Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
0
Helpful
4
Replies

Increasing connections on servers - part II.

conectividade
Level 1
Level 1

‎11-12-2004 08:57 AM

Hi folks!!

Our CSS11501 was LB of 5 servers, port 443, but the number of established

conections was increasing on each server until that service stoped.

That servers are: IBM X.series - Red Hat 7.3 - Apache and Websphere.

The same situation was happened with 2 other servers (with dotnet), the number

of established connections was increasing, and the consumption of memory

too, until that each server stoped. This service don´t use persistence.

That servers are: Sun-Intel-Zeon - Win 2003 server

Anybody already saw something like that?

But I can´t saw that connections on CSS.

With netstat on server you can see many connections (~400), but in CSS using

"show service summary" you see only ~5 connections.

Another thing, if the connections are directed to server, without CSS, it doesn't

happen and the service stay alive.

If I config max connections on service, when this connections will close?

One service will arrive its maximun, another and another, after this,

new connections will drop, I think.

"Flow-timeout-multiplier" and "flow-reset-reject" could help or not?

thanks,

Renato

obs: Simple lay-out of our net is attached:

Labels:
Preview file
2 KB
0 Helpful
4 Replies 4

seilsz
Level 4
Level 4

‎11-14-2004 02:01 PM

'flow-timeout-multiplier' specifies the number of seconds a flow can be idle before the CSS kills it. Since you're only showing ~5 flows on the CSS, I'm not sure this will do you much good.

'flow-reset-reject' is used when the backend service becomes unavailable, which doesn't sound like what is happening in your case.

Question: Are you doing SSL termination on the CSS?

Can you post a copy of your configuration and routing table?

Thanks,

Zach

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-15-2004 01:53 AM

Renato,

do you have keepalive configured on the CSS to use TCP or HTTP ?

CSS closes connection with a RESET and some servers *incorrectly* do not like it and maintain the connection open.

If you do have such keepalive, you can use the command :

CSS11503(config-service[linux21])# keepalive tcp-close ?

fin Close TCP connections with a FIN

rst Close TCP connections with a RST

Requires version 7.30 or higher.

Regards,

Gilles.

0 Helpful

conectividade
Level 1
Level 1
In response to Gilles Dufour

‎11-16-2004 03:36 AM

Gilles,

no, I don't. In this case I use keepalive type script and keepalive type ssl.

cfg of our CSS is attached, please look this.

The CSS version is 7.20, exist anything could I do?

thanks,

Renato

Preview file
3 KB
0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to conectividade

‎11-18-2004 12:25 AM

Renator,

SSL keepalive is TCP based.

So the problem exist as well for this type of keepalive.

The CSS will send a RST to close the connection instead of using FIN.

Again, this is perfectly valid, but some servers do not like it.

Try the command 'keepalive tcp-close fin'.

Same for your ssdn keepalive.

I don't know what the script does, but if it is TCP connections, you need to use the keyword 'graceful' when doing the socket disconnect.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card