Hello Everyone,
I have ACE10 Module in my switch core 6509, my context "Proxy" was criated for balance connections to Forefront TMG Servers, this balance needs original client IP Address connections end to end in the solution.
My problem is: The clients are complaining of slowness connection to the internet, i captured the traffic in the ace capture feature and i see some RST packets and severals checksum error packets in pcap file.
The topology is:
Client -> ACE VIP VLAN 81 -> RSERVERS VLAN 80
Vlan 80 is in L2 mode(no interface vlan in the switch core 6509, route occurs through the ace appliance).
The IP address 10.96.200.6 is the gw for rservers.
system: Version A2(3.4) [build 3.0(0)A2(3.4)]
system image file: [LCP] disk0:c6ace-t1k9-mz.A2_3_4.bin
rserver host PANFPRXP301A
ip address 10.96.200.11
inservice
rserver host PANFPRXP301B
ip address 10.96.200.12
inservice
sticky ip-netmask 255.255.255.255 address source STICKY-SF-PANPROXY
replicate sticky
serverfarm SF-PAN-PROXY
interface vlan 80
ip address 10.96.200.4 255.255.255.0
alias 10.96.200.6 255.255.255.0
peer ip address 10.96.200.5 255.255.255.0
no normalization
no icmp-guard
access-group input all-access
access-group output all-access
service-policy input ACCESS
no shutdown
interface vlan 81
ip address 10.96.201.4 255.255.255.0
alias 10.96.201.6 255.255.255.0
peer ip address 10.96.201.5 255.255.255.0
no normalization
no icmp-guard
access-group input all-access
access-group output all-access
service-policy input ACCESS
service-policy input INTVLAN80
no shutdown
policy-map multi-match INTVLAN80
class VIP-SF-PANPROXY
loadbalance vip inservice
loadbalance policy SLB-SF-PANPROXY
loadbalance vip icmp-reply active primary-inservice
appl-parameter http advanced-options PARAMETER-HTTP
Logs
====================================================================
Aug 15 2012 10:24:09 : %ACE-6-302023: Teardown TCP connection 0xb9fec for vlan81
:10.93.15.69/1439 (10.93.15.69/1439) to vlan80:10.96.201.10/8080 (10.96.200.12/8
080) duration 0:01:28 bytes 13741 TCP FINs
Aug 15 2012 10:24:09 : %ACE-6-302022: Built TCP connection 0x1121b8 for vlan81:1
0.93.15.69/1443 (10.93.15.69/1443) to vlan80:10.96.201.10/8080 (10.96.200.12/808
0)
Aug 15 2012 10:24:10 : %ACE-6-302022: Built TCP connection 0xc400b for vlan81:10
.93.7.69/4863 (10.93.7.69/4863) to vlan80:10.96.201.10/8080 (10.96.200.11/8080)
Aug 15 2012 10:24:10 : %ACE-6-302022: Built TCP connection 0xc676f for vlan81:10
.93.15.29/2173 (10.93.15.29/2173) to vlan80:10.96.201.10/8080 (10.96.200.12/8080
)
Aug 15 2012 10:24:10 : %ACE-6-302022: Built TCP connection 0xc3621 for vlan81:10
.93.7.84/54169 (10.93.7.84/54169) to vlan80:10.96.201.10/8080 (10.96.200.11/8080
)
Aug 15 2012 10:24:10 : %ACE-6-302025: Teardown UDP connection 0x110764 for vlan8
0:10.96.200.11/32230 (10.96.200.11/32230) to vlan81:172.17.2.35/53 (172.17.2.35/
53) duration 0:00:11 bytes 126 Idle Timeout
Aug 15 2012 10:24:10 : %ACE-6-302023: Teardown TCP connection 0x111c70 for vlan8
1:10.93.15.69/1441 (10.93.15.69/1441) to vlan80:10.96.201.10/8080 (10.96.200.12/
8080) duration 0:00:02 bytes 1759 TCP FINs
Aug 15 2012 10:24:10 : %ACE-6-302022: Built TCP connection 0x5fc51 for vlan81:10
.93.7.69/4864 (10.93.7.69/4864) to vlan80:10.96.201.10/8080 (10.96.200.11/8080)
Aug 15 2012 10:24:11 : %ACE-6-302022: Built TCP connection 0xc5282 for vlan81:10
.93.5.157/1522 (10.93.5.157/1522) to vlan80:10.96.201.10/8080 (10.96.200.11/8080
)
Aug 15 2012 10:24:11 : %ACE-6-302022: Built TCP connection 0x10e7a2 for vlan81:1
0.93.15.29/2174 (10.93.15.29/2174) to vlan80:10.96.201.10/8080 (10.96.200.12/808
0)
Aug 15 2012 10:24:11 : %ACE-6-302023: Teardown TCP connection 0x102c48 for vlan8
1:10.84.34.23/1130 (10.84.34.23/1130) to vlan80:10.96.201.10/8080 (10.96.200.12/
====================================================================
If needed, i can send the pcap file for analyse.
Tks a Lot.
Rafael
