ACE Module SNMP limits

I am monitoring an ACE module using snmp. The values returned from certain OIDs are graphed using Cacti. I found the 64 bit counters on interfaces for the ACE wrap at 10,000,000,000 instead of 2^64. Now that I have configured cacti to expect the wrap at 10 billion, I am concerned about the 32 bit counters. I am querying this snmp oid to get L7 connection counter
cslbxStatsL7PolicyConns
1.3.6.1.4.1.9.9.254.1.1.1.1.8
Should I expect this counter to wrap at 2^32 or a lower value?

The maximum value for a 32bit OID should be 4294967296, I do have a value in my lab that is above 1 billion for that counter, so I wouldn't think there is an issue immediately. One common issue - when you clear stats manually, the counter will reset to 0. As well, I found an internal bug that that suggested some pocket case within the code could have cleared stats incorrectly, but it has never been seen since. There is a guess that someone logged into the test bed and cleared it without permission, but it was not able to be verified. Hence the bug was created to investigate the code, turned up nothing, and was junked accordingly.
What you might want to do is keep a sharp eye on the counter. When it looks like it rolls, login to the context you are polling and take a look at the accounting log. If you find that someone cleared the logging, that answers the question. If not - log a TAC case and we can replicate your exact configuration/code version in our lab to see if there what the deviation is that causes it to clear. A bug would be logged and fixed.
Regards,
Chris Higgins

Similar Messages

  • ACE Module and Limiting Connections

    We currently use the ACE module to Load-balancing IPSEC connection into SPA's.  Since the SPA's only support 60 new connections per second.  I was looking for a way to limit the amount of connecitons from the ACE to the SPA's.

    Hello,
    Have a look at the Configuring Real Server Rate Limiting section of the ACE documentation.  I think this will meet your needs.
    Hope this helps,
    Sean

  • Monitoring the Cisco ACE module with SNMP

    We use 2 redundant Cisco ACE loadbalancer in our datacenter
    The models are ACE20-MOD-K9 with software A2(2.0)
    Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
    We were not able to find an applicable MIB for that module.
    The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
    What are the correct oid's for cpu and memory?
    Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
    thanks

    Hi Patrik,
    to monitor the ACE I use these two MIB's:
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
    Example for CPU:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Normale Tabelle";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
    The resource usage and other interesting things you will find with a MIB browser.
    Achim

  • Design ? about SNMP operation in ACE module ... Traps sent to different Mgmt Stations

    Good Day everyone,
    I searched the site, and I could not find the answer I was looking for, so If anyone happens to know or point me to a link I would greatly appreciate it.
    Topic:
    Can ACE module sent different Traps (oid) to different management station? Split decision processing to send specific traffic to specific stations, based on the alert it has detected.
    Scenario:
    Our network equipments have a demarc point on what devices are managed via SNMP (Traps, syslog, EMS, etc...); Routers, Switches, ACE modules, and so forth.
    However, we are not responsible for the App Servers assigned to various broadcast domains.
    Customer would like to receive Notification from the ACE module when a Real Server is taken out of rotation , when specific probes have failed.
    My team manages the ACE module, so any alerts from the ACE will be sent to the management station configured in our network.
    Unfortunately I do not have a Test Lab to test my theory, so any help would be greatly appreciated before I submit my Production configs.
    Design Requirements:
    Customer would like the following traps generated and sent to their management station:
    1) Real Server host name
    2) TCP port
    3) Real Server IP address
    4) If capable, percentage threshold for each real server, based on the prediction configured for each Server Farm
    5) Can a NetIQ agent be download on the ACE module to communicate with the NetIQ management station?
    As always thank you for any help you can provide, and if you happen to be around Huntsville Alabama/USA.. you got a cold beer waiting for you!!!!
    Cheers,
    -raman

    Gilles,
    Thank you for your prompt answer.
    When you have time please look over the following question and let me know if it is possible to implement, if the Proxy server is not an option?
    Can a Custom TCL script be executed to sent an notification via SMPT if a health probe fails?
    The SMTP message will contain the server info (IP address, Host name, TCP port).
    The script procedure will execute certain actions based on the returned result.
    Thanks,
    raman
    P.S
    Sorry about not being up to speed on TCL. I am reading up on the TCL capability, and trying to provide some options to my customer.

  • ACE modules not syncing up

    Hi,
    I was adding logging and snmp to my ACE modules this weekend. I first made the changes to the primary ACE module and did a wr mem; I then went to my secondary module and noticed that the modules did not sync.
    After some troubleshooting; I decided to reboot the secondary module, when the module came back, it was in sync.
    As anyone run into this issue before? What is the command that will show me who is my primary module and the state of the modules?
    I am running ACE code: A2.1.2
    Regards,
    John...

