Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
1
Replies

CSS 11000 flow port timeout

andrew.thomson
Level 1
Level 1

‎06-01-2005 06:59 AM

We have some CSS 11000 running 6.1 and need to protect some long lived tcp connections.

I would like some advice on which port_numbers to include in a

flow port port_number timeout value

command, in order to ensure neither front end or backend flows get reclaimed by garbage collection within the inactivity timeout period.

We have a one armed configuration with source groups and a port defined in both the content rule and the service definitions.

So if we are port mapping the destination port in the content rule (say 389) with a destination port in the backend service (say 23456) which do we include a flow port timeout for, 389, 23456 or both?

I assume we do not worry about the source ports on either the front end or back end connections?

Many thanks.

Andrew T

Labels:
0 Helpful
1 Reply 1

thomas.chen
Level 6
Level 6

‎06-07-2005 04:32 AM

The CSS uses and automatic garbage-collector for removing inactive flows. This is not customizable

sofar. To avoid the garbage collection to be performed for specific TCP ports you should then use this

command:

(config) flow permanent

To define a set of TCP ports that will have permanent connections and not be reclaimed by the CSS

when they are inactive, use the flow permanent command. You can define up to four ports. Use the no

form of this command to disable a

permanent connection by setting its port number to 0.

flow permanent [port1|port2|port3|port4] port_number

no flow permanent [port1|port2|port3|port4]

Syntax Description

port_number is the number of the port. Enter an integer from 0 to 65535. The default is 0 which

disables the port.

On the CSS the user can configure up to 10 permanent ports which will never be garbage collected.

The problem of course is that the CSS can then run out of FCBs (Flow Control Blocks) if flows are

not properly terminated. I recommend running a cmd-sched script with the perm ports so that

periodically then can be removed and the older flows cleaned up. This script should consist of 2

scheduled commands, one for removing the flow permanent on the ports that you configured and another one one tha re-enables it after 10 minutes (to allow the CSS to delete all flows).

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card