We have a CSM installed in a 6513 chassis working as our load balancer for web servers. I have a few basic questions:
1. The current default configuration of probes on our switch indicates 2 minutes interval, 3 consecutive errors before marking real server failure and 5 minutes between probes of failed server. This setting results in 10-12 minute switch over delay in case one server fails.
In one of the Cisco papers I read that the default for these parameters in CSM is 8 seconds, 2 retries and 5 seconds, respectively.
My question is what is the default settings for probe parameters and is there any recommendation for a optimal settings? (I am going to use 1min, 3, 15seconds resulting 0.5 to 1.5 minutes delay and want to make sure there is no concerns with that)
2. Does the sticky timeout affect the switch over delay time? My understanding is that sticky timeour applies to the normal condition when all legs are up and in case of a failure, the traffic will switch over regardless of an existing active sticky session. Is this correct?
3. What is the exact definition of a "connection" in a load balancer? Is there any way to estimate or predict the number of connections for a specific traffic load (e.g. number of connection per user)?
There is an ASK THE EXPERT session currently, if you have more questions, please join us there.
Regarding your current questions :
1/ The default for an icmp probe is 120sec, 3 retries and 300sec for failed.
You can use whatever values you think is necessary for your environment.
However, you need to remember that a probe generates traffic and each probe require process CPU time to send and receive.
With a lot of servers you probably want to avoid low frequency values.
I think your suggested value of 1 minute is ok.
2/ the sitcky timeout does not affect failover.
However, you should be aware that if a server goes dowm, the CSM will send NEW connections to the other servers. But active connection will stay with this server even if down. To change this behavior use the 'failaction purge' command.
3/ A connection is a flow. It is defined by a SRC IP, DST IP, protocol, SRC PORT, DST PORT.
Within a connection you can send 2 bytes or 2 Gig.
So, it is difficult to link the 2 values.
ie: when you load a webpage, if you are using http 1.0 you open 1 connection for every object (text, gif, banner, ...) but with http 1.1 you can download all the same objects in a single connection.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...