Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14565
Views
14
Helpful
10
Replies

Default TCP timeout on ACE

Go to solution
cisco_lite
Level 1
Level 1

‎03-12-2009 12:53 PM

Hi,

What is the default TCP timeout on ACE and how can I check it. I have the sticky timeout set to 720 minutes. Does it apply to TCP timeout as well.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to cisco_lite

‎03-13-2009 11:51 AM

If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.

One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.

show conn detail | beg 10.10.10.10

and look for [idle time : xx:xx:xx].

idle time gives you the inactivity time for this connection.

HTH

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎03-12-2009 04:23 PM

The default inactivity timeout are as

follows: TCP:3600sec UDP:120secs ICMP:2sec

These are inactivity timeouts, meaning if the connections are idle for these many seconsds then the connection will be dropped.

If you need a different TCP timeout value, you can change it using the follwoing example

To change TCP idle timeout to 5 minutes

parameter-map type connection TCP-PARAM

set timeout inactivity 300

class-map match-all TCP-CLASS

match port tcp any

policy-map multi-match VIP

class TCP-CLASS

connection advanced TCP-PARAM

HTH

Syed Iftekhar Ahmed

Go to solution
cisco_lite
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎03-13-2009 02:24 AM

Is there any entry to check the default TCP timeout value i.e. 3600 secs.

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to cisco_lite

‎03-13-2009 11:51 AM

If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.

One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.

show conn detail | beg 10.10.10.10

and look for [idle time : xx:xx:xx].

idle time gives you the inactivity time for this connection.

HTH

Syed Iftekhar Ahmed

0 Helpful

Go to solution
andreabat72
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎10-01-2011 08:41 AM

Hi,

good information, but i have a doubt.

I have an existing policy L3/L4 multi-match like the one below.

I  would like to increase the inactivity timeout on every TCP connections.  Can i nest the new class map (match all) to my policy-map, as shown  below in bold?

This can create problems for the existing policy?

Can you confirm me that i can apply only one L3L4 policy map to the interface Vlan?

In necessary to remove and apply the policy to see the effect of the new timeout?

Thanks in advance

Best Regards

policy-map multi-match L4_VIP3_POLICY

  description Multi-Match VIPs on Vlan 18 to ServerFarms

  class L4-FARM-RDP

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-TOKYO

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-TOKYO

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-NY

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-NY

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-KUALA

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-KUALA

    loadbalance vip icmp-reply active

  class L4-FARM-RDP-NY

    loadbalance vip inservice

    loadbalance policy L7-FARM-RDP-NY

    loadbalance vip icmp-reply active

  class TCP-CLASS

     connection advanced TCP-PARAM

where:

parameter-map type connection TCP-PARAM

set timeout inactivity 36000

class-map match-all TCP-CLASS

  match port tcp any

0 Helpful

Go to solution
kkataja
Level 1
Level 1
In response to andreabat72

‎03-19-2012 12:21 AM

Just add the "class TCP-CLASS" to the top of policy-map L4_VIP3_POLICY:

conf t

policy-map multi-match L4_VIP3_POLICY

class TCP-CLASS insert-before  L4-FARM-RDP

connection advanced TCP-PARAM

exit

exit

exit

By adding it to the top you can override the params in the VIP classes below if needed.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to kkataja

‎09-27-2012 09:09 AM

Good information.

I am wondering if this parameter is applicable (and if so can it be applied) to sessions that are not to the VIP but rather to the real servers where the ACE is acting as their default gateway?

Responses happily rated.

0 Helpful

Go to solution
Cesar Roque
Level 4
Level 4
In response to Marvin Rhoads

‎09-28-2012 12:38 PM

Hi Marvin,

You can use also the switch mode command for this purpose:

http://www.cisco.com/en/US/customer/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/config.html#wp2580932

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Cesar Roque

‎09-30-2012 11:27 AM

Cesar thanks for the tip on "switch-mode". +4.

One follow-up . The documentation at the link seems to have an error. It states:

timeout seconds

Length of time in seconds that the ACE waits before removing the switch mode connection. Enter an integer from 0 to 1440 (24 hours). The default is 0.

Is the parameter seconds or minutes?

My ACE (ACE-20 running vA2(3.6a)) offers the range as:

ACE-1-MODULE-PRI/Admin(config)# switch-mode timeout ?

  <1-65535>  Inactivity Timeout value

ACE-1-MODULE-PRI/Admin(config)#

0 Helpful

Go to solution
Cesar Roque
Level 4
Level 4
In response to Marvin Rhoads

‎09-30-2012 11:34 AM

Hi Marvin,

Is in seconds

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents