Show flows on CSS

Similar Messages

• Show flows crashes CSS

  Hi when I do the following command show flows x.x.x.x x.x.x.x it then freezes and I'm unable to connect to the box untill the next day or a couple of hours!
  has anyone come across this before?

  This should not happen.
  You should open a service request with the TAC so that we can fix it.
  Do you have lot of connections ?
  Active connections ?
  Connection rate ?
  Gilles.

• CSS11506 - show flows

  Hello all,
  I have a CSS11506 with the following config...
  !************************** SERVICE **************************
  service pas_main_uswrnsa0ptf01_11111
  ip address 172.16.25.30
  keepalive type tcp
  keepalive port 11111
  port 11111
  active
  service pas_main_uswrnsa0ptf02_11111
  ip address 172.16.25.31
  keepalive type tcp
  keepalive port 11111
  port 11111
  active
  service pas_main_uswrnsa0ptf03_11111
  ip address 172.16.25.32
  keepalive type tcp
  keepalive port 11111
  port 11111
  active
  service pas_main_uswrnsa0ptf04_11111
  ip address 172.16.25.33
  keepalive type tcp
  keepalive port 11111
  port 11111
  active
  !*************************** OWNER ***************************
  owner PAS
  content PAS-pas_main-2008-11111
  vip address 123.123.130.222
  protocol tcp
  port 11111
  url "/*"
  balance aca
  application ssl
  add service pas_main_uswrnsa0ptf01_11111
  add service pas_main_uswrnsa0ptf02_11111
  add service pas_main_uswrnsa0ptf03_11111
  add service pas_main_uswrnsa0ptf04_11111
  active
  !*************************** GROUP ***************************
  group PAS-pas_Dgraphs
  vip address 172.16.25.11
  add destination service pas_main_uswrnsa0ptf01_11111
  add destination service pas_main_uswrnsa0ptf02_11111
  add destination service pas_main_uswrnsa0ptf03_11111
  add destination service pas_main_uswrnsa0ptf04_11111
  active
  I can access my servers just fine, but when issuing the 'show flows' command, I do not see my traffic... even though I can see my hit counters incrementing.
  NOTE: The 'application ssl' command is something new for us, so I thought it may be related to this.
  Any ideas?
  Thanks,
  -Adam

  Gilles,
  The target IP is the content VIP 123.123.130.222 (as shown in my CSS config). However, I am testing from one of the four servers (services) associated with this content rule. Could that be causing the problem with the CSS not seeing these flows?
  For example...
  I am sitting on server uswrnsa0ptf01 and I test to the content VIP 123.123.130.222... and it works... but I see know flows in the CSS.
  I've attached a drawing showing our network topology.
  Thanks,
  -Adam

• Can't keep the "show flows" up

  When I telnet to vip with the specific port number. The "show flows" only can see it retains for 5 minutes. But I still see the connection is established on the servers. Is this someting relating the application software problem ? Because I have other application software, which works very similiar . When the connection is not displating in the "show flows", Is this meaning the connection dropping ? Please advise. Thanks in advance.
  Wil

  Wil,
  I'll try to keep it simple.
  A flow is describes by a FCB (Flow Control Block).
  The 'show flow' commands describe the info inside the FCBs
  When a flow is idle for a predefine period of time (like 16 seconds for TCP), the
  FCB is marked as reusable.
  So at any given time the FCB info can be erased and replaced with new info.
  The CSS can still use the FCB marked as reusable until its content is erased.
  So, your connection could still be alive but the FCB has been marked to be reused and therefore you will end up losing the connection.
  The 'show flow' only display the FCB that have not been marked as reusable.
  The solution would be to increase the frequency of your heartbeat or use one of the command to increase the timeout on the CSS.
  flow port
  flow permanent
  Gilles.

• Show flows returns a prompt without any flows

  CSS11503 running:
  CSS11503# sh ver
  Version: sg0710206A (7.10 Build 206)
  Flash (Locked): 7.10 Build 206
  Flash (Operational): 7.10 Build 206
  Type: PRIMARY
  Licensed Cmd Set(s): Standard Feature Set
  When I display a show flows it doesn't return flows. This has happened twice, approx. 2 days after we have rebooted some of the servers that we have configured on the content switch. The only way that I have been able to recover this is to reboot the CSS11503. There hasn't been a change made to the CSS during this period. Any feedback would be helpful.

  go in llama mode and do 'flow-agent show active'
  Do you see any flow ?
  Is this a single box or is it working in redundant mode ?
  I would also strongly recommend an upgrade to 7.40 or 7.50.
  We don't really support 7.10 anymore.
  Gilles.

