Conn id in 'show conn' display - ACE

Similar Messages

• Show conn on ACE

  I have some question related show conn on ace
  the log like below:
  ACEAD#1/130# show conn de | be 2633
  2633 1 in TCP 330 100.254.130.13:39560 100.254.16.11:389 ESTAB
  [ idle time : 00:33:21, byte count : 334 ]
  [ elapsed time: 00:48:35, packet count: 5 ]
  11239 1 out TCP 30 100.254.16.11:389 100.254.130.13:39560 CLOSED
  [ conn in reuse pool : FALSE]
  [ idle time : 00:33:21, byte count : 261 ]
  [ elapsed time: 00:48:35, packet count: 3 ]
  ACEAD#1/130# show conn de | be 2633
  2633 1 in TCP 330 100.254.130.13:39560 100.254.16.11:389 ESTAB
  [ idle time : 00:33:49, byte count : 334 ]
  [ elapsed time: 00:49:03, packet count: 5 ]
  11239 1 out TCP 30 100.254.16.11:389 100.254.130.13:39560 CLOSED
  [ conn in reuse pool : FALSE]
  [ idle time : 00:33:49, byte count : 261 ]
  [ elapsed time: 00:49:03, packet count: 3 ]
  100.254.130.13 is server side ip address.
  100.254.16.11 is outside client's ip address
  connection id 2633's connections status is ESTAB. but connection id 11239 is CLOSED
  Is this a pair connection between 100.254.130.13 and 100.254.16.11?
  In log, there are different connection id two flow each other.
  If two connection is pair connection, why conn'id 2633 is ESTAB, and conn'id 11239 is CLOSED?
  Or not, Is it a single flow , no related each other?
  There are no explanation about this issue in document. I have no experience about this with Cisco ACE.
  Anyone help me!.

  The output you provided in the beginning of the is two flows that make up a single connection.
  When a client initiates a connection to the ACE virtual address two flows are created on the ACE. flow-1 is client to ACE and flow-2 is ACE to server. But both of these flows are tied together and make up the connection.
  My assumption on what is happening in your output:
  1. This is the flow from the ACE to the server. The server has sent a FIN so this is why the ACE displays the connection as closed.
  11239 1 out TCP 30 x.x.x.x:389 x.x.x.x:39560 CLOSED
  2. This is the flow between the client and the ACE. The ACE has not seen a FIN ACK from the client so the connection remains open.
  2633 1 in TCP 330 x.x.x.x:39560 x.x.x.x:389 ESTAB
  3. These flows will remain in the connectino table until the idle timer expires (half-closed) or the ACE recieves a FIN ACK, RST, etc. from the client.
  Here is documentation on setting the different idle timers on ACE.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/security/guide/tcpipnrm.html#wp1072427

• ACE Sticky Connections, Show Conn Output and Show serverfarm

  Hi Community,
  I'm deploying a Cisco ACE module and I have some questions about sticky connections and about the output of the show conn command and show serverfarm command.
  I have the follwoing configuration:
  rserver host srv_1  ip address 10.4.11.14  inservicerserver host srv_2  ip address 10.4.11.18  inserviceserverfarm host farm_144  rserver srv_1 144    weight 1    inservice  rserver srv_2 144    weight 3    inservice
  sticky ip-netmask 255.255.255.255 address source st_host144
    timeout 10080
    serverfarm farm_144
  class-map match-all vip_144
    2 match virtual-address 10.4.11.208 tcp eq 143
  policy-map type loadbalance first-match lb_144
    class class-default
  policy-map multi-match policy_vip_webcache
    class vip_webcache_144
      loadbalance vip inservice
      loadbalance policy lb_144
      loadbalance vip icmp-reply active
      nat dynamic 411 vlan 411
  We can assume that service policy was applied at the interface vlan. So, let's go to the questions:
  1- If sticky is enabled the output command "show conn" should show just one entry by ip address?
  The real output is:
  DC01-ACE-01-PRIMARY-SW1/context_servidores# show conn | inc :143333046     1  in  TCP   411  10.2.158.87:3616      10.4.11.208:143       ESTAB 286390     3  in  TCP   411  10.2.158.87:3562      10.4.11.208:143       ESTAB310233     1  in  TCP   411  10.1.5.87:3424        10.4.11.208:143       ESTAB
  Look that the ip address 10.2.158.87 is shown 2 times. In same times, the same ip address is shown 4 times to the same VIP and the same port. Is it a normal behavior?
  2- According to the configuration, the srv_2 has weight 3 and srv_1 has weigth 1, but the output of show serverfarm show somethin strange:
  DC01-ACE-01-PRIMARY-SW1/context_servidores# show serverfarm farm_144 serverfarm     : farm_144, type: HOST total rservers : 2 state          : ACTIVE DWS state      : DISABLED ---------------------------------                                                ----------connections-----------       real                  weight state        current    total      failures    ---+---------------------+------+------------+----------+----------+---------   rserver: srv_1       10.4.11.14:144        1   OPERATIONAL     11         386        0   rserver: srv_2       10.4.11.18:144        3   OPERATIONAL     35         66         0
  We can see that the weight is working good, but the total of connections is higher at srv_1 than srv_2. Why?
  Somebody can help me to understand better this problem of if its a normal behavior?
  Thanks in advance!!

  Hi Gaurav,
  About question 1, I got some informations too. It's perfectly normal the client open 2 or more connections at the same time. The client's application is the responsable. We removed the ACE and put the client directly to the server and the result of the total connections opened was the same.
  About question 2, I made some "clears" on the serverfarm, the sticky database and after that, the numbers were more real.
  DC01-ACE-02-SECONDARY-SW1/context_servidores# sh serverfarm farm_webcache_144
  serverfarm     : farm_webcache_144, type: HOST
  total rservers : 2
  state          : ACTIVE
  DWS state      : DISABLED
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: srv_webcache_1
         10.4.11.14:144        1   OPERATIONAL     1025       15499      4436
     rserver: srv_webcache_2
         10.4.11.18:144        2   OPERATIONAL     1794       33471      471
  DC01-ACE-02-SECONDARY-SW1/context_servidores#
  Anyway thank you very much for your feedback.
  Plínio Monteiro

• Question about ACE show Conn command (tcp duration)

  Hello,
  I was checking connections and noticed that I would see the initial connection, but after a short time the connection quits showing up in the counters and the “show conn” command. However the user is still up and working.
  This is the command I used:
  sho conn serverfarm STAGING-HTTPS detail
  The output shows all the connection info from source to destination, and in the ESTABLISHED state.
  However, after maybe 2~3 minutes, when I up arrow I don't see any connection info. The web page is still up. If I refresh the web page, I do see the connections come in.
  Can someone kindly point me to a document or provide an answer on how long should the connection be stored before they are flushed?
  Config profile:
  4 real servers
  HTTPS protocol
  Leastconn for predictor
  sticky based on src/dst IP
  Thanks,
  Raman

  Raman,
  If you would play with a sniffer capture, you could answer the question yourself.
  If the browser loads a flash object or a java applet, once it is loaded, you can still work on the page but there is no data transfer.
  with a sniffer tool you could see the browser closing the connections.
  The default TCP idle timeout on ACE is 1 hour.
  Gilles.

• Cisco ACE - "show conn" command queries

  Hi all,
  i have some queries regarding the "show conn" command in Cisco ACE.
  Working Scenario:
  VIP : 10.10.10.1
  Server 1 : 10.10.20.1
  Server 2 : 10.10.20.2
  Client: 30.30.30.1
  When a client 30.30.30.1 initiates a connection to the VIP on 10.10.10.1, the ACE load balances it to Server 1, 10.10.20.1. Looking at the "show conn" table, it shows that Server 1 is replying back to the Client 30.30.30.1 through the ACE.
  Now, my question is when the ACE returns the traffic to the Client, should the Client be seeing the source IP coming from the VIP or Server 1? My understanding is that the Client should be seeing traffic returning from the VIP. But the show conn table does not seem to suggest so.
  show conn table
  conn-id    np dir proto vlan source                destination           state
  ----------+--+---+-----+----+---------------------+---------------------+------+
  1768       1  in  TCP   10   30.30.30.1:9221   10.10.10.1:80       ESTAB
  41         1  out TCP   52    10.10.20.1:80    30.30.30.1:9221   CLOSED

  Daniel,
  The client is expecting a response from the VIP otherwise there would be an asymmetrical routing problem and conns will never complete.
  The fact that you're seeing 30.30.30.1 as the destination address is just that the server is able to see client's IP address on the request, when your backend servers sends the reply back to the client this response is forced to go through the ACE, when the ACE looks at the packet it matches with a previously conn created on the flow table so it "NATs"  the reply so now the source of the packet is the VIP and destination is 30.30.30.1.
  This is a expected behavior as you're not using S-NAT on your network.
  HTH.
  Pablo

• Show conn state and fix-ups

  Can the show conn state command be used to monitor the connections for fix-up protocols?

  Use the show port status command to display port status information.
  show port status [mod_num[/port_num]]
  Syntax Description
  mod_num
  (Optional) Number of the module.
  /port_num
  (Optional) Number of the port on the module.
  This example shows how to display port status information for all ports:
  Console> show port status
  Port Name Status Vlan Level Duplex Speed Type
  1/1 connected 523 normal half 100 100BaseTX
  1/2 notconnect 1 normal half 100 100BaseTX
  2/1 connected trunk normal half 400 Route Switch
  3/1 notconnect trunk normal full 155 OC3 MMF ATM
  5/1 notconnect 1 normal half 100 FDDI
  5/2 notconnect 1 normal half 100 FDDI

• Show conn in cisco asa

  Hi Team,
  Does the show conn count includes both tcp + udp + embryonic connections.
  Because when i do a calculation in excel from the output of show conn, i got the below output.
  It was extracted from the command "show local-host | include host|count/limit"
  (A):
     Total Sum of TCP embryonic count to host = 331
  (B):
       Total Sum of TCP flow count/limit = 102938
  (C):
       Total Sum of UDP flow count/limit = 3512505
  firewall#show conn count
  1912284 in use, 2000002 most used
  Please let me know how this is caluclated. If show conn count = A+B+C, then i am suspecting that old connection entries are not getting flushed out from the connection table in cisco asa 5580 with version 8.3.2.
  Really im in need of help...

  Hi Kimberly,
  My question was, the count of show conn & show local-host does not match... More over, as the show conn was showing that the max limit of 2 million will be reaching very soon... So, i would like to troubleshoot the output of show local-host | include host|count/limit, where in i could see that one of the webserver has lots of tcp connection (lets say 35000, then the other two servers are consuming udp connections 7lacs,5lacs & 3 lacs, as given below...
  local host: ,
      TCP flow count/limit = 35857/unlimited
      TCP embryonic count to host = 25
      UDP flow count/limit = 0/unlimited
  local host: ,
      TCP flow count/limit = 306/unlimited
      TCP embryonic count to host = 8
      UDP flow count/limit = 736807/unlimited
  local host: ,
      TCP flow count/limit = 246/unlimited
      TCP embryonic count to host = 2
      UDP flow count/limit = 582010/unlimited
  local host: ,
      TCP flow count/limit = 1/unlimited
      TCP embryonic count to host = 0
      UDP flow count/limit = 308412/unlimited
  can you pls let me know any other commands can be executed to know if any huge embryonic/virus attacks/too many broad casts...... Once i clear the local-host, the connections get reduced from a huge value to low value. i reallly do not know if these are geniue traffic or fake ? or do not know if the connection table is not flushing out old entries.. please help

• Cisco ASA get 'show conn all long' info through snmp

  Hi,
  I would need to gather the info about all established connections that I can see on the ASA terminal by using the command
  show conn all long
  for monitoring purposes through snmp. I am browsing several MIBs&OIDs but no one seems to contain this info.
  Does anyone know if this is possible ?
  Thanks.
  Vlad

  im looking for the solution ? did u ever find out if this was possible?

• Show conn info via snmp

  Hi,
  Does the ASA have an SNMP OID which will provide information like the show conn command ?

  2 years later, how's LLDP support via SNMP?
  If Cisco does not support LLDP via SNMP, please remove the wrong information from
  http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=2514&PlatformSel=231&fsSel=705
  Stop lying!

• Right syntax of show conn command

  Good day!
  Please, help me with correct syntax of show conn command...
  I need to show all active tcp connections from inside to outside on port 60565...
  Thank you...!

  Hi,
  Well there are a lot of options.
  Below is the basic command
  show conn
  You can use the below commands to get more detailed information
  show conn long
  show conn detail
  You can show certain port connections with the command (with some added parameters)
  show conn detail port 60565
  Some variation of the below command might also be helpfull
  show local-host
  Use the "?" (question mark) after the "show local-host" to see what options you have. Same option naturally applies to any other command on the ASA in general.
  I would also suggest checking out the ASA Command Reference when you are unclear of the purpose of a certain command. They are listed in alphabetic order
  http://www.cisco.com/en/US/docs/security/asa/command-reference/cmdref.html
  - Jouni

• After my iphone4S update to 7.0.6, it have a problem that keep searching network then no service show on display. Can't call. I have try check sim card, reset network settings, and restore my iphone. Still not working at all. Need help please.

