Curious if anyone has had issues with the flow permanent port configuration on the 11K.
We have a, not so well built, application that seems to have issues with properly closing sessions with (FIN or RST). Therefore, the app owners want a permanent flow statement on the 11K. I have already used the flow-timeout multiplier statement 112 which is 30 minuites, but the app owners say they are still having issues.
My concern is that my load balancer will be affected if I use this flow permanent port setting and the app or client never close the session.
The main concern when you use flow permanent or flow timeout multiplier is the starvation of resources on the CSS.
If you need to use these commands, you need to consider how the application behaves and what are your clients needs before making a decision about how long the flow should be idle without the CSS reciclying it.
For example, if your users needs to be logged during the whole day, you might want to configure the flow timeout to 8 hours, so the flows are clean by the end of the day.
Try not to use the flow permanent, as it is likely that flows would remain idle for long periods of time.
Using the flow timeout command on the content rule needs the consideration of the amount of users per day that hit that content rule and also, at least at the beggining of the deployment, needs that you monitor the CSS' CPU and available flows.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...