Scribd Logo
Upload

Welcome to Scribd!

  • 132155

    Uploaded by

    shareefgs5560
    34 views6 pages
    ACE administrator can establish to the application team that the hit on VIP has been successfully forwarded to the client. "Dropped conns" counter for VIP is incremented whenever a connection hitting that VIP gets dropped / rejected. "Show service-policy detail" gives you detail about which server farm was selected hit count and droppped conns for a server farm.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ACE administrator can establish to the application team that the hit on VIP has been successfully forwarded to the client. "Dropped conns" counter for VIP is incremented whenever a connection hitting that VIP gets dropped / rejected. "Show service-policy detail" gives you detail about which server farm was selected hit count and droppped conns for a server farm.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views6 pages

    132155

    Uploaded by

    shareefgs5560
    ACE administrator can establish to the application team that the hit on VIP has been successfully forwarded to the client. "Dropped conns" counter for VIP is incremented whenever a connection hitting that VIP gets dropped / rejected. "Show service-policy detail" gives you detail about which server farm was selected hit count and droppped conns for a server farm.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Questions on Cisco ACE troubleshooting

    new_networker 302 posts since


    Aug 28, 2008

    hi,

    Please assist on the below.

    - How can an ACE administrator establish to the application team that the hit on VIP has
    been successfully forwarded to the client. Is a hit count enough a proof for that.

    - Can dropped conn count go up because of any application failure/misconfiguration

    - Where can I find the detailed breakdown to interpret the show capture output.

    - How long does the ACE wait if the application does not respond to the hit on VIP.

    - How can I simuate http get / head method against a web service. telnet IP <port #> only
    confirms the service active state and not correct functioning of the web service. That's
    because in my case, SHOW PROBE is showing as failed yet I am able to telnet the service.
    Probe is set for 30 seconds.

    - Could you please give a breakdown of the SHOW CONN display

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    1

    Questions on Cisco ACE troubleshooting

    - What 'show' comamnds should an ACE administrator master, to facilitate speedy


    troubleshooting.

    Syed Iftekhar Ahmed 1,042 posts since


    Jul 20, 2005 1. Re: Questions on Cisco ACE troubleshooting Oct 28, 2008 12:34 AM

    How can an ACE administrator establish to the application team that the hit on VIP has been
    successfully forwarded to the client. Is a hit count enough a proof for that.

    Hit count only tells you the VIP hits. In order to see successful conns use "show conn"
    commad and
    check if both side of connections are "ESTAB"lished." "Show service-policy <policy>
    detail" gives you detail about which server farm was selected
    hit count and droppped conns for a server farm. Similarly "show server-farm
    <severfarm> detail" will give you current & failed connections on per rserver basis.

    - Can dropped conn count go up because of any application failure/misconfiguration

    The "dropped conns" counter for VIP is incremented whenever a connection hitting that
    VIP gets dropped/rejected.
    There could be many reasons for that, for example
    * if all the rservers in the serverfarm associated to VIP goes down.
    * if a request in the connection request use some URL which doesnt match any class-map
    including class-default.
    * if the server which is picked up by the LB to load-balance the connection won't respond
    to the request.

    sh np [1|2] me-stat "-s lb" will give you stats about different dropped conns.

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    2

    Questions on Cisco ACE troubleshooting

    - Where can I find the detailed breakdown to interpret the show capture output.

    Instead of displaying it locally use "copy capture <capture name> disk0:syed.cap" and use
    wireshark to see these packets

    - How long does the ACE wait if the application does not respond to the hit on VIP.

    The time (in seconds) that ACE waits for SYN ACK is a value of "Open timeout".Open
    tiemout is configured under probe definition using "open <sec>" command.

    - How can I simuate http get / head method against a web service. telnet IP <port #> only
    confirms the service active state and not correct functioning of the web service. That's
    because in my case, SHOW PROBE is showing as failed yet I am able to telnet the service.
    Probe is set for 30 seconds.

    We used to have this functionality in CSS but from ACE you cannot do that.
    But show probe detial command give you the reason of the las probe failure for example

    "Last disconnect err: Host Unreachable, no route to destination"


    or
    "Last disconnect err: Connection reset by server"
    or
    ""Last disconnect err:Server open timeout (No Sync Ack)" etc...

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    3

    Questions on Cisco ACE troubleshooting

    - Could you please give a breakdown of the SHOW CONN display

    conn id-> Id of he connection. you can use (sh np 1 me-stats "-c <conn-id>##) to get more
    details about connection
    np --> Ace has two processors np1 & np2. This column tells which processor is handling this
    connection
    dir--> Dierection of the connection
    For "In" direction "source" represent "clientIP:port" & "Dest" represent VIP-IP:port"
    For "out" direction "source" represent "Rserver IP:port" & "Dest" represent Client-IP:port"
    "stat" --> connection status

    - What 'show' comamnds should an ACE administrator master, to facilitate speedy


    troubleshooting.
    from top of my head

    show conn
    Show probe dtail
    sh serverfarm detail
    sh service-policy detail
    sh sticky database

    sh resource usage all

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    4

    Questions on Cisco ACE troubleshooting

    sh stats http
    sh stats loadbalance
    sh stats conn
    sh stats probe

    sh conn
    sh np 1 me-stats "-c 10## <-- 10 is the connection number derived from "sh conn"
    sh np 1 me-stats "-s lb"

    sh ft peer status
    sh ft group status
    sh ft stats

    sh xlate
    sh access-list <acl>
    sh arp

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    5

    Questions on Cisco ACE troubleshooting

    Syed Iftekhar Ahmed

    new_networker 302 posts since


    Aug 28, 2008 2. Re: Questions on Cisco ACE troubleshooting Oct 28, 2008 4:25 AM

    Hope Cisco can document this and make an ACE troubleshooting guide out of it.

    Postings may contain unverified user-created content and change frequently. The content is provided as-is and
    is not warrantied by Cisco.
    6

    You might also like