The users or rather their workstations are working 24 x 7.
We would like to work out what is the best sticky-inact-timeout value to use so that we can gracefully close a server (weight = 0) and drain the sticky entries for that backend server.
It would be good to have more information about the life of the sticky-entry in the table. For example when it was first loaded and perhaps the maximum elapsed time value.
Are there any debug commands that can get more information on the sticky-table entries?
Or has anyone got any other ideas on how to find out how long it would take to drain a server without actually setting the weight to zero and seeing what happens?
My last thought is to change the sticky-inact-timeout value on the rule. As I understand it this change, which appears to be dynamic will only impact new sticky sessions. So a show sticky-table should show the new value for new entries where previous sessions elapsed time has exceeded the old value. Measuring the time taken from the change to the rule to the time that the majority of sessions have shifted to the new timeout value should give an indication of the time it would take to drain the majority of users off the server to be closed.
If this is true then the only problem is how to interrogate the sticky-table which can only be paged at 100 entries a time and does not seem to be filterable in normal CLI. Hence the request for more info on Debug mode.
However, what I am trying to acheive is a little more than see the sticky-entries as they are displayed using the standard show sticky-table command.
For Layer three sticky entries even if you filter on IP address, you get a single entry in the standard 1 line format. I actually would like to see all entries with a given set of characteristics.
Also for SSL sticky entries there is a Hash argument that allows the ability to see much more information for an individual entry. I cannot find an equivalent for Layer 3 sticky entries.
The inability to search the whole table for certain characteristics without devizing a script with a loop on page count is giving us some interesting challenges. The abscence of information about statistics/timers on each flow is also a bit of a barrier for diagnosis.
Hence the request for more information about the sticky-table debug facilities.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...