  After my iphone4S update to 7.0.6, it have a problem that keep searching network then no service show on display. Can't call. I have try check sim card, reset network settings, and restore my iphone. Still not working at all. Need help please.Urgent.TQ

  Izit software or hardware? Confuse:(
  Only can use wifi now.
  Any way thanks guys for ur suggestion:) amishcake and simes

• Beats audio no longer shows a display when i turn volume up and down pavilion dv7 win7

  my pavilion dv7 used to show a display when i changed volume.  it no longer shows up.  volume works fine.  i can open beats audio just fine.

  Hi,
  Try using Recovery Manager to reinstall HP Quick Launch Buttons - the procedure for using recovery manager to reinstall Software and Drivers is detailed in the relevant document on the link below.
  Recovery Manager - Windows 7
  Recovery Manager - Windows Vista
  After the reinstallation has completed, restart the notebook.
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• Change of Company code from one Cons Group to another Cons Group.

  Dear All,
  Please advise on change of company code from one Cons Group to another Cons Group , we have Cons Structure - at present few companies are in one cons group and as a policy we have to move the companies to another cons group. So please advise me what will be the case if we move int he following senarios:
  1. if till period 012 year 2008,  company A is in Cons Group AA and we want  the same to Cons Group BB. How it  will move to Cons Group BB in a Company code with the opening balances? 
  2. if there is no data in SEM BCS total Cube - and we want to move the Company A from Cons Group AA to Cons Group BB.
  What will be the effect in both the scenarios.  How to do this? if you can specify some steps then I will try to analyze the situation.
  Thanks in advance

  The changes are not complicated but company A must be placed in cons group BB as of period 12 2008 and in the master data of the cons group it should be indicated that the first consolidation is at the end of the period (EOP). Likewise in cons group AA must continue to include company A but in the cons group master data it must be indicated that the period of divestiture is 12 2008 EOP.
  The cons group changes tasks must be executed to move the balances in period 12 2008.
  If there is not data for company A in the totals infocube you may simply drag-and-drop company A from cons group AA to cons group BB without any concerns.
  The affect in each scenario is different because if there is data that is to be reported as part of cons group AA company A must be included in cons group AA.

• HT201210 my iphone 3gs keeps showing the screen with the connect to itunes display, and I've restored it multiple times on different computers, but everytime it finishes restoring, it shows the display again and the computer says it needs to be restored.

  my iphone 3gs keeps showing the screen with the connect to itunes display, and I've restored it multiple times on different computers, but everytime it finishes restoring, it shows the display again and the computer says it needs to be restored. can anybody help me with this?

  it was saying error code 1, i tried the things it said but none of it worked. now it is not showing an error code at all, it just keeps saying it needs to be restored.

• T510 - Device Manager showing multiple Display Adapters

  I recently started experiencing a problem with a Java application locking up when moving windows from the laptop screen to an external monitor.  One of the things we discovered during troubleshooting is that I am showing 2 Display Adapters:
  Intel(R) HD Graphics - running the Laptop Screen
  NVIDIA NVS 3100M - running the external Screen
  Is this correct?  I now also know why when using the NVIDIA Control Center it only shows the one monitor.

  I'm not joking.
  In BIOS (press F1 key when you see turn on the computer and see the Thinkpad screen) you can select the different graphics mode of the machine.  As you are keenly aware, the machine does have 2 graphics processors.
  Under Display:
  Selecting the Integrated option in BIOS shuts off the nVIDIA graphics card and uses the lower power Intel graphics 3000 on the CPU.  This limits graphics performance, but allows for longer battery operation and full CPU speed on battery. 
  Selecting the Discrete option in BIOS forces the system to use the nVIDIA card.  This improves graphics performance, allows you to use multiple monitors, but decreases CPU performance while using battery and reduces battery life.
  Selcting Optimus allows software or the user to determine which graphics processor to use "on the fly" so that power budget and GPU performance are balanced for the workload.
  Enjoy!
  W520: UNSUPPORTED SYSTEM