ACE:huge difference between ACE session & server session(net state)

Unanswered Question
Jan 10th, 2010

Hi All,

Need help on ACE,

Our customer have ACE Module running in context mode in C6500, customer complains that users are facing slowness accessing application behind the ACE.

From his observation he finds that there is huge difference between ACE session count and server session count. As a workaround he is bringdown the services and same time clear the session on ACE, then the issue is resolved.

Switch-ACE Module=========VIP 1

                             =========VIP2

What may be the problem, Kindly suggest what all things i should check to find the problem.

What all data is required to find the problem if it is really ACE problem.

Regards

Madhu

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (2 ratings)
Loading.
Gilles Dufour Mon, 01/11/2010 - 00:49

What ACE software version do you have ?

What's the ACE configuration ?

Do you have normalization turned on or off ?

ACE has a mechanism to remove idle connections.  Does the server have the same thing ?  What's the idle timeout on ACE and the server ?

Gilles.

madhusudhan s Mon, 01/11/2010 - 02:29

Please find attached the snapshot for the Connection on Individual servers and the LB at the same time.

The no of connections on LB is showing more then the total no of connections on Individual servers.

I have just attached the file which contain the screenshot of real server session and ACE session at the same time

ACE20-MOD-K9

Sw version : 3.0(0)A1(5a)

FW versio: 8.6(0.252-En

HW versio;2.2

As far as configuration concern, I dont think my managment will allow me to post the configuration on netpro.But attaching some of the configuration related to the specific application(Server)

==========================================================

serverfarm host Server
  probe 8080
  rserver CNDAECRMAPWP21
    inservice
  rserver CNDAECRMAPWP22
    inservice

sticky ip-netmask 255.255.255.255 address both Server-sticky
  timeout 10
  serverfarm Server

class-map match-all Server
  2 match virtual-address 10.14.46.21 tcp eq 8080

policy-map type loadbalance first-match Server
  class class-default
    sticky-serverfarm Server-sticky

class Server
    loadbalance vip inservice
    loadbalance policy Server
    loadbalance vip icmp-reply
    nat dynamic 2 vlan 24

interface vlan 24
  ip address 10.X.46.5 255.255.255.224
  alias 10.X.46.4 255.255.255.224
  peer ip address 10.X.46.6 255.255.255.224
  nat-pool 2 10.X.46.7 10.X.46.7 netmask 255.255.255.255 pat
  service-policy input Load-bal
  no shutdown

service-policy input management

service-policy input Mgt-access
access-group input 101
=====================================

Also how to check if normalization is turned on or off?

What mechanism is used in ACE to remove the idle connection? any command to verify it?

Gilles Dufour Mon, 01/11/2010 - 08:07

Your problem is the version : 3.0(0)A1(5a)

Please upgrade  immediately to a supported version A2(1.6a).

Thanks.

Gilles.

madhusudhan s Mon, 01/11/2010 - 20:09

Hi Gilles,

Thanks for your response,

Does the image is deffered? it does not reflect in software advisiory.

Will this solve the issue? any simmiler cases which had same issue and resolved after upgradation.

I was just being questioned by my customer. hopfully i should able to make my customer agree for upgradation.

Any other suggestion so that before upgradation i can try these?

Regards

Madhu

Gilles Dufour Wed, 01/13/2010 - 02:10

Madhu,

the image was not deffered because there is no catastrophic defect.

However, there are more than 2000 bug fixes that have been integrated since that release.

We just can't work with that image.

I can't guarantee at 100% that your problem will be fixed, but it is definitely not possible to work with that image.

Even if we could troubleshoot the problem and find the problem, there is no guarantee we can link it to a known issue and there is absolutely no way we can even think about finxing that code - the new code is so different now.

Please do yourselves and your customer a favor and upgrade to a recent image.

Gilles.

baranydenes Fri, 01/15/2010 - 07:55

Dear Gilles,

This type of problem still exists in all versions of A2 1.x and 2.x trains as of my experience. I have a couple of module pairs running A2 2.2 and also A2 1.6a and this type of connection "leaking" seems to be there for years also in previous versions. The common things in the configs are sticky and/or url -match based layer7 loadbalancing. I have to either clear connections manually on ACE CLI, or switch over to standby and reboot the module on regular (once per month) basis as a workaround.

Would be nice to trace it down and having a fix for it. Please let me know if I can provide further details...

Regards,

Denes Barany

Actions

This Discussion