ACE Module SNMP limits
I am monitoring an ACE module using snmp. The values returned from certain OIDs are graphed using Cacti. I found the 64 bit counters on interfaces for the ACE wrap at 10,000,000,000 instead of 2^64. Now that I have configured cacti to expect the wrap at 10 billion, I am concerned about the 32 bit counters. I am querying this snmp oid to get L7 connection counter
cslbxStatsL7PolicyConns
1.3.6.1.4.1.9.9.254.1.1.1.1.8
Should I expect this counter to wrap at 2^32 or a lower value?
The maximum value for a 32bit OID should be 4294967296, I do have a value in my lab that is above 1 billion for that counter, so I wouldn't think there is an issue immediately. One common issue - when you clear stats manually, the counter will reset to 0. As well, I found an internal bug that that suggested some pocket case within the code could have cleared stats incorrectly, but it has never been seen since. There is a guess that someone logged into the test bed and cleared it without permission, but it was not able to be verified. Hence the bug was created to investigate the code, turned up nothing, and was junked accordingly.
What you might want to do is keep a sharp eye on the counter. When it looks like it rolls, login to the context you are polling and take a look at the accounting log. If you find that someone cleared the logging, that answers the question. If not - log a TAC case and we can replicate your exact configuration/code version in our lab to see if there what the deviation is that causes it to clear. A bug would be logged and fixed.
Regards,
Chris Higgins
Similar Messages
-
ACE Module and Limiting Connections
We currently use the ACE module to Load-balancing IPSEC connection into SPA's. Since the SPA's only support 60 new connections per second. I was looking for a way to limit the amount of connecitons from the ACE to the SPA's.
Hello,
Have a look at the Configuring Real Server Rate Limiting section of the ACE documentation. I think this will meet your needs.
Hope this helps,
Sean -
Monitoring the Cisco ACE module with SNMP
We use 2 redundant Cisco ACE loadbalancer in our datacenter
The models are ACE20-MOD-K9 with software A2(2.0)
Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
We were not able to find an applicable MIB for that module.
The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
What are the correct oid's for cpu and memory?
Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
thanksHi Patrik,
to monitor the ACE I use these two MIB's:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
Example for CPU:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
The resource usage and other interesting things you will find with a MIB browser.
Achim -
Good Day everyone,
I searched the site, and I could not find the answer I was looking for, so If anyone happens to know or point me to a link I would greatly appreciate it.
Topic:
Can ACE module sent different Traps (oid) to different management station? Split decision processing to send specific traffic to specific stations, based on the alert it has detected.
Scenario:
Our network equipments have a demarc point on what devices are managed via SNMP (Traps, syslog, EMS, etc...); Routers, Switches, ACE modules, and so forth.
However, we are not responsible for the App Servers assigned to various broadcast domains.
Customer would like to receive Notification from the ACE module when a Real Server is taken out of rotation , when specific probes have failed.
My team manages the ACE module, so any alerts from the ACE will be sent to the management station configured in our network.
Unfortunately I do not have a Test Lab to test my theory, so any help would be greatly appreciated before I submit my Production configs.
Design Requirements:
Customer would like the following traps generated and sent to their management station:
1) Real Server host name
2) TCP port
3) Real Server IP address
4) If capable, percentage threshold for each real server, based on the prediction configured for each Server Farm
5) Can a NetIQ agent be download on the ACE module to communicate with the NetIQ management station?
As always thank you for any help you can provide, and if you happen to be around Huntsville Alabama/USA.. you got a cold beer waiting for you!!!!
Cheers,
-ramanGilles,
Thank you for your prompt answer.
When you have time please look over the following question and let me know if it is possible to implement, if the Proxy server is not an option?
Can a Custom TCL script be executed to sent an notification via SMPT if a health probe fails?
The SMTP message will contain the server info (IP address, Host name, TCP port).
The script procedure will execute certain actions based on the returned result.
Thanks,
raman
P.S
Sorry about not being up to speed on TCL. I am reading up on the TCL capability, and trying to provide some options to my customer. -
Hi,
I was adding logging and snmp to my ACE modules this weekend. I first made the changes to the primary ACE module and did a wr mem; I then went to my secondary module and noticed that the modules did not sync.
After some troubleshooting; I decided to reboot the secondary module, when the module came back, it was in sync.
As anyone run into this issue before? What is the command that will show me who is my primary module and the state of the modules?
I am running ACE code: A2.1.2
Regards,
John...Thank you for your reply; I think that this was my problem:
14:1007 => Feb 01 07:57:27: ha_process_message:1818 Running sync info: mode 0, s
tatus 0, reason Detected license mismatch with peer, disabling running-config au
to sync
14:1008 => Feb 01 07:57:27: ha_process_message:1822 Startup sync info: mode 0, s
tatus 0, reason Detected license mismatch with peer, disabling running-config au
to sync
I first upgraded the license on my primary and made my changes, then tried to sync. The only problem I see here is that when I did the wr mem the module starting to sync and said that the sync process was complete.
John... -
HOWTO: Poll Server farm stats on ACE module
Hi All,
We are currently working on providing network monitoring information of our server farms programmed on our ACE modules, what is the best OID's to use?Hi Rob,
Unless there's something already out with the release of code 4.X and ACE 30 then I'd say the MIB that can help you here would be the .CISCO-ENHANCED-SLB-MIB
Here is the info from the SNMP object navigator
http://xrl.us/bk2vmo
Here is the list of supported MIBs by the ACE module just for reference and download
ftp://ftp.cisco.com/pub/mibs/supportlists/ace/ace-supportlist.html
HTH
Pablo -
What exactly does the MAC-Miss rate mean on the ACE? And if we are running out of resources for it, should I worry?
We have only implemented 1 production policy on the ACE module so far and we are already running out of resources for the mac-miss rate. All other resources look good.
Is this OK? Or is something wrong here?
Attached is the resource usage counters.
Thanks,
BenWhen the ACE receives traffic for which it does not have an arp entry for either the source or destination, this is called a mac-miss and the fastpath agent needs to ask the slowpath agent to perform an arp request.
This communication is rate-limited.
With no mac entry for a src or dst, we drop the packet.
So, you should increase the resource.
Or review your design.
It's best to have the clients coming through a gateway (ie: the MSFC) instead of directly accessing the ACE.
This way only 1 mac entry is needed - the gateway.
You'll see a counter like this
switch/Admin# sho np 1 me-stats "-socm -v" | i mac
Drop [mac lookup fail]: 4 0
Gilles. -
Hello,
Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
Thanks!
LeeHI Collin,
You can use this by Configuring Control Plane Policing (CoPP).
CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
CoPP is disabled by default.
CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
Just follow the CoPP Configuration Guidelines and Restrictions .
CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
Use the below mentioned URL for Defining Traffic Classification
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
the commonly required traffic is identified with these ACLs:
â¢ACL 120-Critical traffic
â¢ACL 121-Important traffic
â¢ACL 122-Normal traffic
â¢ACL 123-Explicitly denies unwanted traffic
â¢ACL 124-All other traffic
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
Use the control plane commands as follows:
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
Syntax for T Releases
control-plane [host | transit | cef-exception]
no control-plane [host | transit | cef-exception]
Syntax for 12.0S Releases
control-plane [slot slot-number] [host | transit | cef-exception]
no control-plane [slot slot-number] [host | transit | cef-exception]
Syntax for 12.2S Releases for Cisco 7600 Series Routers
control-plane
no control-plane
Syntax for ASR 1000 Series Routers
control-plane [host]
no control-plane [host]
The below link can be of huge information and config examples for control plane configuration:
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
Get back to me if you find this information relevant and useful to you.
