Upgrading ACE 4710 & Licensing
Hello
We have two pairs of ACE 4710s, one pair running A3(2.4) and the other pair A3(2.0). We plan to upgarde the second pair so that they are running the same image as the first pair (we know they are not the latest, but this is the first step in a larger rollout plan, and to aid some troublshooting for a major issue we are seeing.)
I have details of the upgrade steps, but my question is with regards to the licenses which are now enforced after (2.0). We currently have the following on the first pair, but are these part of the default licenses for (2.4) or would we need to purchase these as well?
ACE-AP-500M-LIC
ACE-AP-C-100-LIC
ACE-AP-OPT-50-K9
ACE-AP-SSL-05k-K9
Thanks in advance
Shaun
According to the release notes, the default with the ACE running A3 is :
•Performance: 1 gigabit per second (Gbps) appliance throughput
•Virtualization: 1 admin context and 5 user contexts
•Secure Sockets Layer (SSL): 100 transactions per second (TPS)
•Hypertext Transfer Protocol (HTTP) compression: 100 megabits per second (Mbps)
so you don't have to purchase anything
Similar Messages
-
Hello, I need some assistance in upgrading a 4710. This is a brand new ACE out of the box and I have tried to upgrade a couple of times but get the same error... Here are the details:
switch/Admin# copy ftp://10.0.0.1/c4710ace-t1k9-mz.A5_2_2.bin image:
Enter the destination filename[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y
Enter username[]? ace
Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Password:
Passive mode on.EXT3-fs error (device hdb2): ext3_new_block:
Hash mark prinAllocating block in system zone - block = 163843ting on (1024 by
Aborting journal on device hdb2.
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remoulocal: /mnt/cf/cn4710ace-t1k9-mz.tA5_2_2.bin: Readi-only file systenm
g filesystem read-only
switch/Admin# al has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device hdb2) in ext3_ordered_commit_write: Journal has aborted
Buffer I/O error on device loop3, logical block 1238
Buffer I/O error on device loop3, logical block 745
Aborting journal on device loop3.
journal commit I/O error
ext3_abort called.
EXT3-fs error (device loop3): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
And it keeps going on with this message.
I also tried tftp and I get the same thing:
switch/Admin#
switch/Admin# show ver
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
loader: Version 0.95.1
system: Version A5(1.2) [build 3.0(0)A5(1.2) adbuild_19:38:58-2012/01/17_/a
uto/adbure_nightly4/renumber/rel_a5_1_2_throttle/REL_3_0_0_A5_1_2]
system image file: (hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin
Device Manager version 5.1 (0) 20111215:1009
installed license: no feature license is installed
Hardware
cpu info:
Motherboard:
number of cpu(s): 2
Daughtercard:
number of cpu(s): 16
memory info:
total: 6225528 kB, free: 4270140 kB
shared: 0 kB, buffers: 10864 kB, cached 0 kB
cf info:
filesystem: /dev/hdb2
total: 861668 kB, used: 621592 kB, available: 196304 kB
last boot reason: Unknown
configuration register: 0x1
switch kernel uptime is 0 days 15 hours 1 minute(s) 1 second(s)
switch/Admin#
switch/Admin#
switch/Admin# copy tftp: image:
Enter source filename[]? c4710ace-t1k9-mz.A5_2_2.bin
Enter the destination filename[]? [c4710ace-t1k9-mz.A5_2_2.bin]
File already exists, do you want to overwrite?[y/n]: [y] y
Address of remote host[]? 10.0.0.1
Trying to connecEXT3-fs error (device hdb2): ext3_free_blocks_sb: t to tftp serverbit already cleared for block 6144......
Aborting journal on device hdb2.
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: <2>EXT3-fs error
TFTP get oper(ation failed:Readd-only file systeem
vice hdb2): ext3_free_blocks_sb: bit already cleared for block 6145
switch/Admin# ready cleared for block 6146cks_sb: bit al
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6147
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6148
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6149
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6150
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6151
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6152
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6153
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6154
EXT3-fs error (device hdb2): ext3_free_blocks_sb: bit already cleared for block 6155
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_truncate: Journal has aborted
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_orphan_del: Journal has aborted
ext3_reserve_inode_write: aborting transaction: Journal has aborted in __ext3_journal_get_write_access<2>EXT3-fs error (device hdb2) in ext3_reserve_inode_write: Journal has aborted
EXT3-fs error (device hdb2) in ext3_delete_inode: Journal has aborted
ext3_abort called.
EXT3-fs error (device hdb2): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
Buffer I/O error on device loop3, logical block 1238
Buffer I/O error on device loop3, logical block 749
Aborting journal on device loop3.
journal commit I/O error
ext3_abort called.
EXT3-fs error (device loop3): ext3_journal_start_sb: Detected aborted journal
Remounting filesystem read-only
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
EXT3-fs error (device loop3) in start_transaction: Journal has aborted
What am I doing wrong... Any help is much appreciated.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.Hi Bilal,
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/administration/guide/managesw.pdf
read section
Reformatting the ACE Appliance Flash Memory
After you reformat the Flash memory, perform the following actions:
• Reinstall the ACE appliance software image by using the copy image: command (see the Release
Note, Cisco ACE 4700 Series Application Control Engine Appliance).
• Reinstall the ACE appliance license by using the license install command (see Chapter 4, Managing
ACE Software Licenses).
• Import the startup and running-configuration files into the associated context by using the copy
command (see the “Copying Configuration Files from a Remote Server” section).
• Import SSL certificate files and key pair files into the associated context using by the crypto import
command (see the SSL Guide, Cisco ACE Application Control Engine)
Hope that helps.
regards
Ajay Kumar -
Can't install ACE 4710 license
Hi,
I've tried to installed the license, but is not successful, below are the steps which i've taken to installed the license, with error messages. pls. assist.
CBJ6-LBDMZ2/Admin# copy tftp://10.2.18.66/ACE20090909090659371.lic disk0:
Enter the destination filename[]? [ACE20090909090659371.lic]
Trying to connect to tftp server......
TFTP get operation was successful
685 bytes copied
CBJ6-LBDMZ2/Admin# license install disk0:ACE20090909090659371.lic
Installing license... failed: Can't install this license with the current countCBJ6-LBDMZ2/Admin# show licen
ACE20090727112500202.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT ACE-AP-01-LIC cisco 1.0 permanent 1 \
VENDOR_STRING=1 HOSTID=ANY \
NOTICE="200907271125002021 \
1211J5CB363" SIGN=F2E3AFA69526
I think you have an HW appliance (code: ACE-4710-K9) with one a la carte license ( ACE-AP-01-LIC).
You bought a Bundle upgrade license, and this is not compatibly with you current license ( a la carte license).
To use the ACE-4710-BUN-UP2= ( 1G Bundle to 2G Bundle Upgrade License) you need to have a bundle product like the
ACE-4710-1F-K9.
Check this:
Table 1 ACE Licensing Bundles
License Model Description Upgrade Path
ACE-4710-0.5F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•0.5-Gbps throughput license (ACE-AP-500M-LIC)
•100-Mbps compression license (ACE-AP-C-100-LIC)
•100 SSL transactions per second (TPS) license (ACE-AP-SSL-100-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 1-Gbps, 2-Gbps, or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP1=.
ACE-4710-1F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•1-Gbps throughput license (ACE-AP-01-LIC)
•500-Mbps compression license (ACE-AP-C-500-LIC)
•5000 SSL TPS license (ACE-AP-SSL-05K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=.
ACE-4710-BAS-2PAK
This license bundle includes the following items:
•Two ACE 4710 appliances
•1-Gbps throughput license (ACE-AP-01-LIC)
ACE-4710-BAS-2PAK also includes the following default options:
•1000 SSL TPS
•100-Mbps compression
•5 virtual contexts
•Application acceleration (50 connections)
You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP2=. Two upgrade licenses are required for upgrading two units of the ACE-4710-BAS-2PAK bundle.
ACE-4710-2F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•2-Gbps throughput license (ACE-AP-02-LIC)
•1-Gbps compression license (ACE-AP-C-1000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
You have the option to upgrade to the 4-Gbps bundle.
Start the upgrade with ACE-4710-BUN-UP3=.
ACE-4710-4F-K9
This license bundle includes the following items:
•ACE 4710 appliance
•4-Gbps throughput license (ACE-AP-04-LIC)
•2-Gbps compression license (ACE-AP-C-2000-LIC)
•7500 SSL TPS license (ACE-AP-SSL-07K-K9)
•5 virtual contexts license (ACE-AP-VIRT-5)
•Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
This is the highest value bundle.
ACE-4710-BUN-UP1
0.5 to 1-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP2
1 to 2-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
ACE-4710-BUN-UP3
2 to 4-Gbps throughput bundle upgrade license
See the Upgrade Path outlined above.
Table 2 ACE Licensing Options
Feature License Model Description
Performance Throughput
Default
1-Gbps throughput.
ACE-AP-500M-LIC
0.5-Gbps throughput.
ACE-AP-01-LIC
1-Gbps throughput.
ACE-AP-02-LIC
2-Gbps throughput.
ACE-AP-04-LIC
4-Gbps throughput.
ACE-AP-02-UP1
Upgrade from 1-Gbps to 2-Gbps throughput.
ACE-AP-04-UP1
Upgrade from 1-Gbps to 4-Gbps throughput.
ACE-AP-04-UP2
Upgrade from 2-Gbps to 4-Gbps throughput.
Virtualization
Default
1 admin/5 user contexts.
ACE-AP-VIRT-020
1 admin/20 user contexts.
SSL
Default
100 TPS.
ACE-AP-SSL-05K-K9
5000 TPS.
ACE-AP-SSL-07K-K9
7500 TPS.
ACE-AP-SSL-UP1-K9
Upgrade from 5000 TPS to 7500 TPS.
HTTP Compression
Default
100-Mbps.
ACE-AP-C-500-LIC
500-Mbps.
ACE-AP-C-1000-LIC
1-Gbps.
ACE-AP-C-2000-LIC
2-Gbps.
ACE-AP-C-UP1
Upgrade from 500-Mbps to 1 Gbps.
ACE-AP-C-UP2
Upgrade from 500-Mbps to 2 Gbps.
ACE-AP-C-UP3
Upgrade from 1 Gbps to 2 Gbps.
Application Acceleration Feature Pack License
ACE-AP-OPT-LIC-K9
Application acceleration and optimization. By default, the ACE performs up to 50 concurrent connections. With the application acceleration and optimization software feature pack installed, the ACE can provide greater than 50 concurrent connections.
This license increases the operating capabilities of the following features:
•Delta optimization
•Adaptive dynamic caching
•FlashForward
•Dynamic Etag
ACE-AP-02-LIC=
Upgrade Performance License 2 Gbps Spare -
Hi, is there a way to verify how much licensed features are used?
If the usage is far or near to the limit?
RegardsHi Siva,
This command doesn't show the usage level.
We need to know if the licensed feature is stressed or not.
Below follow the features we have been licensed
License Ins Lic Status Expiry Date Comments
Count
ACE-AP-01-LIC Yes 1 In use never -
ACE-AP-C-500-LIC Yes 1 In use never -
ACE-AP-OPT-50-K9 Yes 1 In use never -
ACE-AP-SSL-05K-K9 Yes 1 In use never -
As a example the ACE-AP-SSL-05K-K9 license enable 5000 SSL TPS. How can I check how many TPS we reach?
regards,
Marcelo -
ACE 4710 bundle license backup
Hello,
Is it possible to backup ACE appliance licenses if product is bought as a bundle?
ACE-4710-BAS-SK-K9
Promo Bundle - ACE 4710 HW-1Gbps-1K SSL-100MbpsComp-5VC
Following is mentioned in the ACE documentation:
"If you need to replace the ACE, you can copy and install the license file for the license onto the replacement appliance."
But, when we try to backup licenses, we get following results:
ACE-1/Admin# sh license
ACE-1/Admin# copy licenses disk0:mylicenses.tar
Backing up license... failed: License file not found
ACE-1/Admin# sh license status
Licensed Feature Count
Compression Performance in Mbps 100
Web Optimization Concurrent Conns. 50
SSL transactions per second 1000
Virtualized contexts 5
Module bandwidth in Gbps 1.0
ACE-1/Admin# sh license usage
License Ins Lic Status Expiry Date Comments
Count
ACE-AP-C-UP1 No - Unused -
ACE-AP-C-UP2 No - Unused -
ACE-AP-C-UP3 No - Unused -
ACE-AP-01-LIC No - Unused -
ACE-AP-01-UP1 No - Unused -
ACE-AP-02-LIC No - Unused -
ACE-AP-02-UP1 No - Unused -
ACE-AP-04-LIC No - Unused -
ACE-AP-04-UP1 No - Unused -
ACE-AP-04-UP2 No - Unused -
ACE-AP-VIRT-5 No - Unused -
ACE-AP-500M-LIC No - Unused -
ACE-AP-VIRT-020 No - Unused -
ACE-AP-C-100-LIC No - Unused -
ACE-AP-C-500-LIC No - Unused -
ACE-AP-C-500-UP1 No - Unused -
ACE-AP-OPT-50-K9 No - Unused -
ACE-AP-C-1000-LIC No - Unused -
ACE-AP-C-2000-LIC No - Unused -
ACE-AP-OPT-LIC-K9 No - Unused -
ACE-AP-OPT-UP1-K9 No - Unused -
ACE-AP-SSL-05K-K9 No - Unused -
ACE-AP-SSL-07K-K9 No - Unused -
ACE-AP-SSL-100-K9 No - Unused -
ACE-AP-SSL-UP1-K9 No - Unused -
ACE-AP-SSLUP-5K-K9 No - Unused -
ACE-AP-VIRT-020-UP No - Unused -
I suppose licenses cannot be backuped because they are bundled and delivered with the bundle by default, and not installed...
Does anyone know what would be the procedure for this bundled licenses in case of ACE HW replacement needed?
Best regards,
JasminaHi Jasmina,
License file management is quite simple for ACE. Two methods; save original license email or copy from disk0:.
If you purchased and upgraded license, and followed procedure to generate it, you would have received your license via email. We recommend per documentation (License ordering section) that you:
"Step 5 Save the license key e-mail in a safe place in case you need it in the future (for example, to transfer the license to another ACE). "
Also, to apply, you copy the license file to disk0: on the ACE. This *.lic file resides on disk0: thereafter.
So if you did not happen to save the original email when you obtained the license, and the license has been installed, then you can simply copy the *.lic file off the ACE from disk0: to a safe place. Example copying file from ACE to FTP server:
Switch/Admin# copy disk0: ftp:
Enter source filename]? 1ACE2009060306445454.lic
Enter Address for the ftp server]? 10.2.3.4
Enter the destination filename]? [1ACE2009060306445454.lic]
Enter username]? anonymous
Enter the file transfer mode[bin/ascii]: [bin]
Enable Passive mode[Yes/No]: [Yes]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
Switch/Admin#
Administrator Guide - Licenses on ACE:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/administration/guide/license.html#wp1010344
Hope this helps.
-pefrench -
Cannot Telnet to ACE 4710 after upgrade to A4(2.3)
I have a pair of ACE 4710s with 12 contexts sharing the load, running A4(2.1). Yesterday I upgraded one of them to A4(2.3)
now I cannot telnet to the Admin context.Pings ok. I can telnet to other contexts on the box and everything seems to be working ok
when i do a " sh telnet"
comes back with
No Session Information is available
sh telnet maxsessions
telnet maxsessions 16
Can anybody help?further this post, it was not a resource problem as had allocated 5% for the Admin context.
I up graded IOS Saturday evening, could not Telnet in, tried again on Sunday same result,
though this morning (Monday) Can now telnet in ok very strange
I was connecting via the AUX line of a 2851 router to the console port.
whe I disconnected this morning I saw the following message
INIT: id "T0" respawning too fast : disabled for 5 minutes
not sure if this is a 2851 message or an ACE message, but after getting that message is when I was able to Telnet in
was it a coincidence
anybody any ideas -
ACE 4710 upgrading software problem
I logged into ACE 4710 to upgrade the image to c4710ace-mz.A1_8_0.bin. I logged in with Admin status and I got the following message, "
ACE4710/Admin# delete image:c4710ace-mz.3.0.0_A1_7a.bin
delete: cannot remove 'c4710ace-mz.3.0.0_A1_7a.bin': Permission denied"
Is this a bug? Is there a workaround? Thank you.I am getting the same message again when i tried to delete an image and put a new image on.
ACE4710/Admin# dir image:
180784189 May 20 07:52:18 2008 c4710ace-mz.A1_8_0.bin
176933319 May 6 07:10:04 2008 c4710ace-mz.A1_7b.bin
Usage for image: filesystem
714985472 bytes total used
167362560 bytes free
882348032 bytes total
ACE4710/Admin# delete image:4710ace-mz.A1_7b.bin
delete: cannot remove '4710ace-mz.A1_7b.bin': No such file or directory
How can this issue be resolved? -
Hi Everyone
We will be upgrading our ACE 4710s from A3(2.2) to A4(1.0). We have a pair in high availability mode. Has anyone here got any tips on how we can get a smooth upgrade without downtime? Is this even possible?
Thanks
AOf course it is possible to upgrade with no downtime!
However it is always recommended to schedule the upgrade in a maintenance window to minimize the impact in case of any issues.
You can normally find the documented procedure here for the upgrade:
http://cco/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/upgrade.html#wp1012243
I find in fact the best would be the following:
1. Upgrade the stand by module first.
2. Once reloaded, switchover to the standby and verify all services working correctly.
3.Upgrade the new stand by module.
4. Eventually switch over again to restore the active box as per the original configuration.
By doing this, if for some reason the first switchover at point 2. would not work, you can switch back to a safe scenario which you are sure to work.
Cheers,
Domenico. -
ACE 4710 Web Optimization Licnesing
I currently have a 4710 running the 1Gbps package. We are utilizing Application Acceleration and are comg very close to hitting our 10,000 Web Optimization connection limit. I am trying to find out how to upgrade that.
I see in our license usage an option of ACE-AP-OPT-UP1-K9 but can find no information on this part number. Does anyone know if this is even available and what it brings you connection limit to?
ACE01/Admin# show license usage
License Ins Lic Status Expiry Date Comments
Count
ACE-AP-C-UP1 No - Unused -
ACE-AP-C-UP2 No - Unused -
ACE-AP-C-UP3 No - Unused -
ACE-AP-01-LIC No - Unused -
ACE-AP-01-UP1 No - Unused -
ACE-AP-02-LIC No - Unused -
ACE-AP-02-UP1 No - Unused -
ACE-AP-04-LIC No - Unused -
ACE-AP-04-UP1 No - Unused -
ACE-AP-04-UP2 No - Unused -
ACE-AP-VIRT-5 No - Unused -
ACE-AP-500M-LIC No - Unused -
ACE-AP-VIRT-020 No - Unused -
ACE-AP-C-100-LIC No - Unused -
ACE-AP-C-500-LIC Yes 1 In use never -
ACE-AP-C-500-UP1 No - Unused -
ACE-AP-OPT-50-K9 No - Unused -
ACE-AP-C-1000-LIC No - Unused -
ACE-AP-C-2000-LIC No - Unused -
ACE-AP-OPT-LIC-K9 Yes 1 In use never -
ACE-AP-OPT-UP1-K9 No - Unused -
ACE-AP-SSL-05K-K9 Yes 1 In use never -
ACE-AP-SSL-07K-K9 No - Unused -
ACE-AP-SSL-100-K9 No - Unused -
ACE-AP-SSL-UP1-K9 No - Unused -
ACE-AP-SSLUP-5K-K9 No - Unused -
ACE-AP-VIRT-020-UP No - Unused -Unfortunately, ACE-AP-OPT-LIC-K9 is not available on ACE4710 and
ACE 4710 cannot handle more than 10,000 concurrent connections..
When you use the ACE to perform a specific set of application
acceleration and optimization functions, and the ACE reaches the
maximum of 10,000 concurrent connections, the appliance stops
accepting any additional concurrent connections until the count
drops below 10,000.
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/optimize.html#wp1048813
Regards,
Yuji -
Dear All,
i have ACE-4710-1F-K9 (ACE 4710 Hardware‐1Gbps‐5K SSL‐500MbpsComp‐5VC-50 APPAccel )
and i need to buy ACE-4710-01-K9
I want to ask does (ACE-4710-01-K9) has 50 AppAccel like the old part number (ACE-4710-1F-K9)???As per my understanding
Both will give you same functionality
ACE-4710-BAS-SK-K9 is a basic kit/bundle
that Includes:
- ACE 4710 Hardware
- ACE Software
- 1 Gbps Throughput License
- 1,000 SSL TPS
- 100Mbps Compression
- 5 Virtual Devices
Where as
"ACE-4710-K9 with ACE-AP-01-LIC" is kind of La Carte option
ACE-4710-K9 is the ACE Appliance Hardware includes(1K SSL TPS, 5 contexts, 100Mbps comp)
With it you need to select two mandatory options
ACE Software :ACE-AP-SW-XX Software Version XX
Throughput License :("ACE-AP-01-LIC" 1 Gbps OR "ACE-AP-02-LIC" 2 Gbps )
Then you can select optional licences for
SSL TPS, Virtual Devices, compression & App acceleration...(if you need to upgrade the defaults 1K SSL TPS, 5 contexts, 100Mbps comp)
Syed iftekhar Ahmed -
Technical differences between ACE-4710-K9 & ACE-4710-BAS-SK-K9
Hi All,
Iam trying to find technical diff between ACE-4710-K9 with ACE-AP-01-LIC & ACE-4710-BAS-SK-K9 with ACE-AP-BAS-LIC.
Can someone shed some light..?
Thank you all in advance
MSAs per my understanding
Both will give you same functionality
ACE-4710-BAS-SK-K9 is a basic kit/bundle
that Includes:
- ACE 4710 Hardware
- ACE Software
- 1 Gbps Throughput License
- 1,000 SSL TPS
- 100Mbps Compression
- 5 Virtual Devices
Where as
"ACE-4710-K9 with ACE-AP-01-LIC" is kind of La Carte option
ACE-4710-K9 is the ACE Appliance Hardware includes(1K SSL TPS, 5 contexts, 100Mbps comp)
With it you need to select two mandatory options
ACE Software :ACE-AP-SW-XX Software Version XX
Throughput License :("ACE-AP-01-LIC" 1 Gbps OR "ACE-AP-02-LIC" 2 Gbps )
Then you can select optional licences for
SSL TPS, Virtual Devices, compression & App acceleration...(if you need to upgrade the defaults 1K SSL TPS, 5 contexts, 100Mbps comp)
Syed iftekhar Ahmed -
ACE 4710 and mangled HTTP requests
After replacing a Cisco CSS/SSL Accelorator and PIX firewall with an ACE 4710 to do load balancing and SSL encryption behind an ASA firewall we started seeing mangled HTTP requests in the Apache access logs for the servers in the server farm. Here is one example:
XX.XX.XXX.XXX - - [21/Oct/2012:01:42:12 -0500] "heckoutFlag=true&verifyPassword=false&newsletter=false&emailaddress=&email2=&pass1=&pass2=&username=POST /register/LServlet HTTP/1.1" 501 3322 "https://www.ourwebsite.com/register/CServlet" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
Rather than appearing just after the timestamp, the "POST /register/LServlet" is tacked on to header information that shouldn't even appear in the log. Also the first letter in that header information is always missing (heckoutFlag instead of checkoutFlag in this example).
The mangled request always shows up as a 501 HTTP error and shows up late in the Apache access logs (timestamp is out of chronogical order) and always appears with several duplicate POSTs:
XX.XX.XXX.XXX - - [21/Oct/2012:01:42:23 -0500] "POST /register/LServlet HTTP/1.1" 200 8537 "https://www.ourwebsite/register/CServlet" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
XX.XX.XXX.XXX - - [21/Oct/2012:01:44:12 -0500] "POST /register/LServlet HTTP/1.1" 200 8537 "https://www.ourwebsite/register/CServlet" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
XX.XX.XX.XXX - - [21/Oct/2012:01:42:12 -0500] "heckoutFlag=true&verifyPassword=false&newsletter=false&emailaddress=&email2=&pass1=&pass2=&username=POST /register/LServlet HTTP/1.1" 501 3322 "https://www.ourwebsite.com/register/CServlet" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
XX.XX.XXX.XXX - - [21/Oct/2012:01:44:12 -0500] "POST /register/LServlet HTTP/1.1" 200 8537 "https://www.ourwebsite/register/CServlet" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
This is occurring for several different URLs and not just the one above and for multiple web browsers.
The ACE load balances to servers running Tomcat 7 with Apache HTTP server v. 2.2.14.
A recent ACE software upgrade to A5(2.1) has not fixed the problem.
Has anyone seen this before?
Thanks for any insight you can provide.
-KariHi Kari,
Do you have a sample of the configuration which you got with the CSS?
What is the current configuration which you got on the ACE?
Can you shows this output: # show stats http?
Jorge -
ACE 4710 - Gracefully Shutting Down a Server
Hi,
Recently I had to stop an RServer to allow for software upgrades. I entered a no inservice command in the rserver config and all the connections on the serverfarm disappeared. I thought the no inservice should allow existing connections to finish. Is there another way of taking a server out of service?
We are running on an ACE 4710 version A3(2.5). We offload SSL on the ACE and use sticky connections using cookie insert
Thanks for your helpHi,
To gracefully shutdown use the "no inservice" on the rserver within the serverfarm rather than on the rserver definition.
HTH
Cathy -
Hi,
We have to ACE 4710 device in our network and we have facing device hung issue in our Primary ACE. We are not able to get management access or direct console access to the device when the issue is happened and also we are not able to reach the vlan interface IP or/VIP. Please find the below output we got through monitor that we are connected to the ACE.
Booting localboot(c4710ace-t1k9-mz.A5_1_2.bin)
kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9
600n8 quiet bigphysarea=32768
[Linux-bzImage,setup=0x1400,size=0xe75a16c]
Uncompressing linux Ok, booting the kernal.
Issue is resolved after we manually rebooted the ACE. We have collected the sh tech after the reboot.
Software version : A5 1.2
Kindly suggest what may cause this issue.
Thanks in Adavance.
Regards,
RanjithHi,
We have collected the console logs while we done the reboot. Please find the below output.
------------------------------------------------ Boot log -----------------------------------------------------------------------------
ÐS ÀS AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Broadcom NetXtreme Ethernet Boot Agent v8.1.53 Copyright (C) 2000-2005 Broadcom Corporation All rights reserved. Press Ctrl-S to Enter Configuration Menu ... Broadcom NetXtreme Ethernet Boot Agent v8.1.53 AMIBIOS(C)2005 American Megatrends, Inc. BIOS Date: 08/25/09 09:37:25 Ver: 08.00.11 CPU : Intel(R) Pentium(R) 4 CPU 3.40GHz Speed : 3.40 GHz Press F2 to run Setup Press F12 for BBS POPUP DDR2 Frequency:667 MHz, ECC Support in Dual-Channel Interleaved Mode Initializing USB Controllers .. Done. 6144MB OK USB Device(s): 1 Keyboard Auto-Detecting Pri Slave...IDE Hard Disk Pri Slave : 1GB CompactFlash Card CF B612J GRUB Loading stage2........ GNU GRUB version 0.95.1 (639K lower / 3144640K upper memory) *************************************************************************** * localboot(ACE_APPLIANCE_RECOVERY_IMAGE.bin) * * localboot(c4710ace-t1k9-mz.A5_1_2.bin) * * localboot(c4710ace-t1k9-mz.A4_2_0.bin) * * * * * * * * * * * * * * * * * * * *************************************************************************** Use the * and * keys to select which entry is highlighted. Press enter to boot the selected OS, 'e' to edit the commands before booting, or 'c' for a command-line. The highlighted entry will be booted automatically in 1 seconds. kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9 600n8 quiet bigphysarea=32768 [Linux-bzImage, setup=0x1400, size=0xe75a16c] INIT: version 2.85 booting
b4 lspci
1 Cavium device(s) found.
Bringing up NP 0
Downloading U-Boot to NP card 0
Downloading DP image to NP card 0
Starting DP image on NP card on all cores
DP image started on NP card
Setting up dynamic memory size
Initializing Shared Memory
INIT: Entering runlevel: 3
Testing PCI path for Octeon(0)....
This may take some time, Please wait ....
PCI test loop , count 0
PCI path is ready
Starting services...
Waiting for 3 seconds to enter setup mode...
Certificate & key are up to date
Installing MySQL
groupadd: group nobody exists
useradd: user nobody exists
MySQL Installed
Installing JRE
JRE Installed
Starting sysmgr processes.. Please wait...Done!!!
IDC4-INTR-ACE-01 login: admin
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
We have not found any error related to flash while booting ACE.
Regards,
Ranjith -
Hi, We have two ACE-4710-K9 (named LB01 and LB02) configured in HA mode. Besides Admin, on each of them there are tree context configured, named, ACADEMIC, COMMERCIAL, STREAMING. On LB01 the active context is ACADEMIC. On LB02 the active contexts are COMMERCIAL and STREAMING. Each context is configured with a FrontEnd and a BackEnd Vlan interface, and a "management" Vlan interface used for accessing and monitoring the device and for the downloading of the needed ssl certificates. Recently we upgraded the devices to Version A3(2.6) form a previous A3(2.4). After that upgrade we experienced some strange behaviour. From the context in STANDBY state we are not able to ping the host on the "management" Vlan interface, while there is no problem on the other Vlans. We see that the ICMP packets are sent to the Vlan, are replayed by the remote host BUT are not received at all on the LB01 or LB02. No messages in the log. Trying with 5 consecutive (failed) ping we can see that the counters of unicast packet output on LB01/LB02 Vlan is incremented by 5 BUT the unicast packets input counters is unchanged even if the remote host sent the replays. In the STREAMING context this behaviour isn't constant, ie the ping *sometimes* starts working for a few second and then returns to stop. In the other standby context the ping never works instead. In the active context all works fine. This strange problem prevents us to load the ssl certificates in the STANDBY context from the "management" Vlan. We was not able to find any reference to a similar problem in the Cisco documentation or Tac collection, so we are curious to know wheter someone else experienced such a behaviour. Thank you and best regards. Alessandro Asson - CINECA
Thanks,
I see you are using shared VLAN config in both ACE.
Same VLAN 1000 is used for both Admin and streaming context.
In this config, you may need to use the shared-vlan-host-id command as explained here:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/routing_bridging/guide/vlansif.html#wp1025243
In fact as explained:
'By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE appliances in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank, which results in the use of the same MAC addresses. To avoid this conflict, you must configure the bank that the ACEs will use.'
This would also reply to your question in the readme file:
SHOW ARP TABLE ON THE D01,D02,D07 ROUTERS SHOWS THE SAME MAC ADDRESS FOR
BOTH IP ADDRESSES OF LB01 AND LB02: is that normal ??
Hope this helps,
Dom.
Maybe you are looking for
-
16:9 Setting in Compressor 3 versus Compressor 2? URGENT...
I just upgraded to FCS2 from FCS and I have a question about Compressor 3. In Compressor 2 you had 4:3 and 16:9 presets for each sample preset (i.e. 120 minute DVD Best Quality). In Compressor 3 you no longer have this, just one preset for each bitra
-
How do I change the date format?
Sorry, but I'm new to Oracle! I'm using "sqlplusw" to build my SQL statements. When I return columns that are date fields, I get the DD-MON-YY format. I want dates to be returned in "YYYY-MM-DD HH24:MI:SS". My DBA won't change the date format on the
-
Creating PDF brochure for printing: Remove white margin
Hi guys, I created a brochure in Idesign which has a black background color. In order to print the brochure I want to create a PDF (with the right order of pages, e.g. page 1 next to page 8, 2 next to 7 etc.) via the "print function". The page order
-
Mail sending through proxy client
I have the following simple code to send mail through a SOCKS proxy client: package com.apna.beans; import java.util.Properties; import javax.mail.*; import javax.mail.internet.*; import javax.activation.DataSource; import javax.activation.FileDataSo
-
Installing certificates / missing cert authority in MX7: Can't do a CFHTTP
Hello, We are having a difficult issue and can't seem to find any documentation. We are running MX7 on windows. We installed a certificate but receive a "Connection Failure I/O Exception: peer not authenticated" when attempting to do a CFHTTP to anot