Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
676
Views
0
Helpful
3
Replies

Secondary ACE dropping connections

magordon
Level 1
Level 1

ā€Ž01-28-2011 08:09 AM

Let me start with: I have a failover set of ACE-4710's running FW 4.1. This had occurred on previos versions of the firmware as well.

I have a application (Oracle Forms Based) with a persistent connection required. On LB1 the service runs without issue, as soon as I try to run it on LB2 the connection drops after 30 seconds or so... Any ideas, and further troubleshooting I can do? The configs on both devices seem to be in sync if I do a sh ft group brief on both devices and there are no sync errors.

Thanks in advance.

Matt

Labels:
0 Helpful
3 Replies 3

jsirstin
Level 1
Level 1

ā€Ž01-28-2011 09:44 AM

Matt,

This is purley a shot in the dark but what IP is the server using for the gateway? Is it the alias  or physical IP of ACE?

Thanks

Jim

0 Helpful

magordon
Level 1
Level 1
In response to jsirstin

ā€Ž01-28-2011 11:30 AM

Jim,

Neither, the servers are not sitting directly behind the LB, they are on the same segment though.

Attached is the context config...

Thank you,

Matt

79503-Context.conf.zip
0 Helpful

jsirstin
Level 1
Level 1
In response to magordon

ā€Ž01-31-2011 01:38 PM

Matt,

Unfortunately nothing in the config jumps out to be an issue. Could you get a sniffer capture from the ACE that has the problem to see who is resetting the connection after 30 seconds?

If you do not have a sniffer available you could try using the ACE capture utility.

You first need to create an ACL to match a test client IP destined to the vip address.

access-list test extended permit ip host client host vip

replace the client IP with the word "client" and the vip you are hitting for "vip"

Once the ACL is built to match the interesting traffric you can build the capture.

you can name the capture anything you want the sample below uses the name "name"

from the #prompt

capture name interface vlan 1000 access-list test

capture name start

Have the cleint hit the vip. You should see the capture data scroll accross the screen at this point. Once you experience the failure you can stop the capture.

capture name stop.

If you need to poll this off in a format that you can open with Wireshark you can issue the command

copy capture name disk0: name

This will create a file on disk0: with the name you give it. From there you can ftp or tftp this file off and open it with wireshark. If you want to send this I will be happy to look at it.

Regards

Jim

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card