none
UAG-Cisco CSS configuration - all of a sudden 1000+ unauthenticated sessions and then appears to timeout and go away RRS feed

  • Question

  • My UAGs will be going along and then recieve the following, that look like someone is trying to log in.  The unauthenticated session count will jump up to 800-1000+ attempts and then after 4-5 minutes, stopped.  Can't tell why at this point - but the IP address corresponds to our internal Cisco Content Services Switch for load balancing.  This is on an internal network, not accessible from the Internet.

    Any one seen anything any behavior like this?

     Information 08/04/2011 11:36:09 60 Session Started Session aagportal (S) SACUAG1 Session C96F75B5-187A-4B96-84BB-2E7DEB4D01B7 was started on trunk aagportal (secure=1). The source IP address is xxx.xxx.34.97.
     Information 08/04/2011 11:40:11 61 Session Stopped Session aagportal (S) SACUAG1 Session C96F75B5-187A-4B96-84BB-2E7DEB4D01B7 was stopped on trunk aagportal (secure=1). The source IP address is xxx.xxx.34.97.
    Thursday, August 4, 2011 10:12 PM

Answers

  • Hi John,

    i saw this behavior during application testing. It was happened while doing some programatic queries to a self written UAG web service. It seems that every new connection attempt (keep alives = false) has caused this behavior in my case.

    Well, i guess your content switch may use a very agressive health check in your case?

    -Kai

     

    • Proposed as answer by Kai Wilke Tuesday, August 23, 2011 10:01 PM
    • Marked as answer by Rivercity John Wednesday, August 24, 2011 4:36 PM
    Friday, August 5, 2011 6:24 AM

All replies

  • Hi John,

    i saw this behavior during application testing. It was happened while doing some programatic queries to a self written UAG web service. It seems that every new connection attempt (keep alives = false) has caused this behavior in my case.

    Well, i guess your content switch may use a very agressive health check in your case?

    -Kai

     

    • Proposed as answer by Kai Wilke Tuesday, August 23, 2011 10:01 PM
    • Marked as answer by Rivercity John Wednesday, August 24, 2011 4:36 PM
    Friday, August 5, 2011 6:24 AM
  • I may be way off the mark here but this thread caught my eye -

    I saw exactly the same thing 3-4 years ago but it was nothing to do with UAG.  I only noticed it because my CSS11503 poll was set to access an asp page on a site I was implementing and that asp checked loads of backed db connections, queues etc before returning.  Running once it was fine, but run 800-1000 times it DoSd the site (of 15 fairly powerful web servers and big DB servers!)

    I never got enough evidence to send to Cisco about it.  It happened twice in a 9 month period then we abandoned the asp page and went to tcp connect to poll.

    My only assumption, and Cisco TAC too, is that there must be something that caused the CSS to go nuts, as if it backs up due to delayed polls and catching up, but we didnt have enough logs to know how many hits we were talking about as it happened with no warning.  Given its 800-1000 hits for you, this seems unfeasible now.

    If you have a Cisco TAC entitlement, raise it and see what they say. 

    From memory we were running an OS from about 2005 on the CSSs, I have Cisco access if you need to know if there is a new one (but I'd never of course offer on a public forum to send you the files...)

    --Zuzzy

    Wednesday, August 31, 2011 1:45 PM