11-04-2008 08:39 AM
Hi,
Port 389 is configured on ACE to loadbalance to LDAP.
Test clients runn ok for approximately 2 minutes and then fails. Then every other test fails, untill clear connection all on ACE is applied.
Any suggestion as to what to check in this situatiobn, please?
Note: tried the followings
!!!!!!!tried both of these
parameter-map type connection TCP_PARAM
set timeout inactivity 600
exceed-mss allow
parameter-map type connection inactivity10
set timeout inactivity 0
set tcp timeout half-closed 0
parameter-map type connection inactivity1
set timeout inactivity 2
Also Back-to-back lDAP-to-Clients on a local network works fine.
Regards
SS
!!!!!!!!!!!!
serverfarm host zxxxxxxxFarm-SF78
failaction purge !-----------tried
predictor leastconns
rserver zxxx-L7 389
inservice
rserver zxxx-L8 389
inservice
11-04-2008 08:43 AM
Get a sniffer trace of the entire connection until the problem.
Get a 'show serverfarm host zxxxxxxxFarm-SF78 detail' before and after the problem occurs.
What is your sofware version ?
Gilles.
11-05-2008 06:44 AM
Dear Gilles,
Please find two attachments in this reply.
for
1 client h/w run 5 clients, 1 thread each
Start: 13:55:21
reported by server
1st fail: 13:55:46
2nd fail: 13:55:46
3rd fail: 14:00:18
4th fail: 14:01:12
5th fail: 14:01:08 yes re[prted late
Thank you
SS
-----------
/Admin# sh ver
loader: Version 12.2[120]
system: Version 3.0(0)A1(6.3a) [build 3.0(0)A1(6.3a) adbuild_02:16:25-2008/
02/02_/auto/adbu-rel3/ws/rel_3_0_0_a1_6.3-throttle/REL_3_0_0_A]
system image file: [LCP] disk0:c6ace-t1k9-mz.3.0.0_A1_6_3a.bin
installed license: ACE-SEC-LIC-K9 ACE-SSL-10K-K9
Hardware
Cisco ACE (slot: n)
cpu info:
number of cpu(s): 2
cpu type: SiByte
cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
memory info:
total: 957640 kB, free: 333336 kB
shared: 0 kB, buffers: 3384 kB, cached 0 kB
cf info:
filesystem: /dev/cf
total: 1014624 kB, used: 390560 kB, available: 624064 kB
==============
=================================== before test start
/Admin# sh serverfarm zSunTestFarm-SF78 detail
serverfarm : zSunTestFarm-SF78, type: HOST
total rservers : 2
description : -
predictor : LEASTCONNS
slowstart : 0 secs
failaction : purge
total conn-dropcount : 0
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
rserver: zSunTest-L7
10.193.143.17:389 8 OUTOFSERVICE 0 0
total conn-failures : 0
rserver: zSunTest-L8
10.193.143.18:389 8 OPERATIONAL 1 0
total conn-failures : 0
=========================================================
=======================================================after test stop
/Admin# sh serverfarm zSunTestFarm-SF78 detail
serverfarm : zSunTestFarm-SF78, type: HOST
total rservers : 2
description : -
predictor : LEASTCONNS
slowstart : 0 secs
failaction : purge
total conn-dropcount : 0
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
rserver: zSunTest-L7
10.193.143.17:389 8 OUTOFSERVICE 0 0
total conn-failures : 0
rserver: zSunTest-L8
10.193.143.18:389 8 OPERATIONAL 1 50
total conn-failures : 130023
!!!!!!!!
end
11-05-2008 07:40 AM
When tcp-option set to
half-closed=1
The failures begin to occur at an interval bigger than when I had it set as 3600.
But sh serverfarm xxx detail
shows large failurees.
11-05-2008 07:49 AM
I would need a libpcap capture file - not the text version.
Copy the capture file to the disk0: and extract if via ftp.
Is it possible that your traffic is asymetric ?
So the server traffic bypass the CSS or come back on a different vlan ?
G.
11-06-2008 08:00 AM
Dear Giles,
Avoided all possible back doors, asymetric
Still problem.
Attaching a new capture file
with a client-int snoop file
-- can send server interface snoop for this if required.
Additional info as follows
This is the message displayed on LDAP client (tool), when failed
[11/06/2008:14:57:26] - JOB - Starting Modified LDAP Weighted SearchRate job 20081106145715-607099232
[11/06/2008 15:01:02] - JOB - client=know-suntest-C4:43420 job=20081106145715-607099232 - ERROR -- Could not connect to 10.193.143.10:389 (netscape.ldap.LDAPException: Unable to establish the connection: java.net.ConnectException: Connection refused (-1)) -- aborting thread
[11/06/2008 15:01:03] - JOB - client=know-suntest-C4:43414 job=20081106145715-607099232 - ERROR -- Could not connect to 10.193.143.10:389 (netscape.ldap.LDAPException: Unable to establish the connection: java.net.ConnectException: Connection refused (-1)) -- aborting thread
[11/06/2008:14:59:49] - JOB - Modified LDAP Weighted SearchRate job 20081106145715-607099232 completed
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ACE collections
start s/farm failure 0, rest
/Admin# capture ztest5 stop
/Admin# sh serverfarm zSunTestFarm-SF78 detail
serverfarm : zSunTestFarm-SF78, type: HOST
total rservers : 2
description : -
predictor : ROUNDROBIN
failaction : purge
total conn-dropcount : 0
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
rserver: zSunTest-L7
10.193.143.17:389 8 OPERATIONAL 0 0
max-conns : 1000 , out-of-rotation count : 0
min-conns : 500
total conn-failures : 16791
rserver: zSunTest-L8
10.193.143.18:389 8 OPERATIONAL 0 0
max-conns : 1000 , out-of-rotation count : 0
min-conns : 500
total conn-failures : 16791
=====================================================================
/Admin# sh parameter-map i
inactivity1 inactivity10 inactivity2700
know-itpace-3ao/Admin# sh parameter-map inactivity1
Parameter-map : inactivity1
Type : connection
nagle : disabled
slow start : disabled
buffer-share size : 32768
inactivity timeout (seconds) : 30
embryonic timeout (seconds) : 5
ack-delay (milliseconds) : 200
WAN Optimization RTT (milliseconds): 65535
half-closed timeout (seconds) : 35
TOS rewrite : disabled
syn retry count : 4
TCP MSS min : 0
TCP MSS max : 1460
tcp-options drop range : 0-0
tcp-options allow range : 0-0
tcp-options clear range : 1-255
selective-ack : clear
timestamp : clear
window-scale : clear
window-scale factor : 0
reserved-bits : allow
random-seq-num : enabled
SYN data : allow
exceed-mss : drop
urgent-flag : allow
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ACE capture file ztest5 is encloded
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: