Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1826
Views
0
Helpful
1
Replies

ACE failing server out using TCP health probe

troyschmid
Level 1
Level 1

‎07-26-2011 01:59 PM

We have a mix of ACE20s and ACE30s currently and I am seeing the ACE in both HW platforms failing out our servers sporadically after a sucessful TCP handshake.  Here is the configuration:

probe tcp TCP-25

   port 25

   interval 25

   faildetect 2

   passdetect interval 90

   open 10

When I do a show probe TCP-25 detail I see the default recv timeout is 10.

I captured a trace between the ACE and the server.  When the health probes pass I see a good 3 way TCP handshake, then 50ms later the server sends a SMTP 220 then ace from ace, fin ack from ace and graceful TCP termination occurs.  When the probe fails I see a sucessful TCP handshake but the ACE sends FIN ACK 47ms after it sends ACK for the TCP connection.  Server then sends ACK and ACE sends RST.

Shouldn't ACE wait 10 seconds in this example for server to respond after TCP handshake?

Labels:
0 Helpful
1 Reply 1

troyschmid
Level 1
Level 1

‎07-27-2011 08:27 AM

TAC/Martin Nash was very helpful in explaining this.  The TCP 3 way handshake was sucessful, but the ACE sent a FIN ACK as expected, but after the server sent an ACK the server did not send a FIN ACK so the ACE marked it down.  The health check not only requires a 3 way handshake, but a clean teardown of the TCP session.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card