Is sticky table really FIFO ?

Hi, looking at my sticky table on the CSS I can see entries that have been in their for an extremely long time - 3810341 seconds = 44 days.
We have many services on the CSS but one service on the CSS has 14,000 logons per hours, with a 32K sticky table I would expect entries to get purged within the day ?
Can anyone explain this behaviour ?
cheers,
Mike

Hi Gilles,
First thing, we actually have 288Mb of memory so we have 128K sticky entries, not 32K.
I just spoke with the server guys and they have a total amount of users of 100,000 so it is possible the entries stay in the table for a long time as the other services do not have so many users.
We do not have sticky-inact-timer set but we are looking to do this for this service to see if the load on the servers becomes more equal.
CONTENTSWITCH(debug)# show sticky-stats
Total number of available sticky entries is 0
Total number of used sticky entries is 131071
Total L3 sticky entries are 131071
Total L4 sticky entries are 0
Total SSL sticky entries are 0
Total WAP sticky entries are 0
Total number of SIPCID sticky entries is 0
One other question, if a sticky entry exisit for Client A going to Server A, then server A fails. Client A will get redirected to Server B. Will the original sticky entry be overwritten with this new one ? I would expect so.
cheers,
Mike

Similar Messages

  • Exploring CSS 11503 sticky table / sticky mask

    Hi All
    I am currently undergoing some testing with a client.
    We have a VIP load balancing 8 instances. We are testing with the following configs
    content test-test
        add service a
        add service b
        add service c
        add service d
        add service e
        add service f
        add service g
        add service h
        vip address 10.10.10.1
        flow-timeout-multiplier 225
        sticky-mask 255.255.255.252
        redundant-index 1000
        port 443
        protocol tcp
        advanced-balance sticky-srcip-dstport
        sticky-inact-timeout 360
        balance leastconn
    active
    We  have traffic been sourced from 32 IP addresses and want all 8 instances  to be used/hit, but this is not happening in all instances.
    (from the above config, 4 consecutive IPs will be stuck to the same instance based on the sticky mask -- yes?)
    For instance I would expect the following: with the Test IP addresses used based on the sticky mask:
    10.120.1.168
    10.120.1.169
    10.120.1.170
    10.120.1.171 
    (to be stuck to maybe instance a)
    10.120.1.176
    10.120.1.177
    10.120.1.178
    10.120.1.179
    (to be stuck to maybe instance b)
    I have tried the following command during tests:
    show sticky-table l4-sticky ipaddress 10.10.10.1  255.255.255.252  443
    and get an empty table back.
    L4 Sticky List on Slot 1, subslot 1:
    Entries for page 1.
    Entry   Hash    Rule Rule  Srv  Srv      Time(Sec)     Hit Col  Elem Inact
    Number  Value   Indx State Indx State    Elapsed       Cnt Cnt  Type Cfg(Min)
    Total number of entries found is 0.
    L4 Sticky List on Slot 2, subslot 1:
    Entries for page 1.
    Entry   Hash    Rule Rule  Srv  Srv      Time(Sec)     Hit Col  Elem Inact
    Number  Value   Indx State Indx State    Elapsed       Cnt Cnt  Type Cfg(Min)
    Total number of entries found is 0.
    I would like to ascertain what source IP address is been stuck to what load balanced instance at any one time.
    I have tried looking at the flow table but, that clears out quite quicky so not really an accurate method.
    Thanks!

    Hi All
    I am currently undergoing some testing with a client.
    We have a VIP load balancing 8 instances. We are testing with the following configs
    content test-test
        add service a
        add service b
        add service c
        add service d
        add service e
        add service f
        add service g
        add service h
        vip address 10.10.10.1
        flow-timeout-multiplier 225
        sticky-mask 255.255.255.252
        redundant-index 1000
        port 443
        protocol tcp
        advanced-balance sticky-srcip-dstport
        sticky-inact-timeout 360
        balance leastconn
    active
    We  have traffic been sourced from 32 IP addresses and want all 8 instances  to be used/hit, but this is not happening in all instances.
    (from the above config, 4 consecutive IPs will be stuck to the same instance based on the sticky mask -- yes?)
    For instance I would expect the following: with the Test IP addresses used based on the sticky mask:
    10.120.1.168
    10.120.1.169
    10.120.1.170
    10.120.1.171 
    (to be stuck to maybe instance a)
    10.120.1.176
    10.120.1.177
    10.120.1.178
    10.120.1.179
    (to be stuck to maybe instance b)
    I have tried the following command during tests:
    show sticky-table l4-sticky ipaddress 10.10.10.1  255.255.255.252  443
    and get an empty table back.
    L4 Sticky List on Slot 1, subslot 1:
    Entries for page 1.
    Entry   Hash    Rule Rule  Srv  Srv      Time(Sec)     Hit Col  Elem Inact
    Number  Value   Indx State Indx State    Elapsed       Cnt Cnt  Type Cfg(Min)
    Total number of entries found is 0.
    L4 Sticky List on Slot 2, subslot 1:
    Entries for page 1.
    Entry   Hash    Rule Rule  Srv  Srv      Time(Sec)     Hit Col  Elem Inact
    Number  Value   Indx State Indx State    Elapsed       Cnt Cnt  Type Cfg(Min)
    Total number of entries found is 0.
    I would like to ascertain what source IP address is been stuck to what load balanced instance at any one time.
    I have tried looking at the flow table but, that clears out quite quicky so not really an accurate method.
    Thanks!

