Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2187
Views
0
Helpful
2
Replies

cisco ace prope TCP

erik.vandenbergh
Level 1
Level 1

‎06-16-2011 02:19 AM

Hi,

I have created a TCP probe port 9099, but I have always have a failure

probe tcp PR_SmartBike-Antwerp_9099

  port 9099

  interval 10

  faildetect 2

  passdetect interval 60

  receive 3

  connection term forced

Is it possible that that the ace is still waiting for an answer from the server? If I read this I gues it is/

Initiates a TCP 3-way handshake (SYN, SYN-ACK, ACK) and expects the server to send a response. By default, a successful response causes the probe to mark the server as passed and send a FIN to end the session. If the response is not valid or if there is no response, the probe marks the server as failed.

This is some data I see 

2011-06-06 19:43:12.325702 IP 172.16.56.4.4901 > 172.16.57.11.9099: S 686345311:686345311(0) win 5840 <mss 1460,sackOK,timestamp 395707542 0,nop,wscale 0>

2011-06-06 19:43:12.325841 IP 172.16.57.11.9099 > 172.16.56.4.4901: S 1975372337:1975372337(0) ack 686345312 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 1632036 395707542>

2011-06-06 19:43:12.326028 IP 172.16.56.4.4901 > 172.16.57.11.9099: . ack 1 win 5840 <nop,nop,timestamp 395707542 1632036>

2011-06-06 19:43:12.326130 IP 172.16.56.4.4901 > 172.16.57.11.9099: R 1:1(0) ack 1 win 5840 <nop,nop,timestamp 395707542 1632036>

Labels:
0 Helpful
2 Replies 2

Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-16-2011 04:45 AM

Hi Erik,

With the config you have, the ACE should establish a TCP handshake with the destination server (sends SYN, expect SYN-ACK, sends ACK) then will send a reset to the server ( because of the "connection term forced" configured).

I tested to tcpdump a 3WHS on my machine and got something quite similar to wat you had:

11:30:25.874657 IP CDN-WAVE-474-1.cisco.com.49776 > bsns-fs.cisco.com.www: SWE 696841843:696841843(0) win 5840 


11:30:25.874930 IP bsns-fs.cisco.com.www > CDN-WAVE-474-1.cisco.com.49776: SE 2006130139:2006130139(0) ack 696841844 win 5792 


11:30:25.874973 IP CDN-WAVE-474-1.cisco.com.49776 > bsns-fs.cisco.com.www: . ack 1 win 23

To see the reason why the probe is failing, maybe you could check the output of the "show probe PR_SmartBike-Antwerp_9099 detail"?

This should give you the reason the probe is failing under the "Last disconnect err" part of the output.

If it doesn't, maybe you could take a pcap capture of the communication between the ACE and the backend server to see what is happening at packet level?

Regards,

Nicolas

0 Helpful

the-great-l0k1
Level 1
Level 1

‎06-16-2011 01:24 PM

from the failed ACE  view, is your rserver behind another ACE, or some kind of applicationn FW that creates a reverse proxy?

Telnet from the ace to your real server over the probe port an post the pcap file plz. with the caps taken from de rserver  or from a monitor session over the switch connecting to this rsever.

The-great-l0k1

mx

0 Helpful
Customers Also Viewed These Support Documents