Manual Chapter : Network Troubleshooting Tools

Applies To:

Show Versions Show Versions

ARX

  • 6.3.0
Manual Chapter
39 
A Network-log component is a source of fastpath-log messages, typically an internal process or group of processes responsible for network traffic. On the original ARX platform, these processes all resided on a single module called the Network Services Module, or NSM. The table below is an alphabetical list of all Network-log components, with a brief description of each.
You can use the capture session command to capture IP traffic and store it in multiple files, where each file is closed and the next is opened as it reaches a size limit. The packet-capture uses the same format as WireShark, an open-source packet analyzer. When you end the capture session, the ARX merges these files into a single file by default. You have the option to end the session without merging the files, or the process may not be able to merge them if the session is somehow interrupted. To merge some capture files in one of these cases, use the capture merge command.
prefix (1-256 characters) is the common prefix of the files to be merged. Use show capture to see a list of available capture files; choose a prefix that is common to two or more of them from the same capture session. The full file names are prefix[id_timestamp].cap, where the id and the timestamp differentiate one file from the other.
This command merges multiple output files from a single capture session. This only works when the session is finished; use show capture sessions to see any or all currently-active capture sessions.
Use grep to search through the file for a string. You can also use collect, copy ftp, or a similar copy command to copy a capture file to another machine. You can use WireShark, Tshark, tcpdump, or some other packet analyzer to analyze the file on another host, or you can send it back to F5 Support for their analysis.
bstnA# capture merge file proxyTraffic
capture session session-id ip ip-address [and-ip ip2]
vlan vlan-id file prefix [filesize kilobytes]
[filecount count] [protocol {cifs | non-cifs}]
no capture session session-id [no-merge]
session-id (1-4; limit of 2 on the ARX-VE or ARX-500) is a unique ID for the session, to be used for stopping the capture in the no form of the command.
ip-address is the address to match against. This selects the IP packets to capture; any packet with a matching source or destination IP address is included in the capture, in chronological order.
and-ip ip2 (optional) adds a second address to the filter. If you enter this, the capture includes all bidirectional traffic between ip-address and ip2.
vlan vlan-id (1-4095) focuses on traffic over the specified VLAN.
file prefix (1-255 characters) is the prefix you choose for the output file. The full file name is prefix[id_timestamp].cap, where the id and the timestamp are only used if the session creates multiple capture files. The file(s) go to the capture directory: use show capture to see the file listing, or show capture file-name to view the file.
filesize kilobytes (optional, 1-50,000; 1-1,000,000 for the ARX-4000) truncates the capture at the specified file size. One kilobyte is 1000 bytes, not 1024.
filecount count (optional, 1-10) limits the number of capture files. Each file is no larger than the filesize. If you set this count to 2 or more, the capture process rotates the capture files indefinitely. With multiple, rotating capture files, you can use no capture session session-id to stop capturing packets.
protocol {cifs | non-cifs} (optional) filters the captured packets. If you choose cifs, the capture file only includes packets to or from CIFS-related ports: UDP/88, TCP/88, UDP/137, UDP/138, TCP/139, and/or TCP/445. If you choose non-cifs, the capture file includes packets to or from any other ports.
no-merge (optional, for the no form of the command) only applies to a capture session where the count is two or more files. Without this, the no form of the command merges all files from a multi-file session. This option prevents the merge.
capture session session-id proxy-all file prefix [filesize kilobytes] [filecount count] [protocol {cifs | non-cifs}]
proxy-all captures all traffic with any proxy-IP address as its source or destination. Use show ip proxy-addresses to show all proxy-IP addresses on the switch. No VLAN ID is required for this syntax; the VLAN is implicit. The ARX-VE only has a single proxy-IP address, so it does not support this option.
filesize - 16,000 kilobytes
This command starts a capture session, similar to the monitor command. Unlike the monitor command, this does not require a network analyzer.
To see any or all currently-active capture sessions, use show capture sessions. Use the show capture command to view the all capture files in a directory listing, or to view a capture files contents. Use grep to search through the file for a string. The tail ... follow command displays the capture file as it grows. You can also use collect, copy ftp, or another copy command to copy a capture file to another machine, where you can examine it with WireShark, TShark, tcpdump, or some other packet analyzer.
The no capture command immediately stops the current capture. If you use the no-merge option with a multi-file capture, the session creates multiple capture files. Multiple capture files also result when a multi-file session is interrupted by an ARX reboot. To merge all the files from a particular capture session into a single file, use the capture merge command.
Jumbo frames are not included in any capture files. The jumbo mtu command enables jumbo frames. If you use jumbo frames, you can use the monitor command with a network analyzer to capture your network traffic. The monitor command requires an ARX with multiple network interfaces.
bstnA# capture session 1 ip 192.168.25.19 vlan 25 file clientCap
bstnA# capture session 2 proxy-all file proxyTraffic filesize 150 filecount 2
bstnA# no capture session 2
clear statistics filer ext-filer-name connections
ext-filer-name (1-64 characters) specifies a single filer where you want to clear all connection statistics. If you omit this, the command clears the connection statistics for all filers. This identifies the external filer by its configured name on the ARX. Use show external-filer to display all configured external filers.
The show statistics filer connections command shows current connection counts between the ARXs software and its back-end filers. Use this command to clear those connection counters for one filer, or all of them.
bstnA# clear statistics filer fs2
fqdn (1-64 characters) is the fully-qualified domain name (for example, myserver.organization.org) for a global server. Use show global server to see a list of global servers.
The show statistics global server command shows the high-level traffic between a global server and its clients. Use this command to clear the traffic counters for one global server.
bstnA# clear statistics global server ac1.medarch.org
Use the drop filer-connections command to drop all connections to a back-end filer or server. This command may produce a noticeable interruption for your clients; use it only for a filer that is overwhelmed with ARX connections.
drop filer-connections filer [processor slot.processor]
filer (1-64 characters) identifies the filer to be disconnected (for example, smb-1). The show external-filer command lists all filers defined on the ARX.
slot.processor (for example, 2.7) focuses on one network (or fastpath, or NSM) slot and processor. If you use this option, only the identified network processor drops its connections to the filer.
This is useful for a Tier-2 filer that is currently overwhelmed with TCP traffic, or is experiencing connectivity issues that may be related to a high number of TCP connections. To set a limit on the number of CIFS connections from the ARX to this filer, use the cifs connection-limit command. If you set a lower limit than the current one, you have the option to wait for CIFS clients to disconnect gracefully. This causes the ARX to block any new CIFS connections to the filer until enough currently-connected clients drop off. You can use this command to reverse that decision, immediately dropping all connections to the filer and going to the lower limit.
You can use nfs tcp connections to set a limit on the number of NFS/TCP connections to the filer.
You can use the show filer connections command to monitor the current connections to a filer.
bstnA# drop filer-connections smb1 processor 2.6
Use this command to perform an nslookup from the ARX, thereby testing the DNS lookup configuration.
expect nslookup ip-or-hostname [timeout seconds]
ip-or-hostname (1-128 characters) is the IP address or host name to look up (for example, 172.16.46.2, myserver3, or juser-pc.myco.com).
seconds (optional, 1-2096) sets a time limit on the nslookup operation. If you omit this and the command takes excessive time, you can use <Ctrl-C> to stop it.
seconds - 21,600 (6 hours)
The lookup fails if none of the ARXs DNS servers are reachable. Use the show ip domain command to show all configured DNS servers. To add a new one, use the ip name-server command.
bstnA# expect nslookup bboard.wwmed.com
seconds (optional, 1-2096) sets a time limit on the show-firewall operation. If you omit this and the command takes excessive time, you can use <Ctrl-C> to stop it.
seconds - 21,600 (6 hours)
pkts is the number of packets accepted by the rule.
bytes is the total number of bytes from the above packets.
target (typically ACCEPT or DROP) determines what to do with a matching packet.
Use expect show ifconfig to show configurations for all interfaces (internal and external) on the control-plane processor.
bstnA# expect show firewall
bstnA# expect show firewall
Use expect show ifconfig to show configuration details for all ACM-processor interfaces.
seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time.
seconds - 21,600 (6 hours)
The interface names are in the following format: interface.vlan:num. The interface is the name of the interface (such as eth0), the vlan is the VLAN number, and the num is different for every IP alias that is used by the interface.vlan.
Use expect show firewall to show the firewall rules used by the ACM processor.
prtlndA# expect show ifconfig
prtlndA# expect show ifconfig
Use expect show netstat to show the current network status at the ACM processor.
seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time.
seconds - 21,600 (6 hours)
Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets.
bstnA# expect show netstat
bstnA# expect show netstat
expect traceroute ip-destination [timeout seconds]
ip-destination (1-128 characters) is the destination-IP address (for example, 172.16.46.2).
seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time.
seconds - 21,600 (6 hours)
Use the ping command to see if an address is reachable from various processors. Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets.
bstnA# expect traceroute 192.168.25.19
expect ttcp transmit ttcp-server-ip [timeout seconds]
seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time.
ttcp-server-ip (1-128 characters) is the IP address of a TTCP server (for example, 172.16.46.2). If the TTCP server is another ARX on the RON, use the .1 address on the switchs private subnet (for example, 169.25.100.1). Use show ron route to find the private subnet.
seconds - 21,600 (6 hours)
To test the throughput between two ARXes, you must first prepare the receiving switch to serve TTCP. Run the expect ttcp server command on the receiving switch. This blocks the CLI until the optional timeout expires, or until you press <Ctrl-C>. Then go to the sending switch to start the TTCP test.
The expect ttcp transmit command invokes a 10-second TTCP test to any server that supports TTCP. This can be any filer, client, or other station on the network that can receive TTCP transmissions, or it can be another ARX on the same Resilient Overlay Network (RON; see interface ron). You must identify the server first, as described above.
nnnn.nnn MB / 10.00 Sec = xxx.xxxx Mbps is the amount of data transmitted in 10 seconds.
aa %TX is the percent-CPU utilization at the transmitting switchs ACM processor.
bb %RX is the percent-CPU utilization reported from the TTCP server.
Use the ping command to see if an address is reachable from various processors. Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets.
prtlndA# expect ttcp server timeout 600
bstnA# show ron route
bstnA# expect ttcp transmit 169.254.66.1
Each group of network-log messages, known as an network-log component, has a separately-tunable logging level. Level 1 is the most terse, displaying non-recoverable errors only; level 10 is the most verbose, displaying all levels of messages including per-packet logs. The messages appear in a log file named fastpath. Use the logging fastpath component command to set a network-logging level.
Use the no form of this command to disable network logging for a component.
logging fastpath component nsm-component level
nsm-component (1-128 characters) is the network component to tune. See Network-Log Components for a complete list of network components.
level (0-10) sets the logging level for the component. Level 0 disables all logs from the component. Level 1, as mentioned above, logs only non-recoverable errors. Levels 2 and 3 include warnings and recoverable errors. Level 4 adds logs about internal-configuration changes. Levels 5-10 include per-packet logs, where level 10 is the most verbose.
level - 1
The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network (also called NSM) logging. If this appears, enter yes to proceed.
This is similar to the logging level command, which sets logging levels for software components on the or ACM. This affects the logging level on all network processors where logging is enabled; use the logging fastpath processor command to enable logging on a processor. The show fastpath logging command shows which network processors are currently enabled for logging, along with the log-level settings for each component.
From any mode, use show logs fastpath or grep pattern logs fastpath to view the log messages in the fastpath file.
bstnA(cfg)# logging fastpath component NSM_CIFS 6
bstnA(cfg)# no logging fastpath component NSM_CIFS
Each source of network-log messages, known as an network-log component, can filter its messages before adding them to the log file. This reduces the stress on network processors and can help with diagnosing a network problem. Use the logging fastpath component ... filter command to filter the log messages from a particular network component.
Use the no form of this command to remove one match string from the log filter.
logging fastpath component nsm-component filter match-string {include | exclude}
no logging fastpath component nsm-component filter match-string
nsm-component (1-128 characters) is the network component to filter. See Network-Log Components for a complete list of network components.
match-string (optional, 1-80 characters) is a string to match against. Quote the string if it contains any spaces. Any messages that match this string are added to the fastpath log file. To include log messages that match multiple strings (for example, multiple IP addresses), repeat this command with each desired string. If a log message matches any of the entered strings, the logging component adds it to the fastpath file.
include | exclude is a required choice. The include choice causes the filter to include any network-log messages that match the match-string. The exclude option reverses the filter; a message is excluded from the log if it matches the match-string.
The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network logging. If this appears, enter yes to proceed.
Use logging fastpath processor to activate logging for one or more network processors, then use the logging fastpath component command to set the logging level for an network-log component. This command filters the messages from the component; the filter is ineffective for any component(s) where the logging level is 0 (zero).
Use show fastpath logging to verify the filter settings for each component.
From any mode, use show logs fastpath or grep pattern logs fastpath to view the log messages in the fastpath file.
bstnA(cfg)# logging fastpath component NSM_CIFS filter 172.16.22.100 include
bstnA(cfg)# logging fastpath component NSM_CIFS filter 192.168.25.31 include
bstnA(cfg)# logging fastpath component NSM_CIFS filter 192.168.25.32 include
bstnA(cfg)# no logging fastpath component NSM_CIFS filter 192.168.25.32
bstnA(cfg)# logging fastpath component NSM_VIP filter 192.168.25.10 exclude
bstnA(cfg)# logging fastpath component NSM_VIP filter 192.168.25.12 exclude
Use the no form of this command to stop the processor from adding any log messages to the file.
slot.processor (for example, 1.4, 2.7, or 3.1) identifies a slot and network processor. Use the show processors command for a full list of processors on the ARX.
The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network logging. If this appears, enter yes to proceed.
Several network components run on a network processor, where each component can generate its own set of log messages in the fastpath log file. The network components are listed earlier in the chapter; see Network-Log Components. Each component has a tunable logging level that you can set with the logging fastpath component command. By default, all of the logging components are set at a very terse logging level, so as not to overwhelm the network processor(s) that have logging enabled. If you raise the logging level to diagnose a problem, you should limit the volume of logging messages with the logging fastpath component ... filter command.
Use show fastpath logging to show which processors are enabled for logging. This also shows all configured logging levels and filter settings.
From any mode, use show logs fastpath or grep pattern logs fastpath to view the network-log messages in the fastpath file.
bstnA(cfg)# logging fastpath processor 3.1
bstnA(cfg)# no logging fastpath processor 4.4
Use the monitor command to configure port mirroring. Port mirroring mirrors the Ethernet traffic on one or more ports onto another port, where the destination port typically has a network analyzer attached. The network analyzer can therefore see all traffic going through the source interface(s) in real time.
Use the no form of the command to stop port mirroring.
monitor {module | diagnostic}
source-interface
slot/port {rx | tx | both}
destination-interface slot/port
no monitor {module | diagnostic}
source-interface
slot/port {rx | tx | both}
destination-interface slot/port
module | diagnostic is a required choice.
module enables you to mirror from one external port to another on the same module.
diagnostic is for internal use only.
source-interface slot/port (2/1-14 on ARX-4000; 1/1-12 on ARX-2000) identifies a port to be monitored (for example, 2/3 or 1/6).
rx | tx | both is a required choice, where you specify the direction(s) of the packets to monitor (rx = received packets; tx = transmitted packets; both = both received and transmitted packets).
destination-interface slot/port (same ranges as for source-interface) identifies an external port where the network analyzer is located; for example, 2/1. Choose a destination port with equal or greater bandwidth than the source port.
Use show interface summary to show all ports and their slots.
bstnA(cfg)# monitor module source-interface 2/6 both destination-interface 2/2
bstnA(cfg)# no monitor module
Use the ping command to send one or more pings (ICMP ECHO requests) to a specified IP address.
ping destination-ip [count number] [framesize bytes]
ping destination-ip from slot.processor [count number]
[framesize bytes]
ping destination-ip source source-ip [count number]
[framesize bytes]
ping destination-ip from slot.processor source source-ip
[count number] [framesize bytes]
destination-ip is the IP address to receive the ping.
count number (optional, 1-10,000) limits the number of pings to send.
from slot.processor (optional) is not available on the ARX-1500, ARX-2500, or ARX-VE. This identifies a slot and processor to send the ping (for example, 2.3). Use the show processors command for a full list of processors on the ARX. You can ping from processor 1.1 to test the out-of-band (MGMT) network processor and connection.
source source-ip (optional) is the source-IP address to send in the ICMP ECHO request. If you omit the from clause, the CLI chooses an appropriate processor. The ICMP ECHO response will be returned to this address; if you set the source processor with from and the IP does not reside on that processor, the ping output shows no response.
framesize bytes (optional) is the size of the packet that you want to send. This is an extra payload that the software adds to the ICMP ECHO header.
count number - infinite; use <Ctrl-C> to stop the pings.
from slot.processor -
if you choose a source-ip: the processor that is associated with the source IP.
without a source-ip: the first available processor. This starts with the first network processor (for example, 1.2 in an ARX-2000). If no network processors are available, the management processor (1.1) sends the ping.
source source-ip - the best source IP to reach the destination-ip, as chosen by the sending processors routing table.
framesize bytes - 0 (zero)
If you do not use the count clause to limit the number of pings, use <Ctrl-C> to stop them.
For a list of proxy-IP addresses, which network processors use to communicate with filers and servers, use the show ip proxy-addresses command. The output maps each proxy-IP address to a particular processor. For a list of virtual-IP addresses, which processors use to communicate with the client side, use the show global server command. The show interface vlan command produces a list of in-band (VLAN) management interfaces, and the show interface mgmt command shows the IP for the out-of-band Mgmt interface on the front panel. Use the show ip route command to view the IP routing tables for all processors on the switch.
The output is typical for ping implementations. The last column shows the source processor used for the ping, in slot.processor format, for platforms that support a specific processor source. If you specified only the source-ip in the command, the last column shows the source address instead. A summary of all pings appears at the end of the output; see Samples, below.
You can use the expect traceroute command to show all the IP-router hops from the ACM processor to any given IP address.
bstnA> ping 172.16.100.83
bstnA> ping 10.53.2.10 count 4
bstnA> ping 10.1.1.1 source 10.1.1.7 count 4
You can capture IP traffic into a file with the capture session command. This command shows a list of all currently-running sessions.
Session identifies the session by its ID.
Ip is the address to match against, if any. Any packet or source or destination address matches this is included in the capture file. This is proxy-all if the session is capturing traffic from all proxy-IP addresses at once.
Additional Ip is another address to match against, if any. Any packet exchanged between this address and the address above is included in the capture. As above, proxy-all indicates that the session is capturing traffic to all proxy-IP addresses at once.
VLAN is the VLAN ID that is being scanned for matching IP packets. If this is 1, a frame with no specified VLAN ID can also match.
File Size is the maximum size of the file, if any. You can set this with an option in the capture session command.
File Count is the maximum number of files that the session can produce.
Session identifies the session by its ID.
State is either Capturing or Complete.
File Name is the prefix of all the output files. Use the show capture command to show a list of all capture files, or to show the contents of any of them. To maintain this directory, use the copy, rename, grep, and delete commands.
bstnA> show capture sessions
bstnA> show capture sessions
Slot is the slot number , and
Processor is the processor that is actively logging its messages. Use the logging fastpath processor command to enable logging on a network processor.
Component is an network-log component with non-default settings. A full list of network-log components appears earlier; see Network-Log Components.
Trace Level is the logging level, where 1 is the most-terse level and 10 is most-verbose. Use the logging fastpath component command to change this.
Filter Type is inclusive or exclusive. This determines whether a log message containing the Filter String is included in or excluded from the fastpath log. This is set with the logging fastpath component ... filter command.
Filter String is a match string that the network component applies to each log message. This is also set with the logging fastpath component ... filter command.
bstnA(cfg)# show fastpath logging
bstnA(cfg)# show fastpath logging
Use the show fastpath resources command for a detailed breakdown of software resources used on a network processor.
show fastpath resources [slot.processor | ip-address ip-address]
slot.processor (optional: 2.1-12 on ARX-4000; 1.2-5 on ARX-2000; 1.2 on ARX-500 or ARX-VE) focuses the output on a single network processor (for example, 2.4). If you omit this, the report shows the resources used on all of the ARXs network processors. Use the show processors command for a full list of processors on the ARX.
ip-address (optional) focuses the output on an IP address. Each IP address is handled by a particular network processor; this finds the correct processor and reports on the resources used there.
bstnA(cfg)# show fastpath resources 2.1
bstnA(cfg)# show fastpath resources ip-address 192.168.25.23
bstnA(cfg)# show fastpath resources 2.1
bstnA(cfg)# show fastpath resources ip-address 192.168.25.23
Use the show filer connections command to show the current TCP and UDP connections from the network processors to a given back-end filer.
show filer connections {ext-filer-name | ip-addr ip}
ext-filer-name (optional, 1-64 characters) identifies the external filer by its configured name. Use show external-filer to display all configured external filers.
ip is the IP address of the filer.
Proc is the network processor at one end of the connection, in slot.processor format.
Proxy Ip is proxy-IP address that the network processor is using. Use show ip proxy-addresses to show all proxy-IP addresses on the switch.
Filer Port shows the transport protocol (TCP or UDP) and the port number being used at the filer.
Conn. is the number of connections from the network processor to the filer.
You can use the drop filer-connections command to drop all connections to a filer. The NSM re-establishes its TCP connections immediately, and CIFS-client applications may do the same; therefore, this output may not change after you run the drop filer-connections command.
The show statistics filer connections command shows statistics on filer connections over time.
bstnA(cfg)# show filer connections ip-addr 192.168.25.19
bstnA(cfg)# show filer connections ip-addr 192.168.25.19
Use the show monitor command to show the configuration for any active monitoring session.
A monitor session, also called port mirroring, duplicates frames from one port to another. You can connect a network analyzer to the destination port to examine the traffic on the source port. Use the monitor command to start or stop a port-monitoring session. Remember to stop a monitoring session if it is not in use; the duplication is a performance strain for both the source and destination ports.
bstnA(cfg)# show monitor
Use the show statistics filer connections command to show filer-connection statistics for a particular filer, or for all filers.
show statistics filer filer connections [processor slot.proc]]
filer (optional, 1-64 characters) identifies a particular filer (for example, nas10). The show external-filer command lists all filers defined on the ARX. If you omit this, the output contains a table with summary statistics for all connected filers.
slot.proc (optional: 2.1-12 on ARX-4000; 1.2-5 on ARX-2000; 1.2 on ARX-500 or ARX-VE) focuses on one NSM slot and processor. If you use this option, the output focuses on connections from the identified NSM processor.
The output from the simplest syntax, show statistics filer connections, shows a table of current connections and maximum connections for all external filers. Each filer appears on one row with the following fields:
Filer is the name of the external filer, as defined on the ARX.
Current is the current number of connections to the filer. You can use cifs connection-limit to set a maximum number of CIFS connections, and you can use nfs tcp connections to set a ceiling on NFS/TCP connections.
Max is the maximum number of simultaneous connections to the filer since the last reboot, or since the last time someone ran the clear statistics filer connections command.
Connection limit is the maximum number of connections allowed to this filer, if any. You can use the cifs connection-limit command to set this limit.
Current data connections is the current number of connections through the data plane. That is, this is the number of connections that are directly related to client connections, and do not come from the control plane (processes on the ACM).
Current control connections counts the current connections from processes on the ACM. These are processes that do not directly relate to any client connections, such as connections from the policy engine or connections that require calculations at the control plane.
Max connections (data+control) is the most simultaneous connections to this filer since the last reboot, or since the last time someone ran clear statistics filer connections.
Time of Max connections is the date that the above maximum occurred.
Current data sessions shows the number of data sessions that are currently connected to the filer. Each data connection can hold multiple data sessions, where each session may correspond to a different client. This is the number of sessions that are directly related to client activity, and do not come from the control plane (processes on the ACM).
Max data sessions is the most simultaneous sessions on this filer since the last reboot, or since the last time someone ran clear statistics filer connections. As above, these are sessions that did not go through the control plane.
Time of Max data sessions is the date that the above maximum occurred.
Max sessions per data connection shows the most CIFS sessions to simultaneously run over a single TCP connection. This applies to data-plane connections between the ARX and an external client or filer.
Time of Max sessions/connections is the date that the above maximum occurred.
Current connections counts the current NFS connections to the filer.
Max connections counts the maximum NFS connections to the filer since the last reboot, or since the last time someone ran clear statistics filer connections.
Time of Max connections is the date that the above maximum occurred.
Data Connection limit is the maximum number of connections allowed to this filer from this processor, if any. You can use the cifs connection-limit command to set the system-wide limit for CIFS connections.
Current data connections is the current number of connections between the processor and the filer. That is, this is the number of connections that are directly related to client connections, and do not come from the control plane (processes on the ACM).
Current control connections counts the current processor/filer connections that terminate at the ACM. The ACM processes do not necessarily relate to any client connections; they are connections from the policy engine or connections that require calculations at the control plane.
Current data sessions shows the number of data sessions that are currently connected to the filer through this processor. Each data connection can hold multiple data sessions, where each session may correspond to a different client. This is the number of sessions that are directly related to client activity, and do not come from the control plane processes on the ACM.
Max sessions per data connection shows the most CIFS sessions to simultaneously run over a single TCP connection. This applies to data-plane connections between the selected processor and filer.
Time of Max sessions/connections is the date that the above maximum occurred.
Current connections counts the current NFS connections between the network processor and the filer.
You can use the show filer connections command to examine the current connections to a given filer. For client-side statistics, use show statistics global server. For raw, read/write statistics from the NSM fastpath, use show statistics namespace ... fastpath.
bstnA(cfg)# show statistics filer connections
bstnA(cfg)# show statistics filer fs4 connections
bstnA(cfg)# show statistics filer fs4 connections processor 2.1
bstnA(cfg)# show statistics filer connections
bstnA(cfg)# show statistics filer fs4 connections
bstnA(cfg)# show statistics filer fs4 connections processor 2.1
Use the show statistics global server command to show the volume of traffic between clients and a global server. The output shows high-level packet counts, and can break the packet counts down to individual RPC calls and/or CIFS commands.
show statistics global server fqdn [interface |nfs | cifs]
show statistics global server vip vip [interface | nfs | cifs]
fqdn (optional, 1-128 characters) is the fully-qualified domain name (for example, myserver.organization.org) for a global server. Use show global server to see a list of global servers. If you omit this, the output includes all global servers.
vip (optional) identifies a single virtual-IP (VIP) address.
interface | nfs | cifs (optional) focuses the output on a single set of statistics. If you omit this option, the output includes all of the statistics that apply to the chosen fqdn or vip.
interface shows only a table of high-level packet counts.
nfs displays only a table of NFS-procedure calls.
cifs shows only a table of CIFS commands.
Global Server identifies the global server, and
Virtual Server IP is the Virtual IP (VIP) for the virtual server.
To clear the counters shown by this command, use clear statistics global server. To examine traffic between the ARX and its filers, use show statistics namespace ... fastpath for raw read/write statistics or show statistics filer for NFS/CIFS call counters.
Octets are the number of bytes received from clients or transmitted to clients.
Dropped Packets are packet counts. The dropped packets in the Egress column are TCP packets that were dropped by the receiving station; the global server retransmits each of these dropped packets.
NFS RPC is the name of the RPC call.
Count is the number of these RPC calls received from NFS clients.
% Total shows the percentage of these RPC calls compared to all the other NFS calls.
Service Time (uSec) is the average number of microseconds (millionths of one second) from receiving the RPC to sending back a response.
FormatError is the number of malformed NFS packets received from clients.
NetworkError counts the send and receive failures.
ResourceError is the number of times that the ARX software ran out of resources. Contact F5 Support if you see these errors.
RPCError counts any errors from the RPC layer.
TimeoutError is the number of timeouts waiting for an NFS response.
CIFS Command is the name of the CIFS command.
Count is the number of these CIFS commands received from CIFS clients.
% Total shows the percentage of these CIFS commands compared to all the other commands.
Service Time (uSec) is the average number of microseconds (millionths of one second) from receiving the command to sending back a response.
FormatError is the number of malformed SMB (Server Message Block, an earlier name for CIFS) packets received from clients.
NetworkError counts the send and receive failures for SMB traffic.
ResourceError shows the number of times that the ARX software had insufficient resources to complete the transaction. Contact F5 Support if you see these errors.
SignatureError counts any SMB packets with missing or incorrect signatures. You can use the cifs filer-signatures command to change the SMB-signing policy for the current namespace.
SMBError is the number of SMB packets that failed with errors that are not directly related to any of the above errors.
TimeoutError is the number of timeouts waiting for an SMB response.
bstnA(cfg)# show statistics global server
bstnA(cfg)# show statistics global server ac1.medarch.org
bstnA(cfg)# show statistics global server vip 192.168.25.12
bstnA(cfg)# show statistics global server
bstnA(cfg)# show statistics global server ac1.medarch.org
bstnA(cfg)# show statistics global server vip 192.168.25.12