Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3779
Views
0
Helpful
1
Replies

Applying ACE connection parameter map?

pattyj
Level 1
Level 1

‎10-25-2011 08:01 PM

How do I apply the connection parameter map in a configuration like this to the service policy int827?  Do I need to define the traffic?  Can I specify only one source destination flow to apply the set tcp half-closed TCP normalization against?

Any help would be appreciated.

Thank you all,

Jon

policy-map type loadbalance first-match wss-1100-l7slb

  class class-default

    sticky-serverfarm sticky-srcip-1100

policy-map type loadbalance first-match wss-1101-l7slb

  class class-default

    sticky-serverfarm sticky-srcip-1101

parameter-map type connection TCPIP_PARAM_MAP

set tcp timeout half-closed 180

policy-map multi-match int827

  class wss-1100

    loadbalance vip inservice

    loadbalance policy wss-1100-l7slb

  class wss-1101

    loadbalance vip inservice

    loadbalance policy wss-1101-l7slb

interface vlan 827
  bridge-group 1
  no normalization
  access-group input etherany
  access-group input ip-any-any
  access-group output ip-any-any
  service-policy input mgmt
  service-policy input int827
  no shutdown

interface vlan 828
  bridge-group 1
  no normalization
  access-group input etherany
  access-group input ip-any-any
  access-group output ip-any-any
  no shutdown


interface bvi 1
  mac-address autogenerate
  ip address x.x.x.6 255.255.255.0
  peer ip address x.x.x.7 255.255.255.0
  no shutdown

ip route 0.0.0.0 0.0.0.0 x.x.x.1

Labels:
0 Helpful
1 Reply 1

Andrew Nam
Level 1
Level 1

‎10-30-2011 09:40 PM

Yes, you always need to define interesting traffic to apply the connection parameter-map. If you apply "tcp timeout half-closed" to any traffic then you need to define class-map with 0.0.0.0. If you want to apply the

"tcp timeout half-closed" to the current class-map, then you can assoicate it with a multi-match policy map as below :

The service policy always applies to the incoming interface.

......

parameter-map type connection TCPIP_PARAM_MAP

set tcp timeout half-closed 180

policy-map multi-match int827

  class wss-1100

    loadbalance vip inservice

    loadbalance policy wss-1100-l7slb

    connection advanced-options

  class wss-1101

    loadbalance vip inservice

    loadbalance policy wss-1101-l7slb

    connection advanced-options

......

Just one more side note for the timeout parameter. The timeout value (default or other wise) remains the same irrespective of normalization or no norm.

If you have a parameter map configured for timeout then it should still take in affect when you have normalization disabled.

The only difference is that with normalization enabled, ACE will send a reset back after the timeout expires and will silently drop it when no norm is configured.

regards

Andrew

0 Helpful
Customers Also Viewed These Support Documents