CSS11000 - Configuring Maximum TCP Connections

Greenwolf · ‎05-19-2005

Hi,

Maybe this is a stupid question. But I'm going to ask it anyway :)

If I set the max connection on a service can I redirect the connections that are over the max connection to an error page?

Or I'm I looking in the wrong place. I'll try to explain what I’m trying to do.

I want to protect my application servers, if my application servers reaches a certain threshold I want to redirect the connection to a error page.

How should I tackle this problem.

Thanks in advance for your help.

Geert

Gilles Dufour · ‎05-20-2005

Geert,

you can have a redirect.

That's not a stupid thing to do :-)

A lot of people use this.

Simply configure your service with maxconn and create a redirect service that you can configure as a sorryserver under your content rule.

When all services have reached maxconn, the redirect service will kick in and redirect all traffic.

Using CCO search engine, you should be able to find sample config for the configuration of redirect service [let me know if you don't].

Regards,

Gilles.

Greenwolf · ‎05-24-2005

Hi Gilles,

First of all I wanted to thank you for help. Very kind of you to take time helping us.

Second of all I want to apologies for my first post. I should have been clearer about the problem.

Let me try again.

Our web servers connect to our backend vip. Now the specific application doesn’t like being switched from one server to the other while in the same session. We tried to solve this problem but we didn’t succeed.

Now we gave up balancing that application.

But now we want to set a limit on how much connections can flow to that one application server. So the application server won’t give up under high load.

Now when the load goes above a certain value we want to display an error page. Something like sorry try again later. But if server 1 crashes we want all connection goes to server 2. We don’t want the connections to go to server 2 when the max of connections is reached. Because than we want to see the error page.

When I tried to create a redirect service to an url I got :

%% Cannot have a redirect service on a Layer 4 rule.

Now the redirect to an error page isn’t a real must. More a nice to have. But what we would like is that the server2 only takes over if server1 is down and not when the max connections is reached.

Now this is what I have by now. But now I’m a little bit stuck. We noticed than if we are load testing the webserver thinks app1 is down because it reaches the max connections and goed to server two. Witch we don’t want.

service geert

type redirect

keepalive type none

redirect-string "www.cisco.com"

active

service cisco_1

ip address xxx.xxx.xxx.xxx

protocol tcp

keepalive type tcp

port xxxx

keepalive port xxxx

string 5

max connections 40

active

service cisco_2

ip address xxx.xxx.xxx.xxx

protocol tcp

keepalive type tcp

port xxxx

keepalive port xxxx

string 5

max connections 40

active

content cisco

protocol tcp

port xxxx

vip address xxx.xxx.xxx.xxx

add service cisco_1

primarySorryServer cisco_2

flow-reset-reject

active

with kind regards,

Geert

Gilles Dufour · ‎05-24-2005

Geert,

unfortunaly there is no way for the css to differentiate a server down from a server who reached maxconn.

The only way would be to use a script keepalive for service2, that checks the status of service1.

If the number of conns reach the max, service2 would be taken down and the redirect service would kick in.

If service1 crashes, service2 can take over.

Such a script is not that much difficult to write

Gilles.

Greenwolf · ‎05-24-2005

Hi Gilles,

Thank you for you very quick answer.

I'm looking through the Cisco Content Services Switch

Advanced Configuration guide as I'm typing this post.

Tomorrow morning at work I'll try to learn some css scripting in a hurry. You definetely pointed me in the right direction. Thanks for that.

Just a small remark what is easy for a CCIE can be difficult for a CCNA :)

But Thanks,

Geert

Greenwolf · ‎05-24-2005

Hi Gilles,

In worst case scenario I'm going to drop the app2 server and go directly to the error page as primary sorry service. And if needed manually failover to app2 untill I master css scripting :)

add service app1 - active

add service app2 - disable

primary sorry server redirect service

I tryed that this afternoon but than I got the error I stated a post or two ago. But tomorrow I'll try this again with a fresh head and courage (and the manual by my side).

Geert

Greenwolf · ‎05-25-2005

Hi,

Sorry to disturb you again but can you maybe tell me how I put the number of present connections of a service in a variable?

with kind regards,

Geert

Gilles Dufour · ‎05-26-2005

Geert,

you have to do a 'sho service | grep -u "Total Connections:"'

The line matching the grep will be place in a variable called ${UGREP}.

You can then extrace the value you need.

More info at :

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157804.html#1004331

Regards,

Gilles.

Greenwolf · ‎05-26-2005

Hi Gilles,

Thanks for the help. I really appreciate it.

I'm very satisfied about the response of this forum.

But in the meantime I went through the manuals (RTFM :) ) and after some try and error in the development environment I came to the following script:

no echo

set CONTINUE_ON_ERROR "1"

set Status "0"

set UGREP "0"

show service XXXX | grep -u "State:"

set Status "${UGREP}[4]"

socket connect host xxx.xxx.xxx.xxx port xxxx tcp

set flag "${SOCKET}[*]"

if Status "==" "Alive"

!service state DOWN

exit script 1

endbranch

if Status "NEQ" "Alive"

if ${flag} "==" "char"

!service state DOWN

exit script 1

endbranch

if ${flag} "==" "int"

!service state ALIVE

exit script 0

endbranch

no set CONTINUE_ON_ERROR

echo

Now I will post everything here later tomorrow. Now I'm cleaning up over here and then going home.

Witch some new acquired knowdledge.

Really thank you for the pointers they where very helpfull.

Geert