    Thank you for your reply; I think that this was my problem:
    14:1007 => Feb 01 07:57:27: ha_process_message:1818 Running sync info: mode 0, s
    tatus 0, reason Detected license mismatch with peer, disabling running-config au
    to sync
    14:1008 => Feb 01 07:57:27: ha_process_message:1822 Startup sync info: mode 0, s
    tatus 0, reason Detected license mismatch with peer, disabling running-config au
    to sync
    I first upgraded the license on my primary and made my changes, then tried to sync. The only problem I see here is that when I did the wr mem the module starting to sync and said that the sync process was complete.
    John...

  • HOWTO: Poll Server farm stats on ACE module

    Hi All,
    We are currently working on providing network monitoring information of our server farms programmed on our ACE modules, what is the best OID's to use?

    Hi Rob,
    Unless there's something already out with the release of code 4.X and ACE 30 then I'd say the MIB that can help you here would be the .CISCO-ENHANCED-SLB-MIB
    Here is the info from the SNMP object navigator
    http://xrl.us/bk2vmo
    Here is the list of supported MIBs by the ACE module just for reference and download
    ftp://ftp.cisco.com/pub/mibs/supportlists/ace/ace-supportlist.html
    HTH
    Pablo

  • MAC-Miss Rate on ACE module

    What exactly does the MAC-Miss rate mean on the ACE? And if we are running out of resources for it, should I worry?
    We have only implemented 1 production policy on the ACE module so far and we are already running out of resources for the mac-miss rate. All other resources look good.
    Is this OK? Or is something wrong here?
    Attached is the resource usage counters.
    Thanks,
    Ben

    When the ACE receives traffic for which it does not have an arp entry for either the source or destination, this is called a mac-miss and the fastpath agent needs to ask the slowpath agent to perform an arp request.
    This communication is rate-limited.
    With no mac entry for a src or dst, we drop the packet.
    So, you should increase the resource.
    Or review your design.
    It's best to have the clients coming through a gateway (ie: the MSFC) instead of directly accessing the ACE.
    This way only 1 mac entry is needed - the gateway.
    You'll see a counter like this
    switch/Admin# sho np 1 me-stats "-socm -v" | i mac
    Drop [mac lookup fail]: 4 0
    Gilles.

  • QoS on ACE Module

    Hello,
    Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
    Thanks!
    Lee

    HI Collin,
    You can use this by Configuring Control Plane Policing (CoPP).
    CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
    CoPP is disabled by default.
    CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
    Just follow the CoPP Configuration Guidelines and Restrictions .
    CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
    Use the below mentioned URL for Defining Traffic Classification
    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
    the commonly required traffic is identified with these ACLs:
    •ACL 120-Critical traffic
    •ACL 121-Important traffic
    •ACL 122-Normal traffic
    •ACL 123-Explicitly denies unwanted traffic
    •ACL 124-All other traffic
    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
    Use the control plane commands as follows:
    control-plane
    To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
    Syntax for T Releases
    control-plane [host | transit | cef-exception]
    no control-plane [host | transit | cef-exception]
    Syntax for 12.0S Releases
    control-plane [slot slot-number] [host | transit | cef-exception]
    no control-plane [slot slot-number] [host | transit | cef-exception]
    Syntax for 12.2S Releases for Cisco 7600 Series Routers
    control-plane
    no control-plane
    Syntax for ASR 1000 Series Routers
    control-plane [host]
    no control-plane [host]
    The below link can be of huge information and config examples for control plane configuration:
    http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
    Get back to me if you find this information relevant and useful to you.
    Sachin garg

  • ACE Module

    Basically we have a running ACE context which works however we are using natting and we have some applications complaining that they can't see the source address of things. So I created a whole new context with the following config but I have the problem of when the client is on the server side network the traffic never makes it there.
    ACE1/10.0.0.0_Network# sho run
    Generating configuration....
    access-list ALL line 8 extended permit ip any any
    rserver host CE-565-1
    ip address 10.0.2.83
    inservice
    serverfarm host Content_Engine_SF
    rserver CE-565-1
    inservice
    class-map match-all Content_Engine_VIP
    2 match virtual-address 10.0.18.101 any
    class-map type management match-any Remote_Management
    2 match protocol http any
    3 match protocol icmp any
    4 match protocol telnet any
    5 match protocol ssh any
    policy-map type management first-match rmt_mgt_policy
    class Remote_Management
    permit
    policy-map type loadbalance first-match Content_Engine_VIP-l7slb
    class class-default
    serverfarm Content_Engine_SF
    policy-map multi-match int18
    class Content_Engine_VIP
    loadbalance vip inservice
    loadbalance policy Content_Engine_VIP-l7slb
    loadbalance vip icmp-reply active
    access-group input ALL
    interface vlan 3
    description Server_Side
    ip address 10.0.3.240 255.255.254.0
    mac-sticky enable
    no shutdown
    interface vlan 18
    description Client Side Network
    ip address 10.0.18.251 255.255.255.0
    mac-sticky enable
    service-policy input int18
    no shutdown
    ip route 0.0.0.0 0.0.0.0 10.0.18.1
    if I telnet to the vip from my machine 172.16.6.222 it works fine. If I telnet from 10.0.18.30 it works fine. However when I telnet from a machine on the vlan 3 10.0.2.188 it does not work. I would have thought the mac-sticky option would work but it seems to be doing nothing. Any ideas with out using a NAT pool would be great so we can see the originating IP Address.

    If you are initiating traffic from serverA to a vip that load balances to serverB in that same vlan you will have an asymmetric flow. ServerA is on the same vlan as serverB. Since both servers are in the same subnet, ServerB will ARP for serverA address and send the response directly to serverA. The traffic will never make it back to the ACE. There are a few things you can do:
    1. Use NAT to ensure the return traffice makes it back to ACE.
    2. Insert HTTP header with client IP address. This only works for HTTP traffic and your application must be able to recognize this header for logging.
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/classlb.html#wp1040008
    3. Use Direct Server Return (DSR). This feature has been committed to ACE 2.0. This will require the servers to be L2 adjacent to the ACE module and you will need to configure the VIP address as a loopback address on the server. Here is CSM documentation that lists some of the limitations with DSR:
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/netwcsm.html#wp1065827

  • ACE modules reloaded

    HI Experts,
    We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference.
    Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart.
    The current IOS version is A2(3.2). The modules uptime was around 300 Days.
    Here is the log from 6509 switch during the restart
    Primary DC 6509-1 .
    Jul 10 18:52:05.383 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
    .Jul 10 18:56:47.291 WAT: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
    Jul 10 18:56:47.127 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
    Jul 10 18:56:47.271 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
    Jul 10 18:57:00.951 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
    Jul 10 18:57:00.951 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
    Jul 10 19:01:57.172 WAT: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics...
    .Jul 10 19:01:59.256 WAT: %SNMP-5-MODULETRAP: Module 9 [Up] Trap
    Jul 10 19:01:58.700 WAT: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics
    Jul 10 19:01:59.256 WAT: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online
    .Jul 10 19:02:04.548 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
    DR DC 6509-1 .
    Jul 11 09:42:05.759: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down .
    Jul 11 09:42:05.763: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
    .Jul 11 09:42:05.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down
    Jul 11 09:42:05.599: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
    Jul 11 09:42:05.747: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
    Jul 11 09:42:05.767: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
    Jul 11 09:42:05.771: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down .
    Jul 11 09:42:14.535: %SVCLC-5-SVCLCNTP: Could not update clock on the module 9, rc is -1
    Jul 11 09:42:19.395: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
    Jul 11 09:42:19.395: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
    Jul 11 09:47:15.819: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics... .
    Jul 11 09:47:19.871: %MLS_RATE-4-DISABLING: The global switching mode is now 'truncated'. Disabling the Layer2 Rate Limiters. .
    Jul 11 09:47:19.903: %SNMP-5-MODULETRAP: Module 9 [Up] Trap Jul 11 09:47:19.633: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics Jul 11 09:47:19.905: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online .
    Jul 11 09:47:21.079: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
    Jul 11 09:47:20.912: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
    Jul 11 09:47:21.080: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
    .Jul 11 09:47:25.039: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
    .Jul 11 09:47:25.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
    Jul 11 09:47:24.520: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
    Jul 11 09:47:25.056: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to up
    Jul 11 09:47:25.060: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
    Please let me did anyone face this issue before or is it any known BUG?

