Configuring Sticky TCP Connections on ACE
I have 6 ACE configuration guides/case study example configurations and all have a slightly different way of configuring sticky connections in the admin context. What is the right way to configure it?
Thanks!
Matt
Here is the 7th config :)
You didnt mention which persistence method you are interested in. Following is an example for source ip based stickiness
rserver host APP1-SERVER1
ip address 10.10.10.101
inservice
rserver host APP1-SERVER2
ip address 10.10.10.102
inservice
serverfarm host APP1-SFARM
probe http80
predictor leastconn
failaction purge
rserver APP1-SERVER1
inservice
rserver APP1-SERVER 2
inservice
Sticky ip-netmask 255.255.255.255 address source APP1-STICKY-GP
timeout 60
replicate sticky
server-farm APP1-SFARM
class-map match-any APP1-VIP-CLASS
description class-map for APP1
match virtual-address 192.168.0.100 tcp eq 80
policy-map type loadbalance first-match APP1-POLICY
class class-default
sticky-serverfarm APP1-STICKY-GP
policy-map multi-match VIPS
class APP1-VIP-CLASS
loadbalance vip inservice
loadbalance policy APP1-POLICY
loadbalance vip icmp-reply
interface vlan 20
ip address 192.168.0.1 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input VIPS
no shutdown
HTH
Syed Iftekhar Ahmed
Similar Messages
-
CSS11000 - Configuring Maximum TCP Connections
Hi,
Maybe this is a stupid question. But I'm going to ask it anyway :)
If I set the max connection on a service can I redirect the connections that are over the max connection to an error page?
Or I'm I looking in the wrong place. I'll try to explain what Im trying to do.
I want to protect my application servers, if my application servers reaches a certain threshold I want to redirect the connection to a error page.
How should I tackle this problem.
Thanks in advance for your help.
GeertHi Gilles,
First of all I wanted to thank you for help. Very kind of you to take time helping us.
Second of all I want to apologies for my first post. I should have been clearer about the problem.
Let me try again.
Our web servers connect to our backend vip. Now the specific application doesnt like being switched from one server to the other while in the same session. We tried to solve this problem but we didnt succeed.
Now we gave up balancing that application.
But now we want to set a limit on how much connections can flow to that one application server. So the application server wont give up under high load.
Now when the load goes above a certain value we want to display an error page. Something like sorry try again later. But if server 1 crashes we want all connection goes to server 2. We dont want the connections to go to server 2 when the max of connections is reached. Because than we want to see the error page.
When I tried to create a redirect service to an url I got :
%% Cannot have a redirect service on a Layer 4 rule.
Now the redirect to an error page isnt a real must. More a nice to have. But what we would like is that the server2 only takes over if server1 is down and not when the max connections is reached.
Now this is what I have by now. But now Im a little bit stuck. We noticed than if we are load testing the webserver thinks app1 is down because it reaches the max connections and goed to server two. Witch we dont want.
service geert
type redirect
keepalive type none
redirect-string "www.cisco.com"
active
service cisco_1
ip address xxx.xxx.xxx.xxx
protocol tcp
keepalive type tcp
port xxxx
keepalive port xxxx
string 5
max connections 40
active
service cisco_2
ip address xxx.xxx.xxx.xxx
protocol tcp
keepalive type tcp
port xxxx
keepalive port xxxx
string 5
max connections 40
active
content cisco
protocol tcp
port xxxx
vip address xxx.xxx.xxx.xxx
add service cisco_1
primarySorryServer cisco_2
flow-reset-reject
active
with kind regards,
Geert -
Hello,
our customer has a problem with correct closing TCP connections on the ACE. TCP session (HTTP protocol) is closed _correctly_ (we can see it in the sniffer output), but 'sh conn' on the ACE shows it as 'established' (session is already closed). TCP timeout is set to default (60min).
Any new connection from the same src port (because many connection to the service) is closed after TCP session is established.
When I try generate 200 concurrent sessions TCP sessions in my lab, this are on the ACE closed correctly. Customer's traffic is around 20-30.000 concurrent session, but I can't generate so much traffic.
SW version on the ACE: 3.0(0)A1(3b)
thx
martinThanks Gilles!
The problem occurs only with traffic from WAP nodes (too many short HTTP requests).
We try it upgrade to A1(5b), but I'm not sure, if this is our problem...
Bug description:
Symptom:
With L7 LB configuration, Some times connections do not close.
Conditions:
SYN sent to Real server may result in ACK coming from server. ACE TCP module was not handling this ACK correctly.
...but our traffic is only L4 LB and we have a problem with connection state on the ACE from both sides (client and server). on the client and server side is connection closed properly, but on the ACE module ('sh conn') we can see it in 'established' state. It's closed after TCP timeout and that is not correct.
martin -
ACE: VIP Out of service, Still accepts TCP connections
Hi Guys. I am looking at a issue with an ACE. SW is 3.0(0)A3(2.6)
We have a setup where most of it appears fine. It detect the loss of rservers, probes fail, the VIP stops responding to Pings, but it still accept TCP connections, even though there is nothing behind to accept them.
The question is, is this correct behaviour? and if so is there any reference I can look at to confirm?
While this behaviour is inconvenient for us. I can see why it may actually be correct.
Thanks,
Paul.Hello Paul,
This is expected behaviour for L7 LB connections:
The 'down' VIP will reply to SYN requests, but will then send a RST packet.
This is because the ACE doesn't know what to do with the L7 connection until it has been build up. Only when the L7 connection is 'open' we notice that all the vserver which could serve this request are down.
So it is correct and expected, but not exactly desired. It's just a side effect of the design. So far I do not known of any plans to change this behaviour. However similar limitations have been addressed in the past, like: CSCsq17137.
Hope this helps, Peter -
Sticky session reset by ¿ACE or real server?
Hello team.
I am looking for hints to debug cookie-based sessions that are failing to work across my ACE. Basically, the user types http://10.150.3.130/iwsupport, and that shoud be distributed across a farm of servers hidden behind the ACE.The servers set a cookie PHPSESSID=<value> when this URL is requested.
The customer tells me that he thinks that the problem arises when he requests access to the VIP with the POST command (please see the attached wireshark capture, line 52). His browser receives the following message:
Based on the original requirements, I configured the ACE, whose related section of the configuration is the following:
sticky http-cookie PHPSESSID STICKY_SERVERS
timeout 720
serverfarm TEST_SERVERFARM
replicate sticky
class-map type http loadbalance match-all iwsupport
match http url /iwsupport.*
policy-map type loadbalance http first-match TEST_POLICY
class iwsupport
sticky-serverfarm STICKY_SERVERS
class class-default
serverfarm TEST_SERVERFARM
class-map match-all VIP-130
match virtual-address 10.150.3.130 tcp eq www
policy-map multi-match CLIENT_VIPS
class VIP-130
loadbalance vip inservice
loadbalance policy TEST_POLICY
loadbalance vip icmp-reply active
I would appreciate your hints to get session information, debugs, or whatever it could be useful in order to see why this is not working properly.
Thank you very much in advance
Rogelio Alvez
ArgentinaHi Rogello,
Do you see on server itself if POST request sent by client reached server or not? And if yes what did server reply? If you don't see POST request on the server then most probably it is the ACE which is sending the RST.
the outputs suggested by Jorge should help us and of course the suggested changes.
The changes will ensure that ACE parses upto 65535 bytes which is to ensure that ACE doesn't drop connection because it couldn't read which it was told to because it was way too far in the packet. By default ACE parses up to 4096 bytes.
Regarding persistence rebalance, When the first HTTP request comes in, the ACE will match the request to a layer-7 class-map and load balance it to one of the servers within the serverfarm associated with that class-map. The ACE will then also match all subsequent requests on the same TCP connection to a layer 7 class-map. If the subsequent request matches the same layer 7 class-map as the previous request, then it will be sent to the same server as the previous request. If it matches a different layer 7 class-map, then it will be load balanced to one of the servers within the serverfarm of the newly matched layer-7 class-map according to the serverfarm’s predictor.
I doubt this will make any difference since without rebalance the traffic would be sent to the same server which i guess is not a problem here.
switch/Admin(config-parammap-http)# parsing non-strict--->This is a valid command and should work fine.
For allocating resources you can go to resource class and use limit resource command to allocate resources.
You can send the data at [email protected] Also, it would be good to have 2-3 instances of outputs while you do testing so that we can see the difference if any fail counter is increasing.
Regards,
Kanwal -
HTTP sticky timeout issue in ACE .
Hi All ,
We are facing the dis connectivity issue in the the http session ( sticky configuration )
As per the customer requirement we configured the http sticky with the connection time out 60 min ( one hour ) .
But as per the test with the tool cookie manager , they identified as the http sessions are getting timed out in 20 to 30 minuits .
Please find the sticky configuration
sticky http-cookie FRONT_SESSION_ID TEST_FRONT
cookie insert
timeout 60
replicate sticky
serverfarm TEST_FRONT
We also did the http persistence as below .
parameter-map type http HTTP_Persistence_Rebalance
persistence-rebalance
Parameter-map : HTTP_Persistence_Rebalance
Description : -
Type : http
server-side connection reuse : disabled
case-insensitive parsing : disabled
persistence-rebalance : enabled
header modify per-request : disabled
cookie-error-ignore : disabled
header-maxparse-length : 4096
content-maxparse-length : 4096
parse length-exceed action : drop
urlcookie-delimiters : /&#+
urlcookie-start : ?
We have also tested the session directly with the Rserver .But it is not getting disconnected ( As we doubt is it any server related issue )
Also please find the below resource allocation .
resource-class TEST-FRONT
limit-resource all minimum 0.00 maximum unlimited
limit-resource buffer syslog minimum 0.50 maximum equal-to-min
limit-resource sticky minimum 2.00 maximum unlimited
So can any one please suggest me is there any configuration mistakes here .
If the configuration is ok please suggest me what more I have to do for making the stickiness around 60 min .
Regards ,
Sinjish.KSinjish-
Can you use the capture utiliy on ACE to gather a trace of the entire session - then filter out the traffic to just the client IP or the server IP and attach it to this thread? A showtech would also be useful to see if there are any anomolies.
Regards,
Chris Higgins -
Hello. First time using this. Still trying to figure out how to post my questions. I seem to have lost some of my settings and now I cannot configure my airport connection. How do I get my settings back?
If you are using cable and a Nethear router sounds like from the information you provide before your Airport setting are setup improperly. PPoE is not something a cable service would need to work. Fallow the steps I will provide bellow, I will add some screen shots also to assist if necessary.
1 - Open System Preferences from (Menu)
2 - Click "Network"
3 - From the Network window you are going to wanna make sure Location is : Automatic and Show is : Airport
4 - Once the Show: Airport is select you should see a window like this, my window is selected for Ethernet simply because I am no longer running Tiger but the window will look the same.
5 - You will want to click on the PPPoE tab and you should see this
6 - You're gonna wanna make sure " connection using PPPoE " is not select, if it is make sure to uncheck this option
7 - Once this is uncheck make sure to click "Apply Now"
8 - You will want to click back on to the "TCP/IP" tab and make sure IPv4 is set to " Using DHCP "
9 - If the option to " Apply Now" is available again please click this
10 - Once this is done go to your Aiport Menu and see if your network is listed and select your network and eneter the password if necessary.
11 - If after these steps you still have issues I would recommend Power Cylcing your Router and Modem for about 5 minutes
12 - Make sure all lights are off when unplugging the Router and the Modem
13 - Some Modems have backup batterys so you may have to push in a tiny button on the back with a pin -
How to send joystick data over TCP connection
Hi all,
I am a long time Labview discussion forum user for learning, but this is my first time posting a question, I hope somebody can help me!
In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
Again, the actual TCP communication I get, and can operate fine, just formatting all the data into a string (or whatever is required) so that I can unpack on the other side is the issue here.
Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense...
One final question.....I already have a solution to this but using labview for the entirety of this project would be nice. I use skype to stream 1080p video from a webcam to my computer so I can view live feed. Can labview do this? This would be awesome if so, I am just not sure if the communication protocols in use could support real time (or as close as possible to streaming) for 1080p video.
Thanks all in advance for your help,
Physicsnole
Attachments:
cameraserver.vi 24 KB
cameraclient.vi 18 KBPhysicsnole wrote:
In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
Well, you cast the axis info cluster to a string, but then you cast it back to an array of DBL. Thatr's not compatible. You should probably cast it back to an "axis info" cluster of exactly the same type. Go the the other VI and right-click the cluster wire to create a constant. Now move that diagram cluster constant to the other VI and use it as type.
Your default ports don't seem to match. You seem to have client and server roles confused. In the sever you create a listener, but then you start sending packets, even though no connection is established. The connection needs to be initiated by the client.
Your client stops the loop the first time a timeout is encountered. Shouldn't that be more permanent? Also, please retain code clarity and avoid unecessary complexities. For example, replace the "not or" with a plain "or" and change the loop to "stop if true"
Physicsnole wrote:
Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
You can send as much as you want. The casting to/from string is the same as described above.
Physicsnole wrote:
Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense..
The primary function of a "server" is to wait for a connection and then communicate with the client once a conenction is established. An established TCP/IP connection is fully two-way and both sides can send and receive.
LabVIEW Champion . Do more with less code and in less time . -
Forefront TMG disconnected a non-TCP connection
Hi,
I am getting the following error alerts in TMG
Forefront TMG disconnected a non-TCP connection from 192.168.0.1 because the connection limit for this IP address was exceeded. Larger custom connection limits should be configured for the IP addresses of chained proxy servers and back-to-back Forefront
TMG computers with a NAT relationship.
This error show two msgs for my both dns servers.
My DNS servers Ip addresses
192.168.0.1
192.168.0.2
Please help me out
ThanksHi,
How about editing the Maximum non TCP sessions per second per rule setting?
For more information:
http://technet.microsoft.com/en-us/library/dd441028.aspx
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to set TCP connection timeout in solaris 9
Hello All,
I am new to solaris. While using oracle, sometimes I face tcp connection timeout.
The timeout happens after a long delay like more than 8 min. I want to reduce the tcp connection timeout to 2 min in solaris.
Please help me to change this setting.
My current configuration is
SunOS testmachine 5.9 Generic_122300-13 sun4u sparc SUNW,Sun-Fire-V440
Thanks
PurushothThere's a fair amount of tunables. Without known what is timing out (dns, lost packet...), it's hard to say what you want to tweak. The list of parameters can be seen by using ndd:
ndd /dev/tcp \?
or
ndd /dev/ip \?
and can be set by using ndd -set (see ndd(1M) ). Note that anything you set has to be reset on reboot, so you have to stick this in a script somewhere, or know what the variable translates to to stick it into /etc/system.
-r -
MAIL USING PL/SQL PROCEDURE TCP CONNECTION ERROR
I was trying to send an e-mail using the demo-mail helper package which uses UTL_SMTP package and on execution, it gives the following TCP Connection error. Is it some something to do with mail configuration?
This is the sample code I was trying to run.
demo_mail.mail( sender => 'Me <[email protected]>',
recipients => 'Someone <[email protected]>, ' ||
'"Another one" <[email protected]>',
subject => 'Test', message => 'Hi! This is a test.');
And this is the error I am getting.
class oracle/plsql/net/TCPConnection does not exist
at "SYS.UTL_TCP", line 537
at "SYS.UTL_TCP", line 199
at "SYS.UTL_SMTP", line 102
at "SYS.UTL_SMTP", line 121
at "VNARAYA.DEMO_MAIL", line 159
at "VNARAYA.DEMO_MAIL", line 119
at "VNARAYA.DEMO_MAIL", line 105
at "VNARAYA.SEND_MAIL", line 2
at line 1The Java library needed by UTL_TCP is not created properly. You may just run $ORACLE_HOME/rdbms/admin/initplsj.sql as SYS to install it:
cd $ORACLE_HOME/rdbms/admin
sqlplus sys/<sys-password> @initplsj.sql -
Resolving a TCP connection "slowdown" problem
SuSE 9.3, stock kernel
Intel architecture
Jrockit-R26.4.0-jdk1.5.0_06-linux-ia32
I have a problem that appears to be localized in Jrockit (or
localized in the application, which is localized in Jrockit), where a
persistent and high-volume TCP connection slows down over the course
of about an hour--and eventually, effectively halts.
The TCP traffic is a stream of data, arriving at a near-constant rate
of about 16K bytes per second, with the receiving end (with the JVM
and app) strictly sending TCP ACKs in reply.
Restarting the sending process, or shutting down and restarting the
connection with the JVM / app, both restore the connection to full
speed until, over the course of perhaps an hour (sometimes more,
sometimes less) the same symptoms appear.
The symptoms in network packet traces are that when the connection is
first opened, the sender transmits packets at the full MTU of the
Ethernet segment. Gradually, the number of full-MTU sized packets
are replaced with packets much smaller packets, until most packets
range from 1 to 4 bytes with the occasional 3xx-4xx byte packet and
the odd offlier of a full-MTU packet size.
Supporting symptoms of interest:
1) The TCP window does not shrink
2) The CPU on the JVM/app side tops out at around 20%, even with
mySQL running on the machine
3) The interval between successive ACKs transmitted from the JVM/app
size generally narrows over the course of the connection
4) TCP send queue on the sender becomes saturated (pegged at 90+ K)
5) TCP receive queue on the JVM/app side is almost always 0, and when
it is not zero is bursts up to a low number (<50) and then almost
immediately returns to 0
6) The app does not appear to present any general symptoms of
slowness; the rate of writes to the database does not appear to slow.
