I have ACE10 Module in my switch core 6509, my context "Proxy" was criated for balance connections to Forefront TMG Servers, this balance needs original client IP Address connections end to end in the solution.
My problem is: The clients are complaining of slowness connection to the internet, i captured the traffic in the ace capture feature and i see some RST packets and severals checksum error packets in pcap file.
The topology is:
Client -> ACE VIP VLAN 81 -> RSERVERS VLAN 80
Vlan 80 is in L2 mode(no interface vlan in the switch core 6509, route occurs through the ace appliance).
The IP address 10.96.200.6 is the gw for rservers.
[Code]...
I happen to noticed the FWSM was dropping packets at about 387 packets every 5 minutes. My outside FWSM is WAN facing and has a 1gig link (35% utilized) my inside facing has about 100 downstream switches to the closets. I do not see my 6509's back plane is being over utilized and my understanding of the FWSM show be go for 5 gig so it isn't oversubscribe. Why i am seeing packets dropped?
I have a ACE module A2(3.5) installed, I am having a connectivity problem between two servers in my network. I have captured some traffic on different points in my network and from capture it seems like the problem is with this ACE module or somehow it is closing the connection.
We are looking into replacing our current Windows NLB configuration with a SLB solution as NLB creates some nasty multicast traffic.
We are currently curious about the limitations for running SLB without a dedicated ACE Module, will it handle line-rate speed (1 and 10 gbit) with SLB?
Does VSS introduce any limitations for SLB? Any other pitfalls/limitations we should be aware of?
Hardware info: 2x WS-C6509-E in VSS with VS-S720-10G (VS-F6K-PFC3C) running s72033-ipservicesk9_wan-mz.122-33.SXI7
We had some issue with Datacentre ACE modules. Both primary and DR ACE modules got restarted in 16 hours difference. Unfortunately Syslog was not configured on the ACE and local logging got cleared after restart. The current IOS version is A2(3.2). The modules uptime was around 300 Days. Here is the log from 6509 switch during the restart. [code]
We have ACE module intergrated in cisco 6509 switch. We have performance issue for specific url while accessing through ACE, but it works normal when works with direct url.The users are getting error at middle of works , " applications are unable to get data ". We have configured http-cookie sticky like below, [code]
We are using two rserver in serverfarm and enabled port-80 services.
We have a 6509 with an ACE module. For reasons I don't fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.
[Code]...
I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509. I have all the routes configured properly on the 6509 pointing to the ACE for these subnets. The question is though the config has been excepted, is there a limit to the number of secondary on a BVI.
I have a ace board(Acsm) in my switch 6509.I need provide access for clients over https, my scenario looks like this post [URL] .But, i have only one interface, and need to configure nat for inbound clients, to access the server with ip address of the interface vlan of my ace(if i set ace gateway in a rserver, the ssl termination works). The Topology is: Client(https) -> Ace(Https) -> Ace(http) -> rserver (http). Need to configuring this nat? I need that external clients arrive at the server with the ip of the same network as him, he did not right back the packet to the default gateway, but the origin of the same network as him, so that the communication function successfully, end order.
Current topology in network is such: web servers with content needing to be load balanced are in vlan 35 and these servers are directly connected to Core switch (two 6509 VSS) via 20 Gb EtherChannel. Vlan 35 also spans some other switches with other servers residing in this vlan. Additionally, there are dozens of another vlans (including external users) that need to communicate with web servers. IP addresses of these two web servers are: 192.168.35.1/24 and 192.168.35.2/24 accordingly with default gateway 192.168.35.254/24 (SVI on Core switch). Currently these ip addresses are used by management and other purposes and need to be reachable for same purposes after configuring load balancing with ACEs - it is needed to have direct access to servers behind ACE. How I can do that using ACE in routed mode?
I am desiging a topology with two Cat 6509 and Two ACE Module, one ACE per Catalyst. I am thinking to use bridge mode for the customer contexts, I would like to know if the Bridged mode is an Assymetric topology.
The server gateway is the ip address of the ACE or the Router?
I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
We are facing a strange issue, our ACE 20 got failed due to power issue , after RMA once we are installing ACE 20 to 6509 , the status LED is showing ORANGE . The sh module shows it as " Others " ... The IOS is same as it was previously in 6509 .
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720 Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
Everytime I make a config change to one of the contexts on our ACE20, I get this message: Config Application in Progress. This command is queued to the system
Report run via Individual Web server URL’sThe report takes less than 20 minutes (average 15 minutes) to fetch and return the data. This is observed 9 out of 10 times.Report run via ACE Load Balanced URLThe report keeps on running for more than 20 minutes and never completes. The front end keeps showing report is running.The data in general when tested directly by running queries against the database (bypassing the platform) completes in 15-18 minutesThe network connectivity for each and every ports involved (Loadbalancer/Servers) have been throulgly checked.
I am taking an introduction class to CCNA and we are focusing on the Application Layer,and I'm having some difficulty in understanding what is an Application Layer Service. Is the Application Layer Service the same as Application Layer Software?
