CSS11506 - show flows

Similar Messages

• Show flows on CSS

  Hi,
  I am using source group on my CSS to nat server initiated traffic to VIP address.
  Currently it does not work, so I am doing troubleshooting.
  I am using ISA1-NAT service for source group.
  configure
  !*************************** GLOBAL ***************************
  cdp run
  ip uncond-bridging
  ip route 0.0.0.0 0.0.0.0 172.20.3.15 1
  !************************* INTERFACE *************************
  interface 1/1
  trunk
  description "ZG-DMZ-XCONN-Customer-Facing"
  vlan 203
  interface 1/2
  description "ZG-DMZ-XCONN-Server-Facing"
  trunk
  vlan 207
  !************************** CIRCUIT **************************
  circuit VLAN207
  description "Server-Facing"
  ip address 172.20.7.2 255.255.255.0
  ip virtual-router 207 priority 101 preempt
  ip redundant-interface 207 172.20.7.1
  circuit VLAN203
  description "Customer-Facing"
  ip address 172.20.3.103 255.255.255.0
  ip virtual-router 203 priority 101 preempt
  ip redundant-vip 203 172.20.3.105
  !************************** SERVICE **************************
  service HTTP-TO-HTTPS-OWA-REDIRECT
  keepalive type none
  type redirect
  no prepend-http
  domain https://xxx.xxx
  service ISA1-NAT
  ip address 172.20.7.101
  active
  service ISA1-OWA-HTTPS
  weight 2
  keepalive port 443
  protocol tcp
  port 443
  ip address 172.20.7.101
  active
  service ISA1-PROXY
  ip address 172.20.7.101
  weight 2
  port 8080
  keepalive port 8080
  protocol tcp
  active
  service ISA2-NAT
  ip address 172.20.7.102
  active
  service ISA2-OWA-HTTPS
  weight 2
  keepalive port 443
  protocol tcp
  port 443
  ip address 172.20.7.102
  active
  service ISA2-PROXY
  ip address 172.20.7.102
  weight 2
  port 8080
  protocol tcp
  keepalive port 8080
  active
  service upstream-ping
  !*************************** OWNER ***************************
  owner HEP
  content HTTP-PROXY
  protocol tcp
  port 8080
  advanced-balance sticky-srcip
  sticky-inact-timeout 10
  add service ISA1-PROXY
  add service ISA2-PROXY
  vip address 172.20.3.105
  active
  content OWA
  protocol tcp
  port 443
  advanced-balance sticky-srcip
  sticky-inact-timeout 10
  vip address 172.20.3.105
  add service ISA1-OWA-HTTPS
  add service ISA2-OWA-HTTPS
  active
  content OWA-HTTP-REDIRECT
  vip address 172.20.3.105
  protocol tcp
  port 80
  url "/*"
  add service HTTP-TO-HTTPS-OWA-REDIRECT
  !*************************** GROUP ***************************
  group ISANat
  vip address 172.20.3.105
  add service ISA1-NAT
  active
  Does my show flows output look ok?
  ZG-CSS1# sh flows
  Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
  80.243.40.241 80 172.20.3.105 2020 172.20.7.101 TCP 1/1-203 1/2-207
  172.20.7.101 4958 80.243.40.241 80 80.243.40.241 TCP 1/2-207 1/1-203
  I dont get why in one case DPort is 2020 and ind second SPort is 4958? Should not the be the same?

  The CSS will intercept the traffic based on the src ip, and it will change the src ip and the src port.
  Since there is a single ip address for potentially multiple servers, we can't keep the same source port as 2 devices could come in with the same value.
  So we take a new port from the list of available ports.
  This is called PAT.
  G.

• Can't keep the "show flows" up

  When I telnet to vip with the specific port number. The "show flows" only can see it retains for 5 minutes. But I still see the connection is established on the servers. Is this someting relating the application software problem ? Because I have other application software, which works very similiar . When the connection is not displating in the "show flows", Is this meaning the connection dropping ? Please advise. Thanks in advance.
  Wil

  Wil,
  I'll try to keep it simple.
  A flow is describes by a FCB (Flow Control Block).
  The 'show flow' commands describe the info inside the FCBs
  When a flow is idle for a predefine period of time (like 16 seconds for TCP), the
  FCB is marked as reusable.
  So at any given time the FCB info can be erased and replaced with new info.
  The CSS can still use the FCB marked as reusable until its content is erased.
  So, your connection could still be alive but the FCB has been marked to be reused and therefore you will end up losing the connection.
  The 'show flow' only display the FCB that have not been marked as reusable.
  The solution would be to increase the frequency of your heartbeat or use one of the command to increase the timeout on the CSS.
  flow port
  flow permanent
  Gilles.

• Show flows returns a prompt without any flows

  CSS11503 running:
  CSS11503# sh ver
  Version: sg0710206A (7.10 Build 206)
  Flash (Locked): 7.10 Build 206
  Flash (Operational): 7.10 Build 206
  Type: PRIMARY
  Licensed Cmd Set(s): Standard Feature Set
  When I display a show flows it doesn't return flows. This has happened twice, approx. 2 days after we have rebooted some of the servers that we have configured on the content switch. The only way that I have been able to recover this is to reboot the CSS11503. There hasn't been a change made to the CSS during this period. Any feedback would be helpful.

  go in llama mode and do 'flow-agent show active'
  Do you see any flow ?
  Is this a single box or is it working in redundant mode ?
  I would also strongly recommend an upgrade to 7.40 or 7.50.
  We don't really support 7.10 anymore.
  Gilles.

• Show flows crashes CSS

  Hi when I do the following command show flows x.x.x.x x.x.x.x it then freezes and I'm unable to connect to the box untill the next day or a couple of hours!
  has anyone come across this before?

  This should not happen.
  You should open a service request with the TAC so that we can fix it.
  Do you have lot of connections ?
  Active connections ?
  Connection rate ?
  Gilles.

• How to show flow in execute procedures??

  Hi,
  I have about 200 procedures written in PL/SQL. And there is few root procedures which execute another. Is there any possibilities to create all flow?? Can I create this from sql or use tool like sqldeveloper?
  Regards,
  tytus

  When I saw this select first time I thought that this is exactlly what I need.. But this select in all execute take result: "no rows selected". I check my user_object view and there are only java class object types :/ Could someone explain why?? I want to print my procedures, functions and packages object types..

• Show flow export statistics query

      We have recently upgraded all our WAN router to Cisco 3945, they all have the same FLOW config as below  
  but when I do a sh flow export statistics
  on some routers I get:
  Flow Exporter Export-FNF-Plixer:
    Packet send statistics (last cleared 1d08h ago):
      Successfully sent:         0                     (0 bytes)
     Enqueued to process level: 2534452               (3484784053 bytes)
  on others  I get:
  Flow Exporter Export-FNF-Plixer:
    Packet send statistics (last cleared 14w2d ago):
      Successfully sent:         16545298              (22596920223 bytes)
      Enqueued to process level: 165                   (223914 bytes)
  as I said all the configurations are basically the same
  Does anybody know what causes this difference?
  Flow config:
  flow record Record-FNF
  description Flexible NetFlow with NBAR Flow Record
  match ipv4 tos
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  match interface input
  match flow direction
  match application name
  collect routing source as
  collect routing destination as
  collect routing next-hop address ipv4
  collect ipv4 dscp
  collect ipv4 id
  collect ipv4 source prefix
  collect ipv4 source mask
  collect ipv4 destination mask
  collect transport tcp flags
  collect interface output
  collect counter bytes
  collect counter packets
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  flow exporter Export-FNF-Plixer
  description FNF v9
  destination 172.16.6.219
  source Loopback0
  output-features
  transport udp 2055
  option interface-table
  option application-table
  flow monitor Monitor-FNF
  description FNF Traffic Analysis
  exporter Export-FNF-Plixer
  cache timeout active 60
  record Record-FNF

  Hello,
  have you checked the DBA_HIST* objects to see what / how was imported?
  If the awr export dosn't get the contents of the rolling buffer, then you won't see any session statistics that are only there. If you want to get the contents of the rolling buffer you have to dump the contents of it with :
  oradebug setmypid
  oradebug dump ashdump 10
  and load it into your "test" database.
  But before doing this I suggest you read the related metalink documentation if any!!!
  Regards,
  Franky

• (Urgent)Flow Animation in different directions. Help pls, its Urgent!

  Hi all,
  I am attaching a vi and one image describing the problem. What I need to do is show the flow by "filling" effect in the pipes, without using many variables,controls or indicators as my client wont accept any delay which is caused only due to animation. I have to submit the project completed in 2 days and hence I request you all LV gurus to please help me with this problem.
  -FraggerFox!
  Certified LabVIEW Architect, Certified TestStand Developer
  "What you think today is what you live tomorrow"
  Attachments:
  COMP.jpg ‏238 KB
  help_needed.vi ‏889 KB

  ParagD,
  I guess the best approach will be to  use a gif image that simulates the flow. Use this GIF image as the TRUE image of a boolean control. So when ever you need to show flow, turn ON this boolean control. By using multiple such control, you can create a section of pipes.
  Note: Adding GIFs to the front panel can cause your program to slowdown. So when you create GIFs make sure that your animation rate is very slow.
  Message Edited by kikiduu on 12-26-2008 01:27 AM
  "A VI inside a Class is worth hundreds in the bush"
  യവന്‍ പുലിയാണു കേട്ടാ!!!
  Attachments:
  Motion.ctl ‏100 KB

• Execute a VO '4' times and show the result in single table at once.

  Hi,
  I want to execute single a VO query multiple times with different parameters and show the results together in a Table at once
  In Detail
  I have a table to which is associated with a VO.
  The VO contains SQL whose WhereClauseParameters need to be dynamically binded.say headerId and lineId
  Select ... from ....where headerId = :1 AND lineId = :2
  I have to pass these 4 values and show all the results in a single table
  headerId lineid
  H1 ............... L1
  H1 ............... L2
  H2 ............... L1
  H2 ............... L2
  I understand that i need to bind parameters dynamically and exceute the VO.
  As i have 4 different set of parameters, the view object will be executed 4 times.
  I want to show all the results together in a single table.
  How can I do it.
  thanks,
  Gowtam

  Hi Mani,
  Thanks a lot for the patience and detailed solution.I will try it out and tell you the status.
  Meanwhile, I have 2 questions on this solution(just curious)
  I will give you the snapshot of the table
  Table - ModelInfo
  Model......Tube..... Float....Size......Col5.....Col6.......Col7.......
  M1............T1.......... F1. .....1..........C15......C16.....C17.....
  M1............T1...........F1.......2..........C25......C26.....C27.....
  M1............T2......... .F2.......1..........C35......C36.....C37.....
  M1............T2...........F2.......2..........C45......C46.....C47.....
  M2............T1.......... F1. .....1..........
  M2.............T1..........F1.....2.........Cn5.......Cn6........Cn7
  .<continues...>
  .<till>
  .Mn............Tn..........Fn.......n........Cxy.......Cpq.......Crs....
  Question 1:
  if you notice this data,
  The Columns 5 to 7 are dependent on Combination of Model,Tube,Float and Size.
  Hence will this query work properly(without mixing up data from other Pk combination) and will it be efficient?(I Know this is a stupid qst, still double checking..As your solution assumes that each row is unique for Model only..which is not true)
  Select ...From....Where
  Model in(M1,M2,..Mn) AND Tube in(T1,T2..Tn) AND Float in(F1,F2,....Fn) and Size in(1,2...n).
  In short, will C15,C16 and C17 appear only with M1,T1,F1,1..I believe it will.
  Question 2:
  As I told,
  Third party program will return Array of Objects.
  Each object will have a variable called Flow along with
  Model,Tube,Float and Size.
  Flow is not stored in the database(can not be stored due to functional reasons).I want to show this Flow also along with other columns fetched from the DB for all 100+ rows.
  How can I do it?
  I will give u the scenario(with just 2 rows)...please check(Flow is not stored in DB)
  Third Party object : ObjModel
  Model......Tube..... Float....Size......Flow
  M1............T1.......... F1. .....1..........100
  M1............T1...........F2.......2...........200.
  M1............T2.......... F1.......1..........300
  M1............T2...........F2.......2..........400
  My concern is,
  After the VO executes and shows other 6 columns, it should show Flow appropriately.(associated with each object in the array)
  I understand that I need to have a Transient attribute in VO called[b] Flow.But I don't know how to perform the two tasks simultaneously..
  Task1:Your solution on showing table columns
  Task2:Showing Transient data for each object returned from program.
  thanks,
  Gowtam

• Sample Command Output of show chassis inventory for CSS

  Hi,
  I am trying to get a sample command output of "show chassis inventory" for:
  CSS 11501
  CSS 11503
  CSS 11506
  Can anyone help?
  Thanks in advance.
  Mike

  Hi Mchi,
  When I use the command: show chassis inventory. I found :
  Slot  Module                           Serial
  1     CSS5-SCM-2GE F0   JABxxxxxxx
  2     CSS5-IOM-2GE E0   JAB08xxxxxx
  3     CSS5-IOM-8FE F0   JAB0xxxxxxx
  4     CSS503-SM-INT     JAB09xxxxxxx
  this is the switch fabric module that connects the other modules.
  This is an internal module and it can't be removed/replaced.
  Use the show chassis command to display a chassis configuration for the CSS. The syntax and options for this command are as follows:
  •show chassis - Displays a summary of the chassis configuration.
  •show chassis slot number  - Displays the operational parameters for a slot in a CSS 11503 or CSS  11506 chassis. Enter an integer value for the chassis slot number.
  •show chassis verbose - Displays detailed information about the chassis configuration.
  •show chassis flash - Displays the operational and locked Flash software code on the CSS  11501, and the CSS 11503 or CSS 11506 SCM and I/O modules. An asterisk  (*) character before a Flash version of code and build number indicates  that it is active.
  •show chassis inventory - Displays the physical configuration of the CSS including part and serial numbers.
  •show chassis session-processors - Displays the weight and power summary of the session processors in the CSS chassis.
  CSS11506# show chassis inventory
  Chassis Inventory:
  Product Name:    CSS11506-2AC E0    SW Version:        07.50.1.05s
  Serial Number:   JAB09xxxxxx        Base Mac Address:  00-13-80-37-xx-xx
  Slot  Module            Serial
  1     CSS5-SCM-2GE F0   JAB0915xxxx
  2     CSS5-SCM-2GE F0   JAB0914xxxx
  3     CSS5-SSL-K9 F0    JAB0848xxxx
  4     CSS5-IOM-2GE E0   JAB0808xxxx
  7     CSS506-SM E0      JAB0911xxxx
  8     CSS506-SM E0      JAB0911xxxx
    Even a "show chassis verbose" command does  not indicate the presence of a GBIC.  It shows the Operational Status of  a port as "online" whether there is a GBIC installed or not.  For  example, in the output below Slot 4 has a GBIC installed in port 4/1,  but 4/2 is empty:
  CSS11506# sho chassis verbose
  Configuration for CSS11506-2AC E0:
  Product Name:    CSS11506-2AC E0    SW Version:        07.50.1.05s
  Serial Number:   JAB0916xxxx        Base Mac Address:  00-13-80-37-xx-xx
  Module(s) Found:                   6
  Power Supplies(s) Found:           2
  Fan(s) Found:                      3
  Slot/SubSlot  Operational                  Locked
     1/1        *07.50.1.05                       07.40.1.03
     2/1        *07.50.1.05                       07.40.1.03
     3/1        *07.50.1.05                       07.40.1.03
     4/1        *07.50.1.05                       07.20.2.06
  Slot Number:                       1  Type:       CSS5-SCM-2GE F0
  Serial Number:           JAB0915xxxx  Number of Ports:          2
  Operational Status:          primary
  Port Number:                      1  Port Name:          SCM-2GE
  Operational Status           online
  Port Number:                      2  Port Name:          SCM-2GE
  Operational Status           online
  Slot Number:                       2  Type:       CSS5-SCM-2GE F0
  Serial Number:           JAB0914xxxx  Number of Ports:          0
  Operational Status:           backup
  Slot Number:                       3  Type:        CSS5-SSL-K9 F0
  Serial Number:           JAB0848xxxx  Number of Ports:          0
  Operational Status:          primary
  Slot Number:                       4  Type:       CSS5-IOM-2GE E0
  Serial Number:           JAB0808xxxx  Number of Ports:          2
  Operational Status:          primary
  Port Number:                      1  Port Name:          IOM-2GE
  Operational Status           online
  Port Number:                      2  Port Name:          IOM-2GE
  Operational Status           online
  Slot Number:                       7  Type:          CSS506-SM E0
  Serial Number:           JAB0911xxxx  Number of Ports:          0
  Operational Status:       powered-on
  Slot Number:                       8  Type:          CSS506-SM E0
  Serial Number:           JAB0911xxxx  Number of Ports:          0
  Operational Status:       powered-on
  end of buffer.
  Maybe you can use "show tech"
  HTH
  Sachin

• 5508 pair show "Down" as data sources for Netflow

  I've setup my 5508s to monitor and export netflow to Cisco Prime Infrastructure but no data populates in the expected tabs.  When I check Admin-> Data Sources they show up as "down", while other netflow exporters (ASA1000s I used to test) show as "up".  I verified in the WLC CLI that they are exporting flows.  Thoughts?
  WLC show flow exporter stat:
  Exporter-name: CiscoPrime
    Total Flows Sent: 69536
    Total Pkts Sent: 4021
    Total Pkts Dropped: 0
    Last Sent Time: Thu Aug 15 15:24:29 2013

  Hi Marcin,
  You are most welcome my friend I think the great NetPros in this thread
  offer some excellent tips and strategies for this plan as well as the restrictions
  you will encounter moving forward. You will likely want to make the 5508 the
  primary controller with an eye on moving away from the 4400 at some point
  due to it's EoL and inability to run the latest code versions.
  Cheers!
  Rob
  "Show a little faith, there's magic in the night" - Springsteen

• CSS How do I show which client connected to which server?

  I have a few servers load balanced on a CSS 11501. I want to know which server a particular client IP is connected to - what command do I need?

  The commmand I use is "show flows 'IP'.
  Replace 'IP' with the actual address of the client you're looking for.

• Display approval flow

  Hi All,
  I want to get idea on which componenet to use to display approval flow i.e. list of approvers. I also have to have functionality to add approvers. so for example I need to show flow as
  person 1 -> person 2 -> person 3
  Thanks,
  Dipal

  Bread crumb?
  af:iterator with the details of each person in each section?

• Hanging flows

  I have an 11506 connect between two 6500's. All the servers use the content switch as a gateway. I was trouble shooting a problem when I noticed that if I bypass the vip and hit a web server directly, the flow "show flows x.x.x.x" stays there for along time, I still have flows from sessions I initiated yesterday. It only happens to one server. I get a web page back from the server. What does that mean. What causes the flow to timeout? Could a bridge loop cause this?
  TIA

  the only reason would be if the CSS does not see a RST or FIN/ACK from the server.
  What software version do you use ?
  Gilles.

• BPM BAM Integration - Getting Started Tutorial... Any Pointers?

  Hi,
  We are working on a BPM project for contract maturity management. We have reached a stage where we have the flow in place. We have to start working on different BAM Dashboards to basically show flows/processes by contract, by role, etc etc...
  I just wanted to know if there are any tutorials/material for getting started on this? Basically to show how to approach the dashboard building and plugging in business data from BPM from various points to push the same into the dashboard.
  Any help/direction in this regard would be appreciated.
  Thanks in advance,
  user8702013

  Hi,
  We are working on a BPM project for contract maturity management. We have reached a stage where we have the flow in place. We have to start working on different BAM Dashboards to basically show flows/processes by contract, by role, etc etc...
  I just wanted to know if there are any tutorials/material for getting started on this? Basically to show how to approach the dashboard building and plugging in business data from BPM from various points to push the same into the dashboard.
  Any help/direction in this regard would be appreciated.
  Thanks in advance,
  user8702013