 email won't send or close when cannot send message error shows and won't change outgoing server as requested.

  email freezes when "cannot send using ------ server" comes up even when I change server settings.

  How are you trying to change the server?

• When should I keep my iPad OFF and when should I keep it on STANDBY?

  I just got an iPad for my birthday! The problem is IDK if battery is saved by Turning my iPad OFF or just letting it on STANDBY...

  I only shut my iPad off if needed for troubleshooting purposes ...an app crashes (very rarely occurs) or some other such thing. Therefore, I almost never shut it off. I let it go to sleep. I also charge my iPad battery every night because I use my iPad all day long - every day at work, so it neds to be charged every night.
  No need whatsoever to turn the iPad off. Set to go to sleep after a reasonable amount of time, pick it and use it when you need it, recharge the battery any time that it needs to be charged.
  You cannot overcharge the battery if you plug it in and leave it charging all night long. Read this for more information about the battery.
  http://www.apple.com/batteries/ipad.html

• ACE 4710 MAC Address

  All physical interfaces on ACE 4710 share the same MAC address. Also, VIP addresses share the same MAC address. ACE 4710 is connected to a switch. How is the switch supposed to know which interface to send the packet to if it is doing layer2 switching.
  Thank you in advance for the explanation.

  You can't put 2 interfaces in the same vlan
  switch/Admin(config-if)# switchport access vlan 20
  vlan 20 is associated with GigabitEthernet 1/3.
  switch/Admin(config-if)#
  So, the L2 switch will have an entry for the mac-address in each vlan and this entry can point to different interfaces.
  Gilles.

• ACE 4710 Can not confirm http cookie sticky connections

  We are using a ACE 4710 with A3(2.6) software release.
  I had to change our sticky load balancing method for HTTPS to cookie based.
  However while connections appear to work if I look at the sho sticky database table I can not see or confirm sticky entries for the cookie based connections.
  Here or config snippets to show the config
  sticky http-cookie ghh-www scook-ghh
    cookie insert browser-expire
    serverfarm ghh-www-443
  class-map match-all ghh-www-443_CLASS
    2 match virtual-address 172.16.1.21 tcp eq https
  class-map type http loadbalance match-any ghh-www-443_CLASSURL
    2 match http url [.]*
  policy-map type loadbalance first-match ghh-sticky-443_POLICY
    class class-default
      sticky-serverfarm scook-ghh
  policy-map multi-match POLICY
  class ghh-www-443_CLASS
        loadbalance vip inservice
        loadbalance policy ghh-sticky-443_POLICY
        loadbalance vip icmp-reply active
        appl-parameter http advanced-options CASE_PARAM

  Another point: please check whether your servers are listening only for HTTPS traffic or also for HTTP traffic:
  in the first case the ACE will have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and then re-encrypt it and send it to the server
  in the second case the ACE would have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and send it out as it is unencrypted to the server
  the second solution would have the benefit of being easier to configure and to require less resoucerces both on the ACE (only decryption to be performed) and on the servers (no need for SSL operations at all there) but it might be that your company or business sector have requirements for which this traffic should never flow unencrypted, in which case you would have to go for the first solution.
  Here you have a config example for the first solution:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  I would not expect you to have to pay extra for importing the cert and kepair into the ace, it would be just a copy, however as Alex said that may still depend on the license agreement with the CA.
  Cheers,
  Francesco

• ACE 4710 - show stats connection questions

  Hi,
  I have three questions regarding the "show stats connection" command in the ACE 4710:
  1. What is the criteria for a connection to be added to the "Total Connections Failed" counter?
  2. What is the criteria for a connection to be added to the "Total Connections Timed-out" counter?
  3. Is there a command to get more information why the connection was failed or timed-out (e.g. to/from which IP, url accessed etc.)?
  Thanks in advance for your help!
  Best regards,
  Harry

  Harry,
  a connection failed if the server did not respond or resonded with a RST.
  As long as the connection gets establised, it is counted as a success.
  The connection timeout counter is incremented when the connection is idle for the configured timeout value or for L7 connections if it does not complete the 3-way handshale within the embryonic timeout interval.
  Since this is clear why those counters are incrementing, the only way to get more information is to capture a sniffer trace to verify if the conditions above are met.
  Gilles.

• ACE 4710 Connectivity help?

  I'm using an ACE 4710 in a new datacenter, with the following setup:
  2/4 physical ethernet interfaces port channeled into port-channel 1
  2/4 physical ethernet interfaces port channeled into port-channel 2
  I have the following vlans defined:
  1001 - admin     - interface ip: 10.53.136.70
  400 - client side - interface ip: 10.53.136.100
  500 - server side - interface ip: 192.168.128.1
  999 - fault tolerance - interface ip: 192.168.11.2
  My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server.  For example, if I ssh to 10.53.136.102, it times out.  (10.53.136.102 should get nat'd to 192.168.128.2)
  Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
  I'm thinking there is either something wrong with the port-channels, or the access lists.  On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
  Any thoughts?
  Thanks,
  Brent

  I've attached the two contexts which we are using.  The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
  From the load balancer, I am able to ping the real server ips in the 192.168. ip range.  The 4710 recognizes that they are in service.
  I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
  Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going.  Once I accomplish that, I will work on high availability.  I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
  Thanks,
  Brent

• HT5654 after update to the latest version on my ipad, it no longer connects to the internet nor can i send emails.  when plugged in to sync with itunes, it remains 'stuck' at syncing  step 2 of 7 backing up.  has anyone had similar problems? any solutions

  after update to the latest version on my ipad, it no longer connects to the internet nor can i send emails.  when plugged in to sync with itunes, it remains 'stuck' at syncing  step 2 of 7 backing up.  has anyone had similar problems? any solutions?

  I had this problem.  I held down the power switch to power down completely.  Takes a few seconds.  Then use the power switch to turn on.  Might take a couple goes.
  Kirk

• Sql developer closes when testing connection

  I have windows 7 64 bit, but, also have ms office 32 bit, so, do need the 32 bit drivers.
  If my path starts with the location of the 32 bit drivers and I test my oracle connection in sql developer with the oci thick driver checked, I get the error stating can't use the 32 bit drivers with a 64 bit machine (Status : Failure -Test failed: C:\app\32BitDrivers\product\11.2.0\client_3\ocijdbc11.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform).
  If the thick driver is unchecked, I get:
  Status : Failure -Test failed: ORA-01017: invalid username/password; logon denied
  I believe this is due to this database being set up to use something like a name validation server(?), because I can connect to another database that does not have that special authentication.
  If I have the path set to the 64 bit driver, sql developer will close when I try to test the connection with either the oci thick driver checked or un-checked (and testing either of the 2 databases).
  any ideas?
  sql developer Version 3.2.20.09
  jdk1.6.0_45 (came in the d/l with sql developer)
  oracle 11gR2
  sqlplus does connect to both databases
  Happen to have toad and was finally able to get it to connect to both databases.
  oh, btw, is the 32 bit driver sqora32.dll?
  what would the 64 bit driver be named?
  thanks,
  Alan
  Edited by: user1219396 on May 10, 2013 9:36 AM

  So, checking what java is running:
  C:\>java -version
  java version "1.7.0_21"
  Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
  Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
  However, I have C:\oracle\sqldeveloper\sqldeveloper\bin\sqldeveloper.conf showing
  SetJavaHome C:\oracle\sqldeveloper\jdk1.6.0_45
  Also, I thought that the loading 32 bit on 64 bit system message meant that sql developer was 64 bit. Does it matter is sql dev is 64 or 32 bit and how do I tell which it is?
  Also, there is a log file that shows up in the sql dev bin folder that matches the time when the program closes, like hs_err_pid12380.log. It's showing:
  # A fatal error has been detected by the Java Runtime Environment:
  # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000000006d9fd904, pid=13208, tid=8988
  # JRE version: 6.0_45-b06
  # Java VM: Java HotSpot(TM) 64-Bit Server VM (20.45-b01 mixed mode windows-amd64 compressed oops)
  # Problematic frame:
  # V [jvm.dll+0x11d904]
  So, appears that it is using the version specified in the .conf file. However, not seeing useful info in the log file, probably cause there's so much there.
  thanks
  When I try to get it to use the 64 bit driver, sql developer just closes. So, not sure if I'm actually pointing to the right location or what.

• [1.2.0.29.98] reports close when disconnecting their connection

  Hi,
  is there any reason to close open reports when i disconnect their connection?
  anita
  (win xp pro, java 1.5.11, ora 9.2)

  Anita,
  These reports are tied to the connection. They are effectively a live data set which will not exist when the connection is closed.
  This is something we could change by adding a preference to keep reports up, but inactive when the connection closes.
  Barry

• Download connections doesn't close after I cancel the download, it keep like I am download and only close when I disable the network adapter or reset the router or the firewall

  download connections doesn't close after I cancel the download, it keep like I am downloading and only close when I disable the network adapter or reset the router or the firewall.
  I use pfsense as my firewall and see the traffic not reseting to zero when I cancel download.
  Also, IE doesn't have this problem. When I cancel the download the traffic drops to zero.

  And this problem seems to be systemwide. Since I created a new user and under which problem still exists.
  Hope apple will look into it

• MenuBar should not close when menuitem is selected

  MenuBar should not close when menuitem is selected so that user can check multiple menu items

  PopUp a List instead.
  Alex Harui
  Flex SDK Developer
  Adobe Systems Inc.
  Blog: http://blogs.adobe.com/aharui