How can an ACE administrator establish to the application team that the hit on VIP has been successfully forwarded to the client. Is a hit count enough a proof for that.

Hit count only tells you the VIP hits. In order to see successful conns use "show conn" commad and

check if both side of connections are "ESTAB"lished." "Show service-policy detail" gives you detail about which server farm was selected

hit count and droppped conns for a server farm. Similarly "show server-farm detail" will give you current & failed connections on per rserver basis.

- Can dropped conn count go up because of any application failure/misconfiguration

The "dropped conns" counter for VIP is incremented whenever a connection hitting that VIP gets dropped/rejected.

There could be many reasons for that, for example

* if all the rservers in the serverfarm associated to VIP goes down.

* if a request in the connection request use some URL which doesnt match any class-map including class-default.

* if the server which is picked up by the LB to load-balance the connection won't respond to the request.

sh np [1|2] me-stat "-s lb" will give you stats about different dropped conns.

- Where can I find the detailed breakdown to interpret the show capture output.

Instead of displaying it locally use "copy capture disk0:syed.cap" and use wireshark to see these packets

- How long does the ACE wait if the application does not respond to the hit on VIP.

The time (in seconds) that ACE waits for SYN ACK is a value of "Open timeout".Open tiemout is configured under probe definition using "open " command.

- How can I simuate http get / head method against a web service. telnet IP only confirms the service active state and not correct functioning of the web service. That's because in my case, SHOW PROBE is showing as failed yet I am able to telnet the service. Probe is set for 30 seconds.

We used to have this functionality in CSS but from ACE you cannot do that.

But show probe detial command give you the reason of the las probe failure for example

"Last disconnect err: Host Unreachable, no route to destination"

or

"Last disconnect err: Connection reset by server"

or

""Last disconnect err:Server open timeout (No Sync Ack)" etc...

- Could you please give a breakdown of the SHOW CONN display

conn id-> Id of he connection. you can use (sh np 1 me-stats "-c “) to get more details about connection

np --> Ace has two processors np1 & np2. This column tells which processor is handling this connection

dir--> Dierection of the connection

For "In" direction "source" represent "clientIP:port" & "Dest" represent VIP-IP:port"

For "out" direction "source" represent "Rserver IP:port" & "Dest" represent Client-IP:port"

"stat" --> connection status

- What 'show' comamnds should an ACE administrator master, to facilitate speedy troubleshooting.

from top of my head

show conn

Show probe dtail

sh serverfarm detail

sh service-policy detail

sh sticky database

sh resource usage all

sh stats http

sh stats loadbalance

sh stats conn

sh stats probe

sh conn

sh np 1 me-stats "-c 10“ <-- 10 is the connection number derived from "sh conn"

sh np 1 me-stats "-s lb"

sh ft peer status

sh ft group status

sh ft stats

sh xlate

sh access-list

sh arp

Syed Iftekhar Ahmed