Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3220
Views
0
Helpful
1
Replies

functionality of "timeout activeconns" command on ACE module

Juraj Podhajecky
Level 1
Level 1

‎09-09-2011 05:19 AM

Hi all,

i have a question regarding functionality of "timeout activeconns" command on ACE module.

Deployment:

  • we have serverfarm named WSA containing following rservers - HTTP_PROXY_1, HTTP_PROXY_2, HTTP_PROXY_101, HTTP_PROXY_102
  • HTTP_PROXY_1, HTTP_PROXY_2 are primary
  • HTTP_PROXY_101 is standby for HTTP_PROXY_1
  • HTTP_PROXY_102 is standby for HTTP_PROXY_2
  • we use „Host stickness“ to ensure that all connections to the same destination are always balanced via particular rserver

Problem:

  • after failure of primary HTTP_PROXY_1 traffic is normally redirected to standby rserver HTTP_PROXY_101
  • after recovery of primary rserver HTTP_PROXY_1 active connections keep balanced via backup rserver HTTP_PROXY_101 - because of stickness
  • we use "timeout activeconns" in order to rebalance all the traffic back to primary rserver HTTP_PROXY_1 after its recovery
  • we expected that "timeout activeconns" would clear sticky entries binded to HTTP_PROXY_101 after the timeout times out
  • the problem is that "sticky entries" never times out and the timer is not decreasing while there are active connections over the sticky entry to backup rserver HTTP_PROXY_101
  • we have only limited liceses on HTTP_PROXY_101 and  HTTP_PROXY_102, which is the reason why we don`t want the traffic to flow via these standby/backup rservers while primary HTTP_PROXY_1, HTTP_PROXY_2 are up and healthy

"Cisco Application Control Engine Module Server Load-Balancing Configuration Guide" says:

To specify that the ACE time out HTTP header sticky table entries even if active connections exist after the sticky timer expires, use the timeout activeconns command in sticky-header configuration mode.

Is this a correct behaviour of "timeout activeconns" that timer is not  decreasing while there are active connection over the sticky entry - see  the show below? How can i achieve that ACE would clear entries in  sticky database while there are active connections over the sticky  entry?? (manual clearing using clear command is not acceptable).

Thanks for help. Juraj.

ACE Software:

  loader:    Version 12.2[121]

  system:    Version A23.3 [build 3.00A23.3]

  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_3_3.bin

Part of configuration:

ACE# sh run serverfarm

serverfarm host WSA

  predictor leastconns

  probe http-check-head-p3128

  rserver HTTP_PROXY_1

    backup-rserver HTTP_PROXY_101

    inservice

  rserver HTTP_PROXY_101

    inservice standby

  rserver HTTP_PROXY_102

    inservice standby

  rserver HTTP_PROXY_2

    backup-rserver HTTP_PROXY_102

    inservice

ACE# sh run sticky

sticky http-header Host PROXY-STICKY

  timeout 5

  timeout activeconns

  replicate sticky

  serverfarm WSA

Sticky database:

ACE# sh sticky database http-header www.google.com

sticky group : PROXY-STICKY

type         : HTTP-HEADER

timeout      : 5             timeout-activeconns : TRUE

  sticky-entry          rserver-instance                 time-to-expire flags  

  ---------------------+--------------------------------+--------------+-------+

  777363217642740741    HTTP_PROXY_101:0                 297            -

ACE# sh sticky database http-header www.google.com

sticky group : PROXY-STICKY

type         : HTTP-HEADER

timeout      : 5             timeout-activeconns : TRUE

  sticky-entry          rserver-instance                 time-to-expire flags  

  ---------------------+--------------------------------+--------------+-------+

  777363217642740741    HTTP_PROXY_101:0                 298            -

ACE# sh sticky database http-header www.google.com

sticky group : PROXY-STICKY

type         : HTTP-HEADER

timeout      : 5             timeout-activeconns : TRUE

  sticky-entry          rserver-instance                 time-to-expire flags  

  ---------------------+--------------------------------+--------------+-------+

  777363217642740741    HTTP_PROXY_101:0                 299            -

ACE# sh sticky database http-header www.google.com

sticky group : PROXY-STICKY

type         : HTTP-HEADER

timeout      : 5             timeout-activeconns : TRUE

  sticky-entry          rserver-instance                 time-to-expire flags  

  ---------------------+--------------------------------+--------------+-------+

  777363217642740741    HTTP_PROXY_101:0                 299            -

ACE# sh sticky database http-header www.google.com

sticky group : PROXY-STICKY

type         : HTTP-HEADER

timeout      : 5             timeout-activeconns : TRUE

  sticky-entry          rserver-instance                 time-to-expire flags  

  ---------------------+--------------------------------+--------------+-------+

  777363217642740741    HTTP_PROXY_101:0                 299            -  

Labels:
0 Helpful
1 Reply 1

Juraj Podhajecky
Level 1
Level 1

‎09-13-2011 01:56 AM

As per Cisco engineer any HTTP GET that matches the sticky entry resets the "timeout activeconns" timer ("time-to-expire" in "sh sticky database http-header"). So the ACE resets active tcp connections only if there is no HTTP GET that matches the sticky entry for 5 minutes interval (timeout is 5min/300sec in my example).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents