display bug? in ace connection table.

Unanswered Question
Dec 29th, 2009

Hi.

When I enter the show conn  in ace active module, I had got the following log.

--------------------------------------------------------------------------------

40335      1  in  TCP   162  aaa.bbb.ccc.ddd:53974  eee.fff.ggg.hhh:1433  CLOSED

41091      1  out TCP   62   eee.fff.ggg.hhh:1433       aaa.bbb.ccc.ddd:53974  ESTAB

40339      1  in  TCP   162  aaa.bbb.ccc.ddd:60448    eee.fff.ggg.hhh:1433  CLOSED

41023      1  out TCP   62   eee.fff.ggg.hhh:1433        aaa.bbb.ccc.ddd:60448  ESTAB

--------------------------------------------------------------------------------

as configuration, 162 is server side vlan and 62 is client side vlan.

but When I checked the session table, one session has closed, and the other session was estab. Is it possible symptoms?

In my opinion, Two session must be match each other, never mismatch.

if so, Is it bug?

I worte several root cause like following:

1. Do it occur when I enter ' clear conn aaa.bbb.ccc.ddd' or 'clear conn'

  2. Regarding above connection table log, the connection was closed normal?

  3. or not the connection have a half-connection?

  4. If not all above, Is it related 'tcp-parameter-map' ?

thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rvavale Tue, 12/29/2009 - 18:13

Hi,

These are Half-Closed Connections, which means the client (or server) sends a FIN and the Server (or client)
ACKs the FIN without sending a FIN itself.  The default timeout for half-closed connection is 3600 seconds (1 hour).

To configure a timeout for a half-closed connection, use the set tcp timeout half-closed command in policy-map class configuration mode. The syntax
of this command is:

set tcp timeout half-closed seconds

For the seconds argument, enter an integer from 0 to 4294967295 seconds. A value of 0 specifies that the
ACE never time out a half-closed TCP connection.

Hope this helps,

Best Regards,
Rahul

Actions

This Discussion