01-13-2009 01:27 AM
Hello,
the ace is putting out following error message on several contexts if you try to ping something:
Maximum ping sessions in progress....retry later.
The session Table of the context is nearly empty just 4 current ICMP connections.
The resource usage also looks OK
sh resource usage
Allocation
Resource Current Peak Min Max Denied
-------------------------------------------------------------------------------
Context: PEP_5.0_GGSN_SITE_1
conc-connections 4 44 0 8000000 0
mgmt-connections 2 24 0 100000 0
proxy-connections 0 9 0 1048574 0
xlates 0 0 0 1048574 0
bandwidth 640 463602 0 1125000000 0
throughput 548 459482 0 1000000000 0
mgmt-traffic rate 92 4120 0 125000000 0
connection rate 7 341 0 1000000 0
ssl-connections rate 0 0 0 5000 0
mac-miss rate 0 2 0 2000 0
inspect-conn rate 0 0 0 6000 0
acl-memory 79736 79736 0 78610432 0
sticky 3 3 41942 0 0
regexp 0 0 0 1048576 0
syslog buffer 14336 14336 0 4194304 0
syslog rate 0 9 0 100000 0
Someone a clue?
01-14-2009 12:42 AM
You can't have more than 255 ping clients on the entire machine (not per context).
So, add the total mgmt-connections at any time.
If you are above 255 and those connections are exclusively icmp, then you have reach the limit.
Gilles.
01-14-2009 01:40 AM
Hello Gilles
thanks for your fast response.
With Ping Clients do you mean ICMP connections (traffic and mngt)
who are established over the ace?
Are ICMP probes affected from this limitation?
Greeting Eberhard
01-14-2009 09:34 AM
icmp probe would be affected.
G.
01-15-2009 01:10 AM
Is there an document aviable where those limitiation is described?
The Cisco Datasheet says
"16000 instances of up to 4000 uniquely defined probes"
and i devently need to have more than 255 ICMP probes.
01-15-2009 03:12 AM
Actually, the probes do not use this function.
Sorry for that.
From further code inspection, this icmp_ping limit applies to only
- the "ping" command
- the HA query_vlan ping function
- mac-address miss function (when we get traffic from unknown mac-address, with an ip that does not belong to a local vlan, and the interface is configured with mac-sticky or in bridge mode, we send a ping to the origin to see if that can populate our arp table with the missing mac)
Once again, the limit is max 255 icmp_ping active for the entire box.
Gilles.
05-25-2009 04:47 AM
Hi Gilles.
I'm testing virtualization on two ACE ( Active , Standby).
I would like an advise to configure correctly the "mgmt-traffic" because just trying on Lab sometimes the ACE does not respond on ICMP echo...The network configuration is correct . I'm sure because just changing resource allocation ping works.
I read on the "Virtualization Configuration Guide" that assign resource with " Limit-resource all " does not effect the mgmt-traffic...
So if i have 5 context + admin context ( basic license) and I want to be sure that management ( SSH,ICMP) of Ace for every context will always works , which can be the best allocation method ?
Every suggestion will be appreciated .
Vittorio
05-26-2009 12:03 AM
just start by assigning min 10% to each context. You can later adjust if needed.
Check the 'show resource usage' to see if there are connections denied and the peak vs max allocated resource.
If you're not even close to the max and there are no denied connections, your icmp echo issue is not related to resource allocation.
Gilles.
05-26-2009 12:27 AM
Do you mean 10 % allocated in this way :
limit-resource rate mgmt-traffic minimum 10.00 maximum equal-to-min
Correct ?
Thanks
Vittorio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide