Professional Documents
Culture Documents
hi,
- How can an ACE administrator establish to the application team that the hit on VIP has
been successfully forwarded to the client. Is a hit count enough a proof for that.
- Where can I find the detailed breakdown to interpret the show capture output.
- How long does the ACE wait if the application does not respond to the hit on VIP.
- How can I simuate http get / head method against a web service. telnet IP <port #> only
confirms the service active state and not correct functioning of the web service. That's
because in my case, SHOW PROBE is showing as failed yet I am able to telnet the service.
Probe is set for 30 seconds.
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
1
How can an ACE administrator establish to the application team that the hit on VIP has been
successfully forwarded to the client. Is a hit count enough a proof for that.
Hit count only tells you the VIP hits. In order to see successful conns use "show conn"
commad and
check if both side of connections are "ESTAB"lished." "Show service-policy <policy>
detail" gives you detail about which server farm was selected
hit count and droppped conns for a server farm. Similarly "show server-farm
<severfarm> detail" will give you current & failed connections on per rserver basis.
The "dropped conns" counter for VIP is incremented whenever a connection hitting that
VIP gets dropped/rejected.
There could be many reasons for that, for example
* if all the rservers in the serverfarm associated to VIP goes down.
* if a request in the connection request use some URL which doesnt match any class-map
including class-default.
* if the server which is picked up by the LB to load-balance the connection won't respond
to the request.
sh np [1|2] me-stat "-s lb" will give you stats about different dropped conns.
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
2
- Where can I find the detailed breakdown to interpret the show capture output.
Instead of displaying it locally use "copy capture <capture name> disk0:syed.cap" and use
wireshark to see these packets
- How long does the ACE wait if the application does not respond to the hit on VIP.
The time (in seconds) that ACE waits for SYN ACK is a value of "Open timeout".Open
tiemout is configured under probe definition using "open <sec>" command.
- How can I simuate http get / head method against a web service. telnet IP <port #> only
confirms the service active state and not correct functioning of the web service. That's
because in my case, SHOW PROBE is showing as failed yet I am able to telnet the service.
Probe is set for 30 seconds.
We used to have this functionality in CSS but from ACE you cannot do that.
But show probe detial command give you the reason of the las probe failure for example
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
3
conn id-> Id of he connection. you can use (sh np 1 me-stats "-c <conn-id>##) to get more
details about connection
np --> Ace has two processors np1 & np2. This column tells which processor is handling this
connection
dir--> Dierection of the connection
For "In" direction "source" represent "clientIP:port" & "Dest" represent VIP-IP:port"
For "out" direction "source" represent "Rserver IP:port" & "Dest" represent Client-IP:port"
"stat" --> connection status
show conn
Show probe dtail
sh serverfarm detail
sh service-policy detail
sh sticky database
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
4
sh stats http
sh stats loadbalance
sh stats conn
sh stats probe
sh conn
sh np 1 me-stats "-c 10## <-- 10 is the connection number derived from "sh conn"
sh np 1 me-stats "-s lb"
sh ft peer status
sh ft group status
sh ft stats
sh xlate
sh access-list <acl>
sh arp
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
5
Hope Cisco can document this and make an ACE troubleshooting guide out of it.
Postings may contain unverified user-created content and change frequently. The content is provided as-is and
is not warrantied by Cisco.
6