  • Question about the CSS behavior when using layer 3 sticky and sticky table

    Hi everyone,
    I have a question about the CSS behavior when using layer 3 sticky and sticky table is full.
    If I configure layer 3 sticky and specify the inactivity timeout as below, how does the CSS
    handle subsequent needed sticky requests ?
    advanced-balance sticky-srcip
    sticky-inact-timeout 30
    CSS document says that
    Note:
    If you use the sticky-inact-timeout command to specify the inactivity timeout
    period on a sticky connection, when the sticky table becomes full and none of
    the entries have expired from the sticky table, the CSS rejects subsequent
    needed sticky requests.
    My question is what is the next reaction by doing the CSS if the CSS is in the
    following condition:
    when the sticky table becomes full and none of the entries have expired from
    the sticky table, the CSS rejects subsequent needed sticky requests
    Does CSS just rejects/drops subsequent needed sticky requests ?
    or
    Does CSS does not stick subsequence requests to particular service but CSS forward
    subsequence requests with round-robin basis ? which means if the sticky table is full,
    the CSS just works round-robin load balancing fashion for subsequence requests ?
    Your information would be appreciated.
    Best regards,

    Hello,
    There is a good document explaining this on Cisco web site
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080094b4b.shtml
    It depends if the sticky-inact-timeout is used or not. If not, it's FIFO (the oldest entry in the sticky table is removed). If yes, the CSS will reject the next sticky request.
    Rgds,
    Gaetan
    Rgds
    Gaetan

  • Can I see how long the longest entry has been in the sticky table ?

    Hi,
    I have a customer who has a possible issue with the sticky inactivity timeout on the CSS. At the moment we are using no timeout, just relying on the CSS to purge the entries.
    However, is it possible to see how long the longest entry has been in the sticky table. I can see the 'elapsed time' with the 'show sticky' command but this only shows 100 entries per time and not in time order ?
    Thanks in advance for any help

    Michael,
    You can use the command "show sticky-table" with L3 or L4 options, depending on what you have configured, then add ip addressing to the command, to focus down to where the oldest sticky entries are likely to be, but theres no other way. If your problem is having too many entries, configure a sticky timeout, as the default of 0 will keep then forever, or until overwritten due to the table being full. If the problem is sticky entries timing out too early, you can use the timeout parameter to increase their life, but the sticky table is limited to 32k entries.
    Peter

  • CSS 11500 - how to clear sticky-table entry

    Hi together,
    1. is there any possibility to clear an entry in the sticky table ?
    2. how could I find a sticky table entry, belong to a certain IP Addres or flow ?
    commands I know to find more details infos about the sticky table and the flows find below, but how could I merge these infos ?
    #sh sticky-table l3-sticky
    L3 Sticky List on Slot 1, subslot 1:
    Entries for page 1.
    Entry Hash Rule Rule Srv Srv Time(Sec) Hit Col Elem Inact
    Number Value Indx State Indx State Elapsed Cnt Cnt Type Cfg(Min)
    1 a18015a 26 ACT 23 ALIVE 659 1 0 L3 15
    2 a18015a 28 ACT 12 ALIVE 43 19 0 L3 15
    3 a18016d 28 ACT 13 ALIVE 16 22 0 L3 15
    4 a180170 26 ACT 12 ALIVE 727 1 0 L3 15
    5 a180170 28 ACT 13 ALIVE 37 20 0 L3 15
    6 a180171 28 ACT 12 ALIVE 46 24 0 L3 15
    7 a180188 26 ACT 24 ALIVE 695 1 0 L3 15
    for the flows:
    # flow-agent show active_fcbs
    Flow ID Src IP SPort Dst IP DPort Pr slot sub spt dpt Flow flg
    8499f000 172.29.149.144 443 172.21.211.155 52988 6 2 1 1 1 00000098
    83e0c860 172.19.28.47 1107 172.29.149.144 443 6 2 1 1 1 00001098
    84049a40 172.29.148.149 389 172.29.27.133 35292 6 2 1 1 1 00000119
    83b97160 172.28.19.130 4647 172.29.149.144 81 6 2 1 1 1 00001089
    84588ae0 172.29.27.133 6101 172.29.148.167 33054 6 2 1 1 1 00000508
    # flow-agent show fcb_details 0x83650080
    Fcb Details for FCB: 0x83650080
    SRC: 172.29.148.149-389 NAT: 172.29.149.136-389
    DST: 172.29.27.133-40833 NAT: 172.29.27.133-40833
    DMAC: 00-01-f4-16-e5-e6 SMAC: 00-0b-fd-be-c6-7d
    IP Hdr ChkD: 65292 TCP/UDP Hdr ChkD: 65292
    TCP SequenceD: 0 Task CE: 0
    BytesIn: 1460 Frames In: 14
    Dest VLAN: 101 Src/Dst Ports: 0/0
    Slot/SubSlot: 2/1 SmbQ/PrcSwP: 32/1
    Time Stamp / Time Out Info:
    CurSecs: 1846643:342, started: 1793589:504 last activity: 1845164
    May timeout due to inactivity: Yes , inactiveTimeout: 1048528
    Inactive Secs: 1479, will timeout in: 1047049 secs
    FCB Flags: 0x0119
    0x0001 - Natting In Use
    0x0000 - NOT L5 Aware
    0x0000 - Non-Spoofed
    0x0008 - IP/TCP Flow
    0x0010 - Remote - Egress port
    0x0100 - In LL List
    0x0000 - Server-side
    FCB FlaFlags: 0x8040
    0x0040 - Is a static FCB
    0x8000 - Handled an ACK

    1/ to clear use the comand 'sticky-purge ...' from llama mode.
    2/ To see if an entry exist of a particular ip address, use the command 'sho sticky-table l3-sticky ipaddress ...'
    Regards,
    Gilles.

  • CSS SNMP counter "apCntStickyStatsNewCt".. query on sticky table entry lifetime.

    Hello,
    Can someone confirm the meaning of SNMP counter "apCntStickyStatsNewCt" please? Does it just mean that for every new sticky table entry created that this counter gets incremented ?
    My understanding is that there is a finite number of sticky table entries. There is one table for all entries and these can be made up of L3, L4, SSL etc.. and it operates on a First-In-First-Out system.
    Assuming we fill all available sticky table slots, when this "apCntStickyStatsNewCt" counter increments and inserts a new sticky entry then the oldest sticky table entry gets removed from the end of the of the table. Is this correct ?
    By taking a delta of this counter every 60 seconds I'm trying to determine if this counter can be used to work out how long a sticky entry will remain in the sticky table before being purged/pushed out.
    The full namepsace/OID info for apCntStickyStatsNewCt is below:
    Name  .iso.org.dod.internet.private.enterprises.cisco.ciscoMgmt.arrowPoint.apMgmt.cntExt.apCntStickyStatsTable.apCntStickyStatsEntry.apCntStickyStatsNewCt
    (OID .1.3.6.1.4.1.9.9.368.1.16.25.1.2)
    Many thanks,
    Scott

    Hi Gilles,
    Thank you very much for your pointing and suggestion and I am sorry for my delay response.
    I understand there are two kind of CLI on CSM depend on using CSM mode or RP mode.
    - show command begins with "show ip slb" when using CSM mode (ip slb mode csm)
    - show command begins with "show mode csm x" when using RP mode (ip slb mode rp)
    And "show mod csm x sticky config" command can be done on RP mode only.
    So I tried to "show ip slb sticky config" command on CSM mode, but I could not find
    "config" argument as follows,
    ct65svf1#sh ip slb sticky ?
    client sticky associated with a specific client IP address
    groups list configured sticky groups
    | Output modifiers
    ct65svf1#sh ip slb sticky
    So I think, on CSM mode, I can not calculate the amount of sticky entry by executing one
    show command.
    Is my understanding correct ?
    Best regards,

  • HTTP Sticky Table entries

    All,
    When using the advanced-balance ssl method, I can issue the command show sticky-table all-sticky and see the sticky information entered there.
    I have been trying to setup the equivilent with HTTP for the last few days. I have used the advanced-balance cookies method and the advanced-balance arrowpoint-cookies method.
    Although I see the cookies getting set in the packet traces, the CSS does not create an entry in the sticky table.
    My question is: Should I see entries in the show sticky-table all-sticky when using these methods?
    Thanks in advance.

    there is no sticky table for cookie sticky.
    The cookie value contains the sticy information [ie: the ip address of the real server].
    So no need for sticky table.
    Regards,
    Gilles.

  • CSS 11501 - 32,000 sticky table entries or 128,000?

    The product guide below says the sticky table has either 32,000 or 128,000 entries depending on your model but then doesn't spell out which model has which.
    This figure also appears unavailable on their product data sheet. Anyone know the skinny?
    http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_qanda_item09186a00801aa6d1.shtml
    http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html

    I found my own answer. Looking at the "show sticky-stats" - it looks like 131,071 is the magic number.
    CSS11501# show sticky-stats
    Sticky Statistics - SFM Slot 1, Subslot 1:
    Total number of new sticky entries is 0
    Total number of sticky table hits is 0
    Total number of sticky rejects (no entry) is 0
    Total number of sticky collision is 0
    Total number of available sticky entries is 131071
    Total number of used sticky entries is 0
    Total L3 sticky entries are 0
    Total L4 sticky entries are 0
    Total SSL sticky entries are 0
    Total WAP sticky entries are 0
    Total number of SIPCID sticky entries is 0

  • CSS 11501 clear sticky table

    How can i clear the sticky table on this CSS? Is it even possible? I am only running version 7.1 so I do not even have the show sticky-table commands.

    I think your commands are for the CSM. Or possibly a newer OS version for the CSS...one that i'm not running.
    However, in case anybody does come across this thread in the future, I was able to get an answer from TAC. The command is as follows...
    CSS# llama (press enter)
    CSS(debug)# sticky-purge all-sticky

  • CSS Sticky-table analysis

    We have a CSS 11503 at 7.4.2.02.
    It has a number of L3 Sticky rules.
    The users or rather their workstations are working 24 x 7.
    We would like to work out what is the best sticky-inact-timeout value to use so that we can gracefully close a server (weight = 0) and drain the sticky entries for that backend server.
    It would be good to have more information about the life of the sticky-entry in the table. For example when it was first loaded and perhaps the maximum elapsed time value.
    Are there any debug commands that can get more information on the sticky-table entries?
    Or has anyone got any other ideas on how to find out how long it would take to drain a server without actually setting the weight to zero and seeing what happens?
    My last thought is to change the sticky-inact-timeout value on the rule. As I understand it this change, which appears to be dynamic will only impact new sticky sessions. So a show sticky-table should show the new value for new entries where previous sessions elapsed time has exceeded the old value. Measuring the time taken from the change to the rule to the time that the majority of sessions have shifted to the new timeout value should give an indication of the time it would take to drain the majority of users off the server to be closed.
    If this is true then the only problem is how to interrogate the sticky-table which can only be paged at 100 entries a time and does not seem to be filterable in normal CLI. Hence the request for more info on Debug mode.

    Gilles,
    thanks for the response.
    However, what I am trying to acheive is a little more than see the sticky-entries as they are displayed using the standard show sticky-table command.
    For Layer three sticky entries even if you filter on IP address, you get a single entry in the standard 1 line format. I actually would like to see all entries with a given set of characteristics.
    Also for SSL sticky entries there is a Hash argument that allows the ability to see much more information for an individual entry. I cannot find an equivalent for Layer 3 sticky entries.
    The inability to search the whole table for certain characteristics without devizing a script with a loop on page count is giving us some interesting challenges. The abscence of information about statistics/timers on each flow is also a bit of a barrier for diagnosis.
    Hence the request for more information about the sticky-table debug facilities.
    regards
    Andrew T

  • Identifying source IP in sticky table on ACE

    Hi,
    A newbie question :-)
    How can I see a real source IP address of a sticky table entry on ACE running 2.1.1 code?
    If I do "show sticky database" I see a hash value, but not IP itself. In CSM the command shows the source IP, but not on ACE....
    Thanks!
    David

    Well there is no command to get what you are looking for. Infact you can find a bug CSCsg58769 in this regard in bugtoolkit.
    Previously it used to be IP in decimal format and was needed to be converted to IP dotted quad."I think" some change has been made to the code.
    There are some other ways to workaround it
    for example
    If you want to see stciky database entries for a given client ip you can use
    sh sticky database client
    If you want to see stciky database entries for a given rserver you can use
    sh sticky database rserver
    Syed Iftekhar Ahmed

  • {Sticky} I really need Techinical Support

    1.Air-Condition --> IDLE 49 'c , full load --> 55~58'c
    2. No air-condition --> IDLE 51'c  OK?
    3.
    One day, i turn on my room Air-Condition, run 3D mark 2001, loop for 5 times....no hang...NO restart!!!!!!!
    then.one day......i turn off Air-Condition.........run 3D mark2001, loop again..........it will suddnely restart the computer!!!!!! WHY???????
    I didn't OVerCLOCL!!!
    Or, is that Drivers (VIA 4 in 1) conflict? I use the one include in the Motherboard CD
    4. MSI motherboard don't let my CPU fun at FSB 133 to login to WinXP, it will restart everytime I enter XP...
    Thx to some guides.....I change the Ram Bios setting ( SPD --> User , speed: SPD --> HCLK, Now that I can login
    I really Need Help.........pls help!!!!!!!!!

    check your cooler installlink
    and check your psu against the sticky in via
    if you want help post details on your set up not a load of rants and raves
    none of us work for msi nor could care less what people think of msi

  • MIB to monitor sticky table entries

    Does anyone know the MIB and OID I can use to monitor the current number of entries in my sticky table

    this does not exist currently but developpers agreed this is something that would be useful so they will at the possibility to implement it.
    Thanks,
    Gilles.

  • I dropped my ipod5 on a stone table (really hard) and the color (little part) came off! It's not a big problem but I just got it not long time ago. Can Apple repaire it? Will it be free? P.s. That part it's like 1mmX1mm not big, but I just want to know.

    Like I say I'm the title... A little part "colour" on my iPod5 came off after I dropped my iPod on a stone table.
    I just want to know that can Apple repair it or it doesn't count on the guarantee? It's not a big problem but I just got it few month ago...It's brand new! Do that's why I'm curious..:) and if they can repair... Will it gonna be free?

    When you get your iPod repaired / replaced... do yourself a favor, spend a few more bucks and but a case, like a Lifeproof or Griffin Survivor. Both cover the entire iPod and offer protection against drops and falls, weather, sand, dust, etc. and will at least minimize if not prevent damage to your iPod.  Good luck.

  • Sticky configuration at CSS11506

    When I configure sticky option on contents as follow
    content www
    vip address 172.16.1.1
    add service web1 weight 2
    add service web2 weight 3
    add service web3 weight 4
    balance weightedrr
    advanced-balance sticky-srcip
    sticky-mask 255.255.255.0
    protocol tcp
    port 80
    active
    There was no problem for common clients.
    If no sticky options applied for any clients.
    What will the problem be.
    Or Any case like that was?
    My OS Version and device are 7.1Build109s and CSS11506.
    In above content configuration, when I add line application SSL
    then what will be happened.
    what is the difference between Using 'application SSL' and not using 'application SSL'

    the only possible problem is the limit of size for the sticky table.
    32k with 128MB
    128k with 256MB
    Once the table is full we delete old entries (FIFO) or if you have sticky timer, we do not delete old entries and reject creation of new entry.
    Gilles.

Maybe you are looking for

  • Satellite Pro U300 shows "Unmountable_Boot_Volume" message

    I hope someone will be able to help me... I have a Satellite Pro U300 and recently it comes up with a stop error screen with the message Unmountable_Boot_Volume. On booting the machine I am told that windows did not start properlly because of a HW or

  • Internal Order creation in ECC after creation of Service Contract in CRM

    Hi, I hv created Service Contract in CRM, but there is no internal order created referring this in ECC. Even no errors in CRM. What shall i chk for this. rgds, balu

  • Ipod won't update music and i get wierd error messages

    I've never gotten any error messages with my ipod before, i've been trying for about an hour to get it to update my music. I'm backing up my music to make sure i don't have to worry about losing it all when i try restoring. My itunes tells me that my

  • Message no M3015

    hello, Can anyone tell how to make message no M3015( to enter tax classification in material master) as warning message instead of  Error message. In system message in SPRo , this message is not showing , but while  error is thrown with M3015 message

  • Firefox 9.0.1 replaced FF logo in toolbar with a pencil/ruler/pen. Why? It's confusing.

    Just updated to FF 9.0.1. All by itself it changed the Fox logo in my toolbar to a generic-looking pencil and brush over a ruler on a blank page logo. {Would attach a screen-shot but there's no way to do so} Why have a logo that suggests a graphics p