ACE duplicate ack and tcp out-of-order errors

Hi,
I have just performed a capture using a NAM in my 6500 on the port attached to my ACE appliance.
What i have noticed in the capture is a lot of duplicate ack errors and tcp out-of-sync errors.
The reason we found this was becuase the link utilisation per session seems higher than we expected, hence are the errors adding to this and is there any way to remedy them?
Thanks
Scott

Hi Scott,
I'm not sure why you would see duplicate packets, although when you use SPAN, I know you can see them when you configure it to capture both directions on a VLAN.  This is because you see each packet as it enters and leaves the VLAN.  I don't know if that would apply to a NAM.
One thing you could do is use the ACE 4710's built-in capture utility to see if you see the same symptoms from an alternative source.  This is covered in the Capturing Packet Information section of the configuration guides.
Hope this helps,
Sean

Similar Messages

  • ACE Dup ACK and TCP Out-of-order

    Hi,
    I have a pair of FT ACE 4710 offloading https traffic to a couple of webservers. We are seeing very high network utilisation when I capture the client facing port of the active ACE. There appears to alot of duplicate ACKs and TCP out-of-order packets (as shown by wireshark). Does anyone know if this is a problem with the ACE or "normal"
    Thanks

    I've seen some similar behaviour with the ACE Module and Apache webservers. To mitigate this I've configured the following which seems to work.
    On the ACE Module
    parameter-map type http ALL-HEADERS
      persistence-rebalance
    parameter-map type connection TCP-OPTIONS
      set tcp syn-retry 5
      tcp-options timestamp allow
    policy-map multi-match test-policy
      class http-vip
        loadbalance vip inservice
        loadbalance policy http-test-pm
        loadbalance vip icmp-reply active
        appl-parameter http advanced-options ALL-HEADERS
        connection advanced-options TCP-OPTIONS
    On Apache here are the two test results with keepalive on and off
    httpd.conf
    KeepAlive Off
    MaxKeepAliveRequests 1024
    KeepAliveTimeout 30
    MK-ACE01/001# show serverfarm MK-FARM-sf
    serverfarm     : MK-FARM-sf, type: HOST
    total rservers : 8
                                                    ----------connections-----------
           real                  weight state        current    total      failures
       ---+---------------------+------+------------+----------+----------+---------
       rserver: MK-HOST10
           10.10.1.10:0          8      OPERATIONAL  321        510863     16442
       rserver: MK-HOST11
           10.10.1.11:0          8      OPERATIONAL  304        512718     16276
       rserver: MK-HOST12
           10.10.1.12:0          8      OPERATIONAL  286        524207     17257
       rserver: MK-HOST13
           10.10.1.13:0          8      OPERATIONAL  291        516987     16626
       rserver: MK-HOST14
           10.10.1.14:0          8      OPERATIONAL  291        513016     16594
       rserver: MK-HOST15
           10.10.1.15:0          8      OPERATIONAL  311        510177     16434
       rserver: MK-HOST16
           10.10.1.16:0          8      OPERATIONAL  345        516340     16708
       rserver: MK-HOST17
           10.10.1.17:0          8      OPERATIONAL  282        513046     16418
    httpd.conf
    KeepAlive On
    MaxKeepAliveRequests 1024
    KeepAliveTimeout 30
    MK-ACE01/001# show serverfarm MK-FARM-sf
    serverfarm     : MK-FARM-sf, type: HOST
    total rservers : 8
                                                    ----------connections-----------
           real                  weight state        current    total      failures
       ---+---------------------+------+------------+----------+----------+---------
       rserver: MK-HOST10
           10.10.1.10:0          8      OPERATIONAL  0          553        0
       rserver: MK-HOST11
           10.10.1.11:0          8      OPERATIONAL  0          551        0
       rserver: MK-HOST12
           10.10.1.12:0          8      OPERATIONAL  0          552        0
       rserver: MK-HOST13
           10.10.1.13:0          8      OPERATIONAL  0          555        0
       rserver: MK-HOST14
           10.10.1.14:0          8      OPERATIONAL  0          554        0
       rserver: MK-HOST15
           10.10.1.15:0          8      OPERATIONAL  0          551        0
       rserver: MK-HOST16
           10.10.1.16:0          8      OPERATIONAL  0          550        0
       rserver: MK-HOST17
           10.10.1.17:0          8      OPERATIONAL  0          550        0
    This seems to of reduced the large number or re-transmits and dup-acks.

  • TCP out-of-order at IPS

    Dear All,
    We have a setup the IPS 4510 working inline mode with strict inspection turn on. we have detected some latency issue accessing the internal website. So we did some capture at the IPS interface. We found that there's a lot of out-of-order packet and DUP ACK detected by IPS which causing the normalizer engine buffer full and could not handle anymore request. As a work around we put the IPS in asymmetric mode where it turn off the IPS normalizer engine. 
    I need some opinion on possibilities why the Out of order and DUP ACK happen. 
    We are seeing quite a lot of Out-of-order, DUP ACK and TCP zero window in TCP stream that we captured. 
    The topology is quite straight forward:
    Internet ----WAN ROUTER ----- IPS4510 ----- ASA ----- Web server
    There's no redundancy or load balance for the ASA or WANROUTER. 
    Im hoping for some opinion and idea on how to tackle this issue.
    Thank you very much

    Hi
    bumping out an old thread since the issue still on going.
    I already discussed with TAC regarding the issue and 2 option that she gave
    + asymmetric mode (Which we rejected as permanent solution)
    + Event action filter
    I'm currently looking at this solution and plan to implement it in the IPS.
    I need to consider a few things and also suggestion
    + The signature engine involve is Normalizer engine (specifically sig 1330)
    + is it possible to customize this signature or should we just go for Event action filter?
    need opinion and pro and cons of this.
    Thanks a bunch

  • I've just imported photos that are misdated and appear out of order in my events. How can I correct the dates on these events so they appear properly?

    I've just imported photos that are misdated and appear out of order in my events. How can I correct the dates on these events so they appear properly?

    The one iin the Photos ➙ Adjust Date and Time menu option:
    checkbox below:

  • Arguments out of order error

    Hi all,
    With Sun Studio 10 we get "arguments out of order error" which we don't get with any other comiler or Sun Studio 11. The error is as below:
    "/build/builds/bczar/Studio/ACE_wrappers/TAO/tao/BD_String_Argument_T.inl", line
    14: Error: Arguments out of order for TAO::In_BD_String_Argument_T<S_var, BOUND
    , Insert_Policy<struct>>;
    The template definition is:
    template<typename S_var,
    size_t BOUND,
    template <typename> class Insert_Policy>
    class In_BD_String_SArgument_T : public InArgument
    public:
    In_BD_String_SArgument_T (void);
    virtual CORBA::Boolean demarshal (TAO_InputCDR &);
    #if TAO_HAS_INTERCEPTORS == 1
    virtual void interceptor_value (CORBA::Any *any) const;
    #endif /* TAO_HAS_INTERCEPTORS == 1 */
    const typename S_var::s_traits::char_type * arg (void) const;
    private:
    S_var x_;
    The template method itself is:
    template<typename S_var,
    size_t BOUND,
    template <typename> class Insert_Policy>
    ACE_INLINE
    TAO::In_BD_String_SArgument_T<S_var,BOUND,Insert_Policy>::
    In_BD_String_SArgument_T (void)
    Any one ideas? We can deliver a preprocessor output of the code if needed.

    Is there a way that I can send you or another sun engineer the preprocessor output, that really should be enough to tacke this. It is 976 Kb of size. The code that the error is given about is:
    template < typename S_var ,
    size_t BOUND ,
    template < typename > class Insert_Policy >
    class In_BD_String_Argument_T : public InArgument
    public :
    In_BD_String_Argument_T ( const typename S_var :: s_traits :: char_type * x ) ;
    virtual CORBA :: Boolean marshal ( TAO_OutputCDR & cdr ) ;
    virtual void interceptor_value ( CORBA :: Any * any ) const ;
    typename S_var :: s_traits :: char_type const * arg ( void ) const ;
    private :
    typename S_var :: s_traits :: char_type const * x_ ;
    template < typename S_var ,
    size_t BOUND ,
    template < typename > class Insert_Policy >
    TAO :: In_BD_String_Argument_T < S_var , BOUND , Insert_Policy > :: In_BD_String_Argument_T (
    const typename S_var :: s_traits :: char_type * x
    : x_ ( x )
    { }

  • Opening and closing stock with sales order and with out sales order

    hello,
    any body please help me my client want to check opening stock and and closing stock in areport.
    material contains batch and some material with sales order and some are with out sales order. my client is asking this in a single layout. please tell me isthere any teport or bapi or function module to get this report.
    this is very uregent. and layout is requesting like opening stock, production stock, sales stock and closing stock.
    please guide me to get this report.
    Thanks & Regads
    Bhakta

    Transaction MB5B
    For sales order related use specila stock as E and use radio button indicator in stock type
    For stock w/o sales order, use special stock indiactor as "space' and stock type valuated stock.
    to get a perticular month,opening stock/closing stock enter the start date/end date as month start and end date.
    See the o/p which will give the stock as required by you

  • Keyboard and mouse out of order for some minutes.

    Hi folks,
    On System-Start of a brand new Mac Pro, neither Bluetooth-Mouse nor USB-Keyboard (both Apple) are working correctly. While Keyboard is completely out of order, Mouse moves but click is impossible. But after 10 minutes or so they both do start to work! Does anybody have an idea to resolve the problem?
    Thanks a lot!
    Markus

    Contact Apple's Express Lane. Do note that if you have AppleCare's protection plan and you're within 50 miles (80 KM) of an Apple repair station, you're eligible for onsite repair since yours is a desktop machine. Might also apply for newly bought desktop machines.

  • TCP out of order packets

    Hi,
    We are getting TCP out of error packets while sending requests to outside. Though we can access the internet and also connectivity is fine. But some of the application is not working due to this error, specially TCP based application as on the remote side they are not accepting two requests from our network. That means two requests are going from our network with each of the request sent to outside network.
    We have 4-5 vlans and intervlan routing is configured. Could somebody pls. let me know the reason of this and how can I solve this problem?
    Thanks,
    Pawan

    Good mornning.
    We have many application similar to the case you have explained.
    Our links use satelite connection and the delayare between: 600 msec to 1000 msec.
    Delays over 1000 msec generates delay and connectivitiy problems with tcp applications.
    What is the delay between your endpoints ?
    Do you have access to internet router ? so can you tell us if there are packets drops in the interfaces ?
    Waiting your answer.

  • No arkwork and songs out of order

    ok i think im not the only but i want this say to me in lameman terms lol, ok so i have everything checked with the artwork on my ipod and it wont let me load any artwork on my ipod, it shows up in my librey and my music part of itunes but when i disconnect my ipod and play it no artwork shows up.
    now sense i updated everything on my ipod alot of my songs are out of order, there fine on itunes and in the librey but not on my ipod can someone help me out?
    or are we going to have to wait till itunes 8?

    There is a quicker way to restore your mixed up
    artwork....
    Connect ipod to computer,when ipod screen displays
    click on
    music tab (top center),untick 'Display album artwork
    on your ipod' at the bottem of the list and press
    'Apply' let it complete,then disconnect ipod.
    Now repeat the above,only this time tick the box that
    says
    'Display album artwork on your ipod' and 'Apply'.This
    works for my 30gig 5G with itunes 7 every time.
    That only works if all your Ipod music is still in your Itunes library. When you deselect to view your album artwork on your Ipod and click APPLY, then all your album art gets deleted from your Ipod. When you re-apply to allow album art to be displayed on your Ipod it will only grab what is currently in your Itunes library.
    Assuming you don't get that Error 50 message.
    I had to reimport all the music and videos from my Ipod into Itunes then sync my Ipod to my Itunes library. Now I have all the album artwork without issue. But I have a 60GB hard drive and a 60GB Ipod. So doing that in the future won't work unless I buy an extra hard drive.

  • Expected PO Receipts and scheduled out sales orders

    Hi Guys:
    in MRP Net requirements Calculation,
    for Example  If want Consider Schedule out Sales orders( requested Delivery Date 02/02/2012) which is determined by planning horizon( 6 months 06/30/2012) , Since this sales order is within Planning Horizon it will consider for MRP Planning.
    Is it the Same case with PO i.e Based upon the planning horizon PO will be included/excluded in planning?
    Also if for example my PO is due from the Vendor one PO is due in 03/02/2012 and other PO is 09/15/2012?
    Thanks
    Kodali

    Hi Venkat:
    Expected PO receipts that fall within the planning horizon will be excluded or Included in the calculation?
    I think it should be included otherwise you might be placing additional PO's to the vendor?
    Thanks
    Kodali

  • Just upgraded and photos out of order

    WOW, I just upgraded to 11 and all photos are out of order
    in previous versions if I wanted to look at my library (Photos) they would be in order of when they were put into iPhoto, from the 1st to most recent.
    with the upgrade they are all random. Is there any way to get them back in order? as in, the order they were installed into iPhoto?
    thanks

    Earlier this month I tried to ask the same question but not as well. In any case I don't understand your suggestion. When I go to View-> Sort Photos the only options are sort by date, keyword, title or rating and in either ascending or descending order (manual and reset manual sort are grayed out). How does this make the latest added image appear as the last added to the Photo Library. If there is eXIF data, the photo gets imported and placed by photo-taken date in the Photo Library. How do I make iPhoto disregard the eXIF information? I understand I can go to Last Import and then manually change the date the photo was taken, but this is very cumbersome when importing a quantity of photos.

  • Keys out of order error message?

    My PowerBook had a very bad crash after awaking from sleep. DiskWarrior will not work but I was able to use Apple disk utilities disk. The error message reads "keys out of order." After many attempts, I was able to use it as hard drive to back up all my files. I have been using a Mac a very long time and subscribe to numerous magazines but I have never heard of this. Any help will be greatly appreciated. I should probably add that it still will not start.
    G4/15 inch   Mac OS X (10.4.3)   2 gigs of ram
    Quick Silver G4/933    
    Quick Silver G4/933    

    Happy New Year Tuttle and ROdan,
    This is an interesting problem, unless of course it is happening to oneself!
    FWIW, there has apparently been success with a G5 booting in OS 9 without extensions. See:
    This got me thinking. If the machine is already on, and the OS tries to mount the disk, but the disk driver is damaged, well, bad things happen. Also when he writes, “When the drive spins up, the system loads the drivers from the device, and then executes it.” Really got me thinking. So obviously I cannot have the OS load the driver. But how do you make the Mac NOT load the driver? And more, even if you could, would the Mac even “see” the drive and mount it?
    In OS 7, 8, and 9, a common work around to get your Mac to boot when it was having problems was to hold down the Shift key to turn off extensions. Most problems in OS 9 and earlier were caused by extensions, so it was a very handy tool to use when troubleshooting problems on your Mac. But there is no equivalent in OS X that I am aware of. So what to do?
    Step Five: OS 9 with no extensions.
    I remembered from my IT days that if I booted Mac OS 9 without extensions on, any attached FireWire drive would also appear on the desktop. So I shut down the G4 running OS 9.1, fired up the G5 in Target mode, waited for it to get up and running, and restarted the G4 9.1 machine with extensions off.
    Victory! There was the bad drive, as well as the good one, in the G5 mounted on the G4’s desktop!
    Step Six: Copy! Copy! Copy!
    Before I did anything else, I quickly copied all the files I was missing since my last backup. Unfortunately, that also meant copying around 40GB of music files. So late Saturday night, I started the copying, and by Sunday morning, all my files were now safely on the good G5 250GB hard drive.
    Step Seven: Repair Time!
    The first thing I did was run the OS 9 version of Disk Tools on the bad drive. As expected, it could not fix the problem. But I had, prior to connecting the G5 the first time around, installed the OS 9 version of Alsoft’s Disk Warrior on the G4.
    I ran Disk Warrior on the bad drive. It took a LONG time. What Disk Warrior does is builds a new directory on a drive, which I was hoping would cure my problems. After three hours, Disk Warrior was done. It found a BUNCH of problems. To be on the safe side, I ran it again. This time it took only a little more than an hour, and did not find any more trouble.
    Shutting everything down, I rebooted the G5. I held down the Option key so that I could tell the G5 which drive to start from. It only saw the new drive as a viable boot disk. Oh-oh...
    I held down Command-S to bring up UNIX after the next boot, and ran FSCK-F on the bad drive. It worked, fixing a few thousand items. Yikes! What did Disk Warrior do? I ran it again, and it repaired some more. Three times, and it was done.
    Restart.
    Welcome to Macintosh!
    And all was well in the world.
    A few things to take away from this:
    Not all problems are as bad as they seem. There are usually always solutions to your computer problem. Some involved thinking way outside the box. How many people would have figured that Mac OS 9.1 with extensions off would be the solution to this Keys out of Order problem? Certainly not I.
    In most cases, Disk Warrior would have fixed this problem without all the run around I had to do. If you don’t already own it, you may want to go pick up a copy. It’s well worth the small investment.
    FSCK is not always going to repair or fix your problems. So be sure to back-up your data often.
    Having two hard drives is WAY better than having only one. If you have an iMac or Portable in which you cannot cram in another drive, look at external Firewire hard drives.
    It is also helpful to have another Mac laying around for the Target Mode trick. Can’t afford one? I see them on eBay all the time, REALLY cheap!
    Hope this article helps someone else out there if you ever run into a similar problem
    The full link is:
    http://www.mymac.com/showarticle.php?id=1817
    Joe

  • Bridge CS5 using lots of memory and give out-of-memory errors

    Hi,
    I'm using Bridge CS5 with the latest updates on Vista 32bit 4GB RAM on quad core machine.
    Bridge memory seems to keep raising during the usage, browsing a new folder seems to raise it a bit and previewing files raise it alot, mainly when I preview a large 18MP files.  (Bridge seems to not freeing the memory and re-use it...  leaking(?) )
    Very quickly the Bridge RAM usage is reaching about 1GB and at this point Bridge gives warnings that it can't generate 100% previews.
    When I restart Bridge, it works fine for a while until the memory start raising again.
    (It takes about 5-6 100% previews of 18MP files to reach that RAM usage - so the problem occurs rather quickly)
    I've tried limiting the cache in the preferences and disable caching of 100% previews -- didn't help.
    Any ideas?
    Thanks.

    I've tried
    a larger page file - no change.
    (I doubt it will help as 32bit OS can't accessthat much memory anyways)
    I'm not sure why you think it's a HD/page file problem?  like I said, I don't have a speed problem of an issue with files not being cached.
    My problem is that Bridge memory usage keep growing without any reason I can see - and at some point Bridge stops functioning correctly cause of it.
    I deleted all my cache, and browsed a folder with under 1000 files, and after previewing about 5-6 files in 100% - bridge memory usage was close to 1GB.
    currently my cache is set to 10000 files and not caching 100% previews.
    Where did you find other peoping reporting on such a problem?  I mostly find people reporting out-of-storag errors and crashes -- I have neither of those.
    Thanks!

  • How to make a CD Jacket and print out Song order directly from playlist

    I was wondering if there was a way to make a CD Jacket with artwork from songs selected and also how to make a same size sheet to fit in the CD holder that has the exact song order and titles by printing out directly from your playlist.
    I am not sure I worded that right but hopefully you will know what I mean.
    Any help would be greatly appreciated.
    Thanks

    There is a pretty basic CD insert that you can print from iTunes, if I remember correctly it will print whatever artwork is attached to the first song in the playlist.
    Open iTunes, highlight the playlist in question, go to File>Print and choose the CD Jewel Caser Insert radio button. Theres also a little Theme menu.
    However you can get much more flexibility from a dedicated CD Cover program. I use Cover Star, it's inexpensive and makes good quality CD booklets, back covers and disc overlays. It will generated artwork for you or you can drag your own picture files to it. You can download a trial version from this link: http://autostylus.com/coverstar.html. It's fully functional apart from printing so you can play around with it and save the inserts until you decide if it's for you. Purchasing a license then releases the final function and anything you saved previously can be printed off.

  • Help with TCP out-of-order packets Wireshark capture

    Hello everyone,  we have a bit of an odd issue. Can you take a look at the attached capture file and tell me what's broken? Please change the file extension from .txt to .pcapng and open with Wireshark. 
    We have a major issue where clients cannot retrieve data from the server at 10.10.7.27.
    Server is behind the firewall at 172.18.123.4 which is configured to NAT the traffic coming through.
    Please advise.

    It's actually from anywhere.  The DNS resolves the website address to a global address.  So regardless of the source (inside or out), you hit the firewall and get routed to 10.10.7.0 network.  The firewall's LAN interface shares the same VLAN as the DMVPN head-end router's LAN interface.  From the DMVPN head-end router, it goes over the DMVPN cloud (i.e. back over the internet) to our office in Florida where this site is being hosted. 
    The capture I grabbed was by SPAN port between the two LAN interfaces showing transactions between the firewall's LAN interface and the server's IP address on the 10.10.7.0 subnet.
    Site uses HTTPS and we have other servers in the same subnet (10.10.7.0) that are accessible in the same manner.  I did SPAN the ports for another webserver and did see a lot of TCP OOO and re-transmissions however not as bad as this one. 
    I do have a theory, please feel free to correct me.  Request comes in on the WAN interface, gets NATed by the firewall and sent to the DMVPN router, router encrypts the packet and places it on the wire, once the remote DMVPN peer receives the packet, it decrypts it and then sends it out it's DMZ interface connected to another application firewall. This firewall checks the packet and then sends it to the web server hosting the content.  The process is reversed for reply traffic. On top of all this, the content is served over HTTPS therefore more encryption/decryption. This seems like too much handling of the packet to me?  When the source computer sends a request, it simply times out or spends too much time within our own network causing the source to resend the request?

Maybe you are looking for

  • 10.5.8 update is faulty - it jammed up my new imac

    Everything was fine before the 10.5.8 update. My macbook and mac air are running great on 10.5.7 - I tried everything, disk utility, zapping pram and nvram and the machine is still slow on all fronts. It takes roughly 20 minutes to reboot, hanging fo

  • Imac slot in dvd drive

    i buy my imac in August 2011 an i love them. its amazing, stunning, unbelieveable, great....fantastique. it s my second imac. but now my slot in dvd doesnt work . sometimed it reads my cd and import in itunes goes on. but more than 80% it does not re

  • Thumbnails 16:9, playback cropped

    When I look at the thumbnails of my films in i-movie they show the full 16:9 image. However when I playback the film I can see that the image has been cropped a little top and bottom. Could anyone shed some light on this?

  • Name of the computer

    Hi, Is it possible to know the name of the computer of the user how is executing a SQL statement, with a SQL or a PL/SQL function ? Thank you for your help. Patrick

  • YYYY/MM/DDT00:00:00

    I have input parameter with format : YYYY/MM/DDT00:00:00 I would like to convert this into format: DD-MM-YYYY I'm using: <?xdofx:to_char(to_date(substr($P_START_DATE,1,10),'YYYY/MM/DD'),'DD-MM-YYYY')?> It returns as 2007/06/18. Any ideas. Message was