CSS11506 - flow-timeout-multiplier

Unanswered Question
May 6th, 2008

Hello,


I have a pair of Sun Directory Proxy servers behind our CSS with the following config...


<<< START CONFIG >>>


!************************** SERVICE **************************

service DirProxy_mmcdif22_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.72

active


service DirProxy_mmcdif62_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.76

active


!*************************** OWNER ***************************

owner Security


content DirProxy_pdd4_636

add service DirProxy_mmcdif22_636

add service DirProxy_mmcdif62_636

protocol tcp

port 636

vip address 123.123.102.201

balance aca

flow-timeout-multiplier 200

active


!*************************** GROUP ***************************

group v4DirProxy_group

add destination service DirProxy_mmcdif22_636

add destination service DirProxy_mmcdif62_636

vip address 172.16.30.12

active


<<< END CONFIG >>>


During a recent outage of mmcdif62, all existing connections appear to have been 'orphaned' on the CSS for approximately 53 minutes... which correlates with the 'flow-timeout-multiplier 200' config on this content rule.


Is there any way to overcome these 'orphaned' connections during a failure scenario as shown above?


Also, is it possible to configure the CSS to act upon source IP address info? If so, perhaps this would be a solution to our problem.


Thanks,


-Adam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 05/06/2008 - 10:42

Adam,


we consider the application should recover from this by itself.

If the client keeps retransmitting and the server does not respond, the application should reset the connection and open a new one which would then be loadbalanced to a working server.


The ACE module has a feature to automatically kill connections linked to a dead server.

Unfortunately this feature does not exist on the CSS.


Regarding the client ip address, you have configured a group to do client nat.

The server will therefore lose the client info.

This is however not related to the connection hang issue.


Gilles.

Actions

This Discussion