Asynchronous Flow through CSM

hoelpf1 · ‎04-09-2005

We are using an application where the vendor has requested that the traffic FROM the servers go directly to the client rather than back through the CSM, (They're pushing a lot of data).

This is on 6500's with sup720's with a WS-x6066-SLB-APC.

We accomplished this by using no nat server (no nat client is also in effect) for the server farm, and having the server use the default-gateway of the subnet rather than the CSM.

Is this correct? Do I need to be wary of anything? One thing I am noticing is that the status of connections is all FINCLIENT, of course, because the CSM never sees the FINACK from the server.

Can I just clean up the connections by setting the timeout to like 30 minutes?

Thanks in Advance,

Peter

Gilles Dufour · ‎04-10-2005

use the command 'unidirectional' under the vserver to tell the CSM it will only see client traffic.

This will prevent the CSM to kill the connection.

If the CSM does not see traffic from server within pending timeout, the CSM assumes the server is dead and it removes the connection from its flow table.

Regards,

Gilles.

hoelpf1 · ‎04-11-2005

Thanks for the reply Gilles.

So if the sticky timeout is set to 30 minutes if the "unidirectional" command is not applied then it would see the session as inactive and tear it down after 30 minutes whether there was traffic or not, right?

So does the sticky timeout work off of how long a session is IDLE? In other words after 30 minutes of IDLE time or Inactivity the CSM tears down the connection? Or is it after 30 Minutes of any time it looks to reassign the connection?

Gilles Dufour · ‎04-12-2005

this is not the sticky timeout but the "pending" timeout.

This is a very short timeout.

The CSM expect to see 2-way traffic within the pending timeout.

If no traffic is received from the server, the session is removed.

However, I forgot to mention that some protocol automatically set the 'unidirectional' function.

For example : UDP.

You can see if a vserver is unidirectional or bidirectional by doing a 'sho mod csm X vser name detail'

The sticky timeout is linked to new session only.

If you have a sticky timeout of 30 minutes and there is no new session coming in within this time, the CSM will simply remove the stick entry.

Gilles.

hoelpf1 · ‎04-12-2005

Thanks. missed the "pending timeout" reference in the previous post. Do you know is there any documentation for what I called "Asynchronous Flow" and what is the real term for this kind of set up.

We set the no nat server, and then set a loopback on the servers with same address of VIP and the loopback has no def. gateway, so it uses the GW of the vlan, and traffic returns via the router interface and not the CSM. However, when I give this command:

sh mod csm 5 conns vserver soft

where soft is the name of the vserver, 200 is the server VLAN, 250 is the client VLAN and 10.200.250.26 is the VIP. I get this output:

In TCP 250 10.40.10.29:2376 10.200.250.26:554 ESTAB

Out TCP 200 10.200.250.26:554 10.40.10.29:2376 ESTAB

In TCP 250 10.10.20.229:1955 10.200.250.26:50815 ESTAB

Out TCP 200 10.200.250.26:50815 10.10.20.229:1955 ESTAB

In TCP 250 10.10.28.203:1297 10.200.250.26:80 ESTAB

Out TCP 200 10.200.250.26:80 10.10.28.203:1297 ESTAB

With our setup I can't figure out why the CSM has any OUT traffic, it should not be aware of the return traffic should it?