• Images not showing up in CSS.

  Ok,
  I completed my site in dreamweaver cc and I moved my CSS files outside of dreamweaver (big mistake). That messed everything up. I moved the files back to the original folder and relinked everything. Most of the pages work as I originally designed them. However, my index page shows some of my css styling but no image. I looked at the code and everything is written in the code the way I intended, but my background image isn't showing up in browser preview. I'm getting all my text, navigation tool bar and no images except for a facebook link. I'm running Mac Mavericks too.
  Here is my html code.
  <!doctype html>
  <html>
  <head>
  <meta charset="UTF-8">
  <title>vacancyart</title>
  <!--The following script tag downloads a font from the Adobe Edge Web Fonts server for use within the web page. We recommend that you do not modify it.--><script>var __adobewebfontsappname__="dreamweaver"</script>
  <link href="index.css" rel="stylesheet" type="text/css">
  <header id="top">
      <nav id="mainNav">
        <ul>
          <li><a href="index2.html">Home</a></li>
          <li><a href="about.html">About</a></li>
          <li><a href="art.html">Art</a></li>
          <li><a href="Resume.html">Resume</a></li>
          <li><a href="https://www.etsy.com/shop/VacancyArt">Etsy</a></li>
          <li><a href="Contact.html">Contact</a></li>
        </ul>
  <div id="main2">Vacancy Art is for all art and design. Check back frequently for updates!</div>
      </nav>
    </header>
  <body>
  <div id="igImage"><a href="http://instagram.com/vacancy_art"></a></div>
  <div id="fbimg"><a href="https://www.facebook.com/vacancyart"><img src="Images/FB-f-Logo__blue_50.png" width="50" height="50" alt=""/></a></div>
  </body>
  <footer>
      <p>&copy; All rights reserved. Vacancy Art.</p>
    </footer>
  </html>
  CSS code.
  header {
    text-transform: uppercase;
    list-style-type: none;
    list-style-position: outside;
    width: 115%;
    bottom: 1px;
    max-height: 0%;
    text-decoration: none;
  #main2 {
    display: block;
    color: #FFFFFF;
    -webkit-box-sizing: inherit;
    -moz-box-sizing: inherit;
    box-sizing: inherit;
    position: fixed;
    font-family: "Gill Sans", "Gill Sans MT", "Myriad Pro", "DejaVu Sans Condensed", Helvetica, Arial, sans-serif;
    font-style: normal;
    text-align: center;
    text-decoration: none;
    text-transform: none;
    line-height: 200px;
    margin: auto;
    position: absolute;
    top: 70%;
    width: 50%;
    background-color: #000000;
    opacity: 1;
    background-repeat: no-repeat;
    right: 0px;
  #mainNav ul  {
    list-style-type: none;
    display: block;
    padding-bottom: 2px;
  #mainNav a {
    width: 14%;
    display: block;
    color: #FCFCFC;
    text-decoration: none;
    background-color: #010101;
    text-align: center;
    line-height: 100%;
    -webkit-box-shadow: 0px 0px;
    box-shadow: 0px 0px;
    opacity: 0.9;
    box-sizing: content-box;
    float: left;
    text-shadow: 0px 0px;
    background-repeat: no-repeat;
  #mainNav {
    text-align: center;
    vertical-align: baseline;
    list-style-type: none;
    list-style-position: inside;
    display: inline;
    color: #000000;
    opacity: 0.9;
  body {
    background-color: #000000;
    color: #F9F8F8;
    font-family: "Gill Sans", "Gill Sans MT", "Myriad Pro", "DejaVu Sans Condensed", Helvetica, Arial, sans-serif;
    font-style: normal;
    font-weight: 200;
    text-align: center;
    padding-top: auto;
    padding-bottom: 0px;
    max-width: none;
    background-image: url(../Images/Still%20life6bg.jpg);
    background-size: 100px
    background-repeat: no-repeat;
    display: inherit;
    width: 100%;
    height: 100%;
    padding-right: 0%;
    position: static;
    background-size: 1000px 901px;
    background-position: 150%
    background-position: 150%
  #igImage {
    right: 100px;
    position: absolute;
    background-color: #FFFFFF;
    top: 7%;
  #fbimg {
    position: absolute;
    right: 165px;
    opacity: 0.9;
    top: 7%;
  footer {
    position: absolute;
    bottom: 0;
    width: 100%;
    height: 60px;
    padding-left: 10px;
  Everything appears to be there, but all I get is basically a blank page even after I relink everything. Any ideas?
  Thanks!

  Hello Darry,
  what I understand is, that you have loaded up all your images to "Instagram". I quote: "Instagram is an online mobile photo-sharing, video-sharing and social networking service that enables ...  (Instagram - Wikipedia, the free encyclopedia), This means you don't have access to the program itself combining it with DW.
  You can insert a link into your source code at you did above, thats it. If you want working your menu (I couldn't find an " about.html" or "Resume.html" aso.), you have to put all the links and your images into your own website.
  I hope I could describe the situation, so that you can understand what I mean.
  Hans-Günter

• CCS / IC WebClient Connection -  shows ringing in CSS but not in IC

  Hi everyone,
  we are trying to setup the SAP CCS (Contact Center Simulator) and followed the best practice guide as well as the available blog. All configuration is complete, and now we are trying to simulate an incoming phone call, but the IC WebClient does not pick it up, nothing happens.
  Here is what we do:
  - we are able to see the online agents
  - there work mode is ready
  - we can place the call to the agent (phone call is active; advanced section shows status as ringing)
  - we use the + sign in front of the number
  - switching back to the IC WebClient, nothing happens there; the agent does not get informed that there is a call to accept
  It seems that the IC WebClient does not know that there is a CCS.
  How can we overcome this problem? We are using CRM 2007.
  Thanks in advance.
  Erik

  Hi Glenn,
  I did not configure the profiles in CRMC_IC_MAIN. Also, I do not find this task in the IMG. I assume you are refering to CRM 5.0. We are using CRM 2007, here I configured our Business Role in CRMC_UI_PROFILE with the function profile entry CONTACTCENTER = the created profile value in CRMC_IC_MCM_CCPRO.
  I maintained the non img entries
  CRMM_BCB_ADM
  CRMM_IC_MCM_CCADM
  AMCPRD --> does not exist
  Please clarify if CRMC_IC_MAIN is required in CRM 2007?
  Thanks,
  Erik

• How to show flow in execute procedures??

  Hi,
  I have about 200 procedures written in PL/SQL. And there is few root procedures which execute another. Is there any possibilities to create all flow?? Can I create this from sql or use tool like sqldeveloper?
  Regards,
  tytus

  When I saw this select first time I thought that this is exactlly what I need.. But this select in all execute take result: "no rows selected". I check my user_object view and there are only java class object types :/ Could someone explain why?? I want to print my procedures, functions and packages object types..

• Nothing showing up in CSS Designer

  Hi all,
  Well, almost nothing appears - I see an entirely gray background with a white box (search field). If I mouse over the area, the arrow changes to a pointer correctly, indicating it knows what should be visible (as far as buttons, etc.) but none of the content is visible except the white search field.
  If I hover over the search field, I can see the magnifying glass, and if I then hover below, I can see the message "Select a CSS source and click on the + sign to add a selector."
  Any idea what's going on here?
  CC is up to date.
  thanks,
  Andrew

  Hi Candyce!
  Thanks for your note.
  Regardless of what objects I had created, the window remained mostly blank... Also I noticed that once I restarted the application, the Properties tab was also blank!
  Went back to my old stand-by of a complete restart... Solved! Except, not, certain fonts synced through CC are no longer available in Illustrator....
  Anyway, it's progress.
  Regards,
  Andrew

• Show flow export statistics query

      We have recently upgraded all our WAN router to Cisco 3945, they all have the same FLOW config as below  
  but when I do a sh flow export statistics
  on some routers I get:
  Flow Exporter Export-FNF-Plixer:
    Packet send statistics (last cleared 1d08h ago):
      Successfully sent:         0                     (0 bytes)
     Enqueued to process level: 2534452               (3484784053 bytes)
  on others  I get:
  Flow Exporter Export-FNF-Plixer:
    Packet send statistics (last cleared 14w2d ago):
      Successfully sent:         16545298              (22596920223 bytes)
      Enqueued to process level: 165                   (223914 bytes)
  as I said all the configurations are basically the same
  Does anybody know what causes this difference?
  Flow config:
  flow record Record-FNF
  description Flexible NetFlow with NBAR Flow Record
  match ipv4 tos
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  match interface input
  match flow direction
  match application name
  collect routing source as
  collect routing destination as
  collect routing next-hop address ipv4
  collect ipv4 dscp
  collect ipv4 id
  collect ipv4 source prefix
  collect ipv4 source mask
  collect ipv4 destination mask
  collect transport tcp flags
  collect interface output
  collect counter bytes
  collect counter packets
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  flow exporter Export-FNF-Plixer
  description FNF v9
  destination 172.16.6.219
  source Loopback0
  output-features
  transport udp 2055
  option interface-table
  option application-table
  flow monitor Monitor-FNF
  description FNF Traffic Analysis
  exporter Export-FNF-Plixer
  cache timeout active 60
  record Record-FNF

  Hello,
  have you checked the DBA_HIST* objects to see what / how was imported?
  If the awr export dosn't get the contents of the rolling buffer, then you won't see any session statistics that are only there. If you want to get the contents of the rolling buffer you have to dump the contents of it with :
  oradebug setmypid
  oradebug dump ashdump 10
  and load it into your "test" database.
  But before doing this I suggest you read the related metalink documentation if any!!!
  Regards,
  Franky

• Website not showing images and CSS in Muse using FTP!

  HI. My site works perfectly when using business catalyst  http://trellishomecom01.businesscatalyst.com/index.html
  and this is how it looks after reading my files on Fetch ftp  http://www.trellishome.com
  I have changed all the permissions on the files and uploading my files to   register.com.  I have all files css, images, index.html, muse_manifest.xml, and scripts folder.  On the register.com hosting site, they have 2 folders existing there when I open fetch.  One folder is called "cgi-bin" and the other is "htdocs".  I have all my exported folders from Muse placed inside the "htdocs" folder.  Is there any code I need to change??
  Help!

  Hey deuce121,
  Aparently there's nothing missing from http://www.trellishome.com either, as you can see here.
  It seems like all requested files are served well. So, in case you see something different make sure to clear you browser's cache and try again.
  Cheers,
  Cristian

• CSS How do I show which client connected to which server?

  I have a few servers load balanced on a CSS 11501. I want to know which server a particular client IP is connected to - what command do I need?

  The commmand I use is "show flows 'IP'.
  Replace 'IP' with the actual address of the client you're looking for.

• How long CSS blocks flow, from source which detected as source DoS?

  My application generates except normal flow, flow which CSS treats as DoS attack. Both flows have the same source.
  I am afraid that, CSS can block proper flow.
  So, I have question: how long CSS blocks flow, from source which detected as source DoS?
  Krzysztof

  I am not very sure of the lenghth of time that it blocks the flow from the source, if it is considered as a source of DoS attack, but the workaround would be to bypass the cache for that particular source, since you are already aware that it might cause a problem. You could use a bypass rule to do so. You can also use the flow timeout feature with the flow port[1|2|3|4|5|6|7|8|9|10] timeout command to configure a flow timeout value for a TCP or UDP port. I am not very sure if this feature would help in your situation, bypass seems to be a better option.

• Debugging shows over CSS Page

  I´m having a problem with my debugging code. For some
  reason is showing over my css code. See for your self…
  http://mirror.law.georgetown.edu/escalada/debuggingovercss.jpg
  I'm thinking its because CF doesn't know where to put the
  table and it starts from the top… Please take a look at my
  page source and let me know if you have any suggestions… You
  may draw the source from:
  http://mirror.law.georgetown.edu/escalada/debuggingovercss.html
  Thanks!

  > of issues. It looks like CSS will have to be set aside
  for at least the layout
  > portion of the page
  No way! Why would you alter your site's design just to
  accommodate the
  DEVELOPERS (I say this *as* a developer)? The site should be
  about the
  visiting public, not the team developing it... their
  convenience should be
  pretty much irrelevant. If your design uses CSS for layout
  (which it
  should), then that's the design you should use.
  The debugging is still usable when the CSS layout interferes
  with it, it's
  just slightly inconvenient. And anyway, it's not like it's
  the only way to
  debug a request.
  I do not have a copy of CF5 to hand, and it's been truly ages
  since I used
  it, however in CFMX the debug template is clear-text and
  editable (which is
  lucky, as it's poorly written and we've needed to fix the odd
  bug in it in
  the past). The file structure on CF5 will be completely
  different from
  CFMX, but on CFMX the relevant file is in the
  [cfusion]/WEB-INF/debug dir,
  and is called "classic.cfm". Have a look through your cfusion
  dir and see
  if there's an equivalent in CF5.
  But if there isn't, just tell your developers to suck it up!
  It's their
  problem, not yours.
  Adam

• CSS 11503 Destination NAT - can only enable one service

  I have three web servers configured as six services. Three are for MOSS (Microsoft Office Sharepoint Server) and three are for SSRS (SQL Server Reporting Services 2006 in integration mode).
  THE PROBLEM:
  When more than one MOSS service is active I can no longer connect to the SSRS services.
  This is a trunked Configuration:
  interface 1/1
  trunk
  redundancy-phy
  vlan 1
  default-vlan
  vlan 100
  vlan 101
  vlan 103
  interface 3/16
  bridge vlan 4000
  circuit VLAN100
  redundancy
  ip address 192.168.100.xx0 255.255.255.0
  circuit VLAN103
  redundancy
  ip address 192.168.103.xx0 255.255.255.0
  circuit VLAN4000
  ip address 1.x.x.2 255.255.255.252
  redundancy-protocol
  circuit VLAN101
  redundancy
  ip address 192.168.101.xx0 255.255.255.0
  service MOSSWeb01
  ip address 192.168.103.xx1
  keepalive port 80
  keepalive type tcp
  active
  service MOSSWeb02
  ip address 192.168.103.xx2
  keepalive port 80
  keepalive type tcp
  active
  service MOSSWeb03
  ip address 192.168.103.xx3
  keepalive port 80
  keepalive type tcp
  active
  service SSRSWeb01
  ip address 192.168.103.xx1
  active
  service SSRSWeb02
  ip address 192.168.103.xx2
  active
  service SSRSWeb03
  ip address 192.168.103.xx3
  active
  owner MOSS
  content MOSS
  vip address 192.168.100.xx1
  vip-ping-response local-remote
  add service MOSSWeb01
  add service MOSSWeb02
  add service MOSSWeb03
  active
  owner SSRS
  content REPORTSERVER
  vip address 192.168.100.xx2
  add service SSRSWeb01
  add service SSRSWeb02
  add service SSRSWeb03
  vip-ping-response local-remote
  active
  group MOSS2007-DSTNAT
  vip address 192.168.100.xx1
  add destination service MOSSWeb01
  add destination service MOSSWeb02
  add destination service MOSSWeb03
  active
  group SSRS2005-DSTNAT
  vip address 192.168.100.xx2
  add destination service SSRSWeb01
  add destination service SSRSWeb02
  add destination service SSRSWeb03
  active
  NOTES:
  All (3) real servers have a default route to 192.168.103.xx0 which insures traffic passing through the CSS (so I don't understand why I still need a destination service group).
  When MOSS accesses SSRS it does so via http://SSRS2005/reportserver. This is configured in DNS as 192.168.100.xx2. I would think that this would also insure traffic through the CSS but I still had to configure a destination service for these.
  All clients connect to the MOSS services via one VIP (192.168.100.xx1) and the MOSS services connect to the SSRS services via a 2nd VIP (192.168.100.xx2). MOSS also connects to itself for indexing content and a variety of other services (I had originally tried separating the MOSS content rules using layer 5 matching on Host Headers. This seemed to cause issues with access to ports 139 and 445 for UNC access to document libraries so I simplified the MOSS content rule back to layer 3).
  I have setup two distinct groups and have used destination NAT so that the servers can communicate to each other.
  When using Wireshark on the servers to run packet traces and all services are up I do not even see any packets destined for the SSRS services leading me to believe that they are dropped by the CSS (however, I don't see them using show flows on the CSS either).
  Can anyone here shed some light on the correct way to configure the CSS in such a scenario?
  Thanks in advance.

  I have two MOSS services down because MOSS can't get to SSRS if more than one MOSSservice is active. That's the crux of the biscuit.
  I had hoped to avoid the whole packet sniffing activity but it looks like I may need to capture more information. I don't really want to change the VLAN configuration since this CSS is managed by our network team and there are other services configured on the CSS that I have not indicated.
  I appreciate your advice, so far. I will actually have some downtime this coming weekend where I can try some additional configuration options after prime time from home.
  One thing that may not be apparent in this whole discussion is that all of the sites on both MOSS and SSRS use HOST Headers for HTTP. That's what keeps them separated. I had tried using layer 5 content rules but had the same issue plus other issues with non-HTTP traffic. I also did not care for the fact that the CSS actually spoofs the responses when using layer 5. There is a lot of NTLM Challenge/Response traffic for Windows Integrated Authentication and Negotiated Kerberos. The bottom line is that even without Layer 5 content rules the Host Headers do get passed to IIS and the sites are selected properly based on that header. The exception is that Host Headers are no longer required for SSRS since it is the default website on port 80 (besides - setting up host headers for SSRS in MOSS integration mode has it's own set of issues). Still, the host headers are sent to SSRS SOAP Endpoints and there are no issues connecting to any of the three SSRS services from any of the three MOSS servers interactively. The issue is when a client outside of these VLANs makes a request for a report.
  client->MOSS->SSRS->MOSS->client
  Be aware too that both MOSS and SSRS are making connections back through the CSS to their respective databases for each request.