Table Of Contents
Displaying GSS Global Server Load-Balancing Statistics
Displaying Global Server Load-Balancing Statistics from the CLI
Displaying the Status of the Boomerang Server on a GSS
Displaying the Status of the DNS Server on a GSS
Displaying Answer Statistics
Displaying Answer Statistics for all GSSs in the GSS Mesh
Displaying Answer Group Statistics
Displaying Domain Statistics
Displaying Domain List Statistics
Displaying Global Statistics
Displaying DNS Rule Proximity Statistics
Displaying DNS Rule Statistics
Displaying DNS Rule Statistics for all GSSs in the GSS Mesh
Displaying Source Address Statistics
Displaying Source Address List Statistics
Displaying DNS Rule Sticky Statistics
Displaying the Status of the DRP Agent on a GSS
Displaying DDoS Statistics on a GSS
Displaying DDoS Attack Statistics
Displaying DDoS Anti-Spoofing Statistics
Displaying DDoS Failed DNS Queries
Displaying DDoS Rate-Limit Values
Displaying DDoS Running Configuration
Displaying DDoS Statistics
Displaying the DDoS Status
Displaying the Status of Keepalives on a GSS
Displaying CRA Keepalive Statistics
Displaying Global Keepalive Statistics
Displaying HTTP HEAD Keepalive Statistics
Displaying ICMP Keepalive Statistics
Displaying KAL-AP Keepalive Statistics
Displaying Scripted Keepalive Statistics
Displaying Name Server Keepalive Statistics
Displaying TCP Keepalive Statistics
Displaying Keepalive Answer Type Statistics
Displaying Network Proximity Statistics on a GSS
Displaying DNS Rule Proximity Statistics
Displaying Proximity Database Statistics
Displaying Proximity Group Statistics
Displaying Proximity Lookup Statistics
Displaying Proximity Probe Transfer Statistics
Displaying Proximity Status
Displaying Proximity Group Configuration
Displaying Proximity Database Status
Displaying DNS Sticky Statistics on a GSS
Displaying DNS Rule Sticky Statistics
Displaying Sticky Statistics
Displaying Global Sticky Statistics
Displaying Global Sticky Mesh Statistics
Displaying Sticky Group Statistics
Displaying the Sticky Status
Displaying the Sticky Database Status
Displaying the Global Sticky Operating Status
Displaying Global Sticky Mesh Operating Status
Displaying Sticky Group Configuration
Clearing GSS Global Server Load-Balancing Statistics
Displaying Global Server Load-Balancing Statistics from the GUI
Displaying Answer Status and Statistics
Displaying Answer Hit Counts
Displaying Answer Keepalive Statistics
Displaying the Answer Status
Displaying DNS Rule Statistics
Displaying Domain Hit Counts
Displaying Global Statistics
Displaying Source Address Statistics
Displaying DDoS Statistics
Monitoring Traffic Management Statistics
Displaying Proximity Rule Hit Count Statistics
Displaying Proximity Database Statistics
Displaying Proximity Lookup Statistics
Displaying Proximity Probe Management Statistics
Displaying Sticky Rule Hit Statistics
Displaying Sticky Database Statistics
Displaying Global Sticky Mesh Statistics
Displaying GSS Global Server Load-Balancing Statistics
This chapter describes the following tools for displaying the status of global server load balancing on your GSS network:
•
CLI-based commands that display the content routing and global server load-balancing statistics performed by a GSS device (primary GSSM, standby GSSM, and GSS device).
•Monitor pages in the primary GSSM GUI that display the status of global server load-balancing activity for all GSS devices in your GSS network.
This chapter contains the following major sections:
•Displaying Global Server Load-Balancing Statistics from the CLI
•Displaying Global Server Load-Balancing Statistics from the GUI
Displaying Global Server Load-Balancing Statistics from the CLI
Each GSS device includes a comprehensive set of show statistics CLI commands to display content routing and load-balancing statistics for each major component involved in the GSS global server load-balancing operation. The GSS global server load-balancing components include boomerang (CRAs), DNS, and VIP keepalives. For example, the show statistics dns command can be used to display the traffic handled by a particular DNS rule, which matches a D-proxy to an answer, or to analyze the traffic to a particular hosted domain that is managed by a GSS.
You can also display advanced traffic management functions such as DNS sticky and network proximity for the GSS device.
The following topics provide detailed instructions about using the output of the various show statistics command options to display GSS global server load-balancing operation:
•Displaying the Status of the Boomerang Server on a GSS
•Displaying the Status of the DNS Server on a GSS
•Displaying the Status of the DRP Agent on a GSS
•Displaying DDoS Statistics on a GSS
•Displaying the Status of Keepalives on a GSS
•Displaying Network Proximity Statistics on a GSS
•Displaying DNS Sticky Statistics on a GSS
•Clearing GSS Global Server Load-Balancing Statistics
Displaying the Status of the Boomerang Server on a GSS
The boomerang server component uses calculations of network delay, provided by DNS races between content routing agents (CRAs), to determine which server is best able to respond to a given request. Use the show statistics boomerang command to display boomerang activity, such as DNS races, on your GSS device on a domain-by-domain basis or on a global basis.
The syntax of this command is as follows:
show statistics boomerang {domain domain_name | global}
The keywords and arguments are as follows:
•domain—Displays statistics related to a named domain being served by the GSS.
•domain_name—Name of the domain.
•global—Displays statistics across the entire GSS network for the Boomerang server.
This example shows how to displays statistics across the entire GSS network for the boomerang server:
gss1.yourdomain.com# show statistics boomerang global
Boomerang global statistics:
This example shows how to displays boomerang statistics for a specific domain:
gss1.yourdomain.com# show statistics boomerang domain1
Domain statistics: (of domain1)
Displaying the Status of the DNS Server on a GSS
The DNS server component tracks all DNS-related traffic to and from your GSS device, including information about DNS queries received, responses sent, queries dropped and forwarded. Use the show statistics dns command option to display DNS statistics about your GSS request routing and server load-balancing components such as DNS rules, answers, answer groups, domains, domain lists, proximity lookups by rule name or zone, source addresses, and source address groups.
When displaying the DNS answer group, domain list, or source address list statistics, you may specify the verbose option to display detailed statistics about each component of your DNS rules (for example, statistics for each answer that makes up an answer group or each domain that makes up a domain list).
This section contains the following topics:
•Displaying Answer Statistics
•Displaying Answer Statistics for all GSSs in the GSS Mesh
•Displaying Answer Group Statistics
•Displaying Domain Statistics
•Displaying Domain List Statistics
•Displaying Global Statistics
•Displaying DNS Rule Proximity Statistics
•Displaying DNS Rule Statistics
•Displaying DNS Rule Statistics for all GSSs in the GSS Mesh
•Displaying Source Address Statistics
•Displaying Source Address List Statistics
•Displaying DNS Rule Sticky Statistics
Displaying Answer Statistics
You can display the accumulated hit count for each configured answer that responds to content queries by using the show statistics dns answer command. The statistics also include the per second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax of this command is as follows:
show statistics dns answer [list | verbose | answer_name]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all answers configured for the GSS.
•verbose—(Optional) Allows you to display detailed statistics for each answer. In addition to the information that displays when you do not use an optional keyword, the DNS name also displays.
•answer_name—(Optional) Name of the answer that you want to display statistics.
Table 13-1 describes the fields in the show statistics dns answer command output.
Table 13-1 Field Descriptions for the show statistics dns answer
Command
Field
|
Description
|
Answer
|
Name of the answer. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server (NS).
|
Total Hits
|
Total number of hits for the configured answer since the GSS was last started or statistics cleared.
|
1-Min
|
Averaged per second hit count for the answer, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the answer, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the answer, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the answer, calculated during the last 4-hour interval.
|
Displaying Answer Statistics for all GSSs in the GSS Mesh
From the primary GSSM, you can display answer statistics for all of the online GSS devices in the GSS mesh by using the show statistics gss-mesh all dns answer command. For every online GSS, the primary GSSM displays the accumulated hit count for each configured answer that responds to content queries.
The syntax of this command is as follows:
show statistics gss-mesh all dns answer [type {cra | ns | vip}] [ip_address]
The keywords and arguments are as follows:
•type—(Optional) Specifies statistics for one of the following answer types:
–cra—Content routing agent answer type
–ns—DNS name server answer type
–vip—Virtual IP answer type
•ip_address—(Optional) IP address of a specific GSS in the GSS mesh.
By default, the GSS devices send the primary GSSM statistical information every five minutes. Before using the show statistics gss-mesh all dns answer command, you can force the GSS devices in the mesh to send the primary GSSM their latest statistics by using the refresh-gssmesh-statistics command from the primary GSSM. This ensures that the primary GSSM displays the latest GSS mesh statistics.
The syntax of this command is as follows:
refresh-gssmesh-statistics
The CLI is unavailable for use for five seconds after using this command to give the primary GSSM enough time to receive and process the information. If network traffic is busy, the primary GSSM may not receive the information within the five seconds. If you use the show statistics gss-mesh all dns answer command before the primary GSSM receives the new information, the command output may not contain the latest statistical information.
Note Using the refresh-gssmesh-statistics command increases network traffic between the GSS devices in the mesh. For this reason, we recommend that you use this command only when an update is required.
Table 13-1 describes the fields in the show statistics gss-mesh all dns answer command output.
Table 13-2 Field Descriptions for the show statistics gss-mesh all dns answer Command
Field
|
Description
|
IP
|
IP address of the answer.
|
Name
|
Answer name.
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server (NS).
|
Status
|
Answer status. Possible states are as follows:
•Online—Indicates that the answer is online and can be used by any of the currently configured DNS rules.
Online status of a CRA answer is reported as One Way Delay:<value>. For keepalives returning load status, the online status is reported as Online (Load:20) or Offline(Load:255).
•Offline—Indicates that the answer is offline and cannot be used by any of the currently configured DNS rules.
•Suspended—Indicates that the answer is administratively suspended and cannot be used by any of the currently configured DNS rules.
•Operational Suspend—Indicates that the GSS has suspended the answer because it was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
•Unknown—Indicates that the primary GSSM was recently restarted and is waiting for an answer status from its peer GSS.
|
Hit Count
|
Total number of hits for the configured answer since the GSS was last started or statistics cleared.
|
Displaying Answer Group Statistics
You can display the total hit count for each configured answer group and the answers contained in the answer group by using the show statistics dns answer-group command.
The syntax of this command is as follows:
show statistics dns answer-group [list | group_name [verbose]]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all answer groups configured for the GSS.
•group_name—(Optional) Name of the answer group that you want to display statistics.
•verbose—(Optional) Allows you to display detailed statistics for each answer that makes up an answer group.
Table 13-3 describes the fields in the show statistics dns answer-group verbose command output.
Table 13-3 Field Descriptions for the show statistics dns answer-group verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured answer group since the GSS was last started.
|
Answer
|
Name of each answer in the answer group. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Hit Count
|
Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Status
|
Indicates whether the answer is online (up) or offline (down).
|
Displaying Domain Statistics
You can display the accumulated hit count for each configured host domain by using the show statistics dns domain command. The statistics also include the per-second average hit count calculated during the last minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax of this command is as follows:
show statistics dns domain [list | domain_name]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all domains configured for the GSS.
•domain_name—(Optional) Name of the domain that you want to display statistics.
Table 13-4 describes the fields in the show statistics dns domain command output.
Table 13-4 Field Descriptions for the show statistics dns domain
Command
Field
|
Description
|
Domain
|
Name of the hosted domain.
|
Total Hits
|
Total number of hits for the specified hosted domain since the GSS was last started.
|
1-Min
|
Averaged per second hit count for the hosted domain, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the hosted domain, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the hosted domain, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the hosted domain, calculated during the last 4-hour interval.
|
Displaying Domain List Statistics
You can display the total accumulated hit count for each configured domain list by using the show statistics dns domain-list command.
The syntax of this command is as follows:
show statistics dns domain-list [list | domain_list_name [verbose]]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all domains configured for the GSS.
•domain_list_name—(Optional) Name of the domain list that you want to display statistics.
•verbose—(Optional) Allows you to display detailed statistics for each domain that makes up a domain list.
Table 13-5 describes the fields in the show statistics dns domain-list verbose command output.
Table 13-5 Field Descriptions for the show statistics dns domain-list verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the hosted domain since the GSS was last started or statistics cleared.
|
Domain Name
|
Name of the hosted domain in the domain list.
|
Hit Count
|
Number of times that the hosted domain has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying Global Statistics
You can display general DNS statistics for the GSS device in use by using the show statistics dns global command.
The syntax of this command is as follows:
show statistics dns global
Table 13-6 describes the fields in the show statistics dns global command output.
Table 13-6 Field Descriptions for the show statistics dns global
Command
Field
|
Description
|
DnsQueriesRcvd
|
Total number of DNS queries received by the GSS from a requesting client D-proxy.
|
DnsHostAddrQueriesRcvd
|
Total number of host address queries received by the GSS from a requesting client D-proxy.
|
DnsResponsesSent
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy.
|
DnsResponsesNoError
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy without an error.
|
DnsResponsesErrors
|
Total number of DNS responses sent by the GSS to a requesting client D-proxy with an error.
|
DnsServfailRCode
|
DNS server failure return code.
|
DnsNxdomainRCode
|
DNS NX domain return code.
|
DnsNotimpRCode
|
DNS not implemented return code.
|
DnsRefusedRCode
|
DNS refused return code.
|
DnsQueriesUnmatched
|
Total number of unmatched DNS queries received by the GSS from a requesting client D-proxy.
|
DnsDrops
|
Total number of DNS queries dropped by the GSS.
|
DnsNSFWDSent
|
Total number of queries that do not match domains on any GSS domain lists and have been forwarded by the GSS to an external DNS name server for resolution.
|
DnsBoomServReqSent
|
Total number of requests sent by the boomerang server in the GSS to initiate a DNS race.
|
DnsNSFWDResponsesRcvd
|
Total number of queries that have been forwarded to the GSS to an external DNS name server for resolution.
|
DnsProxLkupReqSent
|
Total number of proximity lookup requests sent by the selector to the proximity subsystem.
|
DnsProxLkupRespRecd
|
Total number of proximity lookup requests received by the selector from the proximity subsystem.
|
DnsReqRatePerSecondCur
|
Current request rate per second that requests are made to the GSS to perform a DNS resolution.
|
DnsReqRatePerSecondPeak
|
Peak request rate per second that requests are made to the GSS to perform a DNS resolution.
|
DnsStickyLkupReqSent
|
Total number of sticky lookup requests sent by the selector to the sticky subsystem.
|
DnsStickyAddReqSent
|
Total number of requests for IP addresses sent by the selector to the sticky subsystem.
|
DnsStickyHit
|
Total number of successful sticky answer matches for the DNS rule.
|
DnsStickyMiss
|
Total number of times that the GSS was unable to provide the sticky answer for the DNS rule.
|
DnsSrcPortErrorUdp
|
Total number of UDP errors that occurred on the DNS source port.
|
DnsSrcPortErrorTcp
|
Total number of TCP errors that occurred on the DNS source port.
|
DnsPollSocketError
|
Total number of socket connection errors.
|
Displaying DNS Rule Proximity Statistics
You can display all proximity lookups by DNS rule name by using the show statistics dns proximity rule command.
Note To clear proximity statistics related to the DNS server component of the GSS, use the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax of this command is as follows:
show statistics dns proximity rule
Table 13-7 describes the fields in the show statistics dns proximity rule command output.
Table 13-7 Field Descriptions for the show statistics dns proximity rule Command
Field
|
Description
|
Rule
|
Name of the matched DNS rule.
|
Proximity Hit Count
|
Number of DNS requests that match the DNS rule.
|
Proximity Success Count
|
Number of DNS responses successfully returned with a proximate answer for the DNS rule.
|
Displaying DNS Rule Statistics
You can display the total hit count and success count for each configured DNS rule by using the show statistics dns rule command.
The syntax of this command is as follows:
show statistics dns rule [list | rule_name [verbose]]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all DNS rules configured for the GSS.
•rule_name—(Optional) Name of the DNS rule that you want to display statistics.
•verbose—(Optional) Allows you to display detailed statistics for the specified rule.
Table 13-8 describes the fields in the show statistics dns rule command output.
Table 13-8 Field Descriptions for the show statistics dns rule Command
Field
|
Description
|
Rule name
|
Names of the configured rules.
|
Hit Count
|
Number of times that the DNS rule processed a DNS request.
|
Success Count
|
Number of successful answer matches for the DNS rule.
|
Table 13-9 describes the fields in the show statistics dns rule rule_name verbose command output.
Table 13-9 Field Descriptions for the show statistics dns rule verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured DNS rule since the GSS was last started.
|
Total Success Count
|
Accumulated number of successful answer matches for the DNS rule.
|
Clause
|
Number of the balance clause in the DNS rule.
|
Hit Count
|
Number of times the DNS clause processed the DNS requests.
|
Success Count
|
Number of successful answer matches for the DNS clause.
|
Status
|
Status of the clause. The possible states are as follows:
•Active—Indicates that the clause is active.
•Suspended—Indicates that the clause is administratively suspended.
•Operational Suspend—Indicates that the GSS has suspended the clause because it was offline and the manual-reactivation option was enabled on the clause. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Id
|
Internal ID number of the answer in the DNS rule.
|
Address
|
Name of the answer. Depending on the type of answer, the GSS displays the following:
•VIP address of the answer (VIP-type answer)
•Interface or circuit address (CRA-type answer)
•IP address of the name server (Name Server-type answer)
|
Hit Count
|
Number of times that the answer has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying DNS Rule Statistics for all GSSs in the GSS Mesh
From the primary GSSM, you can display rule statistics for all of the online GSS devices in the GSS mesh by using the show statistics gss-mesh all dns rule command. For every online GSS, the primary GSSM displays the total hit counts and success counts for each configured DNS rule.
The syntax of this command is as follows:
show statistics gss-mesh all dns rule [rule_name]
The optional rule_name argument is the name of the DNS rule that you want to display statistics.
By default, the GSS devices send the primary GSSM statistical information every five minutes. Before using the show statistics gss-mesh all dns rule command, you can force the GSS devices in the mesh to send the primary GSSM their latest statistics by using the refresh-gssmesh-statistics command from the primary GSSM. This ensures that the primary GSSM displays the latest GSS mesh statistics.
The syntax of this command is as follows:
refresh-gssmesh-statistics
The CLI is unavailable for use for five seconds after using this command to give the primary GSSM enough time to receive and process the information. If network traffic is busy, the primary GSSM may not receive the information within the five seconds. If you use the show statistics gss-mesh all dns rule command before the primary GSSM receives the new information, the command output may not contain the latest statistical information.
Note Using the refresh-gssmesh-statistics command increases network traffic between the GSS devices in the mesh. For this reason, we recommend that you use this command only when an update is required.
Table 13-10 describes the fields in the show statistics gss-mesh all dns rule command output.
Table 13-10 Field Descriptions for the show statistics gss-mesh all dns rule Command
Field
|
Description
|
DNS rule name
|
Name of the DNS rule.
|
Total Hits
|
Accumulated hit count for the configured DNS rule since the GSS was last started.
|
Successful hits
|
Accumulated number of successful answer matches for the DNS rule.
|
Displaying Source Address Statistics
You can display the accumulated hit count for each configured source address by using the show statistics dns source-address command. The statistics also includes the per-second average hit count calculated during the last-minute, a 5-minute interval, a 30-minute interval, and a 4-hour interval.
The syntax of this command is as follows:
show statistics dns source-address [list | sa_name]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all source addresses configured for the GSS.
•sa_name—(Optional) Name of the source address that you want to display statistics.
Table 13-11 describes the fields in the show statistics dns source-address command output.
Table 13-11 Field Descriptions for the show statistics dns source-address Command
Field
|
Description
|
Src Address
|
IP address or CIDR address block of the client DNS proxy.
|
Total Hits
|
Total number of hits for the source address since the GSS was last started or statistics cleared.
|
1-Min
|
Averaged per second hit count for the source address, calculated during the last minute.
|
5-Min
|
Averaged per second hit count for the source address, calculated during the last 5-minute interval.
|
30-Min
|
Averaged per second hit count for the source address, calculated during the last 30-minute interval.
|
4-Hr
|
Averaged per second hit count for the source address, calculated during the last 4-hour interval.
|
Displaying Source Address List Statistics
You can display the total hit count for each configured source address list by using the show statistics dns source-address-list command. The statistics also include the last minute average, 5-minute average, 30-minute average, and 4-hour average of the hit counts.
The syntax of this command is as follows:
show statistics dns source-address-list [list | sa_list_name [verbose]]
The keywords and arguments are as follows:
•list—(Optional) Lists the names of all source addresses.
•sa_list_name—(Optional) Name of the source address list that you want to display statistics.
•verbose—(Optional) Allows you to display detailed statistics for each name in the source address list.
Table 13-12 describes the fields in the show statistics dns source-address-list command output.
Table 13-12 Field Descriptions for the show statistics dns source-address-list verbose Command
Field
|
Description
|
Total Hit Count
|
Accumulated hit count for the configured source address list since the GSS was last started or statistics cleared.
|
Source Address
|
IP address or CIDR address block of the client DNS proxy.
|
Hit Count
|
Number of times that the source address has been selected or matched in the DNS rule when the GSS processes a DNS request.
|
Displaying DNS Rule Sticky Statistics
You can display all DNS sticky lookups by DNS rule name by using the show statistics dns sticky rule command
Note You clear sticky statistics related to the DNS server component of the GSS by using the clear statistics dns command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax of this command is as follows:
show statistics dns sticky rule
Table 13-13 describes the fields in the show statistics dns sticky rule command output.
Table 13-13 Field Descriptions for the show statistics dns sticky rule Command
Field
|
Description
|
Rule
|
Name of the matched DNS rule.
|
Sticky Hit Count
|
Total number of lookups in the sticky database for the DNS rule.
|
Sticky Success Count
|
Total number of successful sticky answer matches for the DNS rule.
|
Displaying the Status of the DRP Agent on a GSS
You can display statistics on the Director Response Protocol (DRP) agent by using the show statistics drpagent command.
Note You clear statistics related to the DRP agent component of the GSS by using the clear statistics drpagent command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax of this command is as follows:
show statistics drpagent
Table 13-14 describes the fields in the show statistics drpagent command output.
Table 13-14 Field Descriptions for the show statistics drpagent Command
Field
|
Description
|
DRP agent enabled/disabled
|
DRP agent status, enabled or disabled.
|
director requests
|
Number of director requests.
|
successful measured lookups
|
Number of successful DRP measure requests received by the DRP agent from all of the GSSs.
|
packet failures returned
|
Number of packet failures returned.
|
successful echos
|
Number of successful DRP echo requests (DRP keepalives) received by the DRP agent from all of the GSSs.
|
path-rtt probe source port
|
Source port of the path probe packets from the DRP agent.
|
path-rtt probe destination port
|
Destination port of the path probe packets from the DRP agent.
|
tcp-rtt probe source port
|
Source port of the TCP probe packets from the DRP agent.
|
tcp-rtt probe destination port
|
Destination port of the TCP probe packets from the DRP agent.
|
Displaying DDoS Statistics on a GSS
This section describes the procedures you need to follow to display DDoS statistics from the CLI. It contains the following topics:
•Displaying DDoS Attack Statistics
•Displaying DDoS Anti-Spoofing Statistics
•Displaying DDoS Failed DNS Queries
•Displaying DDoS Rate-Limit Values
•Displaying DDoS Running Configuration
•Displaying DDoS Statistics
•Displaying the DDoS Status
Displaying DDoS Attack Statistics
You can display the DNS attacks detected by the GSS by using the show ddos attacks (from privileged EXEC mode) or show attacks (from ddos configuration mode) commands.
Note Before enabling the ddos configuration mode, ensure that you have the DDoS license installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax of this command is as follows:
show [ddos] attacks
The optional ddos keyword specifies the DDoS attacks when entering the command from the privileged EXEC mode.
Table 13-15 describes the fields in the show [ddos] attacks command output.
Table 13-15 Field Descriptions for the show [ddos] attacks Command
Field
|
Description
|
Total Attacks
|
Total number of DNS attacks detected by the GSS.
|
Reflection attack
|
Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.
|
Malformed DNS packet attacks
|
Attack in which the GSS is flooded with malformed DNS packets.
|
Failed Global Domain attacks
|
Failed domain counter provides a total for DNS queries that failed to match the global domain name.
|
Global Rate-limit exceeded attacks
|
Attack in which the maximum number of DNS requests the GSS receives from the D-proxy per second exceeds the global limit.
|
For example:
gssm1.example.com(config-ddos)# show attacks
Malformed DNS packet attacks :0
Failed Global Domain attacks :0
Global Rate-limit exceeded attacks :0
Displaying DDoS Anti-Spoofing Statistics
You can display the spoofed and trusted D-proxies on the GSS by using the show ddos dproxy (from privileged EXEC mode) or show dproxy (from ddos configuration mode) commands.
Note Before enabling the ddos configuration mode, ensure that you have the DDoS license installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax of this command is as follows:
show [ddos] dproxy [ipaddress | spoofed | trusted]
The keywords and arguments are as follows:
•ddos—(Optional) Specifies the DDoS spoofed and trusted D-proxies when entering the command from the privileged EXEC mode.
•ipaddress—(Optional) D-proxy IP address.
•spoofed—(Optional) Shows the spoofed D-proxies.
•trusted—(Optional) Shows the trusted D-proxies.
Table 13-16 describes the fields in the show ddos dproxy command output.
Table 13-16 Field Descriptions for the show [ddos] d-proxy Command
Field
|
Description
|
Dproxy Address
|
IP address of the D-proxy.
|
Spoofed/Nonspoofed
|
Spoofed or non-spoofed D-proxy.
|
Drops
|
Number of dropped packets due to anti-spoofing failure.
|
For example:
gssm1.example.com# show ddos dproxy 16.1.1.11
DPROXY ADDRESS SPOOFED/NONSPOOFED DROPS
---------- ------ ---------------
Displaying DDoS Failed DNS Queries
You can use the show ddos failed-dns (from privileged EXEC mode) or show failed-dns (from ddos configuration mode) commands to show the following:
•Last x number of domain names that caused failed DNS queries at the GSS
•Number of failed DNS queries per D-proxy
Failed DNS queries refer to DNS queries for a domain not configured on the GSS.
Note Before enabling the ddos configuration mode, ensure that the DDoS license has already been installed on the GSS. For more details, see the Cisco Global Site Selector Administration Guide.
The syntax of this command is as follows:
show [ddos] failed-dns {failed-domains | global-domain-rules |
gslb-rules}
The keywords and arguments are as follows:
•ddos—(Optional) Specifies the DDoS failed DNS queries when entering the command from the privileged EXEC mode.
•failed-domains—Shows the failed domain names due to a GSLB-rule mismatch.
Note Even if DDoS is disabled, you can use this option to list the failed domain names due to the GSLB-rule mismatch. The list is updated even if DDoS is disabled.
•global-domain-rules—Shows the number of failures due to a global domain mismatch.
•gslb-rules—Shows the number of failures due to a GSLB-rule mismatch.
Table 13-17 describes the fields in the show [ddos] failed-dns command output.
Table 13-17 Field Description for the show [ddos] failed-dns Command
Field
|
Description
|
Global domain check drops
|
Number of dropped packets as a result of a global domain name check.
|
Dproxy Address
|
IP address of the D-proxy.
|
Number of Failed DNS queries
|
Number of failed DNS queries as a result of a GSLB-rule check.
|
For example, enter:
gssm1.example.com# show ddos failed-dns failed-domains
gssm1.example.com# show ddos failed-dns global-domain-rules
Global domain check drops :4
gssm1.example.com# show ddos failed-dns gslb-rules
DPROXY ADDRESS NUMBER OF FAILED DNS QUERIES
---------- ----------------------------
Displaying DDoS Rate-Limit Values
You can display the rate limits per D-proxy and the number of packets dropped per source by using the show ddos rate-limit (from privileged EXEC mode) or show rate-limit (from ddos configuration mode) commands.
The syntax of this command is as follows:
show [ddos] rate-limit [ipaddress | global | unknown]
The keywords and arguments are as follows:
•ddos—(Optional) Specifies the DDoS rate limit when entering the command from the privileged EXEC mode.
•ipaddress—(Optional) IP address of the D-proxy.
•global—(Optional) Specifies the global rate limit on the GSS.
•unknown—(Optional) Specifies the unknown D-proxy rate limit on the GSS.
Table 13-18 describes the fields in the show [ddos] rate-limit command output.
Table 13-18 Field Descriptions for the show [ddos] rate-limit Command
Field
|
Description
|
Dproxy Address
|
IP address of the D-proxy.
|
Rate-limit
|
Maximum number of DNS requests that the GSS can receive from a D-proxy per second.
|
Applied Rate Limit
|
This value is based on the following:
rate-limit * scaling factor/100
|
Drops
|
Number of packets dropped because of the rate limit.
|
For example:
gssm1.example.com# show ddos rate-limit 16.1.1.11
Dproxy Address Rate-limit Applied Rate Limit Drops
---------- ------ --------------- -----
Displaying DDoS Running Configuration
You can display the contents of the DDos running configuration file by using the show ddos-config (from privileged EXEC or ddos configuration mode) command.
The syntax of this command is as follows:
show ddos-config
Table 13-19 describes the fields in the show ddos-config command output.
Table 13-19 Field Descriptions for the show ddos-config Command
Field
|
Description
|
enable
|
DDoS detection and mitigation module status, enabled or disabled.
|
rate-limit global
|
Global rate limit configured on the GSS.
|
tolerance factor
|
Helps determine the rate limit.
|
peacetime database
|
Peacetime database identifier.
|
global domain
|
Global domain name identifier.
|
dproxy trusted
|
D-proxy added or deleted from a trusted D-proxy database.
|
mitigation-rule response enable
|
Enables mitigation rules for the following DNS responses:
•Packets are dropped with a source port other than 53 and QR bit of 1 (response) when responses come from a source port other than 53.
•Packets are dropped with a destination port of 53 and a QR bit of 1 (response) when responses come to port 53.
|
mitigation-rule request enable
|
Enables mitigation rules for DNS requests in which packets are dropped with a source port equal to 53, but less than 1024, and a QR bit of 0 (request).
|
For example, enter:
gssm1.example.com# show ddos-config
tolerance-factor dproxy 2
global domain www.level1.com
mitigation-rule response enable
mitigation-rule request enable
Displaying DDoS Statistics
You can display DDoS statistics by using the show statistics ddos (from privileged EXEC mode), or show statistics (from ddos configuration mode) commands.
Note You clear statistics related to the DDoS detection and mitigation component of the GSS by using the clear statistics ddos command. See the "Clearing GSS Global Server Load-Balancing Statistics" section for details.
The syntax of this command is as follows:
show statistics [ddos] [attacks | global]
The keywords are as follows:
•ddos—(Optional) Specifies the DDoS statistics when entering the command from the privileged EXEC mode.
•attacks—(Optional) Displays attack statistics.
•global—(Optional) Displays global statistics.
Table 13-20 describes the fields in the show statistics ddos attacks command output.
Table 13-20 Field Descriptions for the show statistics ddos attacks Command
Field
|
Description
|
Total Attacks
|
Total number of DDoS attacks on the GSS.
|
Reflection attacks
|
Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.
|
Malformed DNS packet attacks
|
Attack in which the GSS is flooded with malformed DNS packets.
|
Failed Global Domain attacks
|
An attack in which the GSS is flooded with failed global domain attacks.
|
Global Rate-limit exceeded attacks
|
Attack in which the global rate-limit threshold has been exceeded.
|
For example, enter:
gssm1.example.com# show statistics ddos attacks
Malformed DNS packet attacks :0
Failed Global Domain attacks :0
Global Rate-limit exceeded attacks :0
Table 13-21 describes the fields in the show statistics ddos global command output.
Table 13-21 Field Descriptions for the show statistics ddos global Command
Field
|
Description
|
Total packets received
|
Packets received and handled by the GSS. The Total packets received counter is the sum of the legitimate counter and the malicious counter.
|
Total packets dropped
|
Packets that were identified by the GSS DDoS protection and mitigation functions as part of an attack and dropped.
|
Total Anti-spoofing triggered
|
Total number of packets that triggered the GSS anti-spoofing mechanism.
|
Total Validated DNS requests
|
Total number of packets successfully identified as part of an anti-spoofing attack.
|
Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation rate-limiting functions as part of an attack and dropped. The rate limit is the maximum number of DNS requests that the GSS can receive from the D-proxy per second.
|
Global Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation global rate-limiting function as part of an attack and dropped.
|
Unknown dproxies drops
|
An D-proxy that has not been classified as spoofed or non-spoofed by the DDoS protection and mitigation function is unknown. The DDoS function starts anti-spoofing for an unknown D-proxy. If the number of packets from unknown D-Proxies exceeds the specified rate limit, the unknown drops start.
|
Spoofed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an attack and dropped.
|
Malformed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as a malformed packet and dropped.
|
Mitigation rules drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as violating mitigation rules and dropped.
|
Global domain name drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as a global domain name and dropped.
|
Ongoing anti-spoofing drops
|
Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an ongoing attack and dropped.
|
For example, enter:
gssm1.example.com# show statistics ddos global
Total packets received :6
Total Anti-Spoofing triggered :0
Total Validated DNS requests :0
Dropped Packets Statistics:
-----------------------------
Global Rate limit drops :0
Unknown dproxies drops :0
Malformed packet drops :0
Ongoing anti-spoofing drops :0
Displaying the DDoS Status
You can display DDoS status by using the show ddos status (from privileged EXEC mode) or show status (from ddos configuration mode) commands.
The syntax of this command is as follows:
show [ddos] status
The optional ddos keyword specifies the DDoS status when entering the command from the privileged EXEC mode.
Table 13-22 describes the fields in the show ddos status command output.
Table 13-22 Field Description for the show [ddos] status Command
Field
|
Description
|
DDoS Status
|
Status of the DDoS detection and mitigation module in the GSS, either enabled or disabled.
|
For example, enter:
gss1.yourdomain.com# show ddos status
Displaying the Status of Keepalives on a GSS
The keepalive engine on each GSS device monitors the current online status of the configured keepalives managed by the GSS. You can display statistics for all keepalive types on your network, or limit statistics to a specific keepalive type, such as CRA, HTTP HEAD, ICMP, KAL-AP, name server, or TCP.
Use the show statistics keepalive command option to display statistics about the health of your GSS keepalives globally or by keepalive type.
This section contains the following topics:
•Displaying CRA Keepalive Statistics
•Displaying Global Keepalive Statistics
•Displaying HTTP HEAD Keepalive Statistics
•Displaying ICMP Keepalive Statistics
•Displaying KAL-AP Keepalive Statistics
•Displaying Scripted Keepalive Statistics
•Displaying Name Server Keepalive Statistics
•Displaying TCP Keepalive Statistics
•Displaying Keepalive Answer Type Statistics
Displaying CRA Keepalive Statistics
You can display statistics for configured content routing agent (CRA) keepalive types managed by the GSS and used with boomerang-type answers by using the show statistics keepalive cra command.
The syntax of this command is as follows:
show statistics keepalive cra {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured CRA-type keepalives.
•list—Lists all available IP addresses.
Table 13-23 describes the fields in the show statistics keepalive cra all command output.
Table 13-23 Field Descriptions for the show statistics keepalive cra all Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
Name assigned to the answer.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
One Way Delay
|
One-way delay time, in milliseconds, used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying Global Keepalive Statistics
You can display all keepalive statistics managed by the GSS device by using the show statistics keepalive global command.
The syntax of this command is as follows:
show statistics keepalive global
Table 13-24 describes the fields in the show statistics keepalive global command output.
Table 13-24 Field Descriptions for the show statistics keepalive global
Command
Field
|
Description
|
ICMP Probe Success Count
|
Number of ICMP queries sent to the answer that resulted in a successful response.
|
ICMP Probe Failure Count
|
Number of ICMP queries sent to the answer that resulted in a failure.
|
ICMP 'echo request' packets sent
|
Number of ICMP echo request messages sent to the answer.
|
ICMP 'echo reply' packets received
|
Number of ICMP echo reply messages received by the GSS from the answer.
|
Configured ICMP Probe Count
|
Number of configured ICMP probes sent to the answer.
|
ONLINE ICMP Probe Count
|
Number of ICMP probes sent to the answer that returned an Online state for the keepalive.
|
OFFLINE ICMP Probe Count
|
Number of ICMP probes sent to the answer that returned an Offline state for the keepalive.
|
SUSPENDED ICMP Probe Count
|
Number of ICMP probes sent to the answer that returned a Suspended state for the keepalive.
|
INIT ICMP Probe Count
|
Number of ICMP probes sent to the answer that returned an Init state for the keepalive.
|
DNS Probe Success Count
|
Number of DNS request probes sent by the GSS that resulted in a successful response.
|
DNS Probe Failure Count
|
Number of DNS request probes sent by the GSS that resulted in a failure.
|
DNS packets sent
|
Number of DNS request packets sent by the GSS.
|
DNS packets received
|
Number of DNS request packets received by the GSS.
|
Configured DNS Probe Count
|
Number of DNS request probes sent by the GSS.
|
ONLINE DNS Probe Count
|
Number of DNS request probes sent that returned an Online state for the keepalive.
|
OFFLINE DNS Probe Count
|
Number of DNS request probes that returned an Offline state for the keepalive.
|
SUSPENDED DNS Probe Count
|
Number of DNS request probes sent that returned a Suspended state for the keepalive.
|
INIT DNS Probe Count
|
Number of DNS request probes sent that returned an Init state for the keepalive.
|
KAL-AP Probe Success Count
|
Number of KAL-AP queries sent to the answer that resulted in a successful response.
|
KAL-AP Probe Failure Count
|
Number of KAL-AP queries sent to the answer that resulted in a failure.
|
KAL-AP packets sent
|
Number of KAL-AP packets sent to the answer.
|
KAL-AP packets received
|
Number of KAL-AP packets received by the GSS from the answer.
|
Configured KAL-AP Probe Count
|
Number of configured KAL-AP probes sent to the answer.
|
ONLINE KAL-AP Probe Count
|
Number of KAL-AP probes sent to the answer that returned an Online state for the keepalive.
|
OFFLINE KAL-AP Probe Count
|
Number of KAL-AP probes sent to the answer that returned an Offline state for the keepalive.
|
SUSPENDED KAL-AP Probe Count
|
Number of KAL-AP probes sent to the answer that returned a Suspended state for the keepalive.
|
INIT KAL-AP Probe Count
|
Number of KAL-AP probes sent to the answer that returned an Init state for the keepalive.
|
CRA Probe Success Count
|
Number of CRA queries sent to the answer that resulted in a successful response.
|
CRA Probe Failure Count
|
Number of CRA queries sent to the answer that resulted in a failure.
|
CRA packets sent
|
Number of CRA packets sent to the answer.
|
CRA packets received
|
Number of CRA packets received by the GSS from the answer.
|
Configured CRA Probe Count
|
Number of configured CRA probes sent to the answer.
|
ONLINE CRA Probe Count
|
Number of CRA probes sent to the answer that returned an Online state for the keepalive.
|
OFFLINE CRA Probe Count
|
Number of KAL-AP probes sent to the answer that returned an Offline state for the keepalive.
|
SUSPENDED CRA Probe Count
|
Number of KAL-AP probes sent to the answer that returned a Suspended state for the keepalive.
|
INIT CRA Probe Count
|
Number of KAL-AP probes sent to the answer that returned an Init state for the keepalive.
|
HTTP-HEAD Probe Success Count
|
Number of HTTP-HEAD queries sent to the answer that resulted in a successful response.
|
HTTP-HEAD Probe Failure Count
|
Number of HTTP-HEAD queries sent to the answer that resulted in a failure.
|
HTTP-HEAD packets sent
|
Number of HTTP-HEAD packets sent to the answer.
|
HTTP-HEAD packets received
|
Number of HTTP-HEAD packets received by the GSS from the answer.
|
Configured HTTP-HEAD Probe Count
|
Number of configured HTTP-HEAD probes sent to the answer.
|
ONLINE HTTP-HEAD Probe Count
|
Number of HTTP-HEAD probes sent to the answer that returned an Online state for the keepalive.
|
OFFLINE HTTP-HEAD Probe Count
|
Number of HTTP-HEAD probes sent to the answer that returned an Offline state for the keepalive.
|
SUSPENDED HTTP-HEAD Probe Count
|
Number of HTTP-HEAD probes sent to the answer that returned a Suspended state for the keepalive.
|
INIT HTTP-HEAD Probe Count
|
Number of HTTP-HEAD probes sent to the answer that returned an Init state for the keepalive.
|
TCP Probe Success Count
|
Number of TCP queries sent to the answer that resulted in a successful response.
|
TCP Probe Failure Count
|
Number of TCP queries sent to the answer that resulted in a failure.
|
TCP packets sent
|
Number of TCP packets sent to the answer.
|
TCP packets received
|
Number of TCP packets received by the GSS from the answer.
|
Configured TCP Probe Count
|
Number of configured TCP probes sent to the answer.
|
ONLINE TCP Probe Count
|
Number of TCP probes sent to the answer that returned an Online state for the keepalive.
|
OFFLINE TCP Probe Count
|
Number of TCP probes sent to the answer that returned an Offline state for the keepalive.
|
SUSPENDED TCP Probe Count
|
Number of TCP probes sent to the answer that returned a Suspended state for the keepalive.
|
INIT TCP Probe Count
|
Number of TCP probes sent to the answer that returned an Init state for the keepalive.
|
Total Configured Probe Count
|
Total number of configured keepalive probes.
|
Displaying HTTP HEAD Keepalive Statistics
You can display statistics for configured HTTP HEAD keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive http-head command.
The syntax of this command is as follows:
show statistics keepalive http-head {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured HTTP HEAD-type keepalives.
•list—Lists all available IP addresses.
Table 13-25 describes the fields in the show statistics keepalive http-head all command output.
Table 13-25 Field Descriptions for the show statistics keepalive http-head all Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Keepalive Type
|
Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.
|
Destination Port
|
Port on the remote device receiving the HTTP HEAD-type keepalive request from the GSS.
|
HTTP Path
|
Default path that is relative to the server website being queried in the HTTP HEAD request.
|
Host Tag
|
Domain name that is sent to the VIP as part of the HTTP HEAD query in the Host tag field of the shared keepalive configuration.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying ICMP Keepalive Statistics
You can display statistics for configured ICMP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive icmp command.
The syntax of this command is as follows:
show statistics keepalive icmp {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured ICMP-type keepalives.
•list—Lists all available IP addresses.
Table 13-26 describes the fields in the show statistics keepalive icmp all command output.
Table 13-26 Field Descriptions for the show statistics keepalive icmp all Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Keepalive Type
|
Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying KAL-AP Keepalive Statistics
You can display statistics for configured KAL-AP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive kalap command.
The syntax of this command is as follows:
show statistics keepalive kalap {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured KAL-AP-type keepalives.
•list—Lists all available IP addresses.
Table 13-27 describes the fields in the show statistics keepalive kalap all command output.
Table 13-27 Field Descriptions for the show statistics keepalive kalap all
Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Keepalive Type
|
The Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.
|
Tag
|
Alphanumeric tag associated with the VIP in the KAL-AP request.
|
Primary Circuit
|
Primary (master) IP address.
|
Secondary Circuit
|
Secondary (backup) IP address.
|
Load
|
Load threshold value used to determine whether an answer is available, regardless of the balance method used.
|
Circuit Transitions
|
Number of times that the circuit changed state.
|
VIP Failovers
|
Number of times the VIP switched to or from the primary DNS server and the secondary DNS server.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying Scripted Keepalive Statistics
You can display statistics for configured Scripted keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive scripted-kal command.
The syntax of this command is as follows:
show statistics keepalive scripted-kal {name | all | list}
The keywords and arguments are as follows:
•name—Keepalive name for which you wish to display detailed statistical information.
•all—Displays detailed statistical information for all configured Scripted keepalives.
•list—Displays only the load and online/offline status of the answers that are being monitored by the Scripted keepalives using the use-load option of the keepalive type scripted-kal command.
Table 13-28 describes the fields in the show statistics keepalive scripted-kal all command output.
Table 13-28 Field Descriptions for the show statistics keepalive scripted-kal all Command
Field
|
Description
|
Kal Name
|
Name of the applicable keepalive.
|
SLB Address
|
IP address of the SLB.
|
OID
|
SNMP request sent for this OID. There are two types of OIDs: scalar and vector. For a scalar-type OID, the filter is not necessary, while for a vector-type, it is a requirement.
When you query for the vector OID, you get all the information in the table that describes all of the VIPs configured at the target device. In this data, the load information for some VIPs configured at the GSS is the only information of real value, however.
|
VIP Address
|
Address of the VIP.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Load
|
Load threshold value used to determine whether an answer is available, regardless of the balance method used.
|
Community Name
|
SNMP community name defined at the target device.
|
Filter
|
Required entry when fetching load information for some VIPs configured at the GSS. For example, the following CLI commands shows how the filter is specified in the form of an address-filter and load filter:
(config-gslb)# shared-keepalive scripted-kal
kal-name CSS1-VIP-STATUS-TABLE
snmp-mib-not-indexed-by-vip slb-address
1.1.1.1 oid 1.3.6.1.4.1.9.9.161.1.4 community
public filter
9.9.161.1.4.1.1.4,9.9.161.1.4.1.1.17
(config-gslb)# shared-keepalive scripted-kal
kal-name CSS1-VIP-STATUS-TABLE
snmp-mib-indexed-by-vip slb-address 1.1.1.1
oid 1.3.6.1.4.1.9.9.161.1.3.1 community
public filter 9.9.161.1.3.1.1.4
|
Scripted Kal Type
|
Type of Scripted keepalive. The potential types are cisco-slb, f5-slb, snmp-mib-indexed-by-vip, snmp-mib-not-indexed-by-vip, and snmp-scalar.
|
No. of Execution
|
Number of times that the script is executed.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
VIP GID
|
VIP Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Keepalive GID
|
Global ID number of the keepalive.
|
Displaying Name Server Keepalive Statistics
You can display statistics for configured name server (NS) keepalive types managed by the GSS and used with name server type answers by using the show statistics keepalive ns command.
The syntax of this command is as follows:
show statistics keepalive ns {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured name server-type keepalives.
•list—Lists all available IP addresses.
Table 13-29 describes the fields in the show statistics keepalive ns all command output.
Table 13-29 Field Descriptions for the show statistics keepalive ns all
Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Domain
|
Globally defined domain name that the GSS queries when utilizing the NS keepalive.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying TCP Keepalive Statistics
You can display statistics for configured TCP keepalive types managed by the GSS and used with VIP-type answers by using the show statistics keepalive tcp command.
The syntax of this command is as follows:
show statistics keepalive tcp {ip_address | all | list}
The keywords and arguments are as follows:
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured TCP-type keepalives.
•list—Lists all available IP addresses.
Table 13-30 describes the fields in the show statistics keepalive tcp all command output.
Table 13-30 Field Descriptions for the show statistics keepalive tcp all
Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, and Suspended.
|
Keepalive Type
|
Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.
|
Destination Port
|
Port on the remote device receiving the TCP keepalive request.
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
GID
|
Global ID number used by the GSS.
|
LID
|
Local ID number used by the GSS.
|
Displaying Keepalive Answer Type Statistics
You can display statistics for configured keepalive answers of type CRA, NS, and VIP, managed by the GSS by using the show statistics keepalive answer type command. The list that appears also includes statistics for multiple keepalives if assigned for a single VIP answer.
The syntax of this command is as follows:
show statistics keepalive answer type {cra | ns | vip {ip_address | all | list}}
The keywords and arguments are as follows:
•cra—Specifies the CRA keepalive type.
•ns—Specifies the NS keepalive type.
•vip—Specifies the VIP keepalive type.
•ip_address—IP address to display keepalive statistics.
•all—Displays all configured TCP-type keepalives.
•list—Lists all available IP addresses.
Table 13-31 describes the fields in the show statistics keepalive answer type command output.
Table 13-31 Field Descriptions for the show statistics keepalive answer type
Command
Field
|
Description
|
IP
|
IP address of the answer resource probed by the GSS.
|
GID
|
Global ID number used by the GSS.
|
Keepalive
|
IP address of the keepalive target.
|
Status
|
State of the keepalive. The possible states are Online, Offline, Init, Suspended, and Operational Suspend.
The Operational Suspend state indicates that the GSS has suspended the keepalive because the answer was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
|
Keepalive Type
|
The keepalive type (ICMP, TCP, HTTP HEAD, or KAL-AP) and the Standard or Fast KAL-AP keepalive transmission rate used to define the failure detection time for the GSS.
|
Destination Port
|
Port on the remote device receiving the keepalive request.
|
Termination method
|
The method that the GSS used to initiate closing of a connection (graceful or reset).
|
Packets Sent
|
Total number of keepalive packets sent to the answer by the GSS.
|
Packets Received
|
Total number of keepalive packets received by the GSS from the answer.
|
Positive Probe
|
Total number of keepalive probes sent to the answer that resulted in a positive (OK) response.
|
Negative Probe
|
Total number of keepalive probes sent to the answer that resulted in a negative response.
|
Transitions
|
Total number of keepalive transitions (for example, from Init to Online state) experienced by the keepalive.
|
Displaying Network Proximity Statistics on a GSS
The proximity component displays statistics about the network proximity of your GSS device. Network proximity statistics include information about the proximity database on the GSS device, individual zones, probing requests, and RTT coverage.
This section contains the following topics:
•Displaying DNS Rule Proximity Statistics
•Displaying Proximity Database Statistics
•Displaying Proximity Group Statistics
•Displaying Proximity Lookup Statistics
•Displaying Proximity Probe Transfer Statistics
•Displaying Proximity Status
•Displaying Proximity Group Configuration
•Displaying Proximity Database Status
Displaying DNS Rule Proximity Statistics
You can display all proximity lookups by DNS rule name by using the show statistics dns proximity rule command.
The syntax of this command is as follows:
show statistics dns proximity rule
Table 13-32 describes the fields in the show statistics dns proximity rule command output.
Table 13-32 Field Descriptions for the show statistics dns proximity rule Command
Field
|
Description
|
ProxRule
|
Name of the matched DNS rule.
|
Proximity Hit Count
|
Number of DNS requests that match the DNS rule.
|
Proximity Success Count
|
Number of DNS responses successfully returned with a proximate answer for the DNS rule.
|
Displaying Proximity Database Statistics
You can display the overall statistics on the proximity database by using the show statistics proximity database command. Statistics include the number of entries currently in the proximity database, the number of entries dropped, and the rate of lookups.
The syntax of this command is as follows:
show statistics proximity database
Table 13-33 describes the fields in the show statistics proximity database command output.
Table 13-33 Field Descriptions for the show statistics proximity database
Command
Field
|
Description
|
Number of Entries in Use
|
Number of entries currently in the proximity database.
|
Number of Add Entries Dropped
|
Number of entry creation requests that the GSS dropped because the proximity database limit had been reached.
|
Max Number of Entries Used
|
Maximum number of entries used in the proximity database.
|
Max Number of Entries Allowed
|
Maximum number of entries that the proximity database can hold (500,000 entries).
|
Number of Database Dump Started
|
Number of times the GSS initiated a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps.
|
Number of Database Dump Completed
|
Number of times the GSS completed a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps.
|
Number of Database Dump Failed
|
Number of times the GSS failed to perform a proximity database dump, including user-initiated database dumps and periodic system-initiated database dumps.
|
Last Database Dump Started Time
|
The last time the GSS started a proximity database dump.
|
Last Database Dump Failed Time
|
The last time the GSS failed to complete a proximity database dump.
|
Number of Database Cleanup Started
|
Number of times the GSS initiated a database cleanup to remove the least recently used entries from the proximity database.
|
Number of Database Cleanup Completed
|
Number of times the GSS completed a database cleanup to remove the least recently used entries from the proximity database.
|
Number of Database Cleanup Failed
|
Number of times the GSS failed to cleanup the least recently used entries from the proximity database.
|
Last Database Cleanup Started Time
|
The last time the GSS started the database cleanup process.
|
Last Database Cleanup Failed Time
|
The last time the GSS failed to complete the database cleanup process.
|
Displaying Proximity Group Statistics
You can display a summary of statistics for all configured proximity groups by using the show statistics proximity group-summary command.
The syntax of this command is as follows:
show statistics proximity group-summary
This command displays the proximity statistics to the console only if the number of proximity groups is less than 1000. If the number of proximity groups is more than 1000, an error message displays asking you to execute the proximity statistics group-summary dump command.
The syntax of this command is as follows:
proximity statistics group-summary dump filename
The filename argument is name of the text file in which you want the GSS to dump the group summary statistics. After creating the file, you can use the type filename command to display its contents.
Table 13-34 describes the fields in the show statistics proximity group-summary command output.
Table 13-34 Field Descriptions for the show statistics proximity group-summary Command
Field
|
Description
|
Group Name
|
Unique alphanumeric name of the proximity group.
|
Target IP
|
Probe target IP address used by the proximity group, displayed in dotted-decimal notation.
|
Total Entries
|
Total number of D-proxy IP address and subnet mask pairs contained in the proximity group.
|
Total Hits
|
Accumulated hit count for all entries in the proximity group. Increments when a match occurs for any proximity group entry in the group.
|
You can display statistics for a specific proximity group by using the show statistics proximity group-name command.
The syntax of this command is as follows:
show statistics proximity group-name groupname
The groupname argument specifies the exact name of a proximity group in order to display all proximity database entries related to that group.
Table 13-35 describes the fields in the show statistics proximity group-name command output.
Table 13-35 Field Descriptions for the show statistics proximity group-name Command
Field
|
Description
|
Group Name
|
Unique alphanumeric name of the proximity group.
|
Total Entries
|
Total number of D-proxy IP addresses or block of IP addresses included in the proximity group.
|
Target IP
|
Probe target IP address used by the proximity group, displayed in dotted-decimal notation.
|
Address
|
D-proxy IP address included in the proximity group.
|
Prefix
|
Subnet mask used to specify the block of IP addresses included in the proximity group, displayed as an integer (for example, 24 or 32).
|
Hit Counts
|
Increments when a match occurs for this proximity group entry.
|
Last Hit Time
|
Last time the hit count incremented due to an entry match.
|
Displaying Proximity Lookup Statistics
You can display statistics about the proximity lookups that have occurred on this GSS by using the show statistics proximity lookup command.
The syntax of this command is as follows:
show statistics proximity lookup
Table 13-36 describes the fields in the show statistics proximity lookup command output.
Table 13-36 Field Descriptions for the show statistics proximity lookup
Command
Field
|
Description
|
Total lookup requests
|
Total number of proximity lookup requests made to the proximity database.
|
Database entry not found
|
Number of times the GSS was unable to locate a proximate answer in the database.
|
Partial RTT data returned
|
Number of times that only partial round-trip time (RTT) data was returned to the DNS service by the proximity subsystem.
|
Current lookup request rate
|
Current request rate per second that requests are made by the DNS service to perform a proximity lookup in the database.
|
Peak lookup request rate
|
Peak request rate per second that requests are made by the DNS service to perform a proximity lookup in the database.
|
Lookup failed due to database full
|
Number of times the GSS was unable to complete a proximity lookup because the database exceeded the maximum number of entries.
|
Last database full happened
|
Last time the proximity database was full.
|
Displaying Proximity Probe Transfer Statistics
You can display general probe success and failure counts by using the show statistics proximity probes command.
The syntax of this command is as follows:
show statistics proximity probes
Table 13-37 describes the fields in the show statistics proximity probes command output.
Table 13-37 Field Descriptions for the show statistics proximity probes Command
Field
|
Description
|
Authentication
|
Indicates whether the GSS performs DRP authentication when exchanging packets with the DRP agent in a proximity probing agent. States are Enabled and Disabled.
|
Echo Rx
|
Number of DRP echo responses received by the GSS from all configured proximity probing agents.
|
Echo Tx
|
Number of DRP echo requests sent by the GSS to all configured proximity probing agents.
|
Measure Rx
|
Number of DRP measured requests received by the GSS from all configured proximity probing agents.
|
Measure Tx
|
Number of DRP measured requests sent by the GSS to all configured proximity probing agents.
|
Pkts Rx
|
Total number of DRP packets received by the GSS from all configured proximity probing agents.
|
Pkts Tx
|
Number of DRP packets sent by the GSS to all configured proximity probing agents.
|
You can display detailed statistics for the ICMP and TCP probes relative to all configured zones by using the show statistics proximity probes detailed command. This command also displays the operating status of the primary and secondary proximity probing agents (ONLINE or OFFLINE).
The syntax of this command is as follows:
show statistics proximity probes detailed
Table 13-38 describes the fields in the show statistics proximity probes detailed command output.
Table 13-38 Field Descriptions for the show statistics proximity probes detailed Command
Field
|
Description
|
Zone ID
|
Numerical identifier of the proximity zone.
|
Zone Name
|
Name of the proximity zone.
|
Authentication
|
Indicates whether the GSS performs DRP authentication when exchanging packets with the DRP agent in a proximity probing agent.
|
Primary
|
IP address of the primary proximity probing agent servicing this zone and the status of the proximity probing agent (ONLINE or OFFLINE).
|
Secondary
|
IP address of the backup proximity probing agent servicing this zone and the status of the proximity probing agent (ONLINE or OFFLINE).
|
Echo Rx
|
Number of DRP echo responses received by the GSS from all configured proximity probing agents.
|
Echo Tx
|
Number of DRP echo requests sent by the GSS to all configured proximity probing agents.
|
Measure Rx
|
Number of DRP measured requests received by the GSS from all configured proximity probing agents.
|
Measure Tx
|
Number of DRP measured requests sent by the GSS to all configured proximity probing agents.
|
Pkts Rx
|
Total number of DRP packets received by the GSS from the proximity probing agent in the proximity zone.
|
Pkts Tx
|
Number of DRP packets sent by the GSS to the proximity probing agent in the proximity zone.
|
Pkts Rx Rate
|
Current received request rate per second.
|
Pkts Tx Rate
|
Current transmitted request rate per second.
|
Peak Rx Rate
|
Peak received request rate per second.
|
Peak Tx Rate
|
Peak transmitted request rate per second.
|
Displaying Proximity Status
You can display general status information about the proximity subsystem by using the show proximity command.
The syntax of this command is as follows:
show proximity
Table 13-39 describes the fields in the show proximity command output.
Table 13-39 Field Descriptions for the show proximity Command
Field
|
Description
|
Proximity subsystem status
|
Current operating status of the Proximity subsystem component.
|
Proximity database dump interval
|
Time period between automatic proximity database dumps performed by the GSS.
|
Proximity database age-out interval
|
Time period between checks by the GSS to verify when the user-configured entry inactivity timeout value elapses.
|
Displaying Proximity Group Configuration
You can display a summary of all configured proximity groups by using the show proximity group-summary command.
The syntax of this command is as follows:
show proximity group-summary
This command displays the configuration output to the console only if the number of proximity elements, or IP blocks, is less than 1000. (This value is not configurable). If the number of proximity elements is more than 1000, an error message displays asking you to execute the proximity group-summary dump command.
The syntax of this command is as follows:
proximity group-summary dump filename
The filename argument is name of the text file in which you want the GSS to dump the group summary statistics. After creating the file, you can use the type filename command to display its contents.
Table 13-40 describes the fields in the show proximity group-summary command output.
Table 13-40 Field Descriptions for the show proximity group-summary Command
Field
|
Description
|
Name
|
Unique alphanumeric name of the proximity group.
|
Address Blocks
|
IP address block of the proximity group, specified in dotted-decimal notation.
|
You can display the configuration of a specific proximity group by using the show proximity group-name command.
The syntax of this command is as follows:
show proximity group-name groupname
The groupname argument specifies the exact name of a proximity group in order to display all proximity entries related to that group.
Table 13-41 describes the fields in the show proximity group-name command output.
Table 13-41 Field Descriptions for the show proximity group-name Command
Field
|
Description
|
Name
|
Unique alphanumeric name of the proximity group.
|
Address Blocks
|
IP address block of the proximity group, specified in dotted-decimal notation.
|
Displaying Proximity Database Status
You can display the proximity database entries by specifying one or more entry matching criteria by using the show proximity database command.
The syntax of this command is as follows:
show proximity database {all | assigned | group {name} | inactive minutes | ip {ip-address} netmask {netmask} | no-rtt | probed}
The keywords and arguments are as follows:
•all—Displays all entries in the proximity database.
•assigned—Displays all static entries in the proximity database.
•group name—Displays all entries that belong to a named proximity group. Specify the exact name of a previously created proximity group.
•inactive minutes—Displays all dynamic entries that have been inactive for a specified time. Valid values are 0 to 43200 minutes.
•ip ip-address netmask netmask—Displays all proximity entries related to a D-proxy IP address and subnet mask. Specify the IP address of the requesting client's D-proxy in dotted-decimal notation (for example, 192.168.9.0) and specify the subnet mask in dotted-decimal notation (for example, 255.255.255.0).
•no-rtt—Displays all entries in the PDB that do not have valid RTT values.
•probed—Displays all dynamic entries in the PDB.
To display entries related to the D-proxy IP address 192.168.8.0 and subnet mask 255.255.255.0, enter:
gss1.example.com# show proximity database ip 192.168.8.0 255.255.255.0
Displaying DNS Sticky Statistics on a GSS
The sticky component displays statistics about the sticky operation of your GSS device. Sticky statistics include information about DNS sticky lookups by DNS rule name, entries in the sticky database on the GSS device, global sticky status and statistics, operating status and statistics on GSS peers in the sticky mesh, and sticky group status.
This section contains the following topics:
•Displaying DNS Rule Sticky Statistics
•Displaying Sticky Statistics
•Displaying Global Sticky Statistics
•Displaying Global Sticky Mesh Statistics
•Displaying Sticky Group Statistics
•Displaying the Sticky Status
•Displaying the Sticky Database Status
•Displaying the Global Sticky Operating Status
•Displaying Global Sticky Mesh Operating Status
•Displaying Sticky Group Configuration
Displaying DNS Rule Sticky Statistics
You can display all DNS sticky lookups by DNS rule name by using the show statistics dns sticky rule command.
The syntax of this command is as follows:
show statistics dns sticky rule
Table 13-42 describes the fields in the show statistics dns sticky rule command output.
Table 13-42 Field Descriptions for the show statistics dns sticky rule
Command
Field
|
Description
|
Rule
|
Name of the matched DNS rule.
|
Hits
|
Total number of successful lookups in the sticky database for the sticky database entry.
|
Misses
|
Total number of failed lookups in the sticky database for the DNS rule.
|
Additions
|
Total number of times that a request matched on a DNS rule, resulting in the GSS adding an entry to the sticky database.
|
Displaying Sticky Statistics
You can display general statistics about the sticky database by using the show statistics sticky command. This includes statistics such as the total number of hits and misses in the sticky database, number of entries in the sticky database, and total number of lookups.
The syntax of this command is as follows:
show statistics sticky
Table 13-43 describes the fields in the show statistics sticky command output.
Table 13-43 Field Descriptions for the show statistics sticky Command
Field
|
Description
|
Current entry count
|
Current number of entries in the sticky database.
|
Highest entry count
|
Maximum number of entries in the sticky database since the last time sticky was enabled or the sticky statistics were cleared.
|
Total Lookups
|
Total number of lookups in the sticky database.
|
Hits
|
Number of successful lookups in the sticky database.
|
Misses
|
Number of failed lookups in the sticky database.
|
Addition success
|
Number of addition requests for the sticky database that succeeded.
|
Addition fail
|
Number of addition requests for the sticky database that failed. The sticky database will not accept further addition requests when the database is full, you stop DNS sticky through the sticky stop CLI command, or there has been an internal error.
|
Modification success
|
Number of answer modification requests that succeeded.
|
Modification fail
|
Number of answer modification requests that failed.
|
Timeouts
|
Number of entries removed from the sticky database because the answer exceeded the user-configured Entry Inactivity Timeout value.
|
Reclaimed
|
Number of entries removed from the sticky database due to an overflow.
|
CLI deletions local
|
Number of entries manually deleted from the sticky database through the sticky database delete CLI command, entered on the local GSS node.
|
CLI deletions remote
|
Number of entries manually deleted from the sticky database through the sticky database delete CLI command, entered on a GSS peer.
|
Displaying Global Sticky Statistics
You can display a summary of counter statistics for global sticky messaging between the local GSS node and its GSS peers by using the show statistics sticky global command.
The syntax of this command is as follows:
show statistics sticky global
The show statistics sticky global command output is divided into two sets of global sticky message statistics:
•Individual sticky database entry operations performed by the local GSS node
•Sticky database messages sent or received by the local GSS node to or from its GSS peers.
Table 13-44 describes the fields in the show statistics sticky global command output.
Table 13-44 Field Descriptions for the show statistics sticky global
Command
Field
|
Description
|
Entry Type
|
Statistics on sticky database entry operations performed by the local GSS node.
|
Send OK
|
Sticky database entry messages transmitted by the local GSS node without a failure.
|
Send Fail
|
Sticky database entry messages transmitted by the local GSS node with errors.
|
Received
|
Sticky database entry messages received by the local GSS node from GSS peers.
|
Add
|
Number of new entries added to the sticky database of the local GSS node.
|
Modify
|
Number of sticky database entries modified by the local GSS node due to a keepalive failure.
|
Lookup Fast
|
Number of sticky database entries in the local GSS node that had their sticky inactivity time reset to an initial value because the GSS performed a fast lookup. A GSS performs a fast lookup when adding new entries to the sticky database, deleting entries from the sticky database, or when the sticky expiration time is less than 5 minutes.
|
Lookup Slow
|
Number of sticky database entries in the local GSS node that had their sticky inactivity time reset to an initial value because the GSS performed a slow lookup. A GSS performs a slow lookup when the sticky expiration time is greater than 5 minutes.
|
Remove
|
Number of entries removed from the sticky database of the local GSS node through the sticky database delete command. Entries removed by the sticky database delete all command are reflected in the Remove All field (see below).
|
Add Sync
|
Number of entries added to the sticky database of the local GSS node due to the result of a peer synchronization, not a normal DNS client request.
|
Message Type
|
Statistics on sticky database messages sent or received by the local GSS node.
|
Send OK
|
Messages transmitted by the local GSS node without a failure.
|
Send Fail
|
Messages transmitted by the local GSS node with errors.
|
Received
|
Messages received by the local GSS node from GSS peers.
|
Add
|
Number of Add entry type messages sent or received by the local GSS node.
|
Modify
|
Number of Modify entry type messages sent or received by the local GSS node.
|
Lookup Fast
|
Number of Lookup Fast entry type messages sent or received by the local GSS node.
|
Lookup Slow
|
Number of Lookup Slow entry type messages sent or received by the local GSS node.
|
Remove
|
Number of Remove messages sent or received by the the local GSS node.
|
Add Sync
|
Number of Add Sync entry type messages sent or received by the local GSS node.
|
Remove All
|
Number of times the sticky database delete all command has been entered on the local GSS node to delete all entries from the sticky database. The Remove All count includes the number of Remove All messages sent and received by the local GSS node.
|
Request Db
|
Number of times the local GSS node sent a Request Db message to a GSS peer or received a Request Db message from a GSS peer, requesting to share the contents of its sticky database upon startup.
|
Ack RequestDb
|
Number of times the local GSS node sent an Ack RequestDb message to a GSS peer or received an Ack RequestDb message from a GSS peer to acknowledge that it received a request to share the contents of its sticky database upon startup.
|
Refuse Db Req
|
Number of times the local GSS node sent a Refuse Db Req message to a GSS peer or received a Refuse Db Req message from a GSS peer, indicating a refusal to share the contents of its sticky database upon startup. A GSS, typically, refuses to share the contents of its local database while in the process of performing a database synchronization.
|
Sync Start
|
Number of times the Sync Start message has been sent or received by the local GSS node. The GSS uses the Sync Start message to lock out certain critical functions (such as the use of the sticky database delete command) while any GSS within the mesh is performing a synchronization. When the Sync Start message arrives, the GSS blocks all sticky database entry deletions until it either receives the Sync Done message or an internal timer expires.
|
Sync Done
|
Number of times the Sync Done message has been sent or received by the local GSS node. The GSS uses the Sync Done message to lock out certain critical functions (such as the use of the sticky database delete command) while any GSS within the mesh is performing a synchronization.
|
Version mis-match
|
Error message indicating the number of times the local GSS node was unable to communicate with a peer due to different versions of GSS software.
|
Clock Out Of Sync
|
Error message indicating the number of times the local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by more than three minutes with the other GSS peers ignores update messages from all peers until you resynchronize its system clock (see Chapter 8, Configuring DNS Sticky, for details).
|
Mask mis-match
|
Error message indicating the number of times that the local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure.
