https://community.cisco.com/t5/application-networking/css-11000-flow-port-timeout/m-p/414297#M7470 <P>We have some CSS 11000 running 6.1 and need to protect some long lived tcp connections.</P><P></P><P>I would like some advice on which port_numbers to include in a</P><P></P><P>flow port port_number timeout value</P><P></P><P>command, in order to ensure neither front end or backend flows get reclaimed by garbage collection within the inactivity timeout period.</P><P></P><P>We have a one armed configuration with source groups and a port defined in both the content rule and the service definitions.</P><P></P><P>So if we are port mapping the destination port in the content rule (say 389) with a destination port in the backend service (say 23456) which do we include a flow port timeout for, 389, 23456 or both?</P><P></P><P>I assume we do not worry about the source ports on either the front end or back end connections?</P><P></P><P>Many thanks.</P><P></P><P></P><P>Andrew T</P> Wed, 01 Jun 2005 13:59:01 GMT andrew.thomson 2005-06-01T13:59:01Z https://community.cisco.com/t5/application-networking/css-11000-flow-port-timeout/m-p/414297#M7470 <P>We have some CSS 11000 running 6.1 and need to protect some long lived tcp connections.</P><P></P><P>I would like some advice on which port_numbers to include in a</P><P></P><P>flow port port_number timeout value</P><P></P><P>command, in order to ensure neither front end or backend flows get reclaimed by garbage collection within the inactivity timeout period.</P><P></P><P>We have a one armed configuration with source groups and a port defined in both the content rule and the service definitions.</P><P></P><P>So if we are port mapping the destination port in the content rule (say 389) with a destination port in the backend service (say 23456) which do we include a flow port timeout for, 389, 23456 or both?</P><P></P><P>I assume we do not worry about the source ports on either the front end or back end connections?</P><P></P><P>Many thanks.</P><P></P><P></P><P>Andrew T</P> Wed, 01 Jun 2005 13:59:01 GMT https://community.cisco.com/t5/application-networking/css-11000-flow-port-timeout/m-p/414297#M7470 andrew.thomson 2005-06-01T13:59:01Z https://community.cisco.com/t5/application-networking/css-11000-flow-port-timeout/m-p/414298#M7471 <HTML><HEAD></HEAD><BODY><P>The CSS uses and automatic garbage-collector for removing inactive flows. This is not customizable</P><P>sofar. To avoid the garbage collection to be performed for specific TCP ports you should then use this</P><P>command:</P><P></P><P>(config) flow permanent</P><P></P><P>To define a set of TCP ports that will have permanent connections and not be reclaimed by the CSS</P><P>when they are inactive, use the flow permanent command. You can define up to four ports. Use the no</P><P>form of this command to disable a </P><P>permanent connection by setting its port number to 0.</P><P></P><P>flow permanent [port1|port2|port3|port4] port_number</P><P>no flow permanent [port1|port2|port3|port4]</P><P></P><P>Syntax Description </P><P>port_number is the number of the port. Enter an integer from 0 to 65535. The default is 0 which</P><P>disables the port.</P><P>On the CSS the user can configure up to 10 permanent ports which will never be garbage collected.</P><P>The problem of course is that the CSS can then run out of FCBs (Flow Control Blocks) if flows are</P><P>not properly terminated. I recommend running a cmd-sched script with the perm ports so that</P><P>periodically then can be removed and the older flows cleaned up. This script should consist of 2</P><P>scheduled commands, one for removing the flow permanent on the ports that you configured and another one one tha re-enables it after 10 minutes (to allow the CSS to delete all flows).</P></BODY></HTML> Tue, 07 Jun 2005 11:32:02 GMT https://community.cisco.com/t5/application-networking/css-11000-flow-port-timeout/m-p/414298#M7471 thomas.chen 2005-06-07T11:32:02Z