Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1490
Views
0
Helpful
2
Replies

ACE RST problem

KAROLY KOHEGYI
Level 2
Level 2

‎03-12-2008 03:30 AM

Hi ,

We can not solve the following situation.

The client has a normal tcp connection to server via ACE. if network interrupt occured (link up-down ) the client send SYN packet with same source port number what was used in the previously session between them. The ACE send the SYN to server but the server respond ACK packet only and not SYN,ACK packet because the TCP session is live for server. The client send the rst packet after syn but the ACE drops it.

The show conn shows the in and out sessions which were originaly betwen client and server.

Can ACE solve this situation ?

Regards,

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-12-2008 08:28 AM

could be that the RESET from the client is outside the tcp window.

You can verify if the following counter increases :

switch/Admin# sho np 1 me-stats "-stcp" | i dow

Segs outside window: 0

Do the same for np 2.

You can then try to disable normalization on client and server vlan.

However, if the RESET is outside the tcp window the server will also ignore it.

Only solution is to reduce idle timeout on ACE or on server.

So that the connection can be dropped earlier without waiting for the client.

Gilles.

0 Helpful

KAROLY KOHEGYI
Level 2
Level 2
In response to Gilles Dufour

‎03-12-2008 08:39 AM

hi !

Thanks the ideas. We tried them.

The output the supposed command

Lajos-ACE/Admin# sho np 1 me-stats "-stcp" | i dow

Segs outside window: 0

Connection shutdown FIN: 0

Connection shutdown RST: 0

We disabled the normalization without results.

The idle timeout does not help because the ACE

feels that client and server continue the old session. !!!!

the show conn output shwos the following while the client send the SYN and RST and the server send the ACK only.

8 2 in TCP 73 10.46.2.2:12346 192.168.37.221:1072 ESTAB

[ idle time : 00:00:01, byte count : 2049 ]

[ elapsed time: 00:12:41, packet count: 41 ]

90 2 out TCP 75 192.168.37.217:1072 10.46.2.2:12346 ESTAB

[ conn in reuse pool : FALSE]

[ idle time : 00:00:01, byte count : 2319 ]

[ elapsed time: 00:12:41, packet count: 46 ]

My opinion the ACE try to make a new ,second connection before SYN . The RST packet resets the second session and the first session unchanged. ( but the idle timer is not increasing )The server respond in the frisst session.

Unfortunetly the client uses the same source and destination TCP ports in every session. :-)

Regards,

0 Helpful
Customers Also Viewed These Support Documents