Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS Sticky-table analysis

We have a CSS 11503 at

It has a number of L3 Sticky rules.

The users or rather their workstations are working 24 x 7.

We would like to work out what is the best sticky-inact-timeout value to use so that we can gracefully close a server (weight = 0) and drain the sticky entries for that backend server.

It would be good to have more information about the life of the sticky-entry in the table. For example when it was first loaded and perhaps the maximum elapsed time value.

Are there any debug commands that can get more information on the sticky-table entries?

Or has anyone got any other ideas on how to find out how long it would take to drain a server without actually setting the weight to zero and seeing what happens?

My last thought is to change the sticky-inact-timeout value on the rule. As I understand it this change, which appears to be dynamic will only impact new sticky sessions. So a show sticky-table should show the new value for new entries where previous sessions elapsed time has exceeded the old value. Measuring the time taken from the change to the rule to the time that the majority of sessions have shifted to the new timeout value should give an indication of the time it would take to drain the majority of users off the server to be closed.

If this is true then the only problem is how to interrogate the sticky-table which can only be paged at 100 entries a time and does not seem to be filterable in normal CLI. Hence the request for more info on Debug mode.

Cisco Employee

Re: CSS Sticky-table analysis

you could filter by entering the source ip adress and sticky mask.

show sticky-table l3-sticky ipaddress



New Member

Re: CSS Sticky-table analysis


thanks for the response.

However, what I am trying to acheive is a little more than see the sticky-entries as they are displayed using the standard show sticky-table command.

For Layer three sticky entries even if you filter on IP address, you get a single entry in the standard 1 line format. I actually would like to see all entries with a given set of characteristics.

Also for SSL sticky entries there is a Hash argument that allows the ability to see much more information for an individual entry. I cannot find an equivalent for Layer 3 sticky entries.

The inability to search the whole table for certain characteristics without devizing a script with a loop on page count is giving us some interesting challenges. The abscence of information about statistics/timers on each flow is also a bit of a barrier for diagnosis.

Hence the request for more information about the sticky-table debug facilities.


Andrew T

Cisco Employee

Re: CSS Sticky-table analysis

There is no more information even in debug mode.

Hence my suggestion to work with one entry at a time.

If you need stats about flows, you can use the 'flow-agent show active' command to get the list of active flows, then extract a flowid and use the command 'flow-agent show fcb 0x'.

This will give you information about when the flow was open, ...



New Member

Re: CSS Sticky-table analysis

Ah well never mind....

Thanks for the extremely prompt response...

Andrew T

CreatePlease to create content