Comtech EF Data / Stampede
FX Series Administration Guide - Version 6.2.2
112
Chapter: FX Series Remote General Settings
Section: Active Flows
MN-FXSERIESADM6 Rev 6
5.3
Active Flows
Active flow capacity:
Specify the maximum number of active flow tracking resources that can be allocated from the choices
presented in the pull-down. If set to ‘Auto-Tune’, the FX will automatically set the active flow capacity
based upon the hardware platform and other criteria. An ‘Active Flow’ is a connection (either UDP or
TCP) between a client and server which flows through the FX. If no data flows through the connection for
the specified ‘Flow tracking inactivity timeout’ then the active flow tracking resource is released. Each
active flow tracking resource consumes about 300 bytes of non-swappable RAM. The active flow tracking
resource is allocated as soon as a SYN packet is seen to mark the start of a TCP connection.
Flow tracking inactivity timeout:
This setting controls how long an active-flow tracking resource will be allocated even though no data has
flowed through the FX for that connection. The active flow tracking resource is automatically released if
the connection is closed. The recommended standard for this setting is five days, however in many cases
in can be set lower if conservation of active flow tracking resources is important. Most TCP applications
do not have an issue with this setting because generally it doesn’t matter if the active tracking resource is
released when there is no activity. However, one notable exception is FTP, which allocates both a control
connection and a data connection. If a long FTP transfer is flowing over the data port, there will not be
any data flowing over the control connection, and if the inactivity timer expires for that control
connection, the FTP transfer will cease. On the other hand, HTTP applications generally use very short-
lived connections in which active-flow resources are quickly released.
If flow capacity reached:
This setting allows you to specify the course of action the FX should take if the active flow capacity is
reached. The default “Fail-to-wire” setting is appropriate if the FX is intercepting traffic via ‘in-line’ mode
or ‘WCCP” mode. In both of those cases, traffic will pass through the FX as though it were an Ethernet
cable. However if intercepting traffic in ‘routed’ mode, the ‘Reject new connections’ choice will be the
course of action regardless of the setting. In either case, the FX will emit an SNMP alert if the number of
active flows reaches 99% of capacity. The ‘Status->WANOP Monitor’ can be used to determine if the FX
‘Active flow capacity’ should be adjusted.
5.4
Other
Use spanning-tree protocol:
If enabled, then spanning-tree protocol (STP) will be used when operating in “in-line” mode. Otherwise
STP packets will be discarded. The default value is “Enabled”.
Configuration Notes
Configuring Routed Mode for Two Interfaces
In routed mode, an IP address must be assigned to all in-path interfaces. This is a two-step process.
First you must define two in-path interfaces each with a different IP address and gateway. Normally
both of these interfaces will use VLAN 0. It is a recommended practice to define a comment for the
in-path interfaces that describes both physical and routing aspects of the interface. Secondly you
must define two LAN interfaces and then assign them to the in-path interfaces. On the "LAN Interface
Definition" screen you would normally leave the "Untagged in-path interface" field at the default
setting of "None".