Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
3
Replies

CSS 11503 Web NS 75103 - inactiveTimeout problems

sthon-dbsys
Level 1
Level 1

‎03-02-2006 05:12 AM

Hi there,

I have a problem with the "inactiveTimeout" of tcp sessions.

I have configured no special timeout for the owner "FARM" and content 7136.

but some of the flows using this farm have an inactivity timeout of 608 sec.

Especially all flows with "Flow flg 00001119".

other flows, eg with "Flow flg 00001099" have the normal tinmeout of 16sec.

used system:

"Product Name: CSS11503-AC E0 SW Version: 07.50.1.03"

any ideas of this behaviour ?

thx in advance

greets

sascha

deetailed info:

---------------

owner FARM

content L4_TCP_7136

protocol tcp

vip address 172.21.183.235

port 7136

advanced-balance sticky-srcip

sticky-inact-timeout 10

redundant-index 30018

add service <service1>

add service <service2>

: : :

active

CSS(debug)# show flow-timeout configured

User Configured Values for Content Rule Flow Timeout

Port Content Rule Timeout

389 L4_LDAP_389 5175

389 L4_LDAP_389 5175

636 L4_LDAP_636 5175

7232 L4_TCP_7232 225

7233 L4_TCP_7233 225

1425 L4_TCP_1425 38

1426 L4_TCP_1426 38

1427 L4_TCP_1427 38

7053 L4_TCP_7053 19

7054 L4_TCP_7054 19

389 L4_TCP_389 5175

80 L4_HTTP 23

9501 L4_TCP_9501 19

9506 L4_TCP_9506 19

9501 L4_TCP_9501 19

9506 L4_TCP_9506 19

9501 L4_TCP_9501 19

9506 L4_TCP_9506 19

CSS(debug)# show flow-timeout default

TCP/IP Application Inactivity Timeout

Port In Seconds

* Default 16

2049 NFS 2

2049 NFS 2

5190-5193 AOL Chat 180

80 HTTP 8

21 FTP Control 600

20 FTP Data 600

23 Telnet 600

Labels:
0 Helpful
3 Replies 3

sthon-dbsys
Level 1
Level 1

‎03-02-2006 05:13 AM

... and now the infos of the show output:

CSS(debug)# flow-agent show active_fcbs tuple 0.0.0.0 0 172.21.183.235 7136

-------- -------------- ----- -------------- ----- -- -------- ------- --------

Flow ID Src IP SPort Dst IP DPort Pr slot sub spt dpt Flow flg

-------- -------------- ----- -------------- ----- -- -------- ------- --------

8ad8db70 172.30.74.47 1877 172.21.183.235 7136 6 1 1 1 1 00001089

8a7cd5f0 172.21.190.163 1205 172.21.183.235 7136 6 1 1 1 1 00001119

8bd89dc0 172.21.187.125 1521 172.21.183.235 7136 6 2 1 1 1 00001119

8bdf6d80 172.21.190.100 1319 172.21.183.235 7136 6 2 1 1 1 00001089

8bdd0980 172.26.83.189 1671 172.21.183.235 7136 6 2 1 1 1 00001099

8aeafda0 172.22.37.123 1661 172.21.183.235 7136 6 2 1 1 1 00001099

8aa6e5c0 172.24.227.195 1521 172.21.183.235 7136 6 2 1 1 1 00001119

8bbda240 172.30.74.47 1879 172.21.183.235 7136 6 2 1 1 1 00001099

8aab89c0 172.27.116.212 1526 172.21.183.235 7136 6 2 1 1 1 00001119

8b5a2e60 172.26.18.157 1521 172.21.183.235 7136 6 2 1 1 1 00001119

detailed flow infos for flows with "Flow flg 00001119":

-------------------------------------------------------

-> inactiveTimeout: 608

CSS(debug)# flow-agent show fcb_details 0x8b5a2e60

CSS(debug)#

Fcb Details for FCB: 0x8B5A2E60

SRC: 172.26.18.157-1521 NAT: 172.21.183.236-36220

DST: 172.21.183.235-7136 NAT: 172.21.68.28-7136

DMAC: 00-00-0c-07-ac-08 SMAC: 00-0b-be-a3-08-22

IP Hdr ChkD: 52868 TCP/UDP Hdr ChkD: 18169

TCP SequenceD: 0 Task CE: 0

BytesIn: 112714 Frames In: 1967

Dest VLAN: 159 Src/Dst Ports: 0/0

Slot/SubSlot: 2/1 SmbQ/PrcSwP: 32/0

Time Stamp / Time Out Info:

CurSecs: 11048:409, started: 3978:819 last activity: 11038

May timeout due to inactivity: Yes , inactiveTimeout: 608

Inactive Secs: 10, will timeout in: 598 secs

FCB Flags: 0x1119

0x0001 - Natting In Use

0x0000 - NOT L5 Aware

0x0000 - Non-Spoofed

0x0008 - IP/TCP Flow

0x0010 - Remote - Egress port

0x0100 - In LL List

0x1000 - Client-side

FCB FlaFlags: 0x8040

0x0040 - Is a static FCB

0x8000 - Handled an ACK

detailed flow infos for other flows as flows with "Flow flg 00001119"; eg "Flow flg 00001099":

---------------------------------------------------------------------------------------------

-> inactiveTimeout: 16

CSS(debug)# flow-agent show fcb_details 0x8bbda240

CSS(debug)#

Fcb Details for FCB: 0x8BBDA240

SRC: 172.30.74.47-1879 NAT: 172.21.183.236-36893

DST: 172.21.183.235-7136 NAT: 172.21.68.32-7136

DMAC: 00-00-0c-07-ac-08 SMAC: 00-0b-be-a3-08-22

IP Hdr ChkD: 1559 TCP/UDP Hdr ChkD: 32080

TCP SequenceD: 0 Task CE: 0

BytesIn: 3879 Frames In: 18

Dest VLAN: 159 Src/Dst Ports: 0/0

Slot/SubSlot: 2/1 SmbQ/PrcSwP: 32/0

Time Stamp / Time Out Info:

CurSecs: 11067:158, started: 11023:756 last activity: 11027

May timeout due to inactivity: Yes , inactiveTimeout: 16

New FCB time: 120, will consider inactivity in 76 secs

Inactive Secs: 40

FCB Flags: 0x1099

0x0001 - Natting In Use

0x0000 - NOT L5 Aware

0x0000 - Non-Spoofed

0x0008 - IP/TCP Flow

0x0010 - Remote - Egress port

0x0080 - In Proto List

0x1000 - Client-side

FCB FlaFlags: 0x8040

0x0040 - Is a static FCB

0x8000 - Handled an ACK

0 Helpful

kbiemer
Level 1
Level 1

‎03-02-2006 07:37 AM

(1) Have you tried: Keepalives?

keepalive uri "/keepalive/"

protocol tcp

port 80

string web5

keepalive frequency 20

(2) flow-timeout-multiplier 300 ****** we had similar issues with certin apps ***********

content citrix443

protocol tcp

port 443

application ssl

vip address 10.67.3.43

add service citrix443

flow-timeout-multiplier 300

active

Just some thoughts,

Keith

0 Helpful

sthon-dbsys
Level 1
Level 1
In response to kbiemer

‎03-02-2006 09:58 AM

the application has no problem, all is working fine.

the questions is why I have an inactivity timeout of 608 sec, where no "flow-timeout-multiplier" is configured.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card