Breakdown of 'show sticky database' - ACE

Unanswered Question
Feb 11th, 2009
User Badges:


I need assistance to interpret the show sticky database response. What does the sticky entry value resolve to.


I have set the stickiness on source and destination addresses. Is it possible to identify from show sticky database that which is the source IP for the sticky entry in the display.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Gilles Dufour Wed, 02/11/2009 - 03:06
User Badges:
  • Cisco Employee,

the entry is a hash of the source and destination in your case.

Like every hash function it is not possible to retrieve the original info from the hash itself.


If you have sticky issue, get a sniffer trace to verify what is going on.


Gilles.

cisco_lite Fri, 02/13/2009 - 01:48
User Badges:

If I have two real servers in the server farm, and I like to check which source ip is getting stuck to which destination ip, where all should I place the sniffer trace (like Ethereal). Because sniffing after ACE would show me the BVI as the source IP. Is it correct ?


ACE module is configured in bridged mode.

Syed Iftekhar Ahmed Fri, 02/13/2009 - 02:06
User Badges:
  • Blue, 1500 points or more

No.


BVI IP address is just for management purpposes. Client source Ip is never translated to BVI IP.


You should see the Client source IP at the server.


Syed Iftekhar Ahmed

cisco_lite Fri, 02/13/2009 - 02:18
User Badges:

But when I do 'show conn' why do I see the BVI in the source column and real server in the destination.

Gilles Dufour Fri, 02/13/2009 - 03:10
User Badges:
  • Cisco Employee,

that's a probe most probably.

Not traffic from client.


Gilles.

cisco_lite Fri, 02/13/2009 - 05:30
User Badges:


Isn't it quite cumbersome to setup a sniffer everytime the client traffic is to be identified. Probably, I will install a PC for sniffing purpose only (especially for remote checking)

Gilles Dufour Fri, 02/13/2009 - 08:33
User Badges:
  • Cisco Employee,

If you know the client ip and just needs to know if there is a sticky entry for it, you can use the command


switch/Admin# sho stick da client 10.1.1.1



Gilles.

cisco_lite Fri, 02/13/2009 - 09:19
User Badges:


Its a helpful entry. But I noticed that the client here is the rserver. Is it correct ?


When I put in the client address, it gives out the rserver instances which is nothing other than the client IP in the entry, meaning it is the server IP and not client. Please clarify.


If there are more of such queries, please let me know.


Thanks.

Syed Iftekhar Ahmed Fri, 02/13/2009 - 18:05
User Badges:
  • Blue, 1500 points or more

No.

Client in this command is actual client.

for e.g following command shows that ACE has a sticky entry for client "x.x.x.x"

and this client is stuck to real server "Rserver2" due to sticky group "STICKY-GP1" and this sticky entry will remain in the sticky DB for 585 more seconds (if the connection remains idle).


switch/ACE# show sticky database client x.x.x.<

sticky group : STICKY-GP1

type : IP

timeout : 10

timeout-activeconns : FALSE

sticky-entry rserver-ints time-to-exp

---------------+--------------+------

2702367184 rserver2:8888 585



Syed

cisco_lite Sat, 02/14/2009 - 08:46
User Badges:

Ok. I will check it again.


Is there any debug command by any chance, which would show the client/server IP combination.

Syed Iftekhar Ahmed Sat, 02/14/2009 - 17:04
User Badges:
  • Blue, 1500 points or more


Do a sniffer trace on the ACE Server Vlan to get Client/Server IP combination.


In order to find that a single Client is connected to which Rserver "show sticky database client" is good enough.


I agree that Show sticky database showing IP addresses instead of hashes would be better (As it is available in CSM). There is already a bug (CSCsg58769) filed for this functionality.


Probably Gilles can tell us if we are going to get this functionality soon.


Syed Iftekhar Ahmed




cisco_lite Wed, 03/04/2009 - 04:06
User Badges:


Is it possible to see a list of all client IP's in the sticky database ?


In case I don't know the client IP before hand.

cisco_lite Thu, 03/05/2009 - 04:49
User Badges:


In F5 load balancers, iRules can be used to store certain cookie/persistence information in the logs.


Is it possible in ACE to do the same for e.g. tcl scripting etc.

Actions

This Discussion