cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
669
Views
0
Helpful
8
Replies

ACE Maximum ping sessions in progress

eberhard-schulz
Level 1
Level 1

Hello,

the ace is putting out following error message on several contexts if you try to ping something:

Maximum ping sessions in progress....retry later.

The session Table of the context is nearly empty just 4 current ICMP connections.

The resource usage also looks OK

sh resource usage

Allocation

Resource Current Peak Min Max Denied

-------------------------------------------------------------------------------

Context: PEP_5.0_GGSN_SITE_1

conc-connections 4 44 0 8000000 0

mgmt-connections 2 24 0 100000 0

proxy-connections 0 9 0 1048574 0

xlates 0 0 0 1048574 0

bandwidth 640 463602 0 1125000000 0

throughput 548 459482 0 1000000000 0

mgmt-traffic rate 92 4120 0 125000000 0

connection rate 7 341 0 1000000 0

ssl-connections rate 0 0 0 5000 0

mac-miss rate 0 2 0 2000 0

inspect-conn rate 0 0 0 6000 0

acl-memory 79736 79736 0 78610432 0

sticky 3 3 41942 0 0

regexp 0 0 0 1048576 0

syslog buffer 14336 14336 0 4194304 0

syslog rate 0 9 0 100000 0

Someone a clue?

8 Replies 8

Gilles Dufour
Cisco Employee
Cisco Employee

You can't have more than 255 ping clients on the entire machine (not per context).

So, add the total mgmt-connections at any time.

If you are above 255 and those connections are exclusively icmp, then you have reach the limit.

Gilles.

Hello Gilles

thanks for your fast response.

With Ping Clients do you mean ICMP connections (traffic and mngt)

who are established over the ace?

Are ICMP probes affected from this limitation?

Greeting Eberhard

icmp probe would be affected.

G.

Is there an document aviable where those limitiation is described?

The Cisco Datasheet says

"16000 instances of up to 4000 uniquely defined probes"

and i devently need to have more than 255 ICMP probes.

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/product_data_sheet0900aecd8045861b.html

Actually, the probes do not use this function.

Sorry for that.

From further code inspection, this icmp_ping limit applies to only

- the "ping" command

- the HA query_vlan ping function

- mac-address miss function (when we get traffic from unknown mac-address, with an ip that does not belong to a local vlan, and the interface is configured with mac-sticky or in bridge mode, we send a ping to the origin to see if that can populate our arp table with the missing mac)

Once again, the limit is max 255 icmp_ping active for the entire box.

Gilles.

Hi Gilles.

I'm testing virtualization on two ACE ( Active , Standby).

I would like an advise to configure correctly the "mgmt-traffic" because just trying on Lab sometimes the ACE does not respond on ICMP echo...The network configuration is correct . I'm sure because just changing resource allocation ping works.

I read on the "Virtualization Configuration Guide" that assign resource with " Limit-resource all " does not effect the mgmt-traffic...

So if i have 5 context + admin context ( basic license) and I want to be sure that management ( SSH,ICMP) of Ace for every context will always works , which can be the best allocation method ?

Every suggestion will be appreciated .

Vittorio

just start by assigning min 10% to each context. You can later adjust if needed.

Check the 'show resource usage' to see if there are connections denied and the peak vs max allocated resource.

If you're not even close to the max and there are no denied connections, your icmp echo issue is not related to resource allocation.

Gilles.

Do you mean 10 % allocated in this way :

limit-resource rate mgmt-traffic minimum 10.00 maximum equal-to-min

Correct ?

Thanks

Vittorio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: