Table Of Contents
Monitoring GSS Global Server Load-Balancing Operation
Monitoring Global Server Load-Balancing Statistics from the CLI
Monitoring the Status of the Boomerang Server on a GSS
Monitoring the Status of the DNS Server on a GSS
Displaying Answer Statistics
Displaying Answer Group Statistics
Displaying Domain Statistics
Displaying Domain List Statistics
Displaying Global Statistics
Displaying DNS Rule Proximity Statistics
Displaying DNS Rule Statistics
Displaying Source Address Statistics
Displaying Source Address List Statistics
Displaying DNS Rule Sticky Statistics
Monitoring the Status of the DRP Agent on a GSS
Monitoring DDoS Statistics on a GSS
Displaying DDoS Attack Statistics
Displaying DDoS Anti-Spoofing Statistics
Displaying DDoS Failed DNS Queries
Displaying DDoS Rate-Limit Values
Displaying the DDoS Running Configuration
Displaying DDoS Statistics
Displaying DDoS Status
Monitoring the Status of Keepalives on a GSS
Displaying CRA Keepalive Statistics
Displaying Global Keepalive Statistics
Displaying HTTP HEAD Keepalive Statistics
Displaying ICMP Keepalive Statistics
Displaying KAL-AP Keepalive Statistics
Displaying Scripted Keepalive Statistics
Displaying Name Server Keepalive Statistics
Displaying TCP Keepalive Statistics
Monitoring Network Proximity Statistics on a GSS
Displaying DNS Rule Proximity Statistics
Displaying Proximity Database Statistics
Displaying Proximity Group Statistics
Displaying Proximity Lookup Statistics
Displaying Proximity Probe Transfer Statistics
Displaying Proximity Status
Displaying Proximity Group Configuration
Displaying Proximity Database Status
Monitoring DNS Sticky Statistics on a GSS
Displaying DNS Rule Sticky Statistics
Displaying Sticky Statistics
Displaying Global Sticky Statistics
Displaying Global Sticky Mesh Statistics
Displaying Sticky Group Statistics
Displaying the Sticky Status
Displaying the Sticky Database Status
Displaying the Global Sticky Operating Status
Displaying the Global Sticky Mesh Operating Status
Displaying Sticky Group Configuration
Clearing GSS Global Server Load-Balancing Statistics
Monitoring Global Load-Balancing Statistics from the Primary GSSM GUI
Monitoring Answer Status and Statistics
Monitoring Answer Hit Counts
Monitoring Answer Keepalive Statistics
Monitoring Answer Status
Monitoring DNS Rule Statistics
Monitoring Domain Hit Counts
Monitoring Global Statistics
Monitoring Source Address Statistics
Monitoring DDoS Statistics
Monitoring Traffic Management Statistics
Monitoring Proximity Rule Hit Count Statistics
Monitoring Proximity Database Statistics
Monitoring Proximity Lookup Statistics
Monitoring Proximity Probe Management Statistics
Monitoring Sticky Rule Hit Statistics
Monitoring Sticky Database Statistics
Monitoring Global Sticky Mesh Statistics
Monitoring GSS Global Server Load-Balancing Operation
This chapter describes the following tools for monitoring the status of global server load-balancing on your GSS network:
•
CLI-based commands that display the content routing and global server load-balancing statistics performed by a GSS device (primary GSSM, standby GSSM, and GSS device).
•Monitor pages in the primary GSSM GUI that display the status of global server load-balancing activity for all GSS devices in your GSS network.
This chapter contains the following major sections:
•Monitoring Global Server Load-Balancing Statistics from the CLI
•Monitoring Global Load-Balancing Statistics from the Primary GSSM GUI
Monitoring Global Server Load-Balancing Statistics from the CLI
Each GSS device includes a comprehensive set of show statistics CLI commands to display content routing and load-balancing statistics for each major component involved in the GSS global server load-balancing operation. The GSS global server load-balancing components include boomerang (CRAs), DNS, and VIP keepalives. For example, you can use the show statistics dns command to view the traffic handled by a particular DNS rule, which matches a D-proxy to an answer, or to analyze the traffic to a particular hosted domain that is managed by a GSS.
You can also monitor advanced traffic management functions such as DNS sticky and network proximity for the GSS device.
The following topics provide detailed instructions about using the output of the various show statistics command options to monitor GSS global server load-balancing operation.
•Monitoring the Status of the Boomerang Server on a GSS
•Monitoring the Status of the DNS Server on a GSS
•Monitoring the Status of the DRP Agent on a GSS
•Monitoring DDoS Statistics on a GSS
•Monitoring the Status of Keepalives on a GSS
•Monitoring Network Proximity Statistics on a GSS
•Monitoring DNS Sticky Statistics on a GSS
•Clearing GSS Global Server Load-Balancing Statistics
Monitoring the Status of the Boomerang Server on a GSS
The boomerang server component uses calculations of network delay, provided by DNS races between CRAs, to determine which server is best able to respond to a given request. You use the show statistics boomerang command to view boomerang activity, such as DNS races, on your GSS device on a domain-by-domain basis or on a global basis.
The syntax for the show statistics boomerang command is as follows:
show statistics boomerang {domain domain_name | global}
The keywords and arguments are as follows:
•domain—Displays statistics related to a named domain being served by the GSS.
•domain_name—Name of the domain.
•global—Displays statistics across the entire GSS network for the Boomerang server.
This example shows how to displays statistics across the entire GSS network for the boomerang server:
gss1.yourdomain.com# show statistics boomerang global
Boomerang global statistics:
This example shows how to displays boomerang statistics for a specific domain:
gss1.yourdomain.com# show statistics boomerang domain1
Domain statistics: (of domain1)
Monitoring the Status of the DNS Server on a GSS
The DNS server component tracks all DNS-related traffic to and from your GSS device, including information about DNS queries received, responses sent, queries dropped and forwarded. You use the show statistics dns command option to view DNS statistics about your GSS request routing and server load-balancing components such as DNS rules, answers, answer groups, domains, domain lists, proximity lookups by rule name or zone, source addresses, and source address groups.
When viewing the DNS answer group, domain list, or source address list statistics, you may specify the verbose option to view detailed statistics about each component of your DNS rules (for example, statistics for each answer that makes up an answer group or each domain that makes up a domain list).
This section contains the following topics:
•Displaying Answer Statistics
•Displaying Answer Group Statistics
•Displaying Domain Statistics
•Displaying Domain List Statistics
•Displaying Global Statistics
•Displaying DNS Rule Proximity Statistics
•Displaying DNS Rule Statistics
•Displaying Source Address Statistics
•Displaying Source Address List Statistics
•Displaying DNS Rule Sticky Statistics
Displaying Answer Statistics
You display the accumulated hit count for each configured answer that responds to content queries by entering the show statistics dns answer command. The statistics also include the per second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax for the command is as follows:
show statistics dns answer {list | answer_name}
The keywords and arguments are as follows:
•list—Lists the names of all answers configured for the GSS.
•answer_name—Name of the answer that you want to view statistics.
Table 10-1 describes the fields in the show statistics dns answer command output.
Table 10-1 Field Descriptions for show statistics dns answer
Command
Field
|
Description
|
Answer
|
Name of the answer. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server (NS).
|
Total Hits
|
Total number of hits for the configured answer since the GSS was last started or statistics cleared.
|
1-Min
|
Averaged per second hit count for the answer, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the answer, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the answer, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the answer, calculated during the last 4-hour interval.
|
Displaying Answer Group Statistics
You display the total hit count for each configured answer group and the answers contained in the answer group by entering the show statistics dns answer-group command.
The syntax for the command is as follows:
show statistics dns answer-group {list | group_name [verbose]}
The keywords and arguments are as follows:
•list—Lists the names of all answer groups configured for the GSS.
•group_name—Name of the answer group that you want to view statistics.
•verbose—Allows you to view detailed statistics for each answer that makes up an answer group.
Table 10-2 describes the fields in the show statistics dns answer-group verbose command output.
Table 10-2 Field Descriptions for show statistics dns answer-group verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured answer group since the GSS was last started.
|
Answer
|
Name of each answer in the answer group. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Hit Count
|
Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Status
|
Indicates whether the answer is online (up) or offline (down).
|
Displaying Domain Statistics
You display the accumulated hit count for each configured host domain by entering the show statistics dns domain command. The statistics also include the per-second average hit count calculated during the last minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax for the command is as follows:
show statistics dns domain {list | domain_name}
The keywords and arguments are as follows:
•list—Lists the names of all domains configured for the GSS.
•domain_name—Name of the domain that you want to view statistics.
Table 10-3 describes the fields in the show statistics dns domain command output.
Table 10-3 Field Descriptions for show statistics dns domain
Command
Field
|
Description
|
Domain
|
Name of the hosted domain.
|
Total Hits
|
Total number of hits for the specified hosted domain since the GSS was last started.
|
1-Min
|
Averaged per second hit count for the hosted domain, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the hosted domain, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the hosted domain, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the hosted domain, calculated during the last 4-hour interval.
|
Displaying Domain List Statistics
You display the total accumulated hit count for each configured domain list by entering the show statistics dns domain-list command.
The syntax for the command is as follows:
show statistics dns domain-list {list | domain_list_name [verbose]}
The keywords and arguments are as follows:
•list—Lists the names of all domains configured for the GSS.
•domain_list_name—Specifies the name of the domain list that you want to view statistics.
•verbose—Allows you to view detailed statistics for each domain that makes up a domain list.
Table 10-4 describes the fields in the show statistics dns domain-list verbose command output.
Table 10-4 Field Descriptions for show statistics dns domain-list verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the hosted domain since the GSS was last started or statistics cleared.
|
Domain Name
|
Name of the hosted domain in the domain list.
|
Hit Count
|
Number of times that the hosted domain has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying Global Statistics
You display general DNS statistics for the GSS device in use by entering the show statistics dns global command.
The syntax for the command is as follows:
show statistics dns global
Table 10-5 describes the fields in the show statistics dns global command output.
Table 10-5 Field Descriptions for show statistics dns global
Command
Field
|
Description
|
DnsQueriesRcvd
|
Total number of DNS queries received by the GSS from a requesting client D-proxy.
|
DnsHostAddrQueriesRcvd
|
Total number of host address queries received by the GSS from a requesting client D-proxy.
|
DnsResponsesSent
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy.
|
DnsResponsesNoError
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy without an error
|
DnsResponsesErrors
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy with an error.
|
DnsServfailRCode
|
DNS server failure return code.
|
DnsNxdomainRCode
|
DNS NX domain return code.
|
DnsNotimpRCode
|
DNS not implemented return code.
|
DnsRefusedRCode
|
DNS refused return code.
|
DnsQueriesUnmatched
|
Total number of unmatched DNS queries received by the GSS from a requesting client D-proxy.
|
DnsDrops
|
Total number of DNS queries dropped by the GSS.
|
DnsNSFWDSent
|
Total number of queries that do not match domains on any GSS domain lists and have been forwarded by the GSS to an external DNS name server for resolution.
|
DnsBoomServReqSent
|
Total number of requests sent by the boomerang server in the GSS to initiate a DNS race.
|
DnsNSFWDResponsesRcvd
|
Total number of queries that have been forwarded to the GSS to an external DNS name server for resolution.
|
DnsProxLkupReqSent
|
Total number of proximity lookup requests sent by the selector to the proximity subsystem.
|
DnsProxLkupRespRecd
|
Total number of proximity lookup requests received by the selector from the proximity subsystem.
|
DnsReqRatePerSecondCur
|
Current request rate per second that requests are made to the GSS to perform a DNS resolution.
|
DnsReqRatePerSecondPeak
|
Peak request rate per second that requests are made to the GSS to perform a DNS resolution.
|
DnsStickyLkupReqSent
|
Total number of sticky lookup requests sent by the selector to the sticky subsystem.
|
DnsStickyAddReqSent
|
Total number of requests for IP addresses sent by the selector to the sticky subsystem.
|
DnsStickyHit
|
Total number of successful sticky answer matches for the DNS rule.
|
DnsStickyMiss
|
Total number of times that the GSS was unable to provide the sticky answer for the DNS rule.
|
DnsSrcPortErrorUdp
|
Total number of UDP errors that occurred on the DNS source port.
|
DnsSrcPortErrorTcp
|
Total number of TCP errors that occurred on the DNS source port.
|
DnsPollSocketError
|
Total number of socket connection errors.
|
Displaying DNS Rule Proximity Statistics
You display all proximity lookups by DNS rule name by entering the show statistics dns proximity rule command.
Note To clear proximity statistics related to the DNS server component of the GSS, use the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax for the command is as follows:
show statistics dns proximity rule
Table 10-6 describes the fields in the show statistics dns proximity rule command output.
Table 10-6 Field Descriptions for show statistics dns proximity rule Command
Field
|
Description
|
Rule
|
Name of the matched DNS rule.
|
Proximity Hit Count
|
Number of DNS requests that match the DNS rule.
|
Proximity Success Count
|
Number of DNS responses successfully returned with a proximate answer for the DNS rule.
|
Displaying DNS Rule Statistics
You display the total hit count and success count for each configured DNS rule by entering the show statistics dns rule command.
The syntax for the command is as follows:
show statistics dns rule {list | rule_name}
The keywords and arguments are as follows:
•list—Lists the names of all DNS rules configured for the GSS.
•rule_name—Name of the DNS rule that you want to view statistics.
Table 10-7 describes the fields in the show statistics dns rule command output.
Table 10-7 Field Descriptions for show statistics dns rule Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured DNS rule since the GSS was last started.
|
Total Success Count
|
Accumulated number of successful answer matches for the DNS rule.
|
Clause
|
Number of the balance clause in the DNS rule.
|
Hit Count
|
Number of times that the DNS rule processed a DNS request.
|
Success Count
|
Number of successful answer matches for the DNS rule.
|
Id
|
Internal ID number of the answer in the DNS rule.
|
Address
|
Name of the answer. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Hit Count
|
Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying Source Address Statistics
You display the accumulated hit count for each configured source address by entering the show statistics dns source-address command. The statistics also includes the per-second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax for the command is as follows:
show statistics dns source-address {list | sa_name}
The keywords and arguments are as follows:
•list—Lists the names of all source addresses configured for the GSS.
•sa_name—Name of the source address that you want to view statistics.
Table 10-8 describes the fields in the show statistics dns source-address command output.
Table 10-8 Field Descriptions for show statistics dns source-address Command
Field
|
Description
|
Src Address
|
IP address or CIDR address block of the client DNS proxy.
|
Total Hits
|
Total number of hits for the source address since the GSS was last started or statistics cleared.
|
1-Min
|
Averaged per second hit count for the source address, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the source address, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the source address, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the source address, calculated during the last 4-hour interval.
|
Displaying Source Address List Statistics
You display the total hit count for each configured source address list by entering the show statistics dns source-address-list command. The statistics also include the last minute average, 5-minute average, 30-minute average, and 4-hour average of the hit counts.
The syntax for the command is as follows:
show statistics dns source-address-list {list | sa_list_name [verbose]}
The keywords and arguments are as follows:
•list—Lists the names of all source addresses.
•sa_list_name—Name of the source address list that you want to view statistics.
•verbose—Allows you to view detailed statistics for each name in the source address list.
Table 10-9 describes the fields in the show statistics dns source-address-list command output.
Table 10-9 Field Descriptions for show statistics dns source-address-list verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured source address list since the GSS was last started or statistics cleared.
|
Source Address
|
IP address or CIDR address block of the client DNS proxy.
|
Hit Count
|
Number of times that the source address has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying DNS Rule Sticky Statistics
You display all DNS sticky lookups by DNS rule name by entering the show statistics dns sticky rule command.
Note To clear sticky statistics related to the DNS server component of the GSS, use the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax for the command is as follows:
show statistics dns sticky rule
Table 10-10 describes the fields in the show statistics dns sticky rule command output.
Table 10-10 Field Descriptions for show statistics dns sticky rule Command
Field
|
Description
|
Rule
|
Name of the matched DNS rule.
|
Sticky Hit Count
|
Total number of lookups in the sticky database for the DNS rule.
|
Sticky Success Count
|
Total number of successful sticky answer matches for the DNS rule.
|
Monitoring the Status of the DRP Agent on a GSS
You monitor statistics on the Director Response Protocol (DRP) agent by entering the show statistics drpagent command.
Note To clear statistics related to the DRP agent component of the GSS, use the clear statistics drpagent command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax for the command is as follows:
show statistics drpagent
Table 10-11 describes the fields in the show statistics drpagent command output.
Table 10-11 Field Descriptions for show statistics drpagent Command
Field
|
Description
|
DRP agent enabled/disabled
|
Status of the DRP agent: enabled or disabled.
|
director requests
|
Number of director requests.
|
successful measured lookups
|
Number of successful DRP measure requests received by the DRP agent from all of the GSSs.
|
packet failures returned
|
Number of packet failures returned.
|
successful echos
|
Number of successful DRP echo requests (DRP keepalives) received by the DRP agent from all of the GSSs.
|
path-rtt probe source port
|
Source port of the path probe packets from the DRP agent.
|
path-rtt probe destination port
|
Destination port of the path probe packets from the DRP agent.
|
tcp-rtt probe source port
|
Source port of the TCP probe packets from the DRP agent.
|
tcp-rtt probe destination port
|
Destination port of the TCP probe packets from the DRP agent.
|
Monitoring DDoS Statistics on a GSS
This section describes the procedures you need to follow to display DDoS statistics from the CLI and contains the following topics:
•Displaying DDoS Attack Statistics
•Displaying DDoS Anti-Spoofing Statistics
•Displaying DDoS Failed DNS Queries
•Displaying DDoS Rate-Limit Values
•Displaying the DDoS Running Configuration
•Displaying DDoS Statistics
•Displaying DDoS Status
Displaying DDoS Attack Statistics
You display the DNS attacks detected by the GSS by entering the show ddos attacks command (from privileged EXEC mode) or the show attacks command (from ddos configuration mode).
Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax for the command is as follows:
show [ddos] attacks
Table 10-12 describes the fields in the show [ddos] attacks command output.
Table 10-12 Field Descriptions for show [ddos] attacks Command
Field
|
Description
|
Total Attacks
|
Total number of DNS attacks detected by the GSS.
|
Reflection attack
|
Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.
|
Malformed DNS packet attacks
|
Attack in which the GSS is flooded with malformed DNS packets.
|
Failed Global Domain attacks
|
Failed domain counter provides a total for DNS queries that failed to match the global domain name.
|
Global Rate-limit exceeded attacks
|
Attack in which the maximum number of DNS requests that the GSS receives from the D-proxy per second exceeds the global limit.
|
For example, enter:
gssm1.example.com(config-ddos)# show attacks
Malformed DNS packet attacks :0
Failed Global Domain attacks :0
Global Rate-limit exceeded attacks :0
Displaying DDoS Anti-Spoofing Statistics
You display the spoofed and trusted D-proxies on the GSS by entering the show ddos dproxy command (from privileged EXEC mode) or the show dproxy command (from ddos configuration mode).
Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax for the command is as follows:
show [ddos] dproxy [ipaddress | spoofed | trusted]
The keywords and arguments are as follows:
•ipaddress—D-proxy IP address.
•spoofed—Shows the spoofed D-proxies.
•trusted—Shows the trusted D-proxies.
Table 10-13 describes the fields in the show [ddos] dproxy command output.
Table 10-13 Field Descriptions for show [ddos] d-proxy Command
Field
|
Description
|
Dproxy Address
|
IP address of the D-proxy.
|
Spoofed/Nonspoofed
|
Spoofed or nonspoofed D-proxy.
|
Drops
|
Number of dropped packets due to anti-spoofing failure.
|
For example, enter:
gssm1.example.com# show ddos dproxy 16.1.1.11
DPROXY ADDRESS SPOOFED/NONSPOOFED DROPS
---------- ------ ---------------
Displaying DDoS Failed DNS Queries
You display the following by entering the show ddos failed-dns command (from privileged EXEC mode) or the show failed-dns command (from ddos configuration mode):
•The last x number of domain names that caused failed DNS queries at the GSS
•The number of failed DNS queries per D-proxy
Failed DNS queries refer to DNS queries for a domain not configured on the GSS.
Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax for the command is as follows:
show [ddos] failed-dns [failed-domains | global-domain-rules | gslb-rules]
The keywords and arguments are as follows:
•failed-domains—Shows the failed domain names due to a GSLB-rule mismatch.
Note Even if DDoS is disabled, you can use this option to list the failed domain names due to the GSLB-rule mismatch. The list is updated even if DDoS is disabled.
•global-domain—Shows the number of failures due to a global domain mismatch.
•gslb-rules—Shows the number of failures due to a GSLB-rule mismatch.
Table 10-14 describes the fields in the show [ddos] failed-dns command output.
Table 10-14 Field Description for show [ddos] failed-dns Command
Field
|
Description
|
Global domain check drops
|
Number of dropped packets as a result of a global domain name check.
|
Dproxy Address
|
IP address of the D-proxy.
|
Number of Failed DNS queries
|
Number of failed DNS queries as a result of a GSLB-rule check.
|
For example, enter:
gssm1.example.com# show ddos failed-dns failed-domains
gssm1.example.com# show ddos failed-dns global-domain-rules
Global domain check drops :4
gssm1.example.com# show ddos failed-dns gslb-rules
DPROXY ADDRESS NUMBER OF FAILED DNS QUERIES
---------- ----------------------------
Displaying DDoS Rate-Limit Values
You display the rate limits per D-proxy and the number of packets dropped per source by entering the show ddos rate-limit command (from privileged EXEC mode) or the show rate-limit command (from ddos configuration mode).
The syntax for the command is as follows:
show [ddos] rate-limit [ipaddress | global | unknown]
The keywords and arguments are as follows:
•ipaddress—IP address of the D-proxy.
•global—Specifies the global rate-limit on the GSS.
•unknown—Specifies the unknown D-proxy rate limit on the GSS.
Table 10-15 describes the fields in the show [ddos] rate-limit command output.
Table 10-15 Field Descriptions for show [ddos] rate-limit Command
Field
|
Description
|
Dproxy Address
|
IP address of the D-proxy.
|
Rate-limit
|
Maximum number of DNS requests that the GSS can receive from a D-proxy per second.
|
Applied Rate Limit
|
This value is based on the following:
rate-limit * scaling factor/100
|
Drops
|
Number of packets dropped because of the rate-limit.
|
For example, enter:
gssm1.example.com# show ddos rate-limit 16.1.1.11
Dproxy Address Rate-limit Applied Rate Limit Drops
---------- ------ --------------- -----
Displaying the DDoS Running Configuration
You display the contents of the DDos running configuration file by entering the show ddos-config command (from privileged EXEC or ddos configuration mode).
The syntax for the command is as follows:
show ddos-config
Table 10-16 describes the fields in the show ddos-config command output.
Table 10-16 Field Descriptions for show ddos-config Command
Field
|
Description
|
enable
|
DDoS detection and mitigation module status, enabled or disabled.
|
rate-limit global
|
Global rate limit configured on the GSS.
|
tolerance factor
|
Helps determine the rate limit.
|
peacetime database
|
Peacetime database identifier.
|
global domain
|
Global domain name identifier.
|
dproxy trusted
|
D-proxy added or deleted from a trusted D-proxy database.
|
mitigation-rule response enable
|
Enables mitigation rules for the following DNS responses:
•Packets are dropped with a source port other than 53 and QR bit of 1 (response) when responses come from a source port other than 53.
•Packets are dropped with a destination port of 53 and a QR bit of 1 (response) when responses come to port 53.
|
mitigation-rule request enable
|
Enables mitigation rules for DNS requests in which packets are dropped with a source port equal to 53, but less than 1024, and a QR bit of 0 (request).
|
For example, enter:
gssm1.example.com# show ddos-config
tolerance-factor dproxy 2
global domain www.level1.com
mitigation-rule response enable
mitigation-rule request enable
Displaying DDoS Statistics
You display DDoS statistics by entering the show statistics ddos command (from privileged EXEC mode), or the show statistics command (from ddos configuration mode).
Note Clear statistics related to the DDoS detection and mitigation component of the GSS by entering the clear statistics ddos command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax for the command is as follows:
show statistics [ddos] [attacks | global]
The keywords and arguments are as follows:
•attacks—Displays attack statistics.
•global—Displays global statistics.
Table 10-17 describes the fields in the show statistics ddos attacks command output.
Table 10-17 Field Descriptions for show statistics ddos attacks Command
Field
|
Description
|
Total Attacks
|
Total number of DDoS attacks on the GSS.
|
Reflection attacks
|
Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.
|
Malformed DNS packet attacks
|
Attack in which the GSS is flooded with malformed DNS packets.
|
Failed Global Domain attacks
|
Attack in which the GSS is flooded with failed global domain attacks.
|
Global Rate-limit exceeded attacks
|
Attack in which the global rate-limit threshold has been exceeded.
|
For example, enter:
gssm1.example.com# show statistics ddos attacks
Malformed DNS packet attacks :0
Failed Global Domain attacks :0
Global Rate-limit exceeded attacks :0
Table 10-18 describes the fields in the show statistics ddos global command output.
Table 10-18 Field Descriptions for show ddos statistics global Command
Field
|
Description
|
Total packets received
|
Packets received and handled by the GSS. The Total packets received counter is the sum of the legitimate counter and the malicious counter.
|
Total packets dropped
|
Packets that were identified by the GSS DDoS protection and mitigation functions as part of an attack and dropped.
|
Total Anti-spoofing triggered
|
Total number of packets that triggered the GSS anti-spoofing mechanism.
|
Total Validated DNS requests
|
Total number of packets successfully identified as part of an anti-spoofing attack.
|
Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation rate-limiting functions as part of an attack and dropped. The rate limit is the maximum number of DNS requests that the GSS can receive from the D-proxy per second.
|
Global Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation global rate-limiting function as part of an attack and dropped.
|
Unknown dproxies drops
|
An D-proxy that has not been classified as spoofed or non-spoofed by the DDoS protection and mitigation function is unknown. The DDoS function starts anti-spoofing for an unknown D-proxy. If the number of packets from unknown D-Proxies exceeds the specified rate limit, the unknown drops start.
|
Spoofed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an attack and dropped.
|
Malformed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as a malformed packet and dropped.
|
Mitigation rules drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as violating mitigation rules and dropped.
|
Global domain name drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as a global domain name and dropped.
|
Ongoing anti-spoofing drops
|
Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an ongoing attack and dropped.
|
For example, enter:
gssm1.example.com# show statistics ddos global
Total packets received :6
Total Anti-Spoofing triggered :0
Total Validated DNS requests :0
Dropped Packets Statistics:
-----------------------------
Global Rate limit drops :0
Unknown dproxies drops :0
Malformed packet drops :0
Ongoing anti-spoofing drops :0
Displaying DDoS Status
You display DDoS statistics by entering the show ddos status command (from privileged EXEC mode) or the show status command (from ddos configuration mode).
The syntax for the command is as follows:
show [ddos] status
Table 10-19 describes the field in the show ddos status command output.
Table 10-19 Field Description for show [ddos] status Command
Field
|
Description
|
DDoS Status
|
Status of the DDoS detection and mitigation module in the GSS, either enabled or disabled.
|
For example, enter:
gss1.yourdomain.com# show ddos status
Monitoring the Status of Keepalives on a GSS
The keepalive engine on each GSS device monitors the current online status of the configured keepalives managed by the GSS. You can view statistics for all keepalive types on your network, or limit statistics to a specific keepalive type, such as CRA, HTTP HEAD, ICMP, KAL-AP, name server, or TCP.
You use the show statistics keepalive command option to view statistics about the health of your GSS keepalives globally or by keepalive type.
This section contains the following topics:
•Displaying CRA Keepalive Statistics
•Displaying Global Keepalive Statistics
•Displaying HTTP HEAD Keepalive Statistics
•Displaying ICMP Keepalive Statistics
•Displaying KAL-AP Keepalive Statistics
•Displaying Scripted Keepalive Statistics
•Displaying Name Server Keepalive Statistics
•Displaying TCP Keepalive Statistics
Displaying CRA Keepalive Statistics
You display statistics for configured content routing agent (CRA) keepalive types managed by the GSS and used with boomerang-type answers by using the show statistics keepalive cra command.
The syntax for the command is as follows:
show statistics keepalive cra {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured CRA-type keepalives.
•list—Lists all available IP addresses.
Table 10-20 describes the fields in the show statistics keepalive cra all command output.
Table 10-20 Field Descriptions for show statistics keepalive cra all Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
Name assigned to the answer.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, and Suspended.
|
One Way Delay
|
One-way delay time, in milliseconds, used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answe |
