WAAS conection limit alarm

Unanswered Question
Mar 18th, 2009

Hi,

I have a waas solution implemented, where the both (Datacenter and Edge) are in inline mode. The WAE in Datacenter side is viewing all connections from the others sites of the WAN where there is not a WAE in there, so that connections are in PT becouse "Not Peer".

These days we started to see a minor alarm: "1 max_conn_overload sysmon accl=TFO". We don't see this alarm from the Edge WAE, only from Datacenter WAE.

Could be that DC WAE takes in account the PT connections? if the answer is yes, Can this overload make that the WAE stop the optimization when new connections arrive until the number of connections go down?

Thanks in advanced!!!

Celeste

These days we started to see a minor alarm: "1 max_conn_overload sysmon accl=TFO". We don't see this alarm from the Edge WAE, only from Datacenter WAE.

Could be that DC WAE take in account the PT connections? if the answer is yes, Can this overload makes that the WAE stops the optimization when new connections arrive until the number of connections goes down?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dstolt Thu, 03/19/2009 - 07:19

Hi Celeste,

Do you only have 2 boxes deployed, or is the DC WAE supporting other edges as well?

Please post what version of WAAS you are running and the output from:

sh stat tfo

On both of your boxes?

Thanks,

Dan

c_simon Thu, 03/19/2009 - 09:59

Hi Dan

We have only 2 boxes deployed. The DC WAE is supporting only one Edge.

Both are running 4.1.1.16c

I am attaching the show stat conn tfo for you.

Thanks!

Celeste

Attachment: 
dstolt Fri, 03/20/2009 - 11:23

Thanks for the update, can you check one more thing on your WAE-Tronador box? can you do the following command?

find-pattern match "Routing Loop" syslog.txt

We are looking for the following enteries similar to "opt_syn_rcv: Routing Loop

detected - Packet has our own devid. Packet dropped."

Also, do "sh stat auto" and look for the entry:

Auto discovery Miscellaneous

.....

SYNs found with our device id: XX

If you see that counter incrementing, you may be hitting DDTS: CSCsx68058 "Routing loops at the core can cause TFO overload on the WAE " If this is the case, then you need to inspect you interception at the core to ensure that you are not re-intercepting traffic egressing the WAE on the router.

Let me know if this is the case or we can keep searching.

Thanks,

Dan

c_simon Fri, 03/20/2009 - 13:18

Hi Dan

Thanks for your reply.

I am attaching the info for you. It's seems to be the problem.

Thank you!

Celeste

Attachment: 

Actions

This Discussion