acs sh conn problem

Document

Sat, 05/04/2013 - 02:02
May 2nd, 2013

Hello

Please give me the ACE.

You When you sh conn setting of the current configuration, session information is displayed.

1148798    1  in  TCP   2    172.16.22.178:49895   10.1.100.25:8181      ESTAB

1157580    1  out TCP   12   10.1.100.26:8181      172.16.22.178:49895   CLOSED

Session of the current pair have been identified.

The current session is closed, but the information of big-eye red current continues to sh conn session information.

I want to know that there are times when it may be a problem at this time

Thank you.

Jorge Bejarano Thu, 05/02/2013 - 20:47

Gyoun,

Please see the following document and the drawing called: "TCP Connection Teardown"

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Troubleshooting_Connectivity#ACE_Connection_Table_Entries

Connection-teardown-4way2.jpg

Then that output just shows the connection when it is being RST, but we do not have enough details.

Where do you see this behavior? Are you having any issue related to RST connections?

Jorge

ajayku2 Sat, 05/04/2013 - 02:02

If you are talking about the following connection:

1157580    1  out TCP   12   10.1.100.26:8181      172.16.22.178:49895   CLOSED

If you are seeing the above entry in table for a long time then it is possible that the connection is not properly closed. We also say it half closed connection.

For example ACE receives FIN it forward to the server mark the connection as closed and then it wait for FIN-ACK.

If the server does not send the FIN-ACK for some reason this entry may be there for 1 hour and then it clear after timeout.

So verify with capture if that is the case.

You can also use connection parameter map to reduce the half close session timeout to remove such entry faster.

hope that helps,

Ajay Kumar

Actions

This Document