Configuring Sticky TCP Connections on ACE

Similar Messages

• CSS11000 - Configuring Maximum TCP Connections

  Hi,
  Maybe this is a stupid question. But I'm going to ask it anyway :)
  If I set the max connection on a service can I redirect the connections that are over the max connection to an error page?
  Or I'm I looking in the wrong place. I'll try to explain what I’m trying to do.
  I want to protect my application servers, if my application servers reaches a certain threshold I want to redirect the connection to a error page.
  How should I tackle this problem.
  Thanks in advance for your help.
  Geert

  Hi Gilles,
  First of all I wanted to thank you for help. Very kind of you to take time helping us.
  Second of all I want to apologies for my first post. I should have been clearer about the problem.
  Let me try again.
  Our web servers connect to our backend vip. Now the specific application doesn’t like being switched from one server to the other while in the same session. We tried to solve this problem but we didn’t succeed.
  Now we gave up balancing that application.
  But now we want to set a limit on how much connections can flow to that one application server. So the application server won’t give up under high load.
  Now when the load goes above a certain value we want to display an error page. Something like sorry try again later. But if server 1 crashes we want all connection goes to server 2. We don’t want the connections to go to server 2 when the max of connections is reached. Because than we want to see the error page.
  When I tried to create a redirect service to an url I got :
  %% Cannot have a redirect service on a Layer 4 rule.
  Now the redirect to an error page isn’t a real must. More a nice to have. But what we would like is that the server2 only takes over if server1 is down and not when the max connections is reached.
  Now this is what I have by now. But now I’m a little bit stuck. We noticed than if we are load testing the webserver thinks app1 is down because it reaches the max connections and goed to server two. Witch we don’t want.
  service geert
  type redirect
  keepalive type none
  redirect-string "www.cisco.com"
  active
  service cisco_1
  ip address xxx.xxx.xxx.xxx
  protocol tcp
  keepalive type tcp
  port xxxx
  keepalive port xxxx
  string 5
  max connections 40
  active
  service cisco_2
  ip address xxx.xxx.xxx.xxx
  protocol tcp
  keepalive type tcp
  port xxxx
  keepalive port xxxx
  string 5
  max connections 40
  active
  content cisco
  protocol tcp
  port xxxx
  vip address xxx.xxx.xxx.xxx
  add service cisco_1
  primarySorryServer cisco_2
  flow-reset-reject
  active
  with kind regards,
  Geert

• ACE TCP connection timeout

  Hello,
  our customer has a problem with correct closing TCP connections on the ACE. TCP session (HTTP protocol) is closed _correctly_ (we can see it in the sniffer output), but 'sh conn' on the ACE shows it as 'established' (session is already closed). TCP timeout is set to default (60min).
  Any new connection from the same src port (because many connection to the service) is closed after TCP session is established.
  When I try generate 200 concurrent sessions TCP sessions in my lab, this are on the ACE closed correctly. Customer's traffic is around 20-30.000 concurrent session, but I can't generate so much traffic.
  SW version on the ACE: 3.0(0)A1(3b)
  thx
  martin

  Thanks Gilles!
  The problem occurs only with traffic from WAP nodes (too many short HTTP requests).
  We try it upgrade to A1(5b), but I'm not sure, if this is our problem...
  Bug description:
  Symptom:
  With L7 LB configuration, Some times connections do not close.
  Conditions:
  SYN sent to Real server may result in ACK coming from server. ACE TCP module was not handling this ACK correctly.
  ...but our traffic is only L4 LB and we have a problem with connection state on the ACE from both sides (client and server). on the client and server side is connection closed properly, but on the ACE module ('sh conn') we can see it in 'established' state. It's closed after TCP timeout and that is not correct.
  martin

• ACE: VIP Out of service, Still accepts TCP connections

  Hi Guys. I am looking at a issue with an ACE. SW is 3.0(0)A3(2.6)
  We have a setup where most of it appears fine. It detect the loss of rservers, probes fail, the VIP stops responding to Pings, but it still accept TCP connections, even though there is nothing behind to accept them.
  The question is, is this correct behaviour? and if so is there any reference I can look at to confirm?
  While this behaviour is inconvenient for us. I can see why it may actually be correct.
  Thanks,
  Paul.

  Hello Paul,
  This is expected behaviour for L7 LB connections:
  The 'down' VIP will reply to SYN requests, but will then send a RST packet.
  This is because the ACE doesn't know what to do with the L7 connection until it has been build up. Only when the L7 connection is 'open' we notice that all the vserver which could serve this request are down.
  So it is correct and expected, but not exactly desired. It's just a side effect of the design. So far I do not known of any plans to change this behaviour. However similar limitations have been addressed in the past, like: CSCsq17137.
  Hope this helps, Peter

• Sticky session reset by ¿ACE or real server?

  Hello team.
  I am looking for hints to debug cookie-based sessions that are failing to work across my ACE. Basically, the user types http://10.150.3.130/iwsupport, and that shoud be distributed across a farm of servers hidden behind the ACE.The servers set a cookie PHPSESSID=<value> when this URL is requested.
  The customer tells me that he thinks that the problem arises when he requests access to the VIP with the POST command (please see the attached wireshark capture, line 52). His browser receives the following message:
  Based on the original requirements, I configured the ACE, whose related section of the configuration is the following:
  sticky http-cookie PHPSESSID STICKY_SERVERS
    timeout 720
    serverfarm TEST_SERVERFARM
    replicate sticky
  class-map type http loadbalance match-all iwsupport
    match http url /iwsupport.*
  policy-map type loadbalance http first-match TEST_POLICY
      class iwsupport
      sticky-serverfarm STICKY_SERVERS
    class class-default
      serverfarm TEST_SERVERFARM
  class-map match-all VIP-130
    match virtual-address 10.150.3.130 tcp eq www
  policy-map multi-match CLIENT_VIPS
    class VIP-130
      loadbalance vip inservice
      loadbalance policy TEST_POLICY
      loadbalance vip icmp-reply active
  I would appreciate your hints to get session information, debugs, or whatever it could be useful in order to see why this is not working properly.
  Thank you very much in advance
  Rogelio Alvez
  Argentina

  Hi Rogello,
  Do you see on server itself if POST request sent by client reached server or not? And if yes what did server reply? If you don't see POST request on the server then most probably it is the ACE which is sending the RST.
  the outputs suggested by Jorge should help us and of course the suggested changes.
  The changes will ensure that ACE parses upto 65535 bytes which is to ensure that ACE doesn't drop connection because it couldn't read which it was told to because it was way too far in the packet. By default ACE parses up to 4096 bytes.
  Regarding persistence rebalance, When the first HTTP request comes in, the ACE will match the request to a layer-7 class-map  and load balance it to one of the servers within the serverfarm associated with that class-map.   The ACE will then also match all subsequent requests on the same TCP connection to a layer 7  class-map.  If the subsequent request matches the same layer 7 class-map as the previous  request, then it will be sent to the same server as the previous request.  If it matches a  different layer 7 class-map, then it will be load balanced to one of the servers within the  serverfarm of the newly matched layer-7 class-map according to the serverfarm’s predictor.
  I doubt this will make any difference since without rebalance the traffic would be sent to the same server which i guess is not a problem here.
  switch/Admin(config-parammap-http)# parsing non-strict--->This is a valid command and should work fine.
  For allocating resources you can go to resource class and use limit resource command to allocate resources.
  You can send the data at [email protected] Also, it would be good to have 2-3 instances of outputs while you do testing so that we can see the difference if any fail counter is increasing.
  Regards,
  Kanwal

• HTTP sticky timeout issue in ACE .

  Hi All ,
  We  are facing  the dis connectivity  issue in the the http session ( sticky configuration )
  As per the customer requirement we  configured the  http sticky  with the connection time out 60 min ( one hour ) .
  But  as  per the test with  the tool cookie manager , they identified as the  http sessions are getting timed out in 20 to 30 minuits .
  Please find the sticky configuration
  sticky http-cookie FRONT_SESSION_ID TEST_FRONT
    cookie insert
    timeout  60
    replicate sticky
    serverfarm TEST_FRONT
  We also  did the http persistence as below .
  parameter-map type http HTTP_Persistence_Rebalance
    persistence-rebalance
  Parameter-map : HTTP_Persistence_Rebalance
  Description : -
  Type : http
      server-side connection reuse       : disabled
      case-insensitive parsing           : disabled
      persistence-rebalance              : enabled
      header modify per-request          : disabled
      cookie-error-ignore                : disabled
      header-maxparse-length             : 4096
      content-maxparse-length            : 4096
      parse length-exceed action         : drop
      urlcookie-delimiters               : /&#+
      urlcookie-start                    : ?
    We  have also tested the session directly with the Rserver .But  it is not getting disconnected ( As we doubt  is it  any server related issue  )
  Also please find the below resource allocation .
  resource-class TEST-FRONT
    limit-resource all minimum 0.00 maximum unlimited
    limit-resource buffer syslog minimum 0.50 maximum equal-to-min
    limit-resource sticky minimum 2.00 maximum unlimited
  So can any one please suggest me  is there  any configuration  mistakes  here  .
  If the configuration is ok please suggest me  what more I have to do for  making the stickiness  around  60 min .
  Regards ,
  Sinjish.K

  Sinjish-
    Can you use the capture utiliy on ACE to gather a trace of the entire session - then filter out the traffic to just the client IP or the server IP and attach it to this thread?  A showtech would also be useful to see if there are any anomolies.
  Regards,
  Chris Higgins

• I seem to have lost some of my settings and now I cannot configure my airport connection. How do I get my settings back?

  Hello. First time using this. Still trying to figure out how to post my questions. I seem to have lost some of my settings and now I cannot configure my airport connection. How do I get my settings back?

  If you are using cable and a Nethear router sounds like from the information you provide before your Airport setting are setup improperly. PPoE is not something a cable service would need to work. Fallow the steps I will provide bellow, I will add some screen shots also to assist if necessary.
  1 - Open System Preferences from  (Menu)
  2 - Click "Network"
  3 - From the Network window you are going to wanna make sure Location is : Automatic and Show is : Airport
  4 - Once the Show: Airport is select you should see a window like this, my window is selected for Ethernet simply because I am no longer running Tiger but the window will look the same.
  5 - You will want to click on the PPPoE tab and you should see this
  6 - You're gonna wanna make sure " connection using PPPoE " is not select, if it is make sure to uncheck this option
  7 - Once this is uncheck make sure to click "Apply Now"
  8 - You will want to click back on to the "TCP/IP" tab and make sure IPv4 is set to " Using DHCP "
  9 - If the option to " Apply Now" is available again please click this
  10 - Once this is done go to your Aiport Menu and see if your network is listed and select your network and eneter the password if necessary.
  11 - If after these steps you still have issues I would recommend Power Cylcing your Router and Modem for about 5 minutes
  12 - Make sure all lights are off when unplugging the Router and the Modem
  13 - Some Modems have backup batterys so you may have to push in a tiny button on the back with a pin

• How to send joystick data over TCP connection

  Hi all,
  I am a long time Labview discussion forum user for learning, but this is my first time posting a question, I hope somebody can help me!
  In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
  Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
  Again, the actual TCP communication I get, and can operate fine, just formatting all the data into a string (or whatever is required) so that I can unpack on the other side is the issue here.
  Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense...
  One final question.....I already have a solution to this but using labview for the entirety of this project would be nice. I use skype to stream 1080p video from a webcam to my computer so I can view live feed. Can labview do this? This would be awesome if so, I am just not sure if the communication protocols in use could support real time (or as close as possible to streaming) for 1080p video.
  Thanks all in advance for your help,
  Physicsnole
  Attachments:
  cameraserver.vi ‏24 KB
  cameraclient.vi ‏18 KB

  Physicsnole wrote:
  In the attached VI I am trying to send data from a joystick over a TCP connection. I can send data fine using the TCP examples (in fact the majority of my VI is just a copy of the example). However I am to the point where I do not know how to send all the data necessary (3 axis data, 12 buttons, and the POV data) over TCP. Strings, clusters, and arrays were never my strong suite and converting between them is a nightmare for me.
  Well, you cast the axis info cluster to a string, but then you cast it back to an array of DBL. Thatr's not compatible. You should probably cast it back to an "axis info" cluster of exactly the same type. Go the the other VI and right-click the cluster wire to create a constant. Now move that diagram cluster constant to the other VI and use it as type.
  Your default ports don't seem to match. You seem to have client and server roles confused. In the sever you create a listener, but then you start sending packets, even though no connection is established. The connection needs to be initiated by the client.
  Your client stops the loop the first time a timeout is encountered. Shouldn't that be more permanent? Also, please retain code clarity and avoid unecessary complexities. For example, replace the "not or" with a plain "or" and change the loop to "stop if true"
  Physicsnole wrote:
  Basically I am trying to send each axis data (X,Y, and Z), button data (12 buttons), and POV data (the POV data will be calculated to adjust the position of a camera, so the immediate data is not important, I will add functions to add the change in the button movements to write a standing position for two servos [pan and tilt], for which that I will need to send over the TCP connection) over the TCP connection to control various cameras and motors. I don't know if it is posible to send that much data over a TCP connection in one write VI through a string, and also how to separate the string on the other side in order to control the client VI.
  You can send as much as you want. The casting to/from string is the same as described above.
  Physicsnole wrote:
  Another question I have (not impotant to get the program running just might make it easier on me) is can a TCP server (which sends the data to the client) also recieve data back from the client on the same port ( for example sensor data and digital positions [on,off])? Or do I need to set up two TCP communication loops with the first client acting as the server on a different port than the first, which then sends the data to the original server, which also has a client TCP configuration in another loop? I hope this makes sense..
  The primary function of a "server" is to wait for a connection and then communicate with the client once a conenction is established. An established TCP/IP connection is fully two-way and both sides can send and receive.
  LabVIEW Champion . Do more with less code and in less time .

• Forefront TMG disconnected a non-TCP connection

  Hi,
  I am getting the following error alerts in  TMG
  Forefront TMG disconnected a non-TCP connection from 192.168.0.1 because the connection limit for this IP address was exceeded. Larger custom connection limits should be configured for the IP addresses of chained proxy servers and back-to-back Forefront
  TMG computers with a NAT relationship. 
  This error show two msgs for my both dns servers.
  My DNS servers Ip addresses
  192.168.0.1
  192.168.0.2
  Please help me out
  Thanks

  Hi,
  How about editing the Maximum non TCP sessions per second per rule setting?
  For more information:
  http://technet.microsoft.com/en-us/library/dd441028.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to set TCP connection timeout in solaris 9

  Hello All,
  I am new to solaris. While using oracle, sometimes I face tcp connection timeout.
  The timeout happens after a long delay like more than 8 min. I want to reduce the tcp connection timeout to 2 min in solaris.
  Please help me to change this setting.
  My current configuration is
  SunOS testmachine 5.9 Generic_122300-13 sun4u sparc SUNW,Sun-Fire-V440
  Thanks
  Purushoth

  There's a fair amount of tunables. Without known what is timing out (dns, lost packet...), it's hard to say what you want to tweak. The list of parameters can be seen by using ndd:
  ndd /dev/tcp \?
  or
  ndd /dev/ip \?
  and can be set by using ndd -set (see ndd(1M) ). Note that anything you set has to be reset on reboot, so you have to stick this in a script somewhere, or know what the variable translates to to stick it into /etc/system.
  -r

• MAIL USING PL/SQL PROCEDURE TCP CONNECTION ERROR

  I was trying to send an e-mail using the demo-mail helper package which uses UTL_SMTP package and on execution, it gives the following TCP Connection error. Is it some something to do with mail configuration?
  This is the sample code I was trying to run.
  demo_mail.mail( sender => 'Me <[email protected]>',
  recipients => 'Someone <[email protected]>, ' ||
  '"Another one" <[email protected]>',
  subject => 'Test', message => 'Hi! This is a test.');
  And this is the error I am getting.
  class oracle/plsql/net/TCPConnection does not exist
  at "SYS.UTL_TCP", line 537
  at "SYS.UTL_TCP", line 199
  at "SYS.UTL_SMTP", line 102
  at "SYS.UTL_SMTP", line 121
  at "VNARAYA.DEMO_MAIL", line 159
  at "VNARAYA.DEMO_MAIL", line 119
  at "VNARAYA.DEMO_MAIL", line 105
  at "VNARAYA.SEND_MAIL", line 2
  at line 1

  The Java library needed by UTL_TCP is not created properly. You may just run $ORACLE_HOME/rdbms/admin/initplsj.sql as SYS to install it:
  cd $ORACLE_HOME/rdbms/admin
  sqlplus sys/<sys-password> @initplsj.sql

• Resolving a TCP connection "slowdown" problem

  SuSE 9.3, stock kernel
  Intel architecture
  Jrockit-R26.4.0-jdk1.5.0_06-linux-ia32
  I have a problem that appears to be localized in Jrockit (or
  localized in the application, which is localized in Jrockit), where a
  persistent and high-volume TCP connection slows down over the course
  of about an hour--and eventually, effectively halts.
  The TCP traffic is a stream of data, arriving at a near-constant rate
  of about 16K bytes per second, with the receiving end (with the JVM
  and app) strictly sending TCP ACKs in reply.
  Restarting the sending process, or shutting down and restarting the
  connection with the JVM / app, both restore the connection to full
  speed until, over the course of perhaps an hour (sometimes more,
  sometimes less) the same symptoms appear.
  The symptoms in network packet traces are that when the connection is
  first opened, the sender transmits packets at the full MTU of the
  Ethernet segment. Gradually, the number of full-MTU sized packets
  are replaced with packets much smaller packets, until most packets
  range from 1 to 4 bytes with the occasional 3xx-4xx byte packet and
  the odd offlier of a full-MTU packet size.
  Supporting symptoms of interest:
  1) The TCP window does not shrink
  2) The CPU on the JVM/app side tops out at around 20%, even with
  mySQL running on the machine
  3) The interval between successive ACKs transmitted from the JVM/app
  size generally narrows over the course of the connection
  4) TCP send queue on the sender becomes saturated (pegged at 90+ K)
  5) TCP receive queue on the JVM/app side is almost always 0, and when
  it is not zero is bursts up to a low number (<50) and then almost
  immediately returns to 0
  6) The app does not appear to present any general symptoms of
  slowness; the rate of writes to the database does not appear to slow.
  The writes are threaded and multiplexed
  [4] strongly implies that the slowness is caused by the JVM/app side,
  since if the sender app was slowing down for some reason its TCP send
  queue would not be saturated.
  I can copiously document everything stated, and additionally provide
  much additional detail.
  Any guidance on how to suss out role Jrockit or the app are playing
  in this little drama would be very deeply appreciated.

  Asked around and it seems unlikely that this is a JVM issue. We have never heard of this behavior before, and the network layer in the JVM doesn't do anything with MTU iirc with the possible exception of manual changes to socket options. It seems more likely that this is caused by the IP stack, the NIC device driver or something in the network configuration. Try making some changes here and see what happens. For instance:
  1) Run client and server on the same machine, communicating through loopback
  2) Try another Linux distro (CentOS 4.3, for instance)
  3) Try a different NIC and/or a different device driver
  In your Java code, check that you are closing all Socket objects properly. Leaving them to be closed by a finalizer can delay closing sockets resulting in a native resource leak. I don't see how that would cause the issue you describe, but you never know...

• Configuring BPM-BW Connectivity

  Hi all
  We're trying to connect BW with BPM. I've read that an RFC Destination is needed to do so, but I'm not sure about how to configure it.
  I'm on TCODE SM59, configuring a TCP/IP type destination. Checked on "Registered Server Program" following manuals, but now I have to enter a ProgramID, and I have no idea where do I obtain this.
  Is it a standard program on the BW, or maybe an existing one on the Composite Environment server? Do I have to write any code?
  Thanks in advance, hope anyone can give me some clue
  Jen

  solved

• HTTP tunneling / number of TCP connections

  Environment WLS 7.0 Sp2
  We are experimenting with http tunneling and we noticed the following behavior,
  when performing a lookup to get a handle to a few session beans that our UI is
  using, Weblogic opens an additional TCP connection for every lookup however when
  using t3 Weblogic opens a single connection for all of them. Our guess is that
  Weblogic's T3 is optimized to pipeline and multiplex everything asynchronously
  over one TCP connection.
  Is there a way to configure Weblogic to use a single TCP connection when tunneling?

  I believe it would just be an OS-level limit, on the number of socket handles that can be opened.

• TCP connections effect in case of waas failure

  i need to know the effect of waas failure on the existing tcp connection.

  Cisco WAAS utilizes standards-based TCP optimizations to remove TCP as a barrier to application performance over the WAN. By initiating a TCP Proxy after autodiscovery, communicating nodes experience LAN-like TCP behavior through local acknowledgement and TCP handling. As such, when the network goes down the TCP proxy has the ability to mask the disconnect for a short time, but after that all TCP connection will reset and clients will try to re-establish a connection.
  For CIFS
  -During transient disconnects (up to 95 seconds), the WAAS Edge maintains data in its buffers and retries the transmission to the WAAS Core upon network re-connect.
  - When the WAAS Edge switches to "disconnected mode", its services change to "no service" and the buffered data is lost. Further file operations will fail and the Client will be alerted that the server is disconnected. Open documents can be "saved as" on another drive
  -If the accessed file server was configured for "Disconnected Mode" CIFS clients will be able to continue to browse the cache directory and read fully cached files on an WAAS Edge
  In addition with Windows on WAAS providing local window services (dns, authentication) user can access local file shares on WAVE