I've no experience in VoIP and been ditched with looking at an IP trunking problem on our network.The users where getting dead lines or silent calls, but it seems after re-seating IP trunking card here and there around the network a few times, all is settled to normal. Unfortunately it's a third party that look after the majority of the telephony, and as they can't figure out why this happens they often say it must be a problem with the data WAN it traverses.So I started trying to figure something out, I have IPSLA monitoring setup in Solarwinds on most of the routers and all looks well from that aspect; MOS is 4.34 and Jitter is only 1ms at worst. I've taken a wireshark packet capture of the IP trunk by mirroring the port on the switch at a main site where I've been told a lot of calls are routed through. Inside wireshark I used the 'telephony> voip calls' tool and decoded all the calls. The output is showing most calls have 'Out of Seq' and 'Wrong Timestamp' at around 25-50%. Although these calls seem fine otherwise, and I took this capture whilst the fault was not occurring. I know I need to capture next time when the fault is occurring, but this is what I have for now.How can i fix this or even start to troubleshoot further?
p.s- each site has two routers running GLBP to the WAN, over two ISP locations. I read something about having consistent routing to avoid packets arriving out of sequence, but haven't found anything yet to say this is how I can/should do that.
I use a wireless adapter to connect to our home network but its stopped receiving packets but is sending them. It has worked fine for ages now it just randomly stopped. The network works with everything else (laptops, Xbox and iPods) but my pc wont receive anything. Also our home connection has no password as we live in the middle of nowhere.
I am having a really hard time with a computer that has a wireless connection. Specifically the internet keeps going out. The computer info is that of the affected computer and not the host computer to which the router and modem are connected.
I can connect to it fine and access everything behind the VPN. I have a Windows 7 machine 32 bits. He can connect to the VPN just fine but not access anything behind it, he is running Windows 7 64-bits. This is not a new setup, the VPN has been working before. If I debug ISAKMP and IPSEC in the ASA I see nothing out of the ordinary. The only thing I see is that the VPN client on his machine is showing that the counter for discarded packets is increasing. This is Ciscos explanation to discarded packets. "Packets discarded—The total number of data packets that the VPN Client rejected because they did not come from the secure VPN device gateway." So it seems that the client does not believe that the packets are from the ASA. I have no idea why that would be and what could have changed that made a functioning VPN turn into a non functioning one. He can not remember doing any major installs or something like that which could mess with the client. We uninstalled the version he was using and installed a slightly newer version but it made no difference.
An IP packet of size 1500 bytes passes through two network segments before it reaches its destination. The header size of this packet is 20 bytes. The maximum size of an IP packet in the first intermediate network (its MTU) is 1024 bytes, and that in the second network is 576 bytes.Explain how the IP packet described above would be fragmented into smaller parts in a router, paying particular attention to the flag bits and to the fragment offset field in the header.
- Fragmentation and reassembly needs to break a data-gram into an almost random number of pieces that later can reassembled. - It uses the identification field to ensure that fragments of different datagrams are not mixed. - IP packet of 1500 bytes comprises 1480 bytes of data and a 20-byte header. - In the first intermediate network, the packet size of 1024 bytes allows for 1000 bytes of data plus a 20-byte IP header.[code]
While troubleshooting high cpu due to interrupts on platforms like 6500 or 7600 we can capture the packets getting punted to the CPU using netdr or on 4500 I think we can even use monitor session. But is there a way where we can capture/sniff packets reaching the CPU on a 7206vxr with NPE-G2?
I have a NAT setup. Some of my udp packets are dropping. How to find more about the NAT to find whether it missed anything or not. the router is 3945e. [code]
I have a weird issue with a QOS policy that I have implemented. Details are below.
This is basically the policy I have created. It is running on a Cisco 877 router (running Advance IP Services 12.4). The internet connection is an Internode ADSL service.
class-map match-any VOIP match access-group name VOICE-OUT ! !
Ive just downloaded wireshark just to mess around and ive noticed that even when ive got nothing open its still capturing packets. It gives me a choice of interfaces i want to choose to monitor and i would of thought it be "Realtek PCIe Family Controller" as this is normally the default one (im using wireless) but its saying no packets are being captured from this interface its the "Microsoft" Interface thats capturing the packets. Ive attached a screenshot, i know this isnt nothing bad but was just wondering 1) why isnt my Realtek PCIe interface capturing anything?
One Day the internet is fine the next day The Internet Stopped working. The problem is my pc is sending packets but not receiving any i though it was a bug or something so i restarted my pc after i restarted my pc the internet was working fine until a couple of minutes passed it stopped receiving packets again.i tried resetting the modem but nothing worked.I tried winsock fix or resetting TCP/IP and stuff but nothing workscause its starting to frustrate me.
Our computer is sending but not receiving packets. We've tried 3 different wi-fi adapters, and that wasn't the problem. We have no idea what's wrong? It won't pick up any wireless signals by the way, and it works fine while connected via Ethernet.
I have a home network that does not connect to the internet, but which I use to play games on, or did before this issue happened by.For years my PC's and friends ones had been able to connect into the network with little or no problems, but a few months ago my tower PC just stopped picking anybody or anything up on the network and I have tried tons of different resolutions to solve this.Anyway, the other day I bought a new HD and installed XP SP3 again on it, and for about fifteen minutes I could connect to my Vista Laptop and share files and play games, then it stopped.Next day the same again and off and on till now when its been down for the last week.I have also now bought a new network card - no difference - and disabled the on board network card through the BIOS - no difference.I have done a Winsock repair, replaced automatic IP addresses with manual ones, and countless other remedies which have not solved diddly.