10-25-2011 08:01 PM
How do I apply the connection parameter map in a configuration like this to the service policy int827? Do I need to define the traffic? Can I specify only one source destination flow to apply the set tcp half-closed TCP normalization against?
Any help would be appreciated.
Thank you all,
Jon
policy-map type loadbalance first-match wss-1100-l7slb
class class-default
sticky-serverfarm sticky-srcip-1100
policy-map type loadbalance first-match wss-1101-l7slb
class class-default
sticky-serverfarm sticky-srcip-1101
parameter-map type connection TCPIP_PARAM_MAP
set tcp timeout half-closed 180
policy-map multi-match int827
class wss-1100
loadbalance vip inservice
loadbalance policy wss-1100-l7slb
class wss-1101
loadbalance vip inservice
loadbalance policy wss-1101-l7slb
interface vlan 827
bridge-group 1
no normalization
access-group input etherany
access-group input ip-any-any
access-group output ip-any-any
service-policy input mgmt
service-policy input int827
no shutdown
interface vlan 828
bridge-group 1
no normalization
access-group input etherany
access-group input ip-any-any
access-group output ip-any-any
no shutdown
interface bvi 1
mac-address autogenerate
ip address x.x.x.6 255.255.255.0
peer ip address x.x.x.7 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 x.x.x.1
10-30-2011 09:40 PM
Yes, you always need to define interesting traffic to apply the connection parameter-map. If you apply "tcp timeout half-closed" to any traffic then you need to define class-map with 0.0.0.0. If you want to apply the
"tcp timeout half-closed" to the current class-map, then you can assoicate it with a multi-match policy map as below :
The service policy always applies to the incoming interface.
...
parameter-map type connection TCPIP_PARAM_MAP
set tcp timeout half-closed 180
policy-map multi-match int827
class wss-1100
loadbalance vip inservice
loadbalance policy wss-1100-l7slb
connection advanced-options
class wss-1101
loadbalance vip inservice
loadbalance policy wss-1101-l7slb
connection advanced-options
...
Just one more side note for the timeout parameter. The timeout value (default or other wise) remains the same irrespective of normalization or no norm.
If you have a parameter map configured for timeout then it should still take in affect when you have normalization disabled.
The only difference is that with normalization enabled, ACE will send a reset back after the timeout expires and will silently drop it when no norm is configured.
regards
Andrew
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: