Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

CSS and TCP-timer

Hello,

I'm searching for a possibility to adjust the timer when a TCP-session is declared to be down.

The config is quite easy a VIP pointing to several services.

I found a solution by using add destination service... but I do not have the possibility to do source-natting so this solution is not possible.

Unfortunately I did not find another possibility to adjust the TCP-flowtimer as possible by source-natting.

Is there any way to achieve this without source-natting?

Kind regards,

Joerg

4 REPLIES
New Member

Re: CSS and TCP-timer

Joerg,

That process I think you are referring to is called "garbage collection" on the CSS. That is when we clear out flows that have been idle.

Normally, flows are cleared out when we see a normal close sequence, so garbage collection only applies to connections that are idle.

There are a few commands available that control this, such as:

flow permanent <-- disables garbage collection for a single TCP port

flow port <--- adjusts the timer for a single TCP port

Is that what you are looking for, or did I misunderstand your question?

Are you looking to increase or decrease the connection timers?

-Steve

New Member

Re: CSS and TCP-timer

Note that "flow permanent" should be used with some degree of caution. Flow's which are not taken down cleanly (FIN,ACK,ACK) will sit in memory forever as they are not subject to garbage collection and are "permanent", eventually this can consume all the resources and lead to failure.

The workaround for this is to use the cmd scheduler to remove and re-apply the associated flow perm command on some interval.

Bronze

Re: CSS and TCP-timer

Hi Steve, Sean,

thanks for the infos. I will give it a try with long-lived flows followed by flow permanent. As soon as I've the results I will come back to you.

Regards,

joerg

Cisco Employee

Re: CSS and TCP-timer

if you have a CSS 2ng generation you can control the timeout per content rule with the command 'flow-timeout-multiplier'

You should use a timeout solution first before going for the permanent port solution which could at long term have negative effect [if you run out of resources - called FCB - you will process switch the traffic and reduce badly the performance].

Regards,

Gilles.

153
Views
0
Helpful
4
Replies
CreatePlease to create content