Manual Chapter :
Network Troubleshooting Tools
Applies To:
Show Versions
ARX
- 6.3.0
A Network-log component is a source of fastpath-log messages, typically an internal process or group of processes responsible for network traffic. On the original ARX platform, these processes all resided on a single module called the Network Services Module, or NSM. The table below is an alphabetical list of all Network-log components, with a brief description of each.
| You can use the capture session command to capture IP traffic and store it in multiple files, where each file is closed and the next is opened as it reaches a size limit. The packet-capture uses the same format as WireShark, an open-source packet analyzer. When you end the capture session, the ARX merges these files into a single file by default. You have the option to end the session without merging the files, or the process may not be able to merge them if the session is somehow interrupted. To merge some capture files in one of these cases, use the capture merge command. | |
| capture merge file prefix prefix (1-256 characters) is the common prefix of the files to be merged. Use show capture to see a list of available capture files; choose a prefix that is common to two or more of them from the same capture session. The full file names are prefix[id_timestamp].cap, where the id and the timestamp differentiate one file from the other. | |
| This command merges multiple output files from a single capture session. This only works when the session is finished; use show capture sessions to see any or all currently-active capture sessions. The merge makes a single file in chronological order, with the earliest captured packet at the top of the file. To analyze the file from the CLI, you can use show capture filename to see the full contents or show capture filename summary to see a summary. Use grep to search through the file for a string. You can also use collect, copy ftp, or a similar copy command to copy a capture file to another machine. You can use WireShark, Tshark, tcpdump, or some other packet analyzer to analyze the file on another host, or you can send it back to F5 Support for their analysis. | |
| bstnA# capture merge file proxyTraffic | |
| capture session session-id ip ip-address [and-ip ip2] vlan vlan-id file prefix [filesize kilobytes] [filecount count] [protocol {cifs | non-cifs}] session-id (1-4; limit of 2 on the ARX-VE or ARX-500) is a unique ID for the session, to be used for stopping the capture in the no form of the command. ip-address is the address to match against. This selects the IP packets to capture; any packet with a matching source or destination IP address is included in the capture, in chronological order. and-ip ip2 (optional) adds a second address to the filter. If you enter this, the capture includes all bidirectional traffic between ip-address and ip2. vlan vlan-id (1-4095) focuses on traffic over the specified VLAN. file prefix (1-255 characters) is the prefix you choose for the output file. The full file name is prefix[id_timestamp].cap, where the id and the timestamp are only used if the session creates multiple capture files. The file(s) go to the capture directory: use show capture to see the file listing, or show capture file-name to view the file. filesize kilobytes (optional, 1-50,000; 1-1,000,000 for the ARX-4000) truncates the capture at the specified file size. One kilobyte is 1000 bytes, not 1024. filecount count (optional, 1-10) limits the number of capture files. Each file is no larger than the filesize. If you set this count to 2 or more, the capture process rotates the capture files indefinitely. With multiple, rotating capture files, you can use no capture session session-id to stop capturing packets. protocol {cifs | non-cifs} (optional) filters the captured packets. If you choose cifs, the capture file only includes packets to or from CIFS-related ports: UDP/88, TCP/88, UDP/137, UDP/138, TCP/139, and/or TCP/445. If you choose non-cifs, the capture file includes packets to or from any other ports. no-merge (optional, for the no form of the command) only applies to a capture session where the count is two or more files. Without this, the no form of the command merges all files from a multi-file session. This option prevents the merge. | |
| capture session session-id proxy-all file prefix [filesize kilobytes] [filecount count] [protocol {cifs | non-cifs}] proxy-all captures all traffic with any proxy-IP address as its source or destination. Use show ip proxy-addresses to show all proxy-IP addresses on the switch. No VLAN ID is required for this syntax; the VLAN is implicit. The ARX-VE only has a single proxy-IP address, so it does not support this option. | |
| filesize - 16,000 kilobytes filecount - 1 | |
| This command starts a capture session, similar to the monitor command. Unlike the monitor command, this does not require a network analyzer. To see any or all currently-active capture sessions, use show capture sessions. Use the show capture command to view the all capture files in a directory listing, or to view a capture files contents. Use grep to search through the file for a string. The tail ... follow command displays the capture file as it grows. You can also use collect, copy ftp, or another copy command to copy a capture file to another machine, where you can examine it with WireShark, TShark, tcpdump, or some other packet analyzer. The no capture command immediately stops the current capture. If you use the no-merge option with a multi-file capture, the session creates multiple capture files. Multiple capture files also result when a multi-file session is interrupted by an ARX reboot. To merge all the files from a particular capture session into a single file, use the capture merge command. Jumbo frames are not included in any capture files. The jumbo mtu command enables jumbo frames. If you use jumbo frames, you can use the monitor command with a network analyzer to capture your network traffic. The monitor command requires an ARX with multiple network interfaces. | |
| bstnA# capture session 1 ip 192.168.25.19 vlan 25 file clientCap bstnA# capture session 2 proxy-all file proxyTraffic filesize 150 filecount 2 captures all traffic to or from the proxy-IP address(es). This capture session is limited to two files of 150 Kbytes each. The capture session continues indefinitely, rotating the two files, until someone uses no capture session 2 to stop it. bstnA# no capture session 2 | |
| clear statistics filer ext-filer-name connections ext-filer-name (1-64 characters) specifies a single filer where you want to clear all connection statistics. If you omit this, the command clears the connection statistics for all filers. This identifies the external filer by its configured name on the ARX. Use show external-filer to display all configured external filers. | |
| The show statistics filer connections command shows current connection counts between the ARXs software and its back-end filers. Use this command to clear those connection counters for one filer, or all of them. | |
| bstnA# clear statistics filer fs2 | |
| fqdn (1-64 characters) is the fully-qualified domain name (for example, myserver.organization.org) for a global server. Use show global server to see a list of global servers. | |
| The show statistics global server command shows the high-level traffic between a global server and its clients. Use this command to clear the traffic counters for one global server. | |
| bstnA# clear statistics global server ac1.medarch.org | |
| Use the drop filer-connections command to drop all connections to a back-end filer or server. This command may produce a noticeable interruption for your clients; use it only for a filer that is overwhelmed with ARX connections. | |
| filer (1-64 characters) identifies the filer to be disconnected (for example, smb-1). The show external-filer command lists all filers defined on the ARX. slot.processor (for example, 2.7) focuses on one network (or fastpath, or NSM) slot and processor. If you use this option, only the identified network processor drops its connections to the filer. | |
| This is useful for a Tier-2 filer that is currently overwhelmed with TCP traffic, or is experiencing connectivity issues that may be related to a high number of TCP connections. To set a limit on the number of CIFS connections from the ARX to this filer, use the cifs connection-limit command. If you set a lower limit than the current one, you have the option to wait for CIFS clients to disconnect gracefully. This causes the ARX to block any new CIFS connections to the filer until enough currently-connected clients drop off. You can use this command to reverse that decision, immediately dropping all connections to the filer and going to the lower limit. You can use nfs tcp connections to set a limit on the number of NFS/TCP connections to the filer. You can use the show filer connections command to monitor the current connections to a filer. | |
| bstnA# drop filer-connections smb1 processor 2.6 | |
| Use this command to perform an nslookup from the ARX, thereby testing the DNS lookup configuration. | |
| ip-or-hostname (1-128 characters) is the IP address or host name to look up (for example, 172.16.46.2, myserver3, or juser-pc.myco.com). seconds (optional, 1-2096) sets a time limit on the nslookup operation. If you omit this and the command takes excessive time, you can use <Ctrl-C> to stop it. | |
| seconds - 21,600 (6 hours) | |
| The lookup fails if none of the ARXs DNS servers are reachable. Use the show ip domain command to show all configured DNS servers. To add a new one, use the ip name-server command. | |
| bstnA# expect nslookup bboard.wwmed.com | |
| The firewall configuration determines which IP packets are accepted into the control-plane processor (processor 1.1) and which packets are dropped. Use expect show firewall to show the current firewall configuration. | |
| expect show firewall [timeout seconds] seconds (optional, 1-2096) sets a time limit on the show-firewall operation. If you omit this and the command takes excessive time, you can use <Ctrl-C> to stop it. | |
| seconds - 21,600 (6 hours) | |
| pkts is the number of packets accepted by the rule. bytes is the total number of bytes from the above packets. target (typically ACCEPT or DROP) determines what to do with a matching packet. Use expect show ifconfig to show configurations for all interfaces (internal and external) on the control-plane processor. | |
| bstnA# expect show firewall shows the firewall rules for the ACM processor. See Figure 39.1 for sample output. | |
Figure 39.1 Sample Output: expect show firewall
bstnA# expect show firewall
| Use expect show ifconfig to show configuration details for all ACM-processor interfaces. | |
| expect show ifconfig [timeout seconds] seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time. | |
| seconds - 21,600 (6 hours) | |
| The interface names are in the following format: interface.vlan:num. The interface is the name of the interface (such as eth0), the vlan is the VLAN number, and the num is different for every IP alias that is used by the interface.vlan. Use expect show firewall to show the firewall rules used by the ACM processor. | |
| prtlndA# expect show ifconfig | |
Figure 39.2 Sample Output: expect show ifconfig
prtlndA# expect show ifconfig
| Use expect show netstat to show the current network status at the ACM processor. | |
| expect show netstat [timeout seconds] seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time. | |
| seconds - 21,600 (6 hours) | |
| Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets. | |
| bstnA# expect show netstat shows the network status for the ACM processor. See Figure 39.3 for sample output. | |
Figure 39.3 Sample Output: expect show netstat
bstnA# expect show netstat
| ip-destination (1-128 characters) is the destination-IP address (for example, 172.16.46.2). seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time. | |
| seconds - 21,600 (6 hours) | |
| This command sends a packet from the ACM processor and shows each IP router that forwards the packet. The packet starts at the MGMT interface (use show interface mgmt to find this address) or an inband (VLAN) management interface (show interface vlan). If the packet does not reach its next hop, it prints asterisks (*) to mark the time. Use <Ctrl-C> to escape the command. Use the ping command to see if an address is reachable from various processors. Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets. | |
| bstnA# expect traceroute 192.168.25.19 | |
| expect ttcp server [timeout seconds] seconds (optional, 1-2096) sets a time limit on this command. Whether or not you set this timeout, you can use <Ctrl-C> to stop the process at any time. ttcp-server-ip (1-128 characters) is the IP address of a TTCP server (for example, 172.16.46.2). If the TTCP server is another ARX on the RON, use the .1 address on the switchs private subnet (for example, 169.25.100.1). Use show ron route to find the private subnet. | |
| seconds - 21,600 (6 hours) | |
| To test the throughput between two ARXes, you must first prepare the receiving switch to serve TTCP. Run the expect ttcp server command on the receiving switch. This blocks the CLI until the optional timeout expires, or until you press <Ctrl-C>. Then go to the sending switch to start the TTCP test. The expect ttcp transmit command invokes a 10-second TTCP test to any server that supports TTCP. This can be any filer, client, or other station on the network that can receive TTCP transmissions, or it can be another ARX on the same Resilient Overlay Network (RON; see interface ron). You must identify the server first, as described above. The transmission can hang for longer than one minute if the IP address is incorrect. You can use the optional timeout or <Ctrl-C> to cancel the test. nnnn.nnn MB / 10.00 Sec = xxx.xxxx Mbps is the amount of data transmitted in 10 seconds. aa %TX is the percent-CPU utilization at the transmitting switchs ACM processor. bb %RX is the percent-CPU utilization reported from the TTCP server. Use the ping command to see if an address is reachable from various processors. Use expect show ifconfig to show configurations for all interfaces (internal and external) on the ACM processor. The expect show firewall command shows the processors firewall rules, which determine whether to drop or accept IP packets. | |
| prtlndA# expect ttcp server timeout 600 bstnA# show ron route bstnA# expect ttcp transmit 169.254.66.1 | |
| Each group of network-log messages, known as an network-log component, has a separately-tunable logging level. Level 1 is the most terse, displaying non-recoverable errors only; level 10 is the most verbose, displaying all levels of messages including per-packet logs. The messages appear in a log file named fastpath. Use the logging fastpath component command to set a network-logging level. Use the no form of this command to disable network logging for a component. | |
| logging fastpath component nsm-component level no logging fastpath component nsm-component nsm-component (1-128 characters) is the network component to tune. See Network-Log Components for a complete list of network components. level (0-10) sets the logging level for the component. Level 0 disables all logs from the component. Level 1, as mentioned above, logs only non-recoverable errors. Levels 2 and 3 include warnings and recoverable errors. Level 4 adds logs about internal-configuration changes. Levels 5-10 include per-packet logs, where level 10 is the most verbose. | |
| level - 1 | |
| The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network (also called NSM) logging. If this appears, enter yes to proceed. This is similar to the logging level command, which sets logging levels for software components on the or ACM. This affects the logging level on all network processors where logging is enabled; use the logging fastpath processor command to enable logging on a processor. The show fastpath logging command shows which network processors are currently enabled for logging, along with the log-level settings for each component. If you set the logging level higher than zero, you can filter the logs for a given IP address, host name, or any other search string. This reduces the size of the fastpath file and focuses the logs on a particular problem. Use the logging fastpath component ... filter command to implement filtering for an network-log component. From any mode, use show logs fastpath or grep pattern logs fastpath to view the log messages in the fastpath file. | |
| bstnA(cfg)# logging fastpath component NSM_CIFS 6 bstnA(cfg)# no logging fastpath component NSM_CIFS | |
| Each source of network-log messages, known as an network-log component, can filter its messages before adding them to the log file. This reduces the stress on network processors and can help with diagnosing a network problem. Use the logging fastpath component ... filter command to filter the log messages from a particular network component. Use the no form of this command to remove one match string from the log filter. | |
| nsm-component (1-128 characters) is the network component to filter. See Network-Log Components for a complete list of network components. match-string (optional, 1-80 characters) is a string to match against. Quote the string if it contains any spaces. Any messages that match this string are added to the fastpath log file. To include log messages that match multiple strings (for example, multiple IP addresses), repeat this command with each desired string. If a log message matches any of the entered strings, the logging component adds it to the fastpath file. include | exclude is a required choice. The include choice causes the filter to include any network-log messages that match the match-string. The exclude option reverses the filter; a message is excluded from the log if it matches the match-string. | |
| The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network logging. If this appears, enter yes to proceed. Use logging fastpath processor to activate logging for one or more network processors, then use the logging fastpath component command to set the logging level for an network-log component. This command filters the messages from the component; the filter is ineffective for any component(s) where the logging level is 0 (zero). Use show fastpath logging to verify the filter settings for each component. From any mode, use show logs fastpath or grep pattern logs fastpath to view the log messages in the fastpath file. | |
| bstnA(cfg)# logging fastpath component NSM_CIFS filter 172.16.22.100 include bstnA(cfg)# logging fastpath component NSM_CIFS filter 192.168.25.31 include bstnA(cfg)# logging fastpath component NSM_CIFS filter 192.168.25.32 include bstnA(cfg)# no logging fastpath component NSM_CIFS filter 192.168.25.32 bstnA(cfg)# logging fastpath component NSM_VIP filter 192.168.25.10 exclude bstnA(cfg)# logging fastpath component NSM_VIP filter 192.168.25.12 exclude | |
| A network processor can send log messages to the fastpath log file for a detailed diagnosis of networking issues. Use the logging fastpath processor command to activate logging for one network processor. Use the no form of this command to stop the processor from adding any log messages to the file. | |
| slot.processor (for example, 1.4, 2.7, or 3.1) identifies a slot and network processor. Use the show processors command for a full list of processors on the ARX. | |
| The first time you enter any logging fastpath command, the CLI issues a warning about the performance impact of network logging. If this appears, enter yes to proceed. Several network components run on a network processor, where each component can generate its own set of log messages in the fastpath log file. The network components are listed earlier in the chapter; see Network-Log Components. Each component has a tunable logging level that you can set with the logging fastpath component command. By default, all of the logging components are set at a very terse logging level, so as not to overwhelm the network processor(s) that have logging enabled. If you raise the logging level to diagnose a problem, you should limit the volume of logging messages with the logging fastpath component ... filter command. | |
| Use show fastpath logging to show which processors are enabled for logging. This also shows all configured logging levels and filter settings. From any mode, use show logs fastpath or grep pattern logs fastpath to view the network-log messages in the fastpath file. | |
| bstnA(cfg)# logging fastpath processor 3.1 bstnA(cfg)# no logging fastpath processor 4.4 | |
| Use the monitor command to configure port mirroring. Port mirroring mirrors the Ethernet traffic on one or more ports onto another port, where the destination port typically has a network analyzer attached. The network analyzer can therefore see all traffic going through the source interface(s) in real time. | |
| Use the no form of the command to stop port mirroring. | |
| monitor {module | diagnostic} source-interface slot/port {rx | tx | both} destination-interface slot/port no monitor {module | diagnostic} source-interface slot/port {rx | tx | both} destination-interface slot/port module | diagnostic is a required choice. module enables you to mirror from one external port to another on the same module. diagnostic is for internal use only. source-interface slot/port (2/1-14 on ARX-4000; 1/1-12 on ARX-2000) identifies a port to be monitored (for example, 2/3 or 1/6). rx | tx | both is a required choice, where you specify the direction(s) of the packets to monitor (rx = received packets; tx = transmitted packets; both = both received and transmitted packets). destination-interface slot/port (same ranges as for source-interface) identifies an external port where the network analyzer is located; for example, 2/1. Choose a destination port with equal or greater bandwidth than the source port. | |
| bstnA(cfg)# monitor module source-interface 2/6 both destination-interface 2/2 bstnA(cfg)# no monitor module | |
| show interface summary | |
| Use the ping command to send one or more pings (ICMP ECHO requests) to a specified IP address. | |
| destination-ip is the IP address to receive the ping. count number (optional, 1-10,000) limits the number of pings to send. from slot.processor (optional) is not available on the ARX-1500, ARX-2500, or ARX-VE. This identifies a slot and processor to send the ping (for example, 2.3). Use the show processors command for a full list of processors on the ARX. You can ping from processor 1.1 to test the out-of-band (MGMT) network processor and connection. source source-ip (optional) is the source-IP address to send in the ICMP ECHO request. If you omit the from clause, the CLI chooses an appropriate processor. The ICMP ECHO response will be returned to this address; if you set the source processor with from and the IP does not reside on that processor, the ping output shows no response. framesize bytes (optional) is the size of the packet that you want to send. This is an extra payload that the software adds to the ICMP ECHO header. | |
| if you choose a source-ip: the processor that is associated with the source IP. without a source-ip: the first available processor. This starts with the first network processor (for example, 1.2 in an ARX-2000). If no network processors are available, the management processor (1.1) sends the ping. source source-ip - the best source IP to reach the destination-ip, as chosen by the sending processors routing table. framesize bytes - 0 (zero) | |
| For a list of proxy-IP addresses, which network processors use to communicate with filers and servers, use the show ip proxy-addresses command. The output maps each proxy-IP address to a particular processor. For a list of virtual-IP addresses, which processors use to communicate with the client side, use the show global server command. The show interface vlan command produces a list of in-band (VLAN) management interfaces, and the show interface mgmt command shows the IP for the out-of-band Mgmt interface on the front panel. Use the show ip route command to view the IP routing tables for all processors on the switch. The output is typical for ping implementations. The last column shows the source processor used for the ping, in slot.processor format, for platforms that support a specific processor source. If you specified only the source-ip in the command, the last column shows the source address instead. A summary of all pings appears at the end of the output; see Samples, below. You can use the expect traceroute command to show all the IP-router hops from the ACM processor to any given IP address. | |
| bstnA> ping 172.16.100.83 bstnA> ping 10.53.2.10 count 4 bstnA> ping 10.1.1.1 source 10.1.1.7 count 4 | |
| You can invoke an IP capture session that collects certain IP packets and streams them into a file. Use the show capture sessions command to view all such sessions. | |
| You can capture IP traffic into a file with the capture session command. This command shows a list of all currently-running sessions. The output is split into two tables. Each session appears on its own row. The first table shows the choices made with the capture session command. It has the following columns: Session identifies the session by its ID. Ip is the address to match against, if any. Any packet or source or destination address matches this is included in the capture file. This is proxy-all if the session is capturing traffic from all proxy-IP addresses at once. Additional Ip is another address to match against, if any. Any packet exchanged between this address and the address above is included in the capture. As above, proxy-all indicates that the session is capturing traffic to all proxy-IP addresses at once. VLAN is the VLAN ID that is being scanned for matching IP packets. If this is 1, a frame with no specified VLAN ID can also match. File Size is the maximum size of the file, if any. You can set this with an option in the capture session command. File Count is the maximum number of files that the session can produce. | |
| Session identifies the session by its ID. State is either Capturing or Complete. File Name is the prefix of all the output files. Use the show capture command to show a list of all capture files, or to show the contents of any of them. To maintain this directory, use the copy, rename, grep, and delete commands. | |
| bstnA> show capture sessions shows all active capture sessions. See Figure 39.4 on page 39-35 for sample output. | |
Figure 39.4 Sample Output: show capture sessions
bstnA> show capture sessions
| You can enable one or more network processors to send log messages to a fastpath log file. The network-log messages are divided into groups based on the software components that generate them. You can set a logging level for each network-software component, from 1 (terse; shows only the most-urgent messages) to 10 (extremely verbose). You can also filter each logging component so that it logs messages that are relevant to a particular network issue. Use the show fastpath logging command to list all network processors that are configured for logging along with the log levels and filtering for each network component. | |
| Slot is the slot number , and Processor is the processor that is actively logging its messages. Use the logging fastpath processor command to enable logging on a network processor. | |
| Component is an network-log component with non-default settings. A full list of network-log components appears earlier; see Network-Log Components. Trace Level is the logging level, where 1 is the most-terse level and 10 is most-verbose. Use the logging fastpath component command to change this. Filter Type is inclusive or exclusive. This determines whether a log message containing the Filter String is included in or excluded from the fastpath log. This is set with the logging fastpath component ... filter command. Filter String is a match string that the network component applies to each log message. This is also set with the logging fastpath component ... filter command. | |
| bstnA(cfg)# show fastpath logging | |
Figure 39.5 Sample Output: show fastpath logging
bstnA(cfg)# show fastpath logging
| Use the show fastpath resources command for a detailed breakdown of software resources used on a network processor. | |
| slot.processor (optional: 2.1-12 on ARX-4000; 1.2-5 on ARX-2000; 1.2 on ARX-500 or ARX-VE) focuses the output on a single network processor (for example, 2.4). If you omit this, the report shows the resources used on all of the ARXs network processors. Use the show processors command for a full list of processors on the ARX. ip-address (optional) focuses the output on an IP address. Each IP address is handled by a particular network processor; this finds the correct processor and reports on the resources used there. | |
| If you enter an IP address, the top of the output shows the network processor that serves the address. You can also use show ip address to find the processor assigned to the address. | |
| bstnA(cfg)# show fastpath resources 2.1 bstnA(cfg)# show fastpath resources ip-address 192.168.25.23 | |
Figure 39.6 Sample Output: show fastpath resources 2.1
bstnA(cfg)# show fastpath resources 2.1
bstnA(cfg)# show fastpath resources ip-address 192.168.25.23
| Use the show filer connections command to show the current TCP and UDP connections from the network processors to a given back-end filer. | |
| ext-filer-name (optional, 1-64 characters) identifies the external filer by its configured name. Use show external-filer to display all configured external filers. ip is the IP address of the filer. | |
| Proxy Ip is proxy-IP address that the network processor is using. Use show ip proxy-addresses to show all proxy-IP addresses on the switch. Filer Port shows the transport protocol (TCP or UDP) and the port number being used at the filer. Conn. is the number of connections from the network processor to the filer. You can use the drop filer-connections command to drop all connections to a filer. The NSM re-establishes its TCP connections immediately, and CIFS-client applications may do the same; therefore, this output may not change after you run the drop filer-connections command. The show statistics filer connections command shows statistics on filer connections over time. | |
| bstnA(cfg)# show filer connections ip-addr 192.168.25.19 shows connections to the filer at 192.168.25.19. See Figure 39.8 for sample output. | |
Figure 39.8 Sample Output: show filer connections ip-addr
bstnA(cfg)# show filer connections ip-addr 192.168.25.19
| Use the show monitor command to show the configuration for any active monitoring session. | |
| A monitor session, also called port mirroring, duplicates frames from one port to another. You can connect a network analyzer to the destination port to examine the traffic on the source port. Use the monitor command to start or stop a port-monitoring session. Remember to stop a monitoring session if it is not in use; the duplication is a performance strain for both the source and destination ports. | |
| bstnA(cfg)# show monitor | |
| Use the show statistics filer connections command to show filer-connection statistics for a particular filer, or for all filers. | |
| filer (optional, 1-64 characters) identifies a particular filer (for example, nas10). The show external-filer command lists all filers defined on the ARX. If you omit this, the output contains a table with summary statistics for all connected filers. slot.proc (optional: 2.1-12 on ARX-4000; 1.2-5 on ARX-2000; 1.2 on ARX-500 or ARX-VE) focuses on one NSM slot and processor. If you use this option, the output focuses on connections from the identified NSM processor. | |
| The output from the simplest syntax, show statistics filer connections, shows a table of current connections and maximum connections for all external filers. Each filer appears on one row with the following fields: Filer is the name of the external filer, as defined on the ARX. Current is the current number of connections to the filer. You can use cifs connection-limit to set a maximum number of CIFS connections, and you can use nfs tcp connections to set a ceiling on NFS/TCP connections. Max is the maximum number of simultaneous connections to the filer since the last reboot, or since the last time someone ran the clear statistics filer connections command. | |
| Connection limit is the maximum number of connections allowed to this filer, if any. You can use the cifs connection-limit command to set this limit. Current data connections is the current number of connections through the data plane. That is, this is the number of connections that are directly related to client connections, and do not come from the control plane (processes on the ACM). Current control connections counts the current connections from processes on the ACM. These are processes that do not directly relate to any client connections, such as connections from the policy engine or connections that require calculations at the control plane. Max connections (data+control) is the most simultaneous connections to this filer since the last reboot, or since the last time someone ran clear statistics filer connections. Time of Max connections is the date that the above maximum occurred. Current data sessions shows the number of data sessions that are currently connected to the filer. Each data connection can hold multiple data sessions, where each session may correspond to a different client. This is the number of sessions that are directly related to client activity, and do not come from the control plane (processes on the ACM). Max data sessions is the most simultaneous sessions on this filer since the last reboot, or since the last time someone ran clear statistics filer connections. As above, these are sessions that did not go through the control plane. Time of Max data sessions is the date that the above maximum occurred. Max sessions per data connection shows the most CIFS sessions to simultaneously run over a single TCP connection. This applies to data-plane connections between the ARX and an external client or filer. Time of Max sessions/connections is the date that the above maximum occurred. Current connections counts the current NFS connections to the filer. Max connections counts the maximum NFS connections to the filer since the last reboot, or since the last time someone ran clear statistics filer connections. Time of Max connections is the date that the above maximum occurred. | |
| Data Connection limit is the maximum number of connections allowed to this filer from this processor, if any. You can use the cifs connection-limit command to set the system-wide limit for CIFS connections. Current data connections is the current number of connections between the processor and the filer. That is, this is the number of connections that are directly related to client connections, and do not come from the control plane (processes on the ACM). Current control connections counts the current processor/filer connections that terminate at the ACM. The ACM processes do not necessarily relate to any client connections; they are connections from the policy engine or connections that require calculations at the control plane. Current data sessions shows the number of data sessions that are currently connected to the filer through this processor. Each data connection can hold multiple data sessions, where each session may correspond to a different client. This is the number of sessions that are directly related to client activity, and do not come from the control plane processes on the ACM. Max sessions per data connection shows the most CIFS sessions to simultaneously run over a single TCP connection. This applies to data-plane connections between the selected processor and filer. Time of Max sessions/connections is the date that the above maximum occurred. Current connections counts the current NFS connections between the network processor and the filer. | |
| You can use the show filer connections command to examine the current connections to a given filer. For client-side statistics, use show statistics global server. For raw, read/write statistics from the NSM fastpath, use show statistics namespace ... fastpath. | |
| bstnA(cfg)# show statistics filer connections sums up all connections to all back-end filers. See Figure 39.9 for sample output. bstnA(cfg)# show statistics filer fs4 connections shows details on the connections and sessions to the fs4 filer. See Figure 39.10 on page 39-49 for sample output. bstnA(cfg)# show statistics filer fs4 connections processor 2.1 | |
Figure 39.9 Sample Output: show statistics filer connections
bstnA(cfg)# show statistics filer connections
Figure 39.10 Sample Output: show statistics filer fs4 connections
bstnA(cfg)# show statistics filer fs4 connections
bstnA(cfg)# show statistics filer fs4 connections processor 2.1
| Use the show statistics global server command to show the volume of traffic between clients and a global server. The output shows high-level packet counts, and can break the packet counts down to individual RPC calls and/or CIFS commands. | |||||||||||||
| show statistics global server fqdn [interface |nfs | cifs] show statistics global server vip vip [interface | nfs | cifs] fqdn (optional, 1-128 characters) is the fully-qualified domain name (for example, myserver.organization.org) for a global server. Use show global server to see a list of global servers. If you omit this, the output includes all global servers. vip (optional) identifies a single virtual-IP (VIP) address. interface | nfs | cifs (optional) focuses the output on a single set of statistics. If you omit this option, the output includes all of the statistics that apply to the chosen fqdn or vip. interface shows only a table of high-level packet counts. nfs displays only a table of NFS-procedure calls. cifs shows only a table of CIFS commands. | |||||||||||||
| Global Server identifies the global server, and Virtual Server IP is the Virtual IP (VIP) for the virtual server. To clear the counters shown by this command, use clear statistics global server. To examine traffic between the ARX and its filers, use show statistics namespace ... fastpath for raw read/write statistics or show statistics filer for NFS/CIFS call counters. | |||||||||||||
| Octets are the number of bytes received from clients or transmitted to clients. Non Unicast Packets, and Dropped Packets are packet counts. The dropped packets in the Egress column are TCP packets that were dropped by the receiving station; the global server retransmits each of these dropped packets. | |||||||||||||
| NFS RPC is the name of the RPC call. Count is the number of these RPC calls received from NFS clients. % Total shows the percentage of these RPC calls compared to all the other NFS calls. Service Time (uSec) is the average number of microseconds (millionths of one second) from receiving the RPC to sending back a response. | |||||||||||||
| |||||||||||||
| CIFS Command is the name of the CIFS command. Count is the number of these CIFS commands received from CIFS clients. % Total shows the percentage of these CIFS commands compared to all the other commands. Service Time (uSec) is the average number of microseconds (millionths of one second) from receiving the command to sending back a response. | |||||||||||||
| |||||||||||||
| bstnA(cfg)# show statistics global server shows statistics for all global servers. See Figure 39.12 on page 39-53 for sample output. bstnA(cfg)# show statistics global server ac1.medarch.org shows statistics for the global server at ac1.medarch.org. See Figure 39.13 on page 39-56 for sample output. bstnA(cfg)# show statistics global server vip 192.168.25.12 shows the statistics for one virtual server. See Figure 39.14 on page 39-58 for sample output. | |||||||||||||
Figure 39.12 Sample Output: show statistics global server
bstnA(cfg)# show statistics global server
bstnA(cfg)# show statistics global server ac1.medarch.org
bstnA(cfg)# show statistics global server vip 192.168.25.12