Sachin garg -
Basically we have a running ACE context which works however we are using natting and we have some applications complaining that they can't see the source address of things. So I created a whole new context with the following config but I have the problem of when the client is on the server side network the traffic never makes it there.
ACE1/10.0.0.0_Network# sho run
Generating configuration....
access-list ALL line 8 extended permit ip any any
rserver host CE-565-1
ip address 10.0.2.83
inservice
serverfarm host Content_Engine_SF
rserver CE-565-1
inservice
class-map match-all Content_Engine_VIP
2 match virtual-address 10.0.18.101 any
class-map type management match-any Remote_Management
2 match protocol http any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
policy-map type management first-match rmt_mgt_policy
class Remote_Management
permit
policy-map type loadbalance first-match Content_Engine_VIP-l7slb
class class-default
serverfarm Content_Engine_SF
policy-map multi-match int18
class Content_Engine_VIP
loadbalance vip inservice
loadbalance policy Content_Engine_VIP-l7slb
loadbalance vip icmp-reply active
access-group input ALL
interface vlan 3
description Server_Side
ip address 10.0.3.240 255.255.254.0
mac-sticky enable
no shutdown
interface vlan 18
description Client Side Network
ip address 10.0.18.251 255.255.255.0
mac-sticky enable
service-policy input int18
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.18.1
if I telnet to the vip from my machine 172.16.6.222 it works fine. If I telnet from 10.0.18.30 it works fine. However when I telnet from a machine on the vlan 3 10.0.2.188 it does not work. I would have thought the mac-sticky option would work but it seems to be doing nothing. Any ideas with out using a NAT pool would be great so we can see the originating IP Address.If you are initiating traffic from serverA to a vip that load balances to serverB in that same vlan you will have an asymmetric flow. ServerA is on the same vlan as serverB. Since both servers are in the same subnet, ServerB will ARP for serverA address and send the response directly to serverA. The traffic will never make it back to the ACE. There are a few things you can do:
1. Use NAT to ensure the return traffice makes it back to ACE.
2. Insert HTTP header with client IP address. This only works for HTTP traffic and your application must be able to recognize this header for logging.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/slb/guide/classlb.html#wp1040008
3. Use Direct Server Return (DSR). This feature has been committed to ACE 2.0. This will require the servers to be L2 adjacent to the ACE module and you will need to configure the VIP address as a loopback address on the server. Here is CSM documentation that lists some of the limitations with DSR:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/netwcsm.html#wp1065827 -
HI Experts,
We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference.
Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart.
The current IOS version is A2(3.2). The modules uptime was around 300 Days.
Here is the log from 6509 switch during the restart
Primary DC 6509-1 .
Jul 10 18:52:05.383 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
.Jul 10 18:56:47.291 WAT: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
Jul 10 18:56:47.127 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
Jul 10 18:56:47.271 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
Jul 10 18:57:00.951 WAT: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Jul 10 18:57:00.951 WAT: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
Jul 10 19:01:57.172 WAT: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics...
.Jul 10 19:01:59.256 WAT: %SNMP-5-MODULETRAP: Module 9 [Up] Trap
Jul 10 19:01:58.700 WAT: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics
Jul 10 19:01:59.256 WAT: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online
.Jul 10 19:02:04.548 WAT: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
DR DC 6509-1 .
Jul 11 09:42:05.759: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down .
Jul 11 09:42:05.763: %SNMP-5-MODULETRAP: Module 9 [Down] Trap
.Jul 11 09:42:05.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:42:05.599: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Reset - Module Reloaded During Download)
Jul 11 09:42:05.747: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Reset - Module Reloaded During Download)
Jul 11 09:42:05.767: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
Jul 11 09:42:05.771: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to down .
Jul 11 09:42:14.535: %SVCLC-5-SVCLCNTP: Could not update clock on the module 9, rc is -1
Jul 11 09:42:19.395: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Jul 11 09:42:19.395: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
Jul 11 09:47:15.819: %DIAG-SP-6-RUN_MINIMUM: Module 9: Running Minimal Diagnostics... .
