Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE:huge difference between ACE session & server session(net state)

Hi All,

Need help on ACE,

Our customer have ACE Module running in context mode in C6500, customer complains that users are facing slowness accessing application behind the ACE.

From his observation he finds that there is huge difference between ACE session count and server session count. As a workaround he is bringdown the services and same time clear the session on ACE, then the issue is resolved.

Switch-ACE Module=========VIP 1


What may be the problem, Kindly suggest what all things i should check to find the problem.

What all data is required to find the problem if it is really ACE problem.



New Member

Re: ACE:huge difference between ACE session & server session


I have attached the screen shot of show serverfarm status.



Cisco Employee

Re: ACE:huge difference between ACE session & server session(net

What ACE software version do you have ?

What's the ACE configuration ?

Do you have normalization turned on or off ?

ACE has a mechanism to remove idle connections.  Does the server have the same thing ?  What's the idle timeout on ACE and the server ?


New Member

Re: ACE:huge difference between ACE session & server session(net

Please find attached the snapshot for the Connection on Individual servers and the LB at the same time.

The no of connections on LB is showing more then the total no of connections on Individual servers.

I have just attached the file which contain the screenshot of real server session and ACE session at the same time


Sw version : 3.0(0)A1(5a)

FW versio: 8.6(0.252-En

HW versio;2.2

As far as configuration concern, I dont think my managment will allow me to post the configuration on netpro.But attaching some of the configuration related to the specific application(Server)


serverfarm host Server
  probe 8080
  rserver CNDAECRMAPWP21
  rserver CNDAECRMAPWP22

sticky ip-netmask address both Server-sticky
  timeout 10
  serverfarm Server

class-map match-all Server
  2 match virtual-address tcp eq 8080

policy-map type loadbalance first-match Server
  class class-default
    sticky-serverfarm Server-sticky

class Server
    loadbalance vip inservice
    loadbalance policy Server
    loadbalance vip icmp-reply
    nat dynamic 2 vlan 24

interface vlan 24
  ip address 10.X.46.5
  alias 10.X.46.4
  peer ip address 10.X.46.6
  nat-pool 2 10.X.46.7 10.X.46.7 netmask pat
  service-policy input Load-bal
  no shutdown

service-policy input management

service-policy input Mgt-access
access-group input 101

Also how to check if normalization is turned on or off?

What mechanism is used in ACE to remove the idle connection? any command to verify it?

Cisco Employee

Re: ACE:huge difference between ACE session & server session(net

Your problem is the version : 3.0(0)A1(5a)

Please upgrade  immediately to a supported version A2(1.6a).



New Member

Re: ACE:huge difference between ACE session & server session(net

Hi Gilles,

Thanks for your response,

Does the image is deffered? it does not reflect in software advisiory.

Will this solve the issue? any simmiler cases which had same issue and resolved after upgradation.

I was just being questioned by my customer. hopfully i should able to make my customer agree for upgradation.

Any other suggestion so that before upgradation i can try these?



Cisco Employee

Re: ACE:huge difference between ACE session & server session(net


the image was not deffered because there is no catastrophic defect.

However, there are more than 2000 bug fixes that have been integrated since that release.

We just can't work with that image.

I can't guarantee at 100% that your problem will be fixed, but it is definitely not possible to work with that image.

Even if we could troubleshoot the problem and find the problem, there is no guarantee we can link it to a known issue and there is absolutely no way we can even think about finxing that code - the new code is so different now.

Please do yourselves and your customer a favor and upgrade to a recent image.


New Member

Re: ACE:huge difference between ACE session & server session(net

Dear Gilles,

This type of problem still exists in all versions of A2 1.x and 2.x trains as of my experience. I have a couple of module pairs running A2 2.2 and also A2 1.6a and this type of connection "leaking" seems to be there for years also in previous versions. The common things in the configs are sticky and/or url -match based layer7 loadbalancing. I have to either clear connections manually on ACE CLI, or switch over to standby and reboot the module on regular (once per month) basis as a workaround.

Would be nice to trace it down and having a fix for it. Please let me know if I can provide further details...


Denes Barany