Monitoring the Cisco ACE module with SNMP
We use 2 redundant Cisco ACE loadbalancer in our datacenter
The models are ACE20-MOD-K9 with software A2(2.0)
Does anybod know how to monitor the environment (cpu, memory) of such a module with snmp?
We were not able to find an applicable MIB for that module.
The CISCO-PROCESS-MIB.oid (ftp://ftp.cisco.com/pub/mibs/oid/CISCO-PROCESS-MIB.oid) seems not to reflect the correct oid's.
What are the correct oid's for cpu and memory?
Where can I find a detailed documentation for snmp-monitoring the cisco ace module?
thanks
Hi Patrik,
to monitor the ACE I use these two MIB's:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-ENHANCED-SLB-MIB.my
Example for CPU:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normale Tabelle";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
cpmCPUTotalEntry 1.3.6.1.4.1.9.9.109.1.1.1.1
The resource usage and other interesting things you will find with a MIB browser.
Achim
Similar Messages
-
Cisco ACE Module with Bluecoat Cache Proxy, Transparent and spoofing client IP
Hello Dears,
I'm trying to implement Cache loadbalancing through Cisco ACE Module.
I have 2 Bluecoat cache proxies, when i do configure transparent proxy without spoofing client IP, everything work properly, but when I enable spoofing client IP (reflect client IP address), clients are not able to access internet, although they are going to cache servers, I can see their sessions.
I'm afraid that I have a problem in the returned traffic PBR.
can anyone help please.
ThanksHi Ibrahim
I ahve reviewed the config. The ACE config is all god but I do see some issue with the switch side. If you are doing ip spoofing, then "match ip address" in pbr should be the client ip address. However, what you did is ip address between the ACE and MSFC. Try to configure the test client ip address into the below access-list.
msfc---vlan 265---ACE--vlan 264----CE farm
interface vlan 265
description Interface_With_MSFC_SUBS_2_INTERNET
ip address 168.168.1.52 255.255.255.248
access-group input PERMIT_ALL
service-policy input L3L4_PM
no shutdown
ip route 0.0.0.0 0.0.0.0 168.168.1.50
ip access-list extended HSDPA_2_CACHE
permit tcp 168.168.0.0 0.0.255.255 any eq www <<<-- wrong
ip access-list extended Internet_2_CACHE
permit tcp any eq www 168.168.0.0 0.0.255.255 <<<---wrong
interface Vlan 265
description Interface_With_ACE
ip address 168.168.1.50 255.255.255.248
route-map INTERNET_2_HSDPA permit 10
description "PBR for Response HTTP Traffic"
match ip address Internet_2_CACHE
set ip next-hop 168.168.1.52
route-map HSDPA_2_INTERNET permit 10
match ip address HSDPA_2_CACHE
set ip next-hop 168.168.1.52
regards
Andrew -
Dear All,
I know this might have discussed here million times.. but still i am behind this to get this done due to BU pressure to do the capacity management.
I am trying to get the following using SNMP
1) Real Server
2) Real Server Current Connection
3) Real Server IP address
I tried it with following MIBs and OIDs
CISCO-SLB-MIB
slbRealServerFarmName .1.3.6.1.4.1.9.9.161.1.3.1.1.1
slbRealIpAddress .1.3.6.1.4.1.9.9.161.1.3.1.1.2
slbRealNumberOfConnections .1.3.6.1.4.1.9.9.161.1.3.1.1.5
CISCO-ENHANCED-SLB-MIB
cesRserverName .1.3.6.1.4.1.9.9.470.1.1.1.1.1
cesRserverIpAddress .1.3.6.1.4.1.9.9.470.1.1.1.1.4
cesRserverCurrConns .1.3.6.1.4.1.9.9.470.1.1.1.1.19
Either of these MIBs /OIDs return any value.
When i raise a TAC case i got the information saying these cannot be retrieved.
Is there any way i can get these values from ACE MODULE , because this is very much required for the BU and they are behind us since long time.
Apppreciate support from all.
thanks,
ParveesHi Parvees,
I wasn't looking for values you're interested in, but everything you can get with show command you can get via HTTP(s) request in XML using .
For example, here's a "sh serverfarm ServerFarm1" query:
$ curl --user USER:PASSWD -d "xml_cmd=CONTEXT\">xml-show on%0A show serverfarm ServerFarm1" http://ACE_IP_ADDRESS/bin/xml_agent
I'm running curl on linux box, but I think it is available on other platforms. The code above is a one-line command, but you can write scripts/lists of commands and send them to your ACE with curl.
Here's a link provided in a neighbour discussion that gives more information: https://supportforums.cisco.com/docs/DOC-17849
Hope this help,
Alex -
Cisco ACE compatiblity with F5 GTM
Hi,
We have cisco ace 30 modules installed in cisco 6500 switches. For application availability purpose from the internet, we need to have some global site selector/3rd party devices with similar feature set that of cisco gss.
My question is: whether cisco ace is compatible to ge tintegrated with other 3rd party devices like F5 GTM?
kindly sugegst..Good afternoon,
I'm not familiar with the GTM solution, but, as long as it's DNS-based like the GSS, it should be perfectly compatible. Bear in mind that the ACE is not aware on how clients are getting the IP address, it just replies to whatever connections it gets.
Regards
Daniel -
Cisco ACE module missing licence file - no connectivity
Hi,
We have 2 ACE modules that were delivered without any licenses.
There is no IP connectivity whatsoever to these modules and I'm guessing this is due to the fact there are no licenses installed.
Have tried asking Cisco to no avail - and am not sure if there is an actual problem with them or not.
The VLANs are assigned correctly and I can see inbound ICMP echo from the 6509 that its hosted in, but no outbound packets ever leave the ACE. I've applied a mgmt policy to enable ping/telnet/ssh etc.
switch/Admin# sh vlans
Vlans configured on SUP for this module
vlan4 vlan30-31 vlan160 vlan180-195 vlan360 vlan380-395 vlan560 vlan580-
595 vlan760 vlan780-795
switch/Admin# sh ip int bri
Interface IP-Address Status Protocol
vlan4 10.119.127.196 up up
vlan30 10.119.127.241 up up
vlan31 10.119.127.245 up up
interface vlan 4
description ACE Mgmt interface for Admin Context
ip address 10.119.127.196 255.255.255.224
service-policy input REMOTE_MGMT
no shutdown
vlan4 is up
Hardware type is VLAN
MAC address is 00:1f:ca:7b:6f:33
Mode : routed
IP address is 10.119.127.196 netmask is 255.255.255.224
FT status is non-redundant
Description:ACE Mgmt interface for Admin Context
MTU: 1500 bytes
Last cleared: never
Alias IP address not set
Peer IP address not set
Assigned from the Supervisor, up on Supervisor
Config download failures : 1
2980 unicast packets input, 16363862 bytes
240857 multicast, 3026 broadcast
0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
0 unicast packets output, 187712 bytes
0 multicast, 2933 broadcast
0 output errors, 0 ignored
switch/Admin# sh arp
Context Admin
================================================================================
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
10.119.127.193 00.00.00.00.00.00 vlan4 GATEWAY - * 3 req dn
10.119.127.196 00.1f.ca.7b.6f.33 vlan4 INTERFACE LOCAL _ up
10.119.127.245 00.1f.ca.7b.6f.33 vlan31 INTERFACE LOCAL _ up
10.119.127.241 00.1f.ca.7b.6f.33 vlan30 INTERFACE LOCAL _ up
================================================================================
Total arp entries 4
The ARP table for the adjacent switch SVI has a valid MAC upon reboot, but soon after resets to 00.00.00.00.00.00
Problem is that once Cisco eventually send me the license file I have no way of TFTP'ing it to the ACE module.
Any suggestions/advice?Thanks for the info - so I should at least be able to connect to a license-less ACE at least, but these modules seem to have a problem.
If the modules are reloaded (from the ACE) or reset (from the Supervisor) they initially have the ARP entry (however still cannot communicate to the attached Supervisor via SVI) which eventually resets.
Info as requested:
switch/Admin# sh resource usage
Allocation
Resource Current Peak Min Max Denied
Context: Admin
conc-connections 9 9 0 0 0
mgmt-connections 0 0 0 0 0
proxy-connections 0 0 0 0 0
xlates 0 0 0 0 0
bandwidth 0 76 0 125000000 296849008
throughput 0 76 0 0 296849008
mgmt-traffic rate 0 0 0 125000000 0
connection rate 0 2 0 0 15
ssl-connections rate 0 0 0 0 0
mac-miss rate 0 0 0 0 0
inspect-conn rate 0 0 0 0 0
acl-memory 0 6336 0 0 11
sticky 0 0 0 0 0
regexp 0 0 0 0 0
syslog buffer 0 0 0 0 0
syslog rate 0 0 0 0 24
Context: APPLICATION
conc-connections 0 0 2000000 0 0
mgmt-connections 0 0 25000 0 0
proxy-connections 0 0 262144 0 0
xlates 0 0 262144 0 0
bandwidth 0 0 125000000 125000000 0
throughput 0 0 125000000 0 0
mgmt-traffic rate 0 0 0 125000000 0
connection rate 0 0 250000 0 0
ssl-connections rate 0 0 250 0 0
mac-miss rate 0 0 500 0 0
inspect-conn rate 0 0 1500 0 0
acl-memory 0 0 19650480 0 0
sticky 0 0 419430 0 0
regexp 0 0 262144 0 0
syslog buffer 0 0 1048576 0 0
syslog rate 0 0 25000 0 0
Context: BACK_END
conc-connections 0 0 2000000 0 0
mgmt-connections 0 0 25000 0 0
proxy-connections 0 0 262144 0 0
xlates 0 0 262144 0 0
bandwidth 0 0 125000000 125000000 0
throughput 0 0 125000000 0 0
mgmt-traffic rate 0 0 0 125000000 0
connection rate 0 0 250000 0 0
ssl-connections rate 0 0 250 0 0
mac-miss rate 0 0 500 0 0
inspect-conn rate 0 0 1500 0 0
acl-memory 0 0 19650480 0 0
sticky 0 0 419430 0 0
regexp 0 0 262144 0 0
syslog buffer 0 0 1048576 0 0
syslog rate 0 0 25000 0 0
Context: FRONT_END
conc-connections 0 0 2000000 0 0
mgmt-connections 0 0 25000 0 0
proxy-connections 0 0 262144 0 0
xlates 0 0 262144 0 0
bandwidth 0 0 125000000 125000000 0
throughput 0 0 125000000 0 0
mgmt-traffic rate 0 0 0 125000000 0
connection rate 0 0 250000 0 0
ssl-connections rate 0 0 250 0 0
mac-miss rate 0 0 500 0 0
inspect-conn rate 0 0 1500 0 0
acl-memory 0 0 19650480 0 0
sticky 0 0 419430 0 0
regexp 0 0 262144 0 0
syslog buffer 0 0 1048576 0 0
syslog rate 0 0 25000 0 0
Context: TEST_DEV
conc-connections 0 0 2000000 0 0
mgmt-connections 0 0 25000 0 0
proxy-connections 0 0 262144 0 0
xlates 0 0 262144 0 0
bandwidth 0 0 125000000 125000000 0
throughput 0 0 125000000 0 0
mgmt-traffic rate 0 0 0 125000000 0
connection rate 0 0 250000 0 0
ssl-connections rate 0 0 250 0 0
mac-miss rate 0 0 500 0 0
inspect-conn rate 0 0 1500 0 0
acl-memory 0 0 19650480 0 0
sticky 0 0 419430 0 0
regexp 0 0 262144 0 0
syslog buffer 0 0 1048576 0 0
syslog rate 0 0 25000 0 0
switch/Admin# sh cde health
CDE BRCM INTERFACE
======================
Packets received 3357
Packets transmitted 12
Broadcom interface CRC error count 0
BRCM VOQ status [empty] [not full]
BRCM pull status [pulling]
CDE HYPERION INTERFACE
======================
Packets received 7668407
Packets transmitted 967915
Short packets drop count 0
Fifo Full drop count 0
Protocol error drop count 0
FCS error drop count 0
CRC error drop count 0
Num times flow control triggered on hyp interface 0
Num self generated multicast packets filtered 967915
HYP IXP0 VOQ status [empty] [not full]
HYP IXP1 VOQ status [empty] [not full]
HYP SLOW VOQ status [empty] [not full]
HYP tx pull status [pulling]
CDE IXP0 INTERFACE
======================
Packets received 964680
Packets transmitted 6581196
Num bad pkts recvd on fast spi channel0 0
Num bad pkts recvd on slow spi channel8 0
Num bad pkts recvd on fast spi channel2 0
Num bad pkts recvd on slow spi channel4 0
IXP0 Fast VOQ status [empty] [not full]
IXP0 BRCM VOQ status [empty] [not full]
IXP0 pull status [pulling]
IXP0 spi src status [healthy]
IXP0 spi snk status [healthy]
CDE1 SWITCH1 INTERFACE
======================
Packets received (hyp, ixp0) 3241
Packets received (bcm) 6
Packets received (daughter card 0) 0
Packets received (daughter card 1) 0
Packets Errors received (hyp, ixp0) 0
Packets Errors received (bcm) 0
Packets Errors received (daughter card 0) 0
Packets Errors received (daughter card 1) 0
Packets transmitted (ixp1) 122653
Packets transmitted (nitrox) 0
Packets Errors transmitted (ixp1) 0
Packets Errors transmitted (nitrox) 0
CDE2 SWITCH2 INTERFACE
======================
Packets received (ixp1) 122653
Packets received (nitrox) 0
Packets Errors received (ixp1) 0
Packets Errors received (nitrox) 0
Packets transmitted (hyp, ixp0) 3241
Packets transmitted (broadcom) 6
Packets transmitted (daughter card 0) 0
Packets transmitted (daughter card 1) 0
Packets Errors transmitted (ixp1) 0
Packets Errors transmitted (nitrox) 0
Packets Errors transmitted (daughter card 0) 0
Packets Errors transmitted (daughter card 1) 0
CDE IXP1 INTERFACE
======================
Packets received 3247
Packets transmitted 122653
Num bad pkts recvd on fast spi channel0 0
Num bad pkts recvd on slow spi channel8 0
Num bad pkts recvd on fast spi channel2 0
Num bad pkts recvd on slow spi channel4 0
IXP1 Fast VOQ status [empty] [not full]
IXP1 BRCM VOQ status [empty] [not full]
IXP1 pull status [pulling]
IXP1 spi src status [healthy]
IXP1 spi snk status [healthy]
CDE NITROX INTERFACE
======================
Packets received 0
Packets transmitted 0
Num bad pkts recvd on fast spi channel0 0
Num bad pkts recvd on slow spi channel8 0
Num bad pkts recvd on fast spi channel2 0
Num bad pkts recvd on slow spi channel4 0
NTX Fast VOQ status [empty] [not full]
NTX BRCM VOQ status [empty] [not full]
NTX pull status [pulling]
NTX spi src status [healthy]
NTX spi snk status [healthy]
== Backplane ==
ITASCA_SYS_CNTL1 0x300 data 0x61f0000
ITASCA_SYS_CNTL2 0x304 data 0x80630000 -
Will the cisco vpn work with mountain lion?
I want to know if I'll have any issues before upgrading.
ThanksOkay, , , the concensus is that the Cisco Pix 501 ONLY supports a 32-bit client and no-one has come up with a workaround, SO -> seriously think about upgrading to a new firewall such as the Cisco ASA 5505 (which does support the 64-bit format). Depending on the number of users you need to connect, this model is available for around $345 (10 user) to $375 (50 user). Remember that the PIX 501 had an End-Of-Life date around Nov 2008.
Nick -
Does the Cisco WRVS4400N come with its own VPN Software?
I would like to install the Cisco WRVS4400N in a small business. The specs on the router says it will work with nearly any VPN client. But does it come with its own VPN software? Is there a free VPN software that is recommended? The business has no VPN software currently. Thanks...
Hi ,
since this question is about a product in the Cisco Small Business / Linksys range, I suggest you move it to the community, where you will have a better chance of getting expert advice.
best regards,
Herbert
Cisco Moderator -
Cisco WCS integration with SNMP based monitoring
I am looking for a solution to integrate Cisco WCS with any SNMP based monitoring solution. My requirement is below,
- Alerts for Access points up/down should be picked up by an alerting system in its console through SNMP.
- I dont want all access points to be monitored, but only a critical group.
Currently all access points are configured on LWAP mode under a wireless controller. Can i configure APs individually for SNMP and get it monitored through the 3rd party monitoring tool.
Can anyone please guide me to find a solution for this.http://www.cisco.com/en/US/docs/wireless/mse/3350/6.0/CAS/configuration/guide/msecg_ch2_CAS.html
-
End of development of the Cisco ACE?
Dear all,
I read in many IT websites that Cisco has confirmed that it will end development of its Application Control Engine (ACE) load-balancer products and it will not develop further generations of its ACE.
By the way, is it a correct information? Does Cisco will continue to sell ACE products? what we can do with the existing ACE20 and ACE30 already installed in our Data Center and is there any clear roadmap for Cisco load-balancer products?
Ragards,
AbdelazizHi Abdelaziz,
This was answered to another similar question at :
https://supportforums.cisco.com/thread/2172040
At this current point in time, the ACE30 and ACE4710 will continue to be developed through A5(3.X) code as part of the planned lifecycle of those products. Any of the other future products including vACE, RISE, Nexus based Modules, appliances, etc. currently have no ETA, nor has any lifecycle ever been defined as they are not released products. There is also no official Cisco response at this point in time to the rumors of cancellation, holds, etc. despite the hinting of certain articles to "confirmed by Cisco resources" based comments.
Your best avenue for information is to talk with your local Cisco sales representative or account manager. They may have more specific information pertaining to questions at a per-product/per-scenario level. As well, they will have the ability to help you plan your future deployments and designs queries accordingly.
Regards,
Kanwal -
How to specify the Process Flow Module with SQLPLUS_EXEC_TEMPLATE.SQL ?
Hi, we have a couple of process flow modules that have PF Packages and Process Flows with the same name.
E.g
PFMOD1 (Module)
FILELOAD (Package)
PF1 (Pf)
PFMOD2 (Module)
FILELOAD (Package)
PF1 (Pf)
Normally we can specify "FILELOAD/PF1" as a paramater to the procedure SQLPLUS_EXEC_TEMPLATE.SQL in order to initiate the running of an OWB process flow but how can the system distinguish between modules ?
Anyone done this ?
Thanks
PaulIf you deployed the packages to the same location then the second deployment replaced the result of the first one (actually a new version of the process flow was created). You can execute only the latest version...
Regards,
Robert -
How do I monitor the Band-width usage with my RV 120W?
We are having an issue with accessing our SharePoint Sites over the Web and Microsoft Technicain wants us to capture band with usage. I am trying to findout if that is possible with the RV 120W. I have looked at the documentation and cannot find any info on doing this type of analysis.
Hi Don,
Thanks for posting. I don't recall a way to monitor bandwidth with the RV120W other than Status ->Port Statistics. -
With Ajay Kumar and Telmo Pereira
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about configuration and troubleshooting the Cisco Application Control Engine (ACE) load balancer with Cisco expert Ajay Kumar and Telmo Pereira. The Cisco ACE Application Control Engine Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is a next-generation load-balancing and application-delivery solution. A member of the Cisco family of Data Center 3.0 solutions, the module: Helps ensure business continuity by increasing application availability Improves business productivity by accelerating application and server performance Reduces data center power, space, and cooling needs through a virtualized architecture Helps lower operational costs associated with application provisioning and scaling
Ajay Kumar is a customer support engineer in the Cisco Technical Assistance Center in Brussels, covering content delivery network technologies including Cisco Application Control Engine, Cisco Wide Area Application Services, Cisco Content Switching Module, Cisco Content Services Switches, and others. He has been with Cisco for more than four years, working with major customers to help resolve their issues related to content products. He holds DCASI and VCP certifications.
Telmo Pereira is a customer support engineer in the Cisco Technical Assistance Center in Brussels, where he covers all Cisco content delivery network technologies including Cisco Application Control Engine (ACE), Cisco Wide Area Application Services (WAAS), and Digital Media Suite. He has worked with multiple customers around the globe, helping them solve interesting and often highly complex issues. Pereira has worked in the networking field for more than 7 years. He holds a computer science degree as well as multiple certifications including CCNP, DCASI, DCUCI, and VCP
Remember to use the rating system to let Ajay know if you have received an adequate response.
Ajay and Telmo might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum Application Networking shortly after the event.
This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hello Krzysztof,
Another set of good/interesting questions posted. Thanks!
I will try to clarify your doubts.
In the output below both resources (proxy-connections and ssl-connections rate) are configured with a min percentage of resources (column Min), while 'Max' is set to equal to the min.
ACE/Context# show resource usage
Allocation
Resource Current Peak Min Max Denied
-- outputs omitted for brevity --
proxy-connections 0 16358 16358 16358 17872
ssl-connections rate 0 626 626 626 23204
Most columns are self explanatory, 'Current' is current usage, 'Peak' is the maximum value reached, and the most important counter to monitor 'Denied' represents the amount of packets denied/dropped due to exceeding the configured limits.
On the resources themselves, Proxy-connections is simply the amount of proxied connections, in other words all connections handled at layer 7 (SSL connections are proxied, as are any connections with layer 7 load balance policies, or inspection).
So in this particular case for the proxy-connections we see that Peak is equal to the Max allocated, and as we have denies we can conclude that you have surpassed the limits for this resource. We see there were 17872 connections dropped due to that.
ssl-connections rate should be read in the same manner, however all values for this resource are in bytes/s, except for Denied counter, that is simply the amount of packets that were dropped due to exceeding this resource.
For your particular tests you have allocated a min percentage and set max equal to min, this way you make sure that this context will not use any other additional resources.
If you had set the max to unlimited during resource allocation, ACE would be allowed to use additional resources on top of those guaranteed, if those resources were available.
This might sound a great idea, but resource planning on ACE should be done carefully to avoid any sort of oversubscription, specially if you have business critical contexts.
We have a good reference for ACE resource planning that contains also description of all resources (this will help to understand the output better):
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/virtualization/guide/config.html#wp1008224
1) When a resource is utilized to its maximum limit, the ACE denies additional requests made by any context for that resource. In other words, the action is to Drop. ACE should in theory silently drop (No RST is sent back to the client). So unless we changed something on the code, this is what you should see.
To give more context, seeing resets with SSL connections is not necessarily synonym of drops. As it is usual to see them during normal transactions.
For instance Microsoft servers are usually ungracefully terminating SSL connections with RESET. Also when there is renegotiation during an SSL transaction you may see RESETS, but this will pass unnoticed for end users.
2) ACE will simply drop/ignore new connections when we reach the maximum amount of proxied connections for that context. Exisiting connections will continue there.
As ACE doesn't respond back, client would simply retransmit, and if he is lucky maybe in the next attempt he will be able to establish the connection.
To overcome the denies, you will definitely have to increase the resource allocation. This of course, assuming you are not reaching any physical limit of the box.
As mentioned setting max as unlimited might work for you, assuming there are a lot of unused resources on the box.
3) If a new connection comes in with a sticky value, that matches the sticky entry of a real server, which is already in MAXCONNS state, then both the ACE module/appliance should reject the connection and that sticky entry would be removed.
The client would at that point reestablish a new connection and ACE would associate a new sticky entry with the flow for a new RSERVER after the loadbalancing decision.
I hope this makes things clearer! Uff...
Regards,
Telmo -
I am trying to monitor my ACE module via SNMP and am having trouble finding out how to get a couple of items.
I can't find the memory utilization/free memory, either for the system as a whole or per context. Thus far I can only find the per process utilization which would require me to try to add up all of the processes.
I would also like to try to get some of the hit counters and byte counters that are available from "show service-policy". Are these available via SNMP?
Thanks,
MarkThe MIB for the 4710 can be found at http://www.cisco.com/cgi-bin/tablebuild.pl/ace4710. You will need CCO download access to get this and should include what you are looking for.
-
I am monitoring an ACE module using snmp. The values returned from certain OIDs are graphed using Cacti. I found the 64 bit counters on interfaces for the ACE wrap at 10,000,000,000 instead of 2^64. Now that I have configured cacti to expect the wrap at 10 billion, I am concerned about the 32 bit counters. I am querying this snmp oid to get L7 connection counter
cslbxStatsL7PolicyConns
1.3.6.1.4.1.9.9.254.1.1.1.1.8
Should I expect this counter to wrap at 2^32 or a lower value?The maximum value for a 32bit OID should be 4294967296, I do have a value in my lab that is above 1 billion for that counter, so I wouldn't think there is an issue immediately. One common issue - when you clear stats manually, the counter will reset to 0. As well, I found an internal bug that that suggested some pocket case within the code could have cleared stats incorrectly, but it has never been seen since. There is a guess that someone logged into the test bed and cleared it without permission, but it was not able to be verified. Hence the bug was created to investigate the code, turned up nothing, and was junked accordingly.
What you might want to do is keep a sharp eye on the counter. When it looks like it rolls, login to the context you are polling and take a look at the accounting log. If you find that someone cleared the logging, that answers the question. If not - log a TAC case and we can replicate your exact configuration/code version in our lab to see if there what the deviation is that causes it to clear. A bug would be logged and fixed.
Regards,
Chris Higgins -
Will Cisco sa520w interface with ProCurve 2626/2650? is the sa520w overkill?
Hey,
The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
The other router I have been looking at: RV220W.
If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
Recommendations are welcome.
-MikeHey,
The company I work for recently bought another company. At the new company there is an old expired Firebox X 550e. I am planning to replace an old expired Firebox X 550e with a Cisco sa520w. Will the Cisco sa520w interface with ProCurve 2626 & ProCurve 2650 switches?
Would you recomand a different security appliance/router than the Cisco sa520w. The main business needs are hardware firewall, VPN access for MAC (snow leopard & lion) and Windows xp/7 pro.
The other router I have been looking at: RV220W.
If i got the sa520w i would ge the 3 year IPS + ProtectLink Web bundle.
Recommendations are welcome.
-Mike
Maybe you are looking for
-
WebServices and Java/Weblogic RPC Client
Hi, I have a simple usability question : - Where would I want to use a java client that invokes the (WebLogic) Webservice using RPC/SOAP - especially the static client model? - Probably the corollary to that would be - why wouldn't I simply invoke th
-
Need help regarding CPU upgrade of an MSI GE60
Hi! I'm new to the forums and I was wondering if you guys could help me out, So I'm interested in buying an MSI GE60 0NC-i3185+ 3rd generation Intel® Core i3 - 3110M 2.40 GHZ, here in our country, the Philippines, I was wondering if I can upgrade it'
-
Does Nokia Gig Finder work with Belle FP1?
Has anyone tried Nokia Gig Finder with Belle FP1 to see if it works since it does not with regular Belle? I only have an N8 so I can't try it.... yet. White 808 Pureview NAM Black N8 NAM Silver N95-3 NAM
-
Smart Folders, Searching, and the 'Checkmark' Keyword
Ok, so there's a 'checkmark' keyword. I can 'check' a photo, they end up with "✔" in the keyword list. But that doesn't seem to be something you can use as a criteria... anywhere. For a flagged photo, there's a special section 'Flagged photos', so yo
-
Ok, I've done all the troubleshooting, and checked thru about 15 pages of this forum, but I haven't seen my problem. I was able to successfully install all the software for my nano, registered it and everything, even during the Installer install, it