Content Switching Module (CSM): Sessions stuck in closing state

Hi guys,
I'm troubleshooting a CSM with 4.3(1).
We migrated a real server from windows to linux, since then lot's of sessions stuck in closing state until the idle timer expires.
I traced the traffic from the client to the csm and from the csm to the real server what I saw is the following behaviour at the end of a session:
windows real server: client sends FIN -> real server acks the FIN -> real server sends FIN -> client sends RST -> real server sends RST -> CSM deletes session from session table
The linux real server mostly behaves like the windows real server but sometimes behaves as follows:
client sends FIN -> real server sends  FIN, but does not ack the FIN sequence number of the client -> real server sends RST -> client sends RST -> CSM does not delete  session from session table, it stucks in closing state
Does anybody know how I can solve this problem of half-closed sessions other than decreasing the idle timeout?
Is it possible to configure CSM to close and delete sessions not only on FIN-ACK packets but also on RST packets?
Or to use a different fast idle timeout when sessions are half-closed?
Many thanks in advance,
Thorsten

Hi Fabrizio,
CSM_FAST_FIN_TIMEOUT is already set to 10 seconds.
What I found out while testing is that CSM_FAST_FIN_TIMEOUT works with configurations where idle timeout is configured > 0.
But when idle timeout is configured to 0 (what meas no idle timeout) the csm seems not to use CSM_FAST_FIN_TIMEOUT: Half closed sessions will stuck in closing state.
Any idea why cms behaves this way?
Regards,
Thorsten

Similar Messages

  • CSM-Content Switching Module

    Hi All,
    How to shutdown Content Switching Module in Cat 6500 switches ? I want to shutdown only CSM-Module without disturbing Chassis.
    Can anyone please send me the command on that ?
    Highly appreciate your valuable reply.
    Thanks,

    Hi,
    Assuming you are using IOS, you can power-down a module in a 6500 chassis using the command
    "no power enable module " in global config mode where is the slot number of the CSM.
    If you are using CatOS then the command would be:
    "set module power down "
    The CSM should be hot-swappable so you should be able to just pull it out of the chassis, but I think that is a bit vicious if you only want to shut it down.
    HTH
    Cathy

  • Windows 2008 R2 SP1 Enterprise TS Sessions stuck in Down state

    I have an environment of 30 physical Windows 2008 R2 SP1 Enterprise servers providing Remote Desktop services running Citrix XenApp 6.5.  Over the last 2 months, I've had two instances where one user session was stuck in a "Down" state.  The user
    could not log in or reconnect to the published app because this one session could not be cleared.  I was forced to remove the affected server from the published app, clear off all the users, and reboot in order to clear the Down session.
    Research brought me to the following KB articles:
    http://support.citrix.com/article/CTX128192
    http://support.microsoft.com/kb/2383928
    I attempted to apply the hotfix, but it was "not applicable to your computer". I opened a ticked with MS and the conclusion was that the hotfix, and subsequent versions of the hotfix, have been superseded by Windows Updates.  The hotfix apparently has
    been rolled into public Windows Updates.
    My problem is that this behavior still exists.  Has anyone else experienced this and is there a nondestructive method (without rebooting) for clearing out these sessions stuck in a "Down" state?   Thanks.

    OK. We sent the files over to Microsoft to check on this issue. They came back with the following information.
    While we are usually skeptical of Hotfixes, several of these descriptions are on the money. We will not complete the entire list, but will start with the exact match descriptions and apply one at a time.
    <<<<<Microsoft Engineers response>>>>>>>>>>>>>>>>>>
    We looked at the MSDT data and found the version of “win32k.sys” is old.
    Module[  2] [C:\WINDOWS\SYSTEM32\WIN32K.SYS]
      Company Name:      Microsoft Corporation
      File Description:  Multi-User Win32 Driver
      Product Version:   (6.1:7601.17860)
      File Version:      (6.1:7601.17860)
    We advise you to install the following hotfix to update Win32k.sys to the latest version.
    2661332 You cannot reestablish a Remote Desktop Services session to a Windows Server 2008 R2-based server
    http://support.microsoft.com/kb/2661332/EN-US
    Also, I checked that these are not installed on the machine, please install the following hotfixes as they update all the components to their latest versions and we have seen similar cases in the past which were resolved after these hotfixes were installed.
    2383928 Remote desktop sessions do not completely exit, and you cannot establish new remote desktop sessions to a computer that is running Windows Server 2008 R2
    http://support.microsoft.com/default.aspx?scid=kb%3bEN-US%3b2383928
    979530 A Windows Server 2008 R2-based Remote Desktop server denies some connection requests randomly under heavy logon or logoff conditions
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;979530
    2578159 The logon process stops responding in Windows Server 2008 R2 or in Windows 7
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;2578159
    2465772 An application or service that uses Winsock API or Winsock Kernel API may randomly stop responding in Windows Server 2008 R2 or in Windows 7
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;2465772
    2265716 A computer that is running Windows Server 2008 R2 or Windows 7 stops responding randomly
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;2265716
    975777 There is a delay when you shut down, restart, or log off a computer that is running Windows 7 or Windows Server 2008 R2
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;975777
    2505348 High CPU usage or a lengthy startup process occurs during WMI repository verification when a large WMI repository exists in Windows 7 or in Windows Server 2008 R2
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;2505348
    <<<<<<<<<<<<<End response>>>>>>>>>>>>>>>>>>

  • CSM(content switching module) supports the 2 tier server load balance ?

    hi everyone,
    Does any know the CSM support 2 tier server load balance ?
    this means that CSM perform the server load balance for servers and the same servers require another time Server load balance. In the other word,
    the CSM supports server port and client port for server load balance ?
    thanks
    fred.

    Hi, this seems to describe a typical case of multi-tier design where the CSM needs to handle 2 types of connections:
    1. clients->CSM->serverfarm1
    2. serverfarm1->CSM->serverfarm2
    We usually refer to the second type of connections as server-to-server load balanced traffic.
    There is no problem in handling that scenario with the CSM and you have a few options.
    In particular, each virtual server on the CSM can be configured to only accept incoming connections from a specific VLAN, so you can use that as an additional security measure or to distinguish connections based on which VLAN they come in from.
    If you want to, you could even configure the CSM with 2 virtual servers with the same exact virtual IP and L4 port, but listening on 2 separate VLANs (the client-side VLAN and serverfarm1 VLAN) and use a different server farm based on that.
    One important thing to keep in mind when handling server-to-server load balanced connections: if serverfarm1 and serverfarm2 are on the same VLAN, you have to configure "client NAT" for the server-to-server connections, to force the return traffic back to the CSM.

  • Cisco WAAS and Content Switching Module compatiblity

    We are planning to implement WAAS on our hub's 6500 core switches, so that TCP connections from the end sites users to the servers in the hub can be optimized. But we have the servers VLAN groups under the Cisco CSM module already. Are the client-server connections still able to be optimized by WAAS?

    Hi Joe
    let's seperate out the two topics here.
    a) WAAS traffic interception with wccp
    b) CSM
    a) when you say vlan 200 is where target servers are connected, is that the CSM client side vlan? or the actual server vlan ?
    the bottom line is you need to make sure the interface where you configure "ip wccp 61 redirect in" is recieving traffic from servers towards .
    Good reference for WCCP best practices in 6500
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
    b) yes you can configure stickiness for session persistance as in below URL
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/addftrs.html
    Thanks

  • Ciscoview device manager for content switch module not available for download ?

    Hi,
    On Cisco support site CVDM is no longer available for download despite that warning message says it won't be available since February due to migration to another server. Any idea where to get it for my CSS11501 ?
    Cheers
    Arun

    If you use the old link:
    http://www.cisco.com/cgi-bin/tablebuild.pl/css11500-crypto
    You'll get redirected to CVDM for the CSS11506. It's the same CVDM software as the CSS11501 and CSS11503. Don't know why only the CSS11501 link is broken.

  • Multiple context on Cisco Content Switching

    Hi Everyone
    I had new case with Cisco Content Switching design. The current network has two Cisco Content Module (CSM) and each of them response for switching content on one Vlan.
    Now i want to reconfigure it, to meet the redundancy requirement. But i don't know Cisco Content Module have same idea of design with ACE on Route Mode.
    I want configure CSM with two or more vlan pair in routed mode and it can HA between each other.
    Thanks
    Phai La Quy

    Hi Phai,
    Yes you can configure CSM in routed mode with clients in one VLAN and server in another. Pasting the link for your reference. You can find more in routing and switching guide.
    http://www.cisco.com/c/en/us/support/docs/interfaces-modules/content-switching-module/26220-csm-config.html
    Regards,
    Kanwal

  • Smartfilter with Content Engine Module (NM-CE-BP-40G-K9) & ACNS on 3661

    I've been looking over the CCO docs, but can't find one that has sample configs for using a 3661 router containing content engine module, smartfilter, & ACNS. Topology is basically the following...
    (PC's)----(LAN Switch)-----(3661 w/content engine module)----(PIX)---(internet)
    I don't want to creat a new IP subnet for the 3 interfaces within the content engine module/router. I want to use the IP's from the current LAN IP Block.
    Any advice appreciated.

    I thought this might help.
    Easy NM-CE Configuration Guide!
    Router IOS:c3725-ik9o3s-mz.122-15.T2
    Content Engine Software: ACNS 5.0.3.5
    Configure basic router configuration as normal.
    Set the IP addresses for the Service Module (Content-Engine) using these commands:
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    Complete Config Example (DHCP and NAT for Lab):
    urrent configuration : 2440 bytes
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname lab3745_NM-CE
    logging queue-limit 100
    enable password cisco
    ip subnet-zero
    ip wccp web-cache
    ip dhcp pool NM-ESW-16-POOL
    network 10.1.2.0 255.255.255.0
    domain-name cisco.com
    default-router 10.1.2.1
    dns-server 171.68.226.120 171.70.168.183
    lease 7
    ip audit notify log
    ip audit po max-events 100
    no voice hpi capture buffer
    no voice hpi capture destination
    mta receive maximum-recipients 0
    interface FastEthernet0/0
    ip address 172.16.12.108 255.255.255.0
    ip wccp web-cache redirect out
    ip nat outside
    duplex auto
    speed auto
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    interface FastEthernet1/0
    no ip address
    interface FastEthernet1/1
    no ip address
    interface FastEthernet1/2
    no ip address
    interface FastEthernet1/3
    no ip address
    interface FastEthernet1/4
    no ip address
    interface FastEthernet1/5
    no ip address
    interface FastEthernet1/6
    no ip address
    interface FastEthernet1/7
    no ip address
    interface FastEthernet1/8
    no ip address
    interface FastEthernet1/9
    no ip address
    interface FastEthernet1/10
    no ip address
    interface FastEthernet1/11
    no ip address
    interface FastEthernet1/12
    no ip address
    interface FastEthernet1/13
    no ip address
    interface FastEthernet1/14
    no ip address
    interface FastEthernet1/15
    no ip address
    interface Content-Engine2/0
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    service-module external ip address 10.0.0.1 255.255.255.0
    service-module ip address 10.1.1.2 255.255.255.0
    service-module ip default-gateway 10.1.1.1
    interface Vlan1
    ip address 10.1.2.1 255.255.255.0
    ip nat inside
    ip local pool NM-ESW-16-POOL 10.1.2.2 10.1.2.254
    ip nat pool TEST-NAT-POOL 172.16.12.108 172.16.12.108 prefix-length 24
    ip nat inside source list 7 pool TEST-NAT-POOL overload
    ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.16.12.254
    access-list 7 permit 10.1.2.0 0.0.0.255
    access-list 7 permit 10.1.1.0 0.0.0.255
    access-list 7 permit 10.0.0.0 0.0.0.255
    call rsvp-sync
    mgcp profile default
    dial-peer cor custom
    line con 0
    speed 115200
    line 65
    flush-at-activation
    no activation-character
    no exec
    transport input all
    line aux 0
    line vty 0 4
    password cisco
    login
    end
    reset service-module 2 to reboot the Content-Engine:
    service-module content-Engine 2/0 reload
    Within 30 Seconds Session from the Router to the Service Module:
    service-module content-engine session
    Enter Basic Configuration for Network Module:
    Password, etc…
    Configure The service Modeule using the command line interface:
    hostname NM-CE-BP
    ip domain-name CISCO.COM
    interface FastEthernet 0/0
    ip address 10.0.0.1 255.255.255.0
    exit
    interface FastEthernet 0/1
    ip address 10.1.1.2 255.255.255.0
    exit
    ip default-gateway 10.1.1.1
    primary-interface FastEthernet 0/1
    ip name-server 172.72.1.1
    wccp router-list 1 172.16.12.108
    wccp web-cache router-list-num 1
    wccp version 2
    username xxx password xxxx
    username xxxx privilege 15
    authentication login local enable primary
    authentication configuration local enable primary
    NM-CE-BP#exit
    You can use the command line interface to show statics from the Content Engine by using the show statistics screen command or use your web browers for a more graphical report.

  • Cisco Content Switch 11503

    Directed towards any users of this product line out there.
    I have a client who is on the older hardware platform (11100);. and is
    looking to invest in a pair of new switches/balancers. I have the follwoing
    outsntanding questions that i'm needing to confirm on the 11503
    - Source NAT - is this required to always be on? for marketing, reporting and debugging purposes, we're wanting to ensure we can have the client's original ip address preserved once request hits web/app, not rewritten at the content switch.
    - sessions - any concerns running up to 30 - 50k of simultaeous sessions on
    the 11503? require the the addt'l session accel modeule?
    thanks for the input.
    > Byron
    > www.kennedytechgroup.com

    Byron,
    source nat is not a requirement of the CSS.
    It depends how you design your network and where you place the CSS.
    If you do not want source nat, make sure the servers are placed behind the CSS and that the path from server to client always goes through the CSS.
    For the amount of connections, each module can handle up to 200k concurrent connections.
    So, the CSS with only 1 module should be ok.
    Gilles.

  • AS Java sessions are not closed until they time out

    Hello Experts,
    we have a SAP PI system to integrate SAP R/3 with external applications and recently we are facing a problem with inactive sessions. There's a new application we are setting up that consumes a webservice published by this SAP PI system. The scenario is SOAP --> PI --> PROXY. What we have noticed is that when the application sends loads of requests sometimes the system fails. This is because we are reaching the maximum number of open sessions in AS Java (1000). Investigating a bit more we found out that the sessions are not "closed" once the communication between the application and SAP PI has finished. Those sessions are open until they are automatically timed-out by the system after 1800 sec.
    We have found the notes below in SAPNet:
    Note 1363751 - ICM: Java Web sessions are not terminated
    Note 1307940 - New HTTP session opened for every web service call
    However, none of them are applicable to our system because it is more updated:
    SAP PI 7.1 EHP1 SP002
    Kernel Patch Level: 87
    We have tried to close connections from the application that consumes the webservice but with no success. The sessions remain in the server until they are timed-out. Could you please tell us if this is the normal behavior of an AS Java system? Is this the way it should work? If so, can you tell us how to decrease this timeout so the inactive sessions are cleaned faster? We tried to find it but we didn't manage. Is there any way to close the session once the communication has finished?
    Thank you in advance.
    Roger Allué i Vall

    Hi Roger,
    You can do the following things to help solving your issue:
    1. Decrease session timeout default value of the web container: Use the NetWeaver Administrator
    Open Application Modules plugin within NWA
    Configuration Management -> Infrastructure -> Application Modules
    Set the desired timeout web module you are using, in minutes.
    The default value 0 in the NWA means that the value is not modified
    and the default value of 30 minutes timeout will be used.
    2. Increase the max. no. of Sessions in Configtool
    The max. number of Sessions can be set in Configtool in the Expert
    mode. There is no limitation for the parameter.
    Thanks,
    Anderson

  • BUG: Ctrl+Alt+ number to switch modules only works with number pad

    Really annoying, since this worked nicely in the beta. If, for example, you hold down Ctrl+Alt+1 (pressing 1 on the top row of the keyboard) to switch to the Library Module, it doesn't work. If you use 1 on the numeric keypad, it works fine. What's the big deal, you ask? Well, try using the number pad on a laptop - you either get to use the number keys or the regular keys, so this shortcut is essentially useless on anything other than a full-size keyboard.

    Windows treats Ctrl + Alt shortcuts as special. They are used as hotkeys for desktop icons, and if a key is used for that purpose, it overrides any use within a program. I did a little research, and setting a desktop hotkey to 3 will cause your LR symptoms, where you can't used the normal numbers and have to use the keypad to switch modules. On the other hand, you'd probably be seeing the effect of using the non-number-pad keys (they'd launch a program), so it's a mystery.
    In my testing, I noticed that the Firefox browser uses that key combination to switch between its tabbed sessions. If you're running that program, you could test to see if it exhibits the same symptoms.
    Hal

  • Specs for 11500 Content Switches

    I am looking for more specs on the 11500 series content switches. Specs such as http connections per second, tcp connections total.

    Ted,
    The following link:
    http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_bulletin09186a008017dc5d.html
    states that "A Cisco CSS 11506 can now achieve more than 45,000 TCP connections per second and, if configured with 4 SSL modules, can attain over 4000 SSL transactions per second."
    Is that what you are looking for?
    Keep in mind that performance will be slower with layer 5 rules than strictly layet 4 rules.
    -Steve

  • Can a broken Display Switch module cause my screen to not turn on or be recognized?

    Hi All,
    I have recently been having some issues with my LCD screen in my HP Pavillion dv9700. Ever since I replaced the left hinge on my notebook, I have had to fiddle with my screen by closing and opening it during booting to get it to turn on. This only happened when booting into linux. When booting into vista, the screen would turn on without a problem. This morning I was so fed up with this, that I thought maybe some switch was not getting pressed to tell the notebook that the lid was opened. After looking at all the cables and putting everything back together, my screen now no longer turns on no matter how much I open and close the lid. It wont even turn on in vista. I am however able to connect a vga cable to my notebook and use an external monitor without any problems. I opened up the nvidia control panel in both windows and linux and it does not recognize my notebook monitor, only the external monitor shows up. Could this be caused by a broken display switch module? How can I diagnose this problem? Is there a way to bypass the display switch module by jumping two wires?
    Any ideas are appreciated,
    Thanks in advance
    OS: Latest version of Ubuntu Linux 11.10 dual booting with Windows Vista
    Problem: LCD Monitor not turning on / being recognized
    possible cause: LCD Display Switch Module

    Update:
    I just figured out that it cant be my display switch module because when i close the lid to my notebook, the external monitor shuts off and the computer goes into standby mode. I now think this might be an issue with the ribbon cable. Is there anything else which might be  causing this problem which I am overlooking?

  • Citrix and Content Switches

    I'm curious if anyone is using the Cisco Content switches to load balance traffic/sessions across a citrix server farm. Any luck and what type of load balancing method did you use? Round robin? Response time? And do these methods REALLY work with Citrix applications/servers for appropriate load balancing?

    I just load balanced two Citrix servers using Cisco CSS11150 load balancing switches. Because Citrix uses login for each user, load balancing required stickyness. I load balanced using cookies. This works great. You need to configure the cookie string in the service. You need to configure prefix and length in the content rule. There are several ways to load balance using cookies. The server needs to set the cookie in the first reply back to the client.
    [email protected]

  • Multiple content switches on same subnet

    Can anyone confirm if there is an issue having two pairs of content switches (11500s) on the same subnet? The circuit addressing, interface redundancy and VIPs all use the same subnet. Wondering if there would be any issues with the redundancy, arps, etc.. Am stuck with this arrangement during the migration phase of the project.
    Appreciate your input.
    Rob

    Rob,
    they can be on the same subnet but they must use different VIP ip addresses.
    For the VRRP protocol, you should use different group number on each pair to avoid collision.
    Otherwise, that is no problem. I have many pairs like this in the lab sharing the same subnets and this is ok.
    Gilles.

Maybe you are looking for