10-25-2011 08:01 PM
How do I apply the connection parameter map in a configuration like this to the service policy int827? Do I need to define the traffic? Can I specify only one source destination flow to apply the set tcp half-closed TCP normalization against?
Any help would be appreciated.
Thank you all,
Jon
policy-map type loadbalance first-match wss-1100-l7slb
class class-default
sticky-serverfarm sticky-srcip-1100
policy-map type loadbalance first-match wss-1101-l7slb
class class-default
sticky-serverfarm sticky-srcip-1101
parameter-map type connection TCPIP_PARAM_MAP
set tcp timeout half-closed 180
policy-map multi-match int827
class wss-1100
loadbalance vip inservice
loadbalance policy wss-1100-l7slb
class wss-1101
loadbalance vip inservice
loadbalance policy wss-1101-l7slb
interface vlan 827
bridge-group 1
no normalization
access-group input etherany
access-group input ip-any-any
access-group output ip-any-any
service-policy input mgmt
service-policy input int827
no shutdown
interface vlan 828
bridge-group 1
no normalization
access-group input etherany
access-group input ip-any-any
access-group output ip-any-any
no shutdown
interface bvi 1
mac-address autogenerate
ip address x.x.x.6 255.255.255.0
peer ip address x.x.x.7 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 x.x.x.1
10-30-2011 09:40 PM
Yes, you always need to define interesting traffic to apply the connection parameter-map. If you apply "tcp timeout half-closed" to any traffic then you need to define class-map with 0.0.0.0. If you want to apply the
"tcp timeout half-closed" to the current class-map, then you can assoicate it with a multi-match policy map as below :
The service policy always applies to the incoming interface.
...
parameter-map type connection TCPIP_PARAM_MAP
set tcp timeout half-closed 180
policy-map multi-match int827
class wss-1100
loadbalance vip inservice
loadbalance policy wss-1100-l7slb
connection advanced-options
class wss-1101
loadbalance vip inservice
loadbalance policy wss-1101-l7slb
connection advanced-options
...
Just one more side note for the timeout parameter. The timeout value (default or other wise) remains the same irrespective of normalization or no norm.
If you have a parameter map configured for timeout then it should still take in affect when you have normalization disabled.
The only difference is that with normalization enabled, ACE will send a reset back after the timeout expires and will silently drop it when no norm is configured.
regards
Andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide