Default TCP timeout on ACE

Answered Question
Mar 12th, 2009

Hi,

What is the default TCP timeout on ACE and how can I check it. I have the sticky timeout set to 720 minutes. Does it apply to TCP timeout as well.

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 7 years 10 months ago

If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.

One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.

show conn detail | beg 10.10.10.10

and look for [idle time : xx:xx:xx].

idle time gives you the inactivity time for this connection.

HTH

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (4 ratings)
Loading.
Syed Iftekhar Ahmed Thu, 03/12/2009 - 16:23

The default inactivity timeout are as

follows: TCP:3600sec UDP:120secs ICMP:2sec

These are inactivity timeouts, meaning if the connections are idle for these many seconsds then the connection will be dropped.

If you need a different TCP timeout value, you can change it using the follwoing example

To change TCP idle timeout to 5 minutes

parameter-map type connection TCP-PARAM

set timeout inactivity 300

class-map match-all TCP-CLASS

match port tcp any

policy-map multi-match VIP

class TCP-CLASS

connection advanced TCP-PARAM

HTH

Syed Iftekhar Ahmed

cisco_lite Fri, 03/13/2009 - 02:24

Is there any entry to check the default TCP timeout value i.e. 3600 secs.

Correct Answer
Syed Iftekhar Ahmed Fri, 03/13/2009 - 11:51

If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.

One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.

show conn detail | beg 10.10.10.10

and look for [idle time : xx:xx:xx].

idle time gives you the inactivity time for this connection.

HTH

Syed Iftekhar Ahmed

andreabat72 Sat, 10/01/2011 - 08:41

Hi,

good information, but i have a doubt.

I have an existing policy L3/L4 multi-match like the one below.

I  would like to increase the inactivity timeout on every TCP connections.  Can i nest the new class map (match all) to my policy-map, as shown  below in bold?

This can create problems for the existing policy?

Can you confirm me that i can apply only one L3L4 policy map to the interface Vlan?

In necessary to remove and apply the policy to see the effect of the new timeout?

Thanks in advance

Best Regards

policy-map multi-match L4_VIP3_POLICY

  description Multi-Match VIPs on Vlan 18 to ServerFarms

  class L4-FARM-RDP

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-TOKYO

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-TOKYO

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-NY

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-NY

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-KUALA

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-KUALA

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-NY

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-NY

    loadbalance vip icmp-reply active

  class TCP-CLASS

     connection advanced TCP-PARAM

where:

parameter-map type connection TCP-PARAM

set timeout inactivity 36000

class-map match-all TCP-CLASS

  match port tcp any

kkataja Mon, 03/19/2012 - 00:21

Just add the "class TCP-CLASS" to the top of policy-map L4_VIP3_POLICY:

conf t

policy-map multi-match L4_VIP3_POLICY

class TCP-CLASS insert-before  L4-FARM-RDP

connection advanced TCP-PARAM

exit

exit

exit

By adding it to the top you can override the params in the VIP classes below if needed.

Marvin Rhoads Thu, 09/27/2012 - 09:09

Good information.

I am wondering if this parameter is applicable (and if so can it be applied) to sessions that are not to the VIP but rather to the real servers where the ACE is acting as their default gateway?

Responses happily rated.

Marvin Rhoads Sun, 09/30/2012 - 11:27

Cesar thanks for the tip on "switch-mode". +4.

One follow-up . The documentation at the link seems to have an error. It states:

timeout seconds

Length of time in seconds that the ACE waits before removing the switch mode connection. Enter an integer from 0 to 1440 (24 hours). The default is 0.

Is the parameter seconds or minutes?

My ACE (ACE-20 running vA2(3.6a)) offers the range as:

ACE-1-MODULE-PRI/Admin(config)# switch-mode timeout ?

  <1-65535>  Inactivity Timeout value

ACE-1-MODULE-PRI/Admin(config)#

Actions

This Discussion