    HI All, Thanx for the help. Got the resaon from show version output.
    last boot reason:  NP 1 Failed : SRAM Parity Error Chan 3
    Also got the TAC comment on SRAM party error
    The SRAM parity error presented in the core file is not due to a software issue.
    The issue is the result of a "bit-flip" within the SRAM itself which can occur as a
    result of environmental conditions. This "bit-flip" is rectified by a simple reboot of
    the system, which would occur with the generation of the core file. Cisco internal
    testing and customer experience has shown that these types of issues can occur
    with very low frequency, but do not required an RMA of the device.
    If there are multiple instances of this issue on the same module, a proactive RMA/EFA
    of the device would be in order.
    ACE is susceptible to this because of the way it uses SRAM to store control information
    and packet data as opposed to scratch-pad storage. Almost any 1-bit flip will be detected as a
    parity error. Cisco has recognized the issue and is taking action to ensure this will not be
    an issue on the next generation of the ACE module. The next generation module design
    and timeline is currently under review.
    Thnx again for the help
    Aslam

  • Question in regard to management VLAN for each Context in ACE module

    Dear Pros,
    I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.
    1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?
    2) If it does require that, what IP address should I used for default route in each context.
    I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.
    Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.
    Any suggestions or if you can point me to location as always will be greatly apprecaited.
    Thanks and best regards.
    Raman Azizian

    Hi,
    you have several options to choose from.
    1. Use Admin context for management
    You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.
    + Easy and straightforward
    - snmp and syslog are using the ip from each individual context and not the management IP
    2. Use a Large subnet and assign an IP address in each context for management.
    You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.
    + each context has its own managment address
    - static routes need to be added
    3. Use your client-side ip address (or BVI) as management address.
    You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.
    + no static routes needed
    - inline management
    Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.
    If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.
    HTH,
    Dario

  • ACE-module Restarted

    Hi
    One of my ACE module got restarted The following are the error messsages in the 6500 switches
    Oct 22 13:38:40.411: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
    Oct 22 13:38:40.439: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
    The IOs version of the ACE is :- disk0:c6ace-t1k9-mz.3.0.0_A1_3b.bin
    Switch Os version is : s72033-advipservicesk9_wan-mz.122-18.SXF7.bin
    Could anybody tell me Is there any BUG in the IOS ?Or What could be the possible reason ?
    Thanks in Advance
    Dinesh

    i have similar problem. the catalyst restart the ace, and ace doesn't work.
    Also i have two catalyst conected in trunk, and i have two ace, one in each catalyst. No redundancie. both have the same problem.
    ACE ios is: boot system image:c6ace-t1k9-mz.A2_1.bin
    catalyst ios is: s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
    log from catalyst:
    17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[3292], Rx_Rate[232]
    17w2d: %CONST_DIAG-SP-2-HM_MOD_RESET: Resetting Module 1 for software recovery, Reason: Failed TestAsicSync
    17w2d: %OIR-SP-3-PWRCYCLE: Card in module 1, is being power-cycled off (Diagnostic Failure)
    17w2d: %HA_EM-6-LOG: Mandatory.go_asicsync.tcl: GOLD EEM TCL policy for TestAsicSync
    17w2d: %SNMP-5-MODULETRAP: Module 1 [Down] Trap
    17w2d: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Diagnostic Failure)
    17w2d: %SVCLC-5-SVCLCVTPMODE: VTP mode is set to non-transparent
    17w2d: %SNMP-5-MODULETRAP: Module 1 [Up] Trap
    17w2d: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimal Diagnostics...
    17w2d: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics
    17w2d: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
    17w2d: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
    17w2d: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 5 detected excessive flow-control on channel 0 (Module 1, fabric connection 0)
    17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[6293], Rx_Rate[298]
    ANY advise?

  • ACE module connection drops

    I am facing an issue with Cisco ACE module. Have 5 servers serving the connections for applications. However, during peak hours there is lot of dropped connections.
    Also have lot of fragment reassemble.
    Please help how to go ahead troubleshooting the issue.

    it is on the cisco site. In the ACE datasheet to be exact. But I'm talking about the appliance. Not sure about the module. But should be the same. Only thing I was not sure was whether the same limits apply to the base license package, or are the figures lower for the base license. Cisco says that the numbers are the same for the base package.
    however I'm yet to verify it on the field

  • ACE Module throughput

    Hi
    In the Datashhet of the ACE-Module (ACE20-MOD-K9) there is the following promise:
    Throughput
    16 Gbps*, 8 Gbps*, and 4 Gbps
    We have a base license, so I assume we have a throughput of 4Gbps (gigabits per second).
    Are these 4Gbps bidirectional or unidirectional?
    Is it 2Gbps in one direction and 2Gbps in the other direction?
    Imagine we have just 1 host (A) before the ACE module and just 1 host (B) behind the ACE module. Can I transfer data from A to B (unidirectional) with 4Gbps? Assume the hosts are connected with 10Gbps to the network and use multiple flows!
    How can I measure the effective used bandwith on the ACE module?
    What hapens, if host A tries to send data faster than 4Gbps? Does it deny single packets? Base on what? Does it deny additional sessions?
    How do I know that the ACE runs at it's bandwith limitation?
    Any Ideas?
    Thanks
    Patrik

    Hi Patrik,
    See my answers inline:
    We have a base license, so I assume we have a throughput of 4Gbps (gigabits per second).Are these 4Gbps bidirectional or unidirectional?Is it 2Gbps in one direction and 2Gbps in the other direction?
    It measures the total throughput going through the box. It includes both directions. Also take into account that, for any traffic through the ACE, the packets are seen twice (client to ACE and ACE to server), so the effective throughput is half of the licensed one.
    Imagine we have just 1 host (A) before the ACE module and just 1 host (B) behind the ACE module. Can I transfer data from A to B (unidirectional) with 4Gbps? Assume the hosts are connected with 10Gbps to the network and use multiple flows!
    You could get up to 2Gbps unidirectional. This traffic will go through the ACE twice, adding to the 4Gbps license
    How can I measure the effective used bandwith on the ACE module?
    With the "show resource usage" command
    What hapens, if host A tries to send data faster than 4Gbps? Does it deny single packets? Base on what? Does it deny additional sessions?
    It will drop packets that go over the bandwidth without taking into account to which connection they belong
    How do I know that the ACE runs at it's bandwith limitation?
    Again, "show resource usage"
    Regards
    Daniel

  • ACE module not load balancing across two servers

    We are seeing an issue in a context on one of our load balancers where an application doesn't appear to be load balancing correctly across the two real servers.  At various times the application team is seeing active connections on only one real server.  They see no connection attempts on the other server.  The ACE sees both servers as up and active within the serverfarm.  However, a show serverfarm confirms that the load balancer sees current connections only going to one of the servers.  The issue is fixed by restarting the application on the server that is not receiving any connections.  However, it reappears again.  And which server experiences the issue moves back and forth between the two real servers, so it is not limited to just one of the servers.
    The application vendor wants to know why the load balancer is periodically not sending traffic to one of the servers.  I'm kind of curious myself.  Does anyone have some tips on where we can look next to isolate the cause?
    We're running A2(3.3).  The ACE module was upgraded to that version of code on a Friday, and this issue started the following Monday.  The ACE has 28 contexts configured, and this one context is the only one reporting any issues since the upgrade.
    Here are the show serverfarm statistics as of today:
    ACE# show serverfarm farma-8000
    serverfarm     : farma-8000, type: HOST
    total rservers : 2
                                                    ----------connections-----------
           real                  weight state        current    total      failures
       ---+---------------------+------+------------+----------+----------+---------
       rserver: server#1
           x.x.x.20:8000      8      OPERATIONAL  0          186617     3839
       rserver: server#2
           x.x.x.21:8000      8      OPERATIONAL  67         83513      1754

    Are you enabling sticky feature? What kind of predictor are you using?
    If sticky feature is enabled and one rserver goes down, traffic will leans to one side.
    Even after the rserver retuns to up, traffic may continue to lean due to sticky feature.
    The behavior seems to depend on the configuration.
    So, please let me know a part of configuration?
    Regards,
    Yuji

Maybe you are looking for

  • HP Deskjet no longer responding?

    Hey Everyone I'm new around here, and I thought my Macbook was perfect until I had printer issues. Anyway recently I tried to print out my a lab manual (10 pages long) and everything seems to go fine, but after it's nearly done printing the first pag

  • Vertical line in flat file

    Hello experts, In flat file ' | ' (vertical line) is maintained as seperator. flat file format: J|1|A| here J is data of column-1 1 is data of column-2 A is data of column-3. '|' is seperator, I want to upload. When i tried to upload the file with th

  • Smart albums not working with multiple faces

    I have a picture in an event tagged with 2 faces, Chase and Caleb. I setup a smart album with two criteria: 1) Face 'is' Chase, and 2) Face 'is not' Caleb. My smart album includes the photo above, but it shouldn't since I have specified that I want C

  • Changing views in Flex

    My application is built similar to the Tourde flex-->Data Visualization-->IBM ILog Elixir-->RealTime Dashboard(2) application which has a map on the top portion and 2 datagrids on the bottom. My application does not have a clock shown on the bottom p

  • Webcenter Sites Installation fail during deployment

    Hi I have been trying to do a proof of concerpt with Webcenter Site on Weblogic 10.3.6 on windows 7, it installs fine but failes with the following error during deployment An error occurred during activation of changes, please see the log for details