Ace Module logging rate limit

Hi All,
I have tried to configure the above parameter but it doesn't seem to be working.
The version running on the ACE is 2.3.4 and I am running multiple contexts.
The below configuration was tried on one of the contexts, not being Admin.
The command I used was :
logging rate-limit 42 60 message 251010
What I am trying to achieve here is receive notification that a rserver has failed its connectivity check, therefore alerting the relevant people.
The issue I am encountering is that every second I receive all the alerts again.
I am only wanting to receive the alert once if possible and gain once the rserver has come back online.
Is this possible, if so please explain how I can do it?
TIA.
Jack.

your rate limit should be giving you 42 of those messages per 60 seconds. But this is health probe failure which depending on how many does not necessarily mean server is down. (depends on fail count). also it is level 6 message. the message you really want is:
Error Message    %ACE-4-442001: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to UP
Explanation    The state of a real server changed from down to up.
Recommended Action    None required.
442002
Error Message    %ACE-4-442002: Health probe probe name detected real_server_name
(interface interface_name) in serverfarm sfarm_name changed state to DOWN
suggest you do logging at level 4 and you will only see the message when server state changes

Similar Messages

MAC-Miss Rate on ACE module

What exactly does the MAC-Miss rate mean on the ACE? And if we are running out of resources for it, should I worry?
We have only implemented 1 production policy on the ACE module so far and we are already running out of resources for the mac-miss rate. All other resources look good.
Is this OK? Or is something wrong here?
Attached is the resource usage counters.
Thanks,
Ben

When the ACE receives traffic for which it does not have an arp entry for either the source or destination, this is called a mac-miss and the fastpath agent needs to ask the slowpath agent to perform an arp request.
This communication is rate-limited.
With no mac entry for a src or dst, we drop the packet.
So, you should increase the resource.
Or review your design.
It's best to have the clients coming through a gateway (ie: the MSFC) instead of directly accessing the ACE.
This way only 1 mac entry is needed - the gateway.
You'll see a counter like this
switch/Admin# sho np 1 me-stats "-socm -v" | i mac
Drop [mac lookup fail]: 4 0
Gilles.

ACE Module and Limiting Connections

We currently use the ACE module to Load-balancing IPSEC connection into SPA's. Since the SPA's only support 60 new connections per second. I was looking for a way to limit the amount of connecitons from the ACE to the SPA's.

Hello,
Have a look at the Configuring Real Server Rate Limiting section of the ACE documentation. I think this will meet your needs.
Hope this helps,
Sean

Configuring ACE Module for Redundancy

Hi Sir,
I'm configuring fault tolerance between two ACE modules installed on two different Catalyst 6513 switches. I have one Admin context and 3 user contexts.
Do I need to configure 4 "ft group", i.e. one context per group? E.g. config:
ft group 1
peer 1
priority 110
peer priority 105
associate-context Admin
inservice
ft group 2
peer 1
priority 110
peer priority 105
associate-context ace-context1
inservice
ft group 3
peer 1
priority 105
peer priority 110
associate-context ace-context2
inservice
ft group 4
peer 1
priority 105
peer priority 110
associate-context ace-context3
inservice
Can you also explain the purpose of configuring an alias IP address on the client-facing VLAN interface? I understand we need an alias IP address on the server-facing VLAN interface to provide a virtual gateway address to the servers. But what's the use of an alias IP on the client-side?
Thank you.
B.Rgds,
Lim TS

Hi Gilles,
I have configured FT for all user contexts as well as for the admin context. It works. My FT config is identical to the one I posted in this thread. Of course, one has to define the "ft interface vlan" and "ft peer" before configuring FT groups.
I noticed a few things:
(1) After the initial FT config, subsequent FT groups just need to be configured on the active Admin context and it will be replicated to the standby ACE, with the priority correctly reversed.
(2) You will get the message "NOTE: Configuration mode has been disabled on all sessions" when you log in to a standby context.
(3) The hostname of the active Admin context is not synced to the standby ACE. Do you know why?
One issue I encountered in one of the user contexts is as follows:
ace1/ace-context-1# sh run int
Generating configuration....
interface vlan 950
description *** Client-Facing VLAN ***
ip address 10.1.35.5 255.255.255.0
alias 10.1.35.4 255.255.255.0
peer ip address 10.1.35.6 255.255.255.0
access-group input ACL_VL950_IN
service-policy input REMOTE_MGMT
service-policy input MY_LB
no shutdown
interface vlan 951
description *** Connection to Real Servers ***
ip address 10.1.36.2 255.255.255.0
alias 10.1.36.1 255.255.255.0
peer ip address 10.1.36.3 255.255.255.0
access-group input ACL_VL951_IN
service-policy input NAT_REAL
no shutdown
This is the active context. It can ping to 10.1.35.4 (alias) and 10.1.35.6 (peer) over VLAN 950 (client-side). It can ping alias 10.1.36.1 over VLAN 951 (server-side) but can't ping to peer 10.1.36.3. The ACL_VL951_IN permits ip any any. Do you know why?
Secondly, I can remotely ping to alias 10.1.35.4 but can't telnet to it (I'm expecting it to telnet to the active context). I have to telnet to 10.1.35.5. Is this normal behavior?
Please advise.
Thank you.
B.Rgds,
Lim TS

ACE modules reloaded

HI Experts,
We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference.
Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart.
The current IOS version is A2(3.2). The modules uptime was around 300 Days.
Here is the log from 6509 switch during the restart
Primary DC 6509-1 .
Jul 10 18:52:05.383 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
.Jul 10 18:56:47.291 WAT: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
Jul 10 18:56:47.127 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
Jul 10 18:56:47.271 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
Jul 10 18:57:00.951 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Jul 10 18:57:00.951 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
Jul 10 19:01:57.172 WAT: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics...
.Jul 10 19:01:59.256 WAT: %SNMP-5-MODULETRAP: Module 9 [Up] Trap
Jul 10 19:01:58.700 WAT: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics
Jul 10 19:01:59.256 WAT: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online
.Jul 10 19:02:04.548 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
DR DC 6509-1 .
Jul 11 09:42:05.759: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down .
Jul 11 09:42:05.763: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
.Jul 11 09:42:05.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:42:05.599: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
Jul 11 09:42:05.747: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
Jul 11 09:42:05.767: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
Jul 11 09:42:05.771: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down .
Jul 11 09:42:14.535: %SVCLC-5-SVCLCNTP: Could not update clock on the module 9, rc is -1
Jul 11 09:42:19.395: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Jul 11 09:42:19.395: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
Jul 11 09:47:15.819: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics... .
Jul 11 09:47:19.871: %MLS_RATE-4-DISABLING: The global switching mode is now 'truncated'. Disabling the Layer2 Rate Limiters. .
Jul 11 09:47:19.903: %SNMP-5-MODULETRAP: Module 9 [Up] Trap Jul 11 09:47:19.633: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics Jul 11 09:47:19.905: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online .
Jul 11 09:47:21.079: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
Jul 11 09:47:20.912: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:47:21.080: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
.Jul 11 09:47:25.039: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
.Jul 11 09:47:25.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
Jul 11 09:47:24.520: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:47:25.056: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to up
Jul 11 09:47:25.060: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
Please let me did anyone face this issue before or is it any known BUG?

HI All, Thanx for the help. Got the resaon from show version output.
last boot reason: NP 1 Failed : SRAM Parity Error Chan 3
Also got the TAC comment on SRAM party error
The SRAM parity error presented in the core file is not due to a software issue.
The issue is the result of a "bit-flip" within the SRAM itself which can occur as a
result of environmental conditions. This "bit-flip" is rectified by a simple reboot of
the system, which would occur with the generation of the core file. Cisco internal
testing and customer experience has shown that these types of issues can occur
with very low frequency, but do not required an RMA of the device.
If there are multiple instances of this issue on the same module, a proactive RMA/EFA
of the device would be in order.
ACE is susceptible to this because of the way it uses SRAM to store control information
and packet data as opposed to scratch-pad storage. Almost any 1-bit flip will be detected as a
parity error. Cisco has recognized the issue and is taking action to ensure this will not be
an issue on the next generation of the ACE module. The next generation module design
and timeline is currently under review.
Thnx again for the help
Aslam

Inventory collection fails for ACE module (RME 4.3.1)

I am trying to collect the inventory and ultimately the configurations for my ace modules. When i try to do an inventory collection I get the error
Device sensed, but collection failed
Anybody have any ideas?
Chris

Post your IC_Server.log.
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com

ACE Module & FWSM

Dear Gents,
Attached is the current setup & configuration for both ACE & FWSM.
we can ping the VIP from the user side, but we are not able to open the web application using the VIP.
Appreciate your kind support to solve the issue when trying to open the application using the VIP.
Best Regards,

Pierre this is babu.
     Can you please forward ACE ONE ARM MODE current configuration which is working fine. Check my configuration and please replay if any modification require.
boot system image:c4710ace-mz.A4_2_0.bin
interface gigabitEthernet 1/1
switchport access vlan 255
no shutdown
interface gigabitEthernet 1/2
switchport access vlan 110
no shutdown
interface gigabitEthernet 1/3
shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
access-list ALL line 16 extended permit icmp any any
probe http HTTP
port 80
interval 20
passdetect interval 40
receive 3
expect status 0 499
connection term forced
open 1
probe icmp PING
description Probe PING
interval 2
faildetect 2
passdetect interval 2
passdetect count 2
receive 1
probe snmp SNMP-PROBE
description SNMP-PROBE
interval 15
passdetect interval 10
version 2c
community MODA-MSD-RW
oid .1.3.6.1.2.1.4.3.0
   type absolute max 1000000000
weight 6000
rserver host SERVER1
description msd-hq-sp01
ip address 10.0.160.14
conn-limit max 2000000 min 1500000
rate-limit connection 100000
rate-limit bandwidth 10000000
inservice
rserver host SERVER2
description msd-hq-sp02
ip address 10.0.160.15
conn-limit max 2000000 min 1500000
fail-on-all
weight 20
inservice
rserver host SERVER3
conn-limit max 2000000 min 1500000
fail-on-all
weight 30
inservice
rserver host SERVER4
conn-limit max 2000000 min 1500000
fail-on-all
weight 40
inservice
serverfarm host MoDA-MSD-SFARM
description MoDA-MSD-SERVERS
probe PING
rserver SERVER1 80
   conn-limit max 2000000 min 1500000
   rate-limit connection 100000
   rate-limit bandwidth 5000000
   inservice
rserver SERVER2 80
   conn-limit max 2000000 min 1500000
   rate-limit connection 100000
   rate-limit bandwidth 5000000
   inservice
sticky ip-netmask 255.255.255.255 address source STKY_WEB1
timeout 60
replicate sticky
serverfarm MoDA-MSD-SFARM
class-map match-all frontend
2 match virtual-address 10.0.160.17 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
   permit
policy-map type loadbalance first-match frontend
class class-default
   serverfarm MoDA-MSD-SFARM
policy-map multi-match CLIENT-VIPS
class frontend
   loadbalance vip inservice
   loadbalance policy frontend
   loadbalance vip icmp-reply
   nat dynamic 1 vlan 110
class class-default
interface vlan 110
ip address 10.110.10.101 255.255.255.0
access-group input ALL
nat-pool 1 10.110.10.200 10.110.10.200 netmask 255.255.255.0 pat
service-policy input CLIENT-VIPS
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 255
ip address 10.0.255.245 255.255.255.0
no shutdown
ft interface vlan 115
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 115
query-interface vlan 110
ft group 1
peer 1
priority 120
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 10.110.10.254
snmp-server community MODA-MSD-RO group Network-Monitor
snmp-server host 10.0.160.144 traps version 2c MODA-MSD-RW
snmp-server enable traps snmp coldstart
snmp-server enable traps virtual-context
snmp-server enable traps license
snmp-server enable traps slb vserver
snmp-server enable traps slb real
snmp-server enable traps syslog
snmp-server enable traps snmp authentication
snmp-server enable traps snmp linkup
snmp-server enable traps snmp linkdown
username admin password 5 $1$D1e1pS1d$KBuTV0Oe195u3b3dW9RQF/ role Admin domain
default-domain
username www password 5 $1$JfHnQdU/$0FLEMgeJIuAzIKGc3Xv.p1 role Admin domain de
fault-domain
ssh key rsa 1024 force
Thank you,
Babu.S

ACE modules not syncing up

Hi,
I was adding logging and snmp to my ACE modules this weekend. I first made the changes to the primary ACE module and did a wr mem; I then went to my secondary module and noticed that the modules did not sync.
After some troubleshooting; I decided to reboot the secondary module, when the module came back, it was in sync.
As anyone run into this issue before? What is the command that will show me who is my primary module and the state of the modules?
I am running ACE code: A2.1.2
Regards,
John...

Thank you for your reply; I think that this was my problem:
14:1007 => Feb 01 07:57:27: ha_process_message:1818 Running sync info: mode 0, s
tatus 0, reason Detected license mismatch with peer, disabling running-config au
to sync
14:1008 => Feb 01 07:57:27: ha_process_message:1822 Startup sync info: mode 0, s
tatus 0, reason Detected license mismatch with peer, disabling running-config au
to sync
I first upgraded the license on my primary and made my changes, then tried to sync. The only problem I see here is that when I did the wr mem the module starting to sync and said that the sync process was complete.
John...

Clear resource usage counter on ACE module

Hi
Does anybody know how to clear the resource usage counter on an ACE module?
We use an ACE20-MOD-K2 with version A2(3.5).
Here you can see that after issuing 'clear stats resource-usage' the counters are still the same.
uzhlbsrv1/Admin# sh resource usage resource rate bandwidth
                                                     Allocation
        Resource         Current       Peak        Min        Max       Denied
Context: Admin
bandwidth                  1966       3971    7487500 625000028          0
Context: NOZONE
bandwidth                     0       4450          0 617512528          0
Context: ZONE1
bandwidth              14021827 549340375          0 617512528 192084322
Context: ZONE2
bandwidth                197520   69634789          0 617512528      29385
Context: ZONE3
bandwidth                 38756   78911285          0 617512528    6471653
Context: ZONE4
bandwidth                     0       3052          0 617512528          0
uzhlbsrv1/Admin# clear stats resource-usage
uzhlbsrv1/Admin# sh resource usage resource rate bandwidth
                                                     Allocation
        Resource         Current       Peak        Min        Max       Denied
Context: Admin
bandwidth                   396        841    7487500 625000028          0
Context: NOZONE
bandwidth                     0       4450          0 617512528          0
Context: ZONE1
bandwidth               9350189 549340375          0 617512528 192084322
Context: ZONE2
bandwidth                128087   69634789          0 617512528      29385
Context: ZONE3
bandwidth                133229   78911285          0 617512528    6471653
Context: ZONE4
bandwidth                     0       3052          0 617512528          0
Or is it a bug eventually?
Thanks
Patrik

Hi Patrik,
What could one of the issue here is, if this box is in production and is being used, as soon as you clear the coutners, the new traffic is still flowing in, so ace will populate the new stats. if you take this box out of production then you should be able to see all the traffic gone.
Also to reinforce my previous argument, if you happen to see the stats second time, they are reduced , which will only point that the system is actively receiving and before you do a second show resource, it would have received some traffic and it will also take into account the existing traffic flow across the box.
Most likely not a Bug.
Regards
Abijith

QoS on ACE Module

Hello,
Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
Thanks!
Lee

HI Collin,
You can use this by Configuring Control Plane Policing (CoPP).
CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
CoPP is disabled by default.
CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
Just follow the CoPP Configuration Guidelines and Restrictions .
CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
Use the below mentioned URL for Defining Traffic Classification
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
the commonly required traffic is identified with these ACLs:
â¢ACL 120-Critical traffic
â¢ACL 121-Important traffic
â¢ACL 122-Normal traffic
â¢ACL 123-Explicitly denies unwanted traffic
â¢ACL 124-All other traffic
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
Use the control plane commands as follows:
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
Syntax for T Releases
control-plane [host | transit | cef-exception]
no control-plane [host | transit | cef-exception]
Syntax for 12.0S Releases
control-plane [slot slot-number] [host | transit | cef-exception]
no control-plane [slot slot-number] [host | transit | cef-exception]
Syntax for 12.2S Releases for Cisco 7600 Series Routers
control-plane
no control-plane
Syntax for ASR 1000 Series Routers
control-plane [host]
no control-plane [host]
The below link can be of huge information and config examples for control plane configuration:
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
Get back to me if you find this information relevant and useful to you.
Sachin garg

ACE real server rate liiting

Hi,
If the ACE is configured to rate limit the traffic to a given real server to a certain bandwidth, what happens to the traffic that exceeds the specified limit ? Does the ACE drop this traffic in all cases as the documentation says ? Or can we configure the ACE to bypass this traffic either without any load balancing or to a backup server ?
Thanks and regards

That sounds good, When there is excess traffic, all the new connections would be sent to the serverfarm representing the DG. Now when the traffic level of the cache due to the existing connections decrease below acceptable levels, the ACE will again bring it in to rotation.
Cool, One question though. What happens if there are two caching servers, and we want to implement the same to both the servers. I'm thinking the net effect would be similar. But would there be any caveats ?

ACE Module

Basically we have a running ACE context which works however we are using natting and we have some applications complaining that they can't see the source address of things. So I created a whole new context with the following config but I have the problem of when the client is on the server side network the traffic never makes it there.
ACE1/10.0.0.0_Network# sho run
Generating configuration....
access-list ALL line 8 extended permit ip any any
rserver host CE-565-1
ip address 10.0.2.83
inservice
serverfarm host Content_Engine_SF
rserver CE-565-1
inservice
class-map match-all Content_Engine_VIP
2 match virtual-address 10.0.18.101 any
class-map type management match-any Remote_Management
2 match protocol http any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
policy-map type management first-match rmt_mgt_policy
class Remote_Management
permit
policy-map type loadbalance first-match Content_Engine_VIP-l7slb
class class-default
serverfarm Content_Engine_SF
policy-map multi-match int18
class Content_Engine_VIP
loadbalance vip inservice
loadbalance policy Content_Engine_VIP-l7slb
loadbalance vip icmp-reply active
access-group input ALL
interface vlan 3
description Server_Side
ip address 10.0.3.240 255.255.254.0
mac-sticky enable
no shutdown
interface vlan 18
description Client Side Network
ip address 10.0.18.251 255.255.255.0
mac-sticky enable
service-policy input int18
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.18.1
if I telnet to the vip from my machine 172.16.6.222 it works fine. If I telnet from 10.0.18.30 it works fine. However when I telnet from a machine on the vlan 3 10.0.2.188 it does not work. I would have thought the mac-sticky option would work but it seems to be doing nothing. Any ideas with out using a NAT pool would be great so we can see the originating IP Address.

If you are initiating traffic from serverA to a vip that load balances to serverB in that same vlan you will have an asymmetric flow. ServerA is on the same vlan as serverB. Since both servers are in the same subnet, ServerB will ARP for serverA address and send the response directly to serverA. The traffic will never make it back to the ACE. There are a few things you can do:
1. Use NAT to ensure the return traffice makes it back to ACE.
2. Insert HTTP header with client IP address. This only works for HTTP traffic and your application must be able to recognize this header for logging.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/classlb.html#wp1040008
3. Use Direct Server Return (DSR). This feature has been committed to ACE 2.0. This will require the servers to be L2 adjacent to the ACE module and you will need to configure the VIP address as a loopback address on the server. Here is CSM documentation that lists some of the limitations with DSR:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/netwcsm.html#wp1065827

ACE module - Resouce in use

Hello,
I try to free some memory on a ACe module because I get the resource in use message.
I spotted 2 contexts with the default RC, however when I try to assign a resource class with a lower percentage to these contexts I get the "Error: resouce in use" message even though these RC have a lower resource allocation.
Did anybody come accress this situation and fixed it?
Regards.

Thanks All for your reply,
The only configuration is the :
resource-class ContextID
limit-resource all minimum 5.00 maximum equal-to-min
i know i'm "short" of memory there but how could I resize the memory allocation if the command to allocate less memory does not go through.
I guess in order to assigne that Rc to the context i should have at least the same percentage of free memory as the percentage I want to allocate to the context.
Looks like the only way to change this is to configure a more detailed memory allocation wihtin the RC (syslog, bandwidth, acl, ...) so I would assign less memory to various resources within the context.
But then again, I guess the fact that I ran out of memory will prevent me from changing the existing resource allocation. sounds to me like a dead end at this stage.
Any idea?
Regards.

ACE-module Restarted

Hi
One of my ACE module got restarted The following are the error messsages in the 6500 switches
Oct 22 13:38:40.411: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Oct 22 13:38:40.439: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
The IOs version of the ACE is :- disk0:c6ace-t1k9-mz.3.0.0_A1_3b.bin
Switch Os version is : s72033-advipservicesk9_wan-mz.122-18.SXF7.bin
Could anybody tell me Is there any BUG in the IOS ?Or What could be the possible reason ?
Thanks in Advance
Dinesh

i have similar problem. the catalyst restart the ace, and ace doesn't work.
Also i have two catalyst conected in trunk, and i have two ace, one in each catalyst. No redundancie. both have the same problem.
ACE ios is: boot system image:c6ace-t1k9-mz.A2_1.bin
catalyst ios is: s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
log from catalyst:
17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[3292], Rx_Rate[232]
17w2d: %CONST_DIAG-SP-2-HM_MOD_RESET: Resetting Module 1 for software recovery, Reason: Failed TestAsicSync
17w2d: %OIR-SP-3-PWRCYCLE: Card in module 1, is being power-cycled off (Diagnostic Failure)
17w2d: %HA_EM-6-LOG: Mandatory.go_asicsync.tcl: GOLD EEM TCL policy for TestAsicSync
17w2d: %SNMP-5-MODULETRAP: Module 1 [Down] Trap
17w2d: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Diagnostic Failure)
17w2d: %SVCLC-5-SVCLCVTPMODE: VTP mode is set to non-transparent
17w2d: %SNMP-5-MODULETRAP: Module 1 [Up] Trap
17w2d: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimal Diagnostics...
17w2d: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics
17w2d: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
17w2d: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
17w2d: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 5 detected excessive flow-control on channel 0 (Module 1, fabric connection 0)
17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[6293], Rx_Rate[298]
ANY advise?

ACE Module SNMP limits

I am monitoring an ACE module using snmp. The values returned from certain OIDs are graphed using Cacti. I found the 64 bit counters on interfaces for the ACE wrap at 10,000,000,000 instead of 2^64. Now that I have configured cacti to expect the wrap at 10 billion, I am concerned about the 32 bit counters. I am querying this snmp oid to get L7 connection counter
cslbxStatsL7PolicyConns
1.3.6.1.4.1.9.9.254.1.1.1.1.8
Should I expect this counter to wrap at 2^32 or a lower value?

The maximum value for a 32bit OID should be 4294967296, I do have a value in my lab that is above 1 billion for that counter, so I wouldn't think there is an issue immediately. One common issue - when you clear stats manually, the counter will reset to 0. As well, I found an internal bug that that suggested some pocket case within the code could have cleared stats incorrectly, but it has never been seen since. There is a guess that someone logged into the test bed and cleared it without permission, but it was not able to be verified. Hence the bug was created to investigate the code, turned up nothing, and was junked accordingly.
What you might want to do is keep a sharp eye on the counter. When it looks like it rolls, login to the context you are polling and take a look at the accounting log. If you find that someone cleared the logging, that answers the question. If not - log a TAC case and we can replicate your exact configuration/code version in our lab to see if there what the deviation is that causes it to clear. A bug would be logged and fixed.
Regards,
Chris Higgins

Ace Module logging rate limit

Similar Messages

Maybe you are looking for