The writes are threaded and multiplexed
[4] strongly implies that the slowness is caused by the JVM/app side,
since if the sender app was slowing down for some reason its TCP send
queue would not be saturated.
I can copiously document everything stated, and additionally provide
much additional detail.
Any guidance on how to suss out role Jrockit or the app are playing
in this little drama would be very deeply appreciated.Asked around and it seems unlikely that this is a JVM issue. We have never heard of this behavior before, and the network layer in the JVM doesn't do anything with MTU iirc with the possible exception of manual changes to socket options. It seems more likely that this is caused by the IP stack, the NIC device driver or something in the network configuration. Try making some changes here and see what happens. For instance:
1) Run client and server on the same machine, communicating through loopback
2) Try another Linux distro (CentOS 4.3, for instance)
3) Try a different NIC and/or a different device driver
In your Java code, check that you are closing all Socket objects properly. Leaving them to be closed by a finalizer can delay closing sockets resulting in a native resource leak. I don't see how that would cause the issue you describe, but you never know... -
Configuring BPM-BW Connectivity
Hi all
We're trying to connect BW with BPM. I've read that an RFC Destination is needed to do so, but I'm not sure about how to configure it.
I'm on TCODE SM59, configuring a TCP/IP type destination. Checked on "Registered Server Program" following manuals, but now I have to enter a ProgramID, and I have no idea where do I obtain this.
Is it a standard program on the BW, or maybe an existing one on the Composite Environment server? Do I have to write any code?
Thanks in advance, hope anyone can give me some clue
Jensolved
-
HTTP tunneling / number of TCP connections
Environment WLS 7.0 Sp2
We are experimenting with http tunneling and we noticed the following behavior,
when performing a lookup to get a handle to a few session beans that our UI is
using, Weblogic opens an additional TCP connection for every lookup however when
using t3 Weblogic opens a single connection for all of them. Our guess is that
Weblogic's T3 is optimized to pipeline and multiplex everything asynchronously
over one TCP connection.
Is there a way to configure Weblogic to use a single TCP connection when tunneling?I believe it would just be an OS-level limit, on the number of socket handles that can be opened.
-
TCP connections effect in case of waas failure
i need to know the effect of waas failure on the existing tcp connection.
Cisco WAAS utilizes standards-based TCP optimizations to remove TCP as a barrier to application performance over the WAN. By initiating a TCP Proxy after autodiscovery, communicating nodes experience LAN-like TCP behavior through local acknowledgement and TCP handling. As such, when the network goes down the TCP proxy has the ability to mask the disconnect for a short time, but after that all TCP connection will reset and clients will try to re-establish a connection.
For CIFS
-During transient disconnects (up to 95 seconds), the WAAS Edge maintains data in its buffers and retries the transmission to the WAAS Core upon network re-connect.
- When the WAAS Edge switches to "disconnected mode", its services change to "no service" and the buffered data is lost. Further file operations will fail and the Client will be alerted that the server is disconnected. Open documents can be "saved as" on another drive
-If the accessed file server was configured for "Disconnected Mode" CIFS clients will be able to continue to browse the cache directory and read fully cached files on an WAAS Edge
In addition with Windows on WAAS providing local window services (dns, authentication) user can access local file shares on WAVE
Maybe you are looking for
-
FCPX, just the tip of the iceberg
I know that everybody on this forum felt, at some point, a kind of hesitation regarding the software "I don't want to call it upgrade because it's not". I felt the same, but for some reason, probably related to my blind trust in apple and in all what
-
Error in the creation of a new Title...
Hi! I have a problem: when I make a new TITLE (Text), a write the text I want and when I try to choose the font, it gets slow and then blocks, then I receive a message of error saying that it found an error and has to be shut down. I tried several ti
-
Adobe Acrobat 9 Pro 9.4.3 - Freezing and crashing system
Updated to Adobe Acrobat 9 Pro 9.4.3 - intermittantly freezing up when opening files. 9.4.2 was crashing system completely. no mention of these problems under support. Why doesn't Adobe have a place where you can just write in your problem? If there
-
N560gtx-ti twin frozr 2-Black screens
Basically The card is 2 days old and Ive been having huge issues since I opened the box. When I went to download the drivers the moment the load was done The computer just froze a black screen with power to the mouse and monitor but not to the key bo
-
Why is the new rendered file smaller in size ?
Hi all experts, I am a bit baffled. You see, I did a 90 seconds effects in AE and the resulting file in mov rendered in 1920 x 1080 @ 25 fps yielded a file of 5 GB. Then I bring in this file into Final Cut to be part of my sequence with the same sett