CSS11506 - flow-timeout-multiplier

Unanswered Question
May 6th, 2008

Hello,

I have a pair of Sun Directory Proxy servers behind our CSS with the following config...

<<< START CONFIG >>>

!************************** SERVICE **************************

service DirProxy_mmcdif22_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.72

active

service DirProxy_mmcdif62_636

keepalive type tcp

keepalive tcp-close fin

keepalive port 636

ip address 172.16.30.76

active

!*************************** OWNER ***************************

owner Security

content DirProxy_pdd4_636

add service DirProxy_mmcdif22_636

add service DirProxy_mmcdif62_636

protocol tcp

port 636

vip address 123.123.102.201

balance aca

flow-timeout-multiplier 200

active

!*************************** GROUP ***************************

group v4DirProxy_group

add destination service DirProxy_mmcdif22_636

add destination service DirProxy_mmcdif62_636

vip address 172.16.30.12

active

<<< END CONFIG >>>

During a recent outage of mmcdif62, all existing connections appear to have been 'orphaned' on the CSS for approximately 53 minutes... which correlates with the 'flow-timeout-multiplier 200' config on this content rule.

Is there any way to overcome these 'orphaned' connections during a failure scenario as shown above?

Also, is it possible to configure the CSS to act upon source IP address info? If so, perhaps this would be a solution to our problem.

Thanks,

-Adam

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 05/06/2008 - 10:42

Adam,

we consider the application should recover from this by itself.

If the client keeps retransmitting and the server does not respond, the application should reset the connection and open a new one which would then be loadbalanced to a working server.

The ACE module has a feature to automatically kill connections linked to a dead server.

Unfortunately this feature does not exist on the CSS.

Regarding the client ip address, you have configured a group to do client nat.

The server will therefore lose the client info.

This is however not related to the connection hang issue.

Gilles.

Actions

This Discussion