ACE. Slow Service

Jaime Soto Valenzuela · ‎07-20-2010

Hi,

I have understood it is not advisable to install the ACE in some jumps L3, but the ideal is to have the servers directly connected to the ACE (through an L2 SW).

We are seeing a slow network with a Web service that we are load balancing. The ACE is installed in the customer LAN (since there are other services balanced) but services are slow to be found in the DMZ so they have to go through several devices before getting to the servers (the ACE is operating in One-Arm Mode). Could be this type of installation the problem of slow service?. The data flow must travel a long way to reach the destination.

With the command "sh service-policy summ" I see a lot of conn drop.

Thanks and regards.

Jaime.

Gilles Dufour · ‎07-21-2010

No, having the servers several hops away is normally not the cause of slow response time.

However, it makes it difficult to find where the delay comes from since each device in the path could have a problem.

You should get a sniffer trace, capture all traffic going to/from the ace when experiencing slow response.

Then do the same capture when going directly to the server.

Then check the difference between the 2 traces.

Gilles.

Jaime Soto Valenzuela · ‎07-22-2010

Ok Gilles, Thanks.

I have other question:

ACE-CC/Contexto_B# sh servic summ

service-policy: LB-VIP
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
VIP_TAMW_80 172.16.10.150 tcp eq 80 1,10 IN-SRVC 210 1509843 122052

Do the Conns Drop refers to connections from the ACE to Real Server or from the client to the ACE?.

Regards,

Jaime.

Gilles Dufour · ‎07-23-2010

It counts all the reason for the connection either client-ace or ace-server to be dropped.

That could simply be the server not responding, or responding with a RST...or normalization killing the connection because violating some tcp rules.

Gilles.