Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
4
Replies

Css flow timeout on routed traffic

Sbutzek
Level 1
Level 1

‎02-22-2005 11:10 AM

Hello,

i am confided how the css handels the Flow-Timeout on connections witch are going over a Content rule or a Group.

This can be controlled via the flow-timeout-multiplier which is configured per rule or group.

But how are routed connections handeld?

They have a timeout of 16 seconds if there is no other timeout specified for the TCP Port.

So if a flow is timed out and the client or server is sending data on this connection, is there a tcp-rst generated from the css or will there be a new flow generated and the packed is routed as any normal L3 switch does?

I am asking, because we have changed some timeouts on content rules on the a css which does the SLB.

Another css is also in the path, because it does FWLB and SLB in another direction.

Also i have a question about debuging?

Is there a way to see if a 3-way handshake has been perfomed between Client and Server?

Sometimes i see some flows (llama; flow-agent show fcb-detail) which have no bytes transfered, but they are timing out after 120 sec inactivity.

Best Regards

Sven Butzek

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-24-2005 02:34 AM

You can control the timeout with the command 'flow port1 timeout ' [only in recent releases].

For the SYN question, I would say you have to check the 'frame in' counter in the 'flow-ag show fcb 0x...' or 'flow display 0x...'

Flow statistics bytesIn = 1371 framesIn = 7

Regards,

Gilles.

0 Helpful

Sbutzek
Level 1
Level 1
In response to Gilles Dufour

‎03-03-2005 01:46 PM

Hello Gilles,

the flow portx command is as you said only abiable in recent releases.

I think in SG Version it is not implemented.

Theres a flow port permanent statement.

Both of the commands do only work for 10 TCP Ports.

I do not understand why this feature is not implemented the same way as it is for the content rules.

Also my question is not fully replied.

Does the css also cut routed flows that timed out and sends a rst packet, or does it build up a new flow?

Best Regards

Sven Butzek

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Sbutzek

‎03-04-2005 05:55 AM

The 'flow port timeout' exist in 7.40

The routed flow will also timeout.

However, when the next packet comes in, a new flow can be created if there is no Nating involved.

[no sourcegroup].

Regards,

Gilles.

0 Helpful

Sbutzek
Level 1
Level 1
In response to Gilles Dufour

‎03-09-2005 12:55 AM

Hello Gilles,

thats what i want to know.

So there will be no problem with the timout.

Best Regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card