03-12-2009 12:53 PM
Hi,
What is the default TCP timeout on ACE and how can I check it. I have the sticky timeout set to 720 minutes. Does it apply to TCP timeout as well.
Solved! Go to Solution.
03-13-2009 11:51 AM
If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.
One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.
show conn detail | beg 10.10.10.10
and look for [idle time : xx:xx:xx].
idle time gives you the inactivity time for this connection.
HTH
Syed Iftekhar Ahmed
03-12-2009 04:23 PM
The default inactivity timeout are as
follows: TCP:3600sec UDP:120secs ICMP:2sec
These are inactivity timeouts, meaning if the connections are idle for these many seconsds then the connection will be dropped.
If you need a different TCP timeout value, you can change it using the follwoing example
To change TCP idle timeout to 5 minutes
parameter-map type connection TCP-PARAM
set timeout inactivity 300
class-map match-all TCP-CLASS
match port tcp any
policy-map multi-match VIP
class TCP-CLASS
connection advanced TCP-PARAM
HTH
Syed Iftekhar Ahmed
03-13-2009 02:24 AM
Is there any entry to check the default TCP timeout value i.e. 3600 secs.
03-13-2009 11:51 AM
If you have not configured parameter-map and applied to policy then ACE will definitely be using default values.
One way of testing it could be to open a new tcp connection and use "show conn detail" commmand with the ip of dest.
show conn detail | beg 10.10.10.10
and look for [idle time : xx:xx:xx].
idle time gives you the inactivity time for this connection.
HTH
Syed Iftekhar Ahmed
03-13-2009 03:23 PM
Hi Syed,
Could you please assist me on the below
Thanks.
10-01-2011 08:41 AM
Hi,
good information, but i have a doubt.
I have an existing policy L3/L4 multi-match like the one below.
I would like to increase the inactivity timeout on every TCP connections. Can i nest the new class map (match all) to my policy-map, as shown below in bold?
This can create problems for the existing policy?
Can you confirm me that i can apply only one L3L4 policy map to the interface Vlan?
In necessary to remove and apply the policy to see the effect of the new timeout?
Thanks in advance
Best Regards
policy-map multi-match L4_VIP3_POLICY
description Multi-Match VIPs on Vlan 18 to ServerFarms
class L4-FARM-RDP
loadbalance vip inservice
loadbalance policy L7-FARM-RDP
loadbalance vip icmp-reply active
class L4-FARM-RDP-TOKYO
loadbalance vip inservice
loadbalance policy L7-FARM-RDP-TOKYO
loadbalance vip icmp-reply active
class L4-FARM-RDP-NY
loadbalance vip inservice
loadbalance policy L7-FARM-RDP-NY
loadbalance vip icmp-reply active
class L4-FARM-RDP-KUALA
loadbalance vip inservice
loadbalance policy L7-FARM-RDP-KUALA
loadbalance vip icmp-reply active
class L4-FARM-RDP-NY
loadbalance vip inservice
loadbalance policy L7-FARM-RDP-NY
loadbalance vip icmp-reply active
class TCP-CLASS
connection advanced TCP-PARAM
where:
parameter-map type connection TCP-PARAM
set timeout inactivity 36000
class-map match-all TCP-CLASS
match port tcp any
03-19-2012 12:21 AM
Just add the "class TCP-CLASS" to the top of policy-map L4_VIP3_POLICY:
conf t
policy-map multi-match L4_VIP3_POLICY
class TCP-CLASS insert-before L4-FARM-RDP
connection advanced TCP-PARAM
exit
exit
exit
By adding it to the top you can override the params in the VIP classes below if needed.
09-27-2012 09:09 AM
Good information.
I am wondering if this parameter is applicable (and if so can it be applied) to sessions that are not to the VIP but rather to the real servers where the ACE is acting as their default gateway?
Responses happily rated.
09-28-2012 12:38 PM
Hi Marvin,
You can use also the switch mode command for this purpose:
---------------------
Cesar R
ANS Team
09-30-2012 11:27 AM
Cesar thanks for the tip on "switch-mode". +4.
One follow-up . The documentation at the link seems to have an error. It states:
timeout seconds | Length of time in seconds that the ACE waits before removing the switch mode connection. Enter an integer from 0 to 1440 (24 hours). The default is 0. |
Is the parameter seconds or minutes?
My ACE (ACE-20 running vA2(3.6a)) offers the range as:
ACE-1-MODULE-PRI/Admin(config)# switch-mode timeout ?
<1-65535> Inactivity Timeout value
ACE-1-MODULE-PRI/Admin(config)#
09-30-2012 11:34 AM
Hi Marvin,
Is in seconds
---------------------
Cesar R
ANS Team
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: