Latest operation return code: Socket connect error
Rack1R5# show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 188
Type of operation: tcp-connect
Latest RTT: 0 milliseconds
Latest operation start time: *22:31:08.649 UTC Tue Nov 29 2011
Latest operation return code: Socket connect error
Number of successes: 0
Number of failures: 2
Operation time to live: Forever
what does this return code mean? i have 3 TCP probes configured on an OER master...2 of them give me this error...(running Version 12.4(24)T2, RELEASE SOFTWARE (fc2)
the other one configured EXACTLY the same gives a return code of OK (Version 12.4(19), RELEASE SOFTWARE (fc1)
WHY o WHY?
-------------------------------------------------------
for example..on the MC i have
Rack1R5#sh run | i active
active-probe tcp-conn 150.1.6.6 target-port 1026
active-probe tcp-conn 150.1.1.1 target-port 1111
active-probe tcp-conn 150.1.4.4 target-port 1024
--------------------------------------------------------
on the Targets i have
Rack1R1#sh run | i responder
ip sla monitor responder type tcpConnect ipaddress 150.1.8.8 port 1111
Rack1R4#sh run | i resp
ip sla responder tcp-connect ipaddress 150.1.8.8 port 1024
Rack1R6#sh run | i resp
ip sla responder tcp-connect ipaddress 150.1.8.8 port 1026
...................
why does the return code when i check # show ip sla statistics say OK on 150.1.1.1 but the other 2 have a socket connect error???
..................
(the ip address the BR are using to probe the target is pingable from the targets)
i made another thread about this...but in my fustration i dont think i ws clear about what i wanted...
Comments
Hi,
Without any correlation to your configuration, this error:Socket connect error means that device is not listening on the port you are trying to connect, so software socket is not opened.
Good luck with your studies!
Can you telnet to those target routers on those ports?
which begs the question why is the device not listening...?
when the EXACT same config works for 1 router...barring other mistakes..it should work for the other two routers also...because
1) i checked..re checked..write erased and re did all the configs
2) the probability of me making the exact same set of mistakes on 2 routers but not 1 is very low
the most annoying part of this is that when i do the command
# show oer master active-probe
i see active probes to 150.1.4.4 and 150.1.6.6 (the routers for which this error shows up for!!!)
only when i do the cmd # show tcp brief that i find 150.1.4.4 and 150.1.6.6 missing...
and when i do the cmd # show ip sla statistics i see the tcp connect error
this is the link to the other thread i made...which all the show commands in it
http://ieoc.com/forums/p/17623/154058.aspx#154058
you know..i did not try that but BGP is running underneath and THAT has no problem establishing sessions...they even show up on the show tcp brief command...
unfortunately..it ws either i grind my teeth away to nothing...since i've been at this for 3 or 4 hours now...or powerdown my lab..and start fresh tomorrow...
Toxic,
Depending on the platform you are using, you can also try to use the following command to see what ports the router is listening on:
show control-plane host open-ports
HTH
i had this configured on the responders
ws not aware of that command...will put it in my notes right away :-)
and will try it tomorrow
You are welcome. Hope it works. Let us know..Take care
i just got done writing this e-mail to a buddy of mine
Rack1R4(config)#do sh ip sla responder
Hi,
So you actually did not enabled it
Typical error! But the error message was self explanatory, you should have thinked about it.
Good luck with your studies!
i blame cisco for this...why do you need BOTH commands to enable it.....if you are acting on the assumption that the single comand enables it...then you end up over thinking the problem..... :-(
ToxicAvenginator - I agree, why does it need to be so complicated? Such a small detail, well, guess that's how it is, at least we all now know this ;0)
Hi,
In my opinion all features should be like this, with a separate "enable" command and some have this: port-security, DHCP snooping, ARP inspection; this gives you the advantage that you can first make the configuration and when you want just activate it! The real problem is that some are like this while some don't need an enable command.
Good luck with your studies!
BINGO!
cisco does not keep this consistent...
if they REALLY want an enable command...then when you type
ip sla responder it should go into some kind of sub config mode where you can enable it ....or disable it..at will...like the oer master...which you can shut down selectively...
actually i think ALL protocols should have that option...
onward and upward...
it ws a waste of almost 2 days where the amount of time wasted does not justify the knowledge gained in that time.....plus also probably wasn't too good for my blood pressure..
live..n learn..
Hi Toxic,
I agree things could be a lot more easier, but there are many things in life which are not perfect, thus this one is too little to count!. With this type of scenarios you actually develop your tshoot skiils, you should have known the commands to verify it and see that the feature is disabled. So i can say Cisco could do things better, but you could do a lot better: for each technology you need to know: what commands are needed to make it functional, what commands are needed to verify it and what exaclty are you looking for on those outputs and what commands are needed to debug it in case it does not function. So for your own good, don't throw away the responsability.
Good luck with your studies!
you are absolutely right....I should have known and had i taken the time to read the IP SLA feature documentation I probably would have known. CCIEs fix problems without making excuses and if i am ever to be a CCIE I should quit making excuses!
i needed that kick in the butt...
thanks!
Just let me know when you need some more, joking here
Good luck with your studies!
! aye capitan!
all joking aside...i'm good with staying super focused for around 3 to 4 weeks at a time...at the end of which i usually need a reminder cause i have a tendency to start getting lax....
like in my high school...if i got a caning once in a while...i'd already be a CCIE !....
cheers! and thanx!
nope..i did the whole thing again..the responders are configured properly...
1) STILL getting a Socket connect error
Rack1R5# show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 80
Type of operation: tcp-connect
Latest RTT: 100 milliseconds
Latest operation start time: *19:30:16.699 UTC Sun Dec 4 2011
Latest operation return code: OK
Number of successes: 2
Number of failures: 0
Operation time to live: Forever
IPSLA operation id: 81
Type of operation: tcp-connect
Latest RTT: 100 milliseconds
Latest operation start time: *19:30:16.703 UTC Sun Dec 4 2011
Latest operation return code: OK
Number of successes: 2
Number of failures: 0
Operation time to live: Forever
IPSLA operation id: 82
Type of operation: tcp-connect
Latest RTT: 88 milliseconds
Latest operation start time: *19:29:47.611 UTC Sun Dec 4 2011
Latest operation return code: OK
Number of successes: 1
Number of failures: 0
Operation time to live: Forever
-------------------------------------
previously i had port 1111 for r1..port 4444 for r4 and port 6666 for r6..apparently with the default port 23 everything works fine...
Rack1R5#sh run | s active
active-probe tcp-conn 150.1.6.6 target-port 23
active-probe tcp-conn 150.1.1.1 target-port 23
active-probe tcp-conn 150.1.4.4 target-port 23
Can you post a "sho ip sla responder"? Port 23 is opened because most probably telnet is allowed on VTY lines.
Good luck with your studies!
R1
IP SLA Monitor Responder is: Enabled
Number of control message received: 0 Number of errors: 0
Recent sources:
Recent error sources:
tcpConnect Responder:
IP Address Port
150.1.8.8 23
...... ....... .............
Rack1R1#sh run | s responder
ip sla monitor responder
ip sla monitor responder type tcpConnect ipaddress 150.1.8.8 port 23
I mean post "show ip sla responder" when usign the non telnet ports
Why would i ask an output of something which works?
Good luck with your studies!
my aptitude for logic is inversely proportional to time spent with this exceedingly boring topic...at this point !
sigh...ok this will take some tedious changing stuff around...ok here goes
i'm gonna shutdown the oer master...then change the probes and then no shut...
Master R5
Rack1R5(config-oer-mc)#do sh run | s active
active-probe tcp-conn 150.1.4.4 target-port 4444
active-probe tcp-conn 150.1.6.6 target-port 6666
active-probe tcp-conn 150.1.1.1 target-port 1111
---------------------------------------------------------------
Targe1 R1>>> R1 is going to DL IOS from SW2
Hi,
First: i understand you have IP connectivity between routers. Just leave on the clients one command: ip sla responder, remove the "ip sla responder tcp-connect" as you don't really need it. Let's see what the end result is now.
Good luck with your studies!
IPSLA operation id: 35
Type of operation: tcp-connect
Latest RTT: 0 milliseconds
Latest operation start time: *00:59:46.603 UTC Tue Dec 6 2011
Latest operation return code: Socket connect error
Number of successes: 0
Number of failures: 1
Operation time to live: Forever
IPSLA operation id: 36
Type of operation: tcp-connect
Latest RTT: 0 milliseconds
Latest operation start time: *00:59:46.603 UTC Tue Dec 6 2011
Latest operation return code: Socket connect error
Number of successes: 0
Number of failures: 1
Operation time to live: Forever
o BTW..thanx for all your help on this Christian but i ws supposed to be done with my RIP EIGRP and Frame Relay review by now and i had planned to have re read the Jon Moy OSPF book before beninning OSPF...
as it stands i'm around 5 days behind schedule...i gotta get done with OSPF by the 15th of this month...
i'm outts time to explore ratholes...IF you happen to look into this and find out whats going on..please do share:)
cheers
!
This will remain a mistery
I guess you were using real gear or Dynamips?
real gear my friend!(although 3550 instead of 3560) if i ever pass this CCIE thing and go for my security CCIE...i'll again invest in real gear...
dynamips...well out of curiosity i have tried to run it on my PC 2ice and i get some hypervisor error...
now before i started this cisco stuff i ws a biology guy...personally i detest personal computers..other than their usefulness for e-mail and putty! so that hypervisor error...i just did not have the inclination to watch the the how to dynamips videos on youtube...or research the error...when it becomes imperative for me to learn how to install dynamips...i'll put in the effort to learn it then!
to ramble a bit....along the same lines..i dont comprehend peoples fascination with the iphone...why do you want to watch videos on your phone when you could be out doors doing something fun..but more voice and video polifirates..the more jobs for us huh!
my phone...has buttons for dialing people..and a camera i use to write messages on pieces of paper..taking picture and sending to a friend..since i detest texting..and THATS IT!
Well Dynamips can certainly be handy. Real gear is great and preferred but for certain scenarios Dynamips is better. Why? Because you can have a 10 router topology setup in 2 min instead of first finding 10 routers not in use, cabling them etc which would take a lot more time.
So it is definately good to test changes before rollout etc although we should be careful not to include hardware specific features otherwise our test won't be worth that much.
Now if Cisco would release IOU in a more useful form then now then that would be even greater. I'm not holding my breath though.