I read this bug ID CSCsa58499 and I am trying to understand what it says:
The sticky entry times out with active flows. The sticky timer resets when new connections encounter a sticky entry. Sticky entries are kept in the sticky table only as long as the client keeps opening new connections at an interval smaller than the sticky timeout. If there is an open connection from a client, that connection is not enough to maintain the sticky entry that is associated with it in the sticky table. For example, with a sticky timer of 30 minutes and a connection open for one hour, after 30 minutes the sticky entry for that client is removed, although that client has an open connection.
The NO_TIMEOUT_IP_STICKY_ENTRIES environment variable is introduced to configure the timeout policy for IP sticky entries with active sessions. The problem is resolved by having the sticky timer for a specific entry reset from the point where the last session ends. When NO_TIMEOUT_IP_STICKY_ENTRIES is set to 1, this timeout policy applies to sessions using IP sticky only. Sessions using other forms of persistence (for example cookie, SSL ID) are not affected by the environment variable.
The NO_TIMEOUT_IP_STICKY_ENTRIES variable has the following syntax:
Valid Values: Integer (0 to 1)
Description: Time-Out (1 = no timeout) policy for IP sticky entry with active sessions
This example shows how to configure the sticky environment variable:
The sticky cookie timer seems to work as I expect, but the above documentation says that "Sessions using other forms of persistence (for example cookie, SSL ID) are not affected by the environment variable"
So I am confused.
Can someone please clarify the statement:
"Sessions using other forms of persistence (for example cookie, SSL ID) are not affected by the environment variable"
It means it does is change when the CSM starts the timer. By default (value at 0), the CSM starts the timer as soon as the entry is created and the timer is reset each a new connection matches the entry. With the value set to 1, the CSM will start the timer when the last connection is terminated.
I think There is no recommendation on what timer value to use. it all depends on the application
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...