05-09-2008 10:12 AM
Hello all,
I have a CSS11506 with the following config...
!************************** SERVICE **************************
service pas_main_uswrnsa0ptf01_11111
ip address 172.16.25.30
keepalive type tcp
keepalive port 11111
port 11111
active
service pas_main_uswrnsa0ptf02_11111
ip address 172.16.25.31
keepalive type tcp
keepalive port 11111
port 11111
active
service pas_main_uswrnsa0ptf03_11111
ip address 172.16.25.32
keepalive type tcp
keepalive port 11111
port 11111
active
service pas_main_uswrnsa0ptf04_11111
ip address 172.16.25.33
keepalive type tcp
keepalive port 11111
port 11111
active
!*************************** OWNER ***************************
owner PAS
content PAS-pas_main-2008-11111
vip address 123.123.130.222
protocol tcp
port 11111
url "/*"
balance aca
application ssl
add service pas_main_uswrnsa0ptf01_11111
add service pas_main_uswrnsa0ptf02_11111
add service pas_main_uswrnsa0ptf03_11111
add service pas_main_uswrnsa0ptf04_11111
active
!*************************** GROUP ***************************
group PAS-pas_Dgraphs
vip address 172.16.25.11
add destination service pas_main_uswrnsa0ptf01_11111
add destination service pas_main_uswrnsa0ptf02_11111
add destination service pas_main_uswrnsa0ptf03_11111
add destination service pas_main_uswrnsa0ptf04_11111
active
I can access my servers just fine, but when issuing the 'show flows' command, I do not see my traffic... even though I can see my hit counters incrementing.
NOTE: The 'application ssl' command is something new for us, so I thought it may be related to this.
Any ideas?
Thanks,
-Adam
05-09-2008 12:29 PM
Try
llama
flow-agent show active_fcbs
exit
Or a
show flows 0.0.0.0
Gilles.
05-09-2008 02:21 PM
Gilles,
Still not seeing the flows.
Anything else you could recommend? Could the 'application ssl' config have anything to do with this behavior?
Thanks,
-Adam
05-12-2008 10:49 PM
if you do not see any flow, there is no active flows !!
The flow-agent command does look at HW level for connections. If it does not return anything, it means there is no ACTIVE flow.
Gilles.
05-14-2008 12:31 PM
Gilles,
The target IP is the content VIP 123.123.130.222 (as shown in my CSS config). However, I am testing from one of the four servers (services) associated with this content rule. Could that be causing the problem with the CSS not seeing these flows?
For example...
I am sitting on server uswrnsa0ptf01 and I test to the content VIP 123.123.130.222... and it works... but I see know flows in the CSS.
I've attached a drawing showing our network topology.
Thanks,
-Adam
05-15-2008 04:38 AM
try to open a telnet session to your VIP IP:PORT.
Do not close the telnet session and check with a 'show flows 0.0.0.0' if you see any flow.
It should not matter if you open the connection from the server or not.
G.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide