Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
0
Helpful
1
Replies

CSS11506 - flow-timeout-multiplier

a.veschak
Level 1
Level 1

‎05-06-2008 06:12 AM

Hello,

I have a pair of Sun Directory Proxy servers behind our CSS with the following config...

<<< START CONFIG >>>

!************************** SERVICE **************************

service DirProxy_mmcdif22_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.72

active

service DirProxy_mmcdif62_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.76

active

!*************************** OWNER ***************************

owner Security

content DirProxy_pdd4_636

add service DirProxy_mmcdif22_636

add service DirProxy_mmcdif62_636

protocol tcp

port 636

vip address 123.123.102.201

balance aca

flow-timeout-multiplier 200

active

!*************************** GROUP ***************************

group v4DirProxy_group

add destination service DirProxy_mmcdif22_636

add destination service DirProxy_mmcdif62_636

vip address 172.16.30.12

active

<<< END CONFIG >>>

During a recent outage of mmcdif62, all existing connections appear to have been 'orphaned' on the CSS for approximately 53 minutes... which correlates with the 'flow-timeout-multiplier 200' config on this content rule.

Is there any way to overcome these 'orphaned' connections during a failure scenario as shown above?

Also, is it possible to configure the CSS to act upon source IP address info? If so, perhaps this would be a solution to our problem.

Thanks,

-Adam

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-06-2008 10:42 AM

Adam,

we consider the application should recover from this by itself.

If the client keeps retransmitting and the server does not respond, the application should reset the connection and open a new one which would then be loadbalanced to a working server.

The ACE module has a feature to automatically kill connections linked to a dead server.

Unfortunately this feature does not exist on the CSS.

Regarding the client ip address, you have configured a group to do client nat.

The server will therefore lose the client info.

This is however not related to the connection hang issue.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card