Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS11506 - show flows

Hello all,

I have a CSS11506 with the following config...

!************************** SERVICE **************************

service pas_main_uswrnsa0ptf01_11111

ip address 172.16.25.30

keepalive type tcp

keepalive port 11111

port 11111

active

service pas_main_uswrnsa0ptf02_11111

ip address 172.16.25.31

keepalive type tcp

keepalive port 11111

port 11111

active

service pas_main_uswrnsa0ptf03_11111

ip address 172.16.25.32

keepalive type tcp

keepalive port 11111

port 11111

active

service pas_main_uswrnsa0ptf04_11111

ip address 172.16.25.33

keepalive type tcp

keepalive port 11111

port 11111

active

!*************************** OWNER ***************************

owner PAS

content PAS-pas_main-2008-11111

vip address 123.123.130.222

protocol tcp

port 11111

url "/*"

balance aca

application ssl

add service pas_main_uswrnsa0ptf01_11111

add service pas_main_uswrnsa0ptf02_11111

add service pas_main_uswrnsa0ptf03_11111

add service pas_main_uswrnsa0ptf04_11111

active

!*************************** GROUP ***************************

group PAS-pas_Dgraphs

vip address 172.16.25.11

add destination service pas_main_uswrnsa0ptf01_11111

add destination service pas_main_uswrnsa0ptf02_11111

add destination service pas_main_uswrnsa0ptf03_11111

add destination service pas_main_uswrnsa0ptf04_11111

active

I can access my servers just fine, but when issuing the 'show flows' command, I do not see my traffic... even though I can see my hit counters incrementing.

NOTE: The 'application ssl' command is something new for us, so I thought it may be related to this.

Any ideas?

Thanks,

-Adam

5 REPLIES
Cisco Employee

Re: CSS11506 - show flows

Try

llama

flow-agent show active_fcbs

exit

Or a

show flows 0.0.0.0

Gilles.

New Member

Re: CSS11506 - show flows

Gilles,

Still not seeing the flows.

Anything else you could recommend? Could the 'application ssl' config have anything to do with this behavior?

Thanks,

-Adam

Cisco Employee

Re: CSS11506 - show flows

if you do not see any flow, there is no active flows !!

The flow-agent command does look at HW level for connections. If it does not return anything, it means there is no ACTIVE flow.

Gilles.

New Member

Re: CSS11506 - show flows

Gilles,

The target IP is the content VIP 123.123.130.222 (as shown in my CSS config). However, I am testing from one of the four servers (services) associated with this content rule. Could that be causing the problem with the CSS not seeing these flows?

For example...

I am sitting on server uswrnsa0ptf01 and I test to the content VIP 123.123.130.222... and it works... but I see know flows in the CSS.

I've attached a drawing showing our network topology.

Thanks,

-Adam

Cisco Employee

Re: CSS11506 - show flows

try to open a telnet session to your VIP IP:PORT.

Do not close the telnet session and check with a 'show flows 0.0.0.0' if you see any flow.

It should not matter if you open the connection from the server or not.

G.

262
Views
0
Helpful
5
Replies