CS-150-LAN extra content rule disables all access to website

simon-galloway · ‎09-21-2005

We have a CS-150-LAN Content switch with software version 6.10Build203. Yesterday for no apparent reason we lost connectivity to our website through our CSS. To get around this issue we removed all content rules except for the "everything-else" rule.

owner http://www.acmi.net.au

content AIC

add service acmi-web3

url "//www.acmi.net.au/AIC*"

protocol tcp

port 80

vip address 203.14.59.174

content everything-else

add service acmi-web1

vip address 203.14.59.174

protocol tcp

port 80

active

owner http://www.vceart.com

content everything

add service acmi-web3

vip address 203.14.59.175

protocol tcp

port 80

active

What is happening now is that when l create an addional content rule it then times out all connections to our website http://www.acmi.net.au. If l suspend the additional rule "AIC" the website comes back online. We need these additional content rules for accessing subsites. Please help.

Thanks

Gilles Dufour · ‎09-21-2005

Could you get a 'sho service summary' and 'show summary'.

Are your content rules and services all active ?

Was this config working before or since day one, as soon as you configure rule AIC everything fails ?

Could you try to add 'url "/*"' to your everything rule and also add 'no persistent' to all rules.

Finally add the global command 'persistence reset remap' to allow transparent remapping from one service to the other.

Thanks,

Gilles.

simon-galloway · ‎09-22-2005

Here are the sho service summary and show summmary outputs

Owner Content Rules State Services Service Hits

www.acmi.net.au AIC Suspended acmi-web3 6

everything-else Active acmi-web1 243

acmi-web2 340

www.vceart.com everything Active acmi-web3 23

sec-css-11150# sh service summary

Service Name State Conn Weight Avg State Idx

Load Transitions

acmi-web1 Alive 2 1 2 2 2

acmi-web2 Alive 9 1 23 2 3

acmi-web3 Alive 1 1 17 2 4

The content rule AIC is suspended because if l activate it, it then makes the website www.acmi.net.au unreachable and timesout.

This config was working from day one with the AIC content rule and about another 9 content rules under the owner www.acmi.net.au

If l add the url "/*" command to the content rule "everything-else this also hangs the site www.acmi.net.au

Gilles Dufour · ‎09-23-2005

so what did you change between the moment it was working and the moment it did not ?

Was the CSS rebooted since you made all these changes ?

When it hangs, did you capture a sniffer trace to see if the traffic is forwarded to the server ?

Do you have 'sho summary' showing which rule is being hit when you try to access the website ? [which counter is increasing ?]

Regards,

Gilles.

simon-galloway · ‎10-25-2005

We had changed nothing prior to this issue.

We have rebooted it acouple of times but this did nothing.

To resolve this issue we had to modify the vip address of the owner rule. The original address had no previous conflicts for that address. ?? We still cannot work out what went wrong. Sorry for the delay in returning your response.