Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
5
Replies

Servers behind CSS misses poll

Go to solution
mchockalingam
Level 1
Level 1

‎07-05-2006 07:15 PM

Hi All,

We have a monitoring tool that monitors all the servers but for some reason the servers behind the CSS misses the poll once in every 2-3 hours. This poll is done using tcp port 445.

It only happens with the servers behind the CSS and that too occassionally. But the failed emails are annoying because we know tha the servers are up.

Is there any timeout value that I could increase so that I would not miss any polling?

thanks,

Meena

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to mchockalingam

‎07-17-2006 10:56 PM

you can only change the flow-timeout for a vip.

However, the CSS garbage collection process applies to all traffic going through the CSS.

This includes traffic going directly to server ip.

In your case, I think the only solution would be to configure 'flow permanent port1 445'.

Gilles.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
skumar1969
Level 1
Level 1

‎07-10-2006 10:59 PM

Meena,

I think it is a load related issue. Servers are up, its lights are on, you can even ping its IP addresses, but are you sure about the state of the port it is listening on, which is actually controlled by the applications running on that server.

As you are aware a mere running server is not a good indication that the its particular port which CSS is regularly health-checking upon is alive. Are your server monitors monitor the ports.

The solution would be check the layer2 & 3 connectivity, make sure they are okay. Check the servers healthy state, check if it has got enough resources for the application to run comfortably. A packet capture using utilities like Ethereal in that server segment would fetch a lot more details on who is initiating the TCP sessions and who is not responding or resetting the those sessions.

The root cause could be that the health-check run by the CSS every 5 sec is failing and the services go down, ofcourse in your case occasionally, could be that the mail server is busy processing mails and not able to respond to the CSS health-check queries.

About your query on how to increase the timeout values, I think you are after how to increase the CSS health-check timers values from the default 5-3-3.

I am against it as in reality there seems to be an issue with the servers that needs attention, but what we are trying to do by increasing the timers is that we are hiding it under the carpet without putting efforts to resolve it on a permanent basis. Though in some exclusive cases I have indeed increased those timers, in situations like the banking environments where the mainframe or the database server takes time to respond back to queries during their peak hour operations.

Try the following to configure them under each 'Services'

1/ keepalive frequency - Specify the keepalive message frequency default is 5 seconds (2 - 255 seconds).

2/ keepalive maxfailure - Specify how many times this service can fail to respond to a keepalive message before it is considered offline. The default is 3 failures ( range is 1 - 10).

I would recommend increasing the maxfailure value to 5 or 6, before trying the other method I mean the default frequency value.

Hope this would help sorting out your issue.

Thanks

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎07-16-2006 11:27 PM

Meena,

is your monitoring device keeping one TCP connection open for all the polling ?

If so, the problem is most probably that the CSS has a flow timeout to clean idle tcp connections.

Try to increase the flow timeout with the command 'flow-timeout-multiplier' under the content rule [only for CSS 115xx].

Gilles.

0 Helpful

Go to solution
mchockalingam
Level 1
Level 1
In response to Gilles Dufour

‎07-17-2006 05:18 AM

Gilles,

Thanks for the reply. Looks like you are back from your vacation.

The monitroing server performs a single threaded polling. The servers are monitored based on the actual IP address and not the VIP address. Does it still make a difference on flow-timeout value?

It is not allowing me to change the flow-timeout value when the content rule is active and so I will change it tonight and see.

Meena

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to mchockalingam

‎07-17-2006 10:56 PM

you can only change the flow-timeout for a vip.

However, the CSS garbage collection process applies to all traffic going through the CSS.

This includes traffic going directly to server ip.

In your case, I think the only solution would be to configure 'flow permanent port1 445'.

Gilles.

0 Helpful

Go to solution
mchockalingam
Level 1
Level 1
In response to Gilles Dufour

‎07-26-2006 05:09 PM

It has been more than a week since I added the "flow permanent port1 445" and have not received the annoying email about missed poll even once. I used to get 2-3 per day before this. I think this resolved the problem.

thanks,

Meena

0 Helpful
Customers Also Viewed These Support Documents