Jul 11 09:47:19.871: %MLS_RATE-4-DISABLING: The global switching mode is now 'truncated'. Disabling the Layer2 Rate Limiters. .
Jul 11 09:47:19.903: %SNMP-5-MODULETRAP: Module 9 [Up] Trap Jul 11 09:47:19.633: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics Jul 11 09:47:19.905: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online .
Jul 11 09:47:21.079: %LINK-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
Jul 11 09:47:20.912: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:47:21.080: %LINK-SP-5-CHANGED: Interface TenGigabitEthernet9/1, changed state to administratively down
.Jul 11 09:47:25.039: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
.Jul 11 09:47:25.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
Jul 11 09:47:24.520: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to down
Jul 11 09:47:25.056: %LINK-SP-3-UPDOWN: Interface TenGigabitEthernet9/1, changed state to up
Jul 11 09:47:25.060: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface TenGigabitEthernet9/1, changed state to up
Please let me did anyone face this issue before or is it any known BUG?HI All, Thanx for the help. Got the resaon from show version output.
last boot reason: NP 1 Failed : SRAM Parity Error Chan 3
Also got the TAC comment on SRAM party error
The SRAM parity error presented in the core file is not due to a software issue.
The issue is the result of a "bit-flip" within the SRAM itself which can occur as a
result of environmental conditions. This "bit-flip" is rectified by a simple reboot of
the system, which would occur with the generation of the core file. Cisco internal
testing and customer experience has shown that these types of issues can occur
with very low frequency, but do not required an RMA of the device.
If there are multiple instances of this issue on the same module, a proactive RMA/EFA
of the device would be in order.
ACE is susceptible to this because of the way it uses SRAM to store control information
and packet data as opposed to scratch-pad storage. Almost any 1-bit flip will be detected as a
parity error. Cisco has recognized the issue and is taking action to ensure this will not be
an issue on the next generation of the ACE module. The next generation module design
and timeline is currently under review.
Thnx again for the help
Aslam -
Question in regard to management VLAN for each Context in ACE module
Dear Pros,
I know this will be a simple questions to answer, and I have searched the forum, but I am not able to find the answer I need.
1) Does the ACE module require an Management IP address for each Context? Should the same VLAN be applied to each context, with larger size subnet to supply host address?
2) If it does require that, what IP address should I used for default route in each context.
I will be utilizing "Bridge Mode" for my application to transition the current network from Foundry to ACE. I will later on apply the "Routed Mode" model.
Each ACE module will have 3 seperate Context, for a total of 4 including the Admin.
Any suggestions or if you can point me to location as always will be greatly apprecaited.
Thanks and best regards.
Raman AzizianHi,
you have several options to choose from.
1. Use Admin context for management
You can use the Admin context for management. Give it an IP address in your managment VLAN, default route to upstream router, and login and change to contexts from there.
+ Easy and straightforward
- snmp and syslog are using the ip from each individual context and not the management IP
2. Use a Large subnet and assign an IP address in each context for management.
You can configure 1 managment VLAN and assign an IP address to each context in this subnet. Create static routes to the management stations that need to access this management address.
+ each context has its own managment address
- static routes need to be added
3. Use your client-side ip address (or BVI) as management address.
You management traffic will be inline and use the same path as your data. Default route is already configured and also valid for the management.
+ no static routes needed
- inline management
Personally, I choose option 1. That is, if the people that need to manage the ACE is the same team.
If other teams (serverteam for context 1, other serverteam for context 2) need to manage the ACE, than I would choose option 3.
HTH,
Dario -
Hi
One of my ACE module got restarted The following are the error messsages in the 6500 switches
Oct 22 13:38:40.411: %OIR-SP-3-PWRCYCLE: Card in module 9, is being power-cycled off (Module not responding to Keep Alive polling)
Oct 22 13:38:40.439: %C6KPWR-SP-4-DISABLED: power to module in slot 9 set off (Module not responding to Keep Alive polling)
The IOs version of the ACE is :- disk0:c6ace-t1k9-mz.3.0.0_A1_3b.bin
Switch Os version is : s72033-advipservicesk9_wan-mz.122-18.SXF7.bin
Could anybody tell me Is there any BUG in the IOS ?Or What could be the possible reason ?
Thanks in Advance
Dineshi have similar problem. the catalyst restart the ace, and ace doesn't work.
Also i have two catalyst conected in trunk, and i have two ace, one in each catalyst. No redundancie. both have the same problem.
ACE ios is: boot system image:c6ace-t1k9-mz.A2_1.bin
catalyst ios is: s72033-ipservicesk9_wan-mz.122-33.SXH2a.bin
log from catalyst:
17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[3292], Rx_Rate[232]
17w2d: %CONST_DIAG-SP-2-HM_MOD_RESET: Resetting Module 1 for software recovery, Reason: Failed TestAsicSync
17w2d: %OIR-SP-3-PWRCYCLE: Card in module 1, is being power-cycled off (Diagnostic Failure)
17w2d: %HA_EM-6-LOG: Mandatory.go_asicsync.tcl: GOLD EEM TCL policy for TestAsicSync
17w2d: %SNMP-5-MODULETRAP: Module 1 [Down] Trap
17w2d: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Diagnostic Failure)
17w2d: %SVCLC-5-SVCLCVTPMODE: VTP mode is set to non-transparent
17w2d: %SNMP-5-MODULETRAP: Module 1 [Up] Trap
17w2d: %DIAG-SP-6-RUN_MINIMUM: Module 1: Running Minimal Diagnostics...
17w2d: %DIAG-SP-6-DIAG_OK: Module 1: Passed Online Diagnostics
17w2d: %OIR-SP-6-INSCARD: Card inserted in slot 1, interfaces are now online
17w2d: %SVCLC-5-FWTRUNK: Firewalled VLANs configured on trunks
17w2d: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 5 detected excessive flow-control on channel 0 (Module 1, fabric connection 0)
17w2d: %CONST_DIAG-SP-6-HM_TEST_SP_INFO: TestAsicSync[1]: last_busy_percent[6%], Tx_Rate[6293], Rx_Rate[298]
ANY advise? -
I am facing an issue with Cisco ACE module. Have 5 servers serving the connections for applications. However, during peak hours there is lot of dropped connections.
Also have lot of fragment reassemble.
Please help how to go ahead troubleshooting the issue.it is on the cisco site. In the ACE datasheet to be exact. But I'm talking about the appliance. Not sure about the module. But should be the same. Only thing I was not sure was whether the same limits apply to the base license package, or are the figures lower for the base license. Cisco says that the numbers are the same for the base package.
however I'm yet to verify it on the field -
Hi
In the Datashhet of the ACE-Module (ACE20-MOD-K9) there is the following promise:
Throughput
16 Gbps*, 8 Gbps*, and 4 Gbps
We have a base license, so I assume we have a throughput of 4Gbps (gigabits per second).
Are these 4Gbps bidirectional or unidirectional?
Is it 2Gbps in one direction and 2Gbps in the other direction?
Imagine we have just 1 host (A) before the ACE module and just 1 host (B) behind the ACE module. Can I transfer data from A to B (unidirectional) with 4Gbps? Assume the hosts are connected with 10Gbps to the network and use multiple flows!
How can I measure the effective used bandwith on the ACE module?
What hapens, if host A tries to send data faster than 4Gbps? Does it deny single packets? Base on what? Does it deny additional sessions?
How do I know that the ACE runs at it's bandwith limitation?
Any Ideas?
Thanks
PatrikHi Patrik,
See my answers inline:
We have a base license, so I assume we have a throughput of 4Gbps (gigabits per second).Are these 4Gbps bidirectional or unidirectional?Is it 2Gbps in one direction and 2Gbps in the other direction?
It measures the total throughput going through the box. It includes both directions. Also take into account that, for any traffic through the ACE, the packets are seen twice (client to ACE and ACE to server), so the effective throughput is half of the licensed one.
Imagine we have just 1 host (A) before the ACE module and just 1 host (B) behind the ACE module. Can I transfer data from A to B (unidirectional) with 4Gbps? Assume the hosts are connected with 10Gbps to the network and use multiple flows!
You could get up to 2Gbps unidirectional. This traffic will go through the ACE twice, adding to the 4Gbps license
How can I measure the effective used bandwith on the ACE module?
With the "show resource usage" command
What hapens, if host A tries to send data faster than 4Gbps? Does it deny single packets? Base on what? Does it deny additional sessions?
It will drop packets that go over the bandwidth without taking into account to which connection they belong
How do I know that the ACE runs at it's bandwith limitation?
Again, "show resource usage"
Regards
Daniel -
ACE module not load balancing across two servers
We are seeing an issue in a context on one of our load balancers where an application doesn't appear to be load balancing correctly across the two real servers. At various times the application team is seeing active connections on only one real server. They see no connection attempts on the other server. The ACE sees both servers as up and active within the serverfarm. However, a show serverfarm confirms that the load balancer sees current connections only going to one of the servers. The issue is fixed by restarting the application on the server that is not receiving any connections. However, it reappears again. And which server experiences the issue moves back and forth between the two real servers, so it is not limited to just one of the servers.
The application vendor wants to know why the load balancer is periodically not sending traffic to one of the servers. I'm kind of curious myself. Does anyone have some tips on where we can look next to isolate the cause?
We're running A2(3.3). The ACE module was upgraded to that version of code on a Friday, and this issue started the following Monday. The ACE has 28 contexts configured, and this one context is the only one reporting any issues since the upgrade.
Here are the show serverfarm statistics as of today:
ACE# show serverfarm farma-8000
serverfarm : farma-8000, type: HOST
total rservers : 2
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: server#1
x.x.x.20:8000 8 OPERATIONAL 0 186617 3839
rserver: server#2
x.x.x.21:8000 8 OPERATIONAL 67 83513 1754Are you enabling sticky feature? What kind of predictor are you using?
If sticky feature is enabled and one rserver goes down, traffic will leans to one side.
Even after the rserver retuns to up, traffic may continue to lean due to sticky feature.
The behavior seems to depend on the configuration.
So, please let me know a part of configuration?
Regards,
Yuji
Maybe you are looking for
-
HP Deskjet no longer responding?
Hey Everyone I'm new around here, and I thought my Macbook was perfect until I had printer issues. Anyway recently I tried to print out my a lab manual (10 pages long) and everything seems to go fine, but after it's nearly done printing the first pag
-
Hello experts, In flat file ' | ' (vertical line) is maintained as seperator. flat file format: J|1|A| here J is data of column-1 1 is data of column-2 A is data of column-3. '|' is seperator, I want to upload. When i tried to upload the file with th
-
Smart albums not working with multiple faces
I have a picture in an event tagged with 2 faces, Chase and Caleb. I setup a smart album with two criteria: 1) Face 'is' Chase, and 2) Face 'is not' Caleb. My smart album includes the photo above, but it shouldn't since I have specified that I want C
-
My application is built similar to the Tourde flex-->Data Visualization-->IBM ILog Elixir-->RealTime Dashboard(2) application which has a map on the top portion and 2 datagrids on the bottom. My application does not have a clock shown on the bottom p
-
Webcenter Sites Installation fail during deployment
Hi I have been trying to do a proof of concerpt with Webcenter Site on Weblogic 10.3.6 on windows 7, it installs fine but failes with the following error during deployment An error occurred during activation of changes, please see the log for details