You globally configure the subnet mask of all GSS devices in the mesh from the primary GSSM GUI Global Sticky Configuration details page (see Chapter 8, Configuring DNS Sticky, for details).
|
Displaying Global Sticky Mesh Statistics
You can display detailed statistics for each GSS peer in the global sticky mesh by using the show statistics sticky mesh command.
The syntax of this command is as follows:
show statistics sticky mesh
Table 13-45 describes the fields in the show statistics sticky mesh command output.
Table 13-45 Field Descriptions for the show statistics sticky mesh
Command
Field
|
Description
|
Mesh Information for application sticky
|
Status and statistics about the global sticky mesh.
|
Transmit Pkts
|
Total number of application data packets transmitted by the local GSS node to GSS peers in the mesh.
|
Transmit Bytes
|
Total number of application data bytes transmitted by the local GSS node to GSS peers in the mesh.
|
Receive Pkts
|
Total number of application data packets received by the local GSS node from GSS peers in the mesh.
|
Receive Bytes
|
Total number of application data bytes received by the local GSS node from GSS peers in the mesh.
|
Dropped Tx Pkts
|
Total number of packets to be transmitted by the local GSS node but were dropped due to buffer errors.
|
Dropped Rx Pkts
|
Total number of packets received by the local GSS node but were dropped due to buffer errors.
|
Current TxQueue
|
Total number of packets in the buffer transmit queue of the local GSS node that are waiting to be transmitted.
|
Maximum TxQueue
|
Maximum number of packets that have been in the buffer transmit queue of the local GSS node.
|
Current RxQueue
|
Total number of packets in the buffer receive queue of the local GSS node that are waiting to be received.
|
Maximum RxQueue
|
Maximum number of packets that have been in the buffer receive queue of the local GSS node.
|
Buffers Alloc'd
|
Number of optimal-sized frames allocated for the buffer transmit and buffer receive data.
|
Buffers Free
|
Number of buffers currently free in the local GSS node.
|
Session Information for GSS peer
|
Status and statistics for a specific GSS peer in the mesh.
|
GSS ID
|
Unique identifier of the GSS peer in the mesh.
|
CurTx Data Pkts
|
Number of data packets sent by the local GSS node to the GSS peer during the current session.
|
CurTx Data Bytes
|
Number of data bytes sent by the local GSS node to the GSS peer during the current session.
|
TtlTx Data Pkts
|
Number of application data packets sent by the local GSS node to the GSS peer for the total duration of the mesh.
|
TtlTx Data Bytes
|
Number of application data bytes sent by the local GSS node to the GSS peer for the total duration of the mesh.
|
Transmit Pkts
|
Total number of packets transmitted from the local GSS node to the GSS peer (including application packets, control packets, RTT packets, and keepalive packets).
|
Transmit Bytes
|
Total number of bytes transmitted from the local GSS node to the GSS peer (including application bytes, control bytes, RTT bytes, and keepalive bytes).
|
CurRx Data Pkts
|
Number of data packets received by the local GSS node from the GSS peer during the current session.
|
CurRx Data Bytes
|
Number of data bytes received by the local GSS node from the GSS peer during the current session.
|
TtlRx Data Pkts
|
Number of application data packets received by the local GSS node from the GSS peer for the total duration of the mesh.
|
TtlRx Data Bytes
|
Number of application data bytes received by the local GSS node from the GSS peer for the total duration of the mesh.
|
Receive Pkts
|
Total number of packets received by the local GSS node from the GSS peer (including application packets, control packets, RTT packets, and keepalive packets).
|
Receive Bytes
|
Total number of bytes received by the local GSS node from the GSS peer (including application bytes, control bytes, RTT bytes, and keepalive bytes).
|
ConnectFailures
|
Number of times that the connection attempt failed between the local GSS node and the GSS peer.
|
CurConnAttempts
|
Number of current connection attempts between the local GSS node and the GSS peer.
|
ConnectRejects
|
Number of connections rejected by the GSS peer.
|
ConnectDeclines
|
Number of connections declined by the local GSS node.
|
Displaying Sticky Group Statistics
You can display a summary of statistics for all configured sticky groups by using the show statistics sticky group-summary command.
The syntax of this command is as follows:
show statistics sticky group-summary
Table 13-46 describes the fields in the show statistics sticky group-summary command output.
Table 13-46 Field Descriptions for the show statistics sticky group-summary Command
Field
|
Description
|
Group Name
|
Unique alphanumeric name of the DNS sticky group.
|
Group Number
|
IP address block of the sticky group, specified in dotted-decimal notation.
|
Total Entries
|
The total number of D-proxy IP address and subnet mask pairs contained in the sticky group.
|
Total Hits
|
Accumulated hit count for all entries in the sticky group. Increments when a match occurs for each sticky group entry
|
You can display statistics for a specific sticky group by using the show statistics sticky group-name command.
The syntax of this command is as follows:
show statistics sticky group-name groupname
The groupname argument specifies the exact name of a sticky group in order to display all sticky entries related to that group.
Table 13-47 describes the fields in the show statistics sticky group-name command output.
Table 13-47 Field Descriptions for the show statistics sticky group-name Command
Field
|
Description
|
Group Name
|
Unique alphanumeric name of the DNS sticky group.
|
Group Number
|
IP address block of the sticky group, specified in dotted-decimal notation
|
Total Entries for Group
|
Total number of D-proxy IP addresses included in the sticky group.
|
Address
|
D-proxy IP address included in the sticky group.
|
Prefix
|
Subnet mask included in the sticky group, displayed as an integer (for example, 24 or 32).
|
Hit Count
|
Number that increments when a match occurs for this sticky group entry.
|
Last Time Hit
|
Last time that the hit count incremented due to an entry match.
|
Displaying the Sticky Status
You can display general status information about the sticky subsystem by using the show sticky command.
The syntax of this command is as follows:
show sticky
Table 13-48 describes the fields in the show sticky command output.
Table 13-48 Field Descriptions for the show sticky Command
Field
|
Description
|
Sticky Manager status
|
Current operating status of the Sticky Manager component. The Sticky Manager is responsible for maintaining and managing the sticky database in the GSS. Status messages are as follows:
•Initializing—Appears only during boot time or after entering the gss start CLI command.
•Disabled via GUI—Appears after you disable sticky from the primary GSSM GUI.
•Stopped via CLI—Appears after you enter the sticky stop CLI command.
•Ready in Local mode—Appears when the GSS is configured for sticky Local mode from the primary GSSM GUI and the GSS software is running.
•Ready in Global mode—Appears when the GSS is configured for sticky Global mode from the primary GSSM GUI and the GSS software is running.
|
Database entry count
|
Current number of entries in the sticky database.
|
Dump status
|
Current sticky database dump subsystem status of the GSS. The GSS automatically dumps sticky database entries to a backup file on disk approximately every 20 minutes. The Dump status messages include Initialized, Disabled, Waiting, and In Progress.
|
Dump interval
|
Time period between automatic sticky database dumps performed by the GSS.
|
Reclaim status
|
Current operating status of the overflow recovery subsystem. The Reclaim status messages include Initialized, Disabled, Waiting, and In Progress.
|
Timeout status
|
Current operating status of the entry inactivity timeout subsystem. The Timeout status messages include Initialized, Disabled, Waiting, and In Progress.
|
Timeout interval
|
Time period between checks by the GSS to verify when the user-configured sticky inactivity timeout value elapses.
|
Mesh status
|
Current operating status of the sticky global mesh. Status messages are as follows:
•Running—The GSS is operating properly in the sticky mesh.
•Failed—The GSS is unable to operate properly in the sticky mesh.
•Waiting—The GSS is waiting for mesh configuration information.
•Enabled—Global sticky is enabled on the local GSS node.
•Disabled—Global sticky is disabled on the local GSS node (either from the primary GSSM GUI or through the sticky stop CLI command).
|
Displaying the Sticky Database Status
You can display sticky database entries by specifying one or more entry matching criteria by using the show sticky database command.
The syntax of this command is as follows:
show sticky database {all | answer {name/ip_address} | domain {name} |
domain-list {name} | group {name} | inactive minimum {minutes}
maximum {minutes} | ip {ip_address} netmask {netmask} | rule
{rule_name}}
The keywords and arguments are as follows:
•all—Displays all sticky entries in the sticky database.
•answer name/ip_address—Displays all sticky entries related to a particular answer. Specify the name of the answer. If there is no name for the answer, specify the IP address of the sticky answer in dotted-decimal notation (for example, 192.168.9.0).
•domain name—Displays all sticky entries related to a domain. Specify the exact name of a previously created domain.
•domain-list name—Displays all sticky entries related to a domain list. Specify the exact name of a previously created domain list.
•group name—Displays all sticky entries related to a sticky group. Specify the exact name of a previously created sticky group.
•inactive minimum minutes maximum minutes—Displays all sticky entries that have not received a client hit in the time interval between the specified minimum and maximum values, entered in minutes. Enter a value from 0 to 10100 minutes (7 days) as the specified minimum value and maximum value.
•ip ip_address netmask netmask—Displays all sticky entries related to a D-proxy IP address and subnet mask. Specify the IP address of the requesting client's D-proxy in dotted-decimal notation (for example, 192.168.9.0) and specify the subnet mask in dotted-decimal notation (for example, 255.255.255.0).
•rule rulename—Displays all sticky entries related to a DNS rule. Specify the exact name of a previously created DNS rule.
Table 13-49 describes the fields in the show sticky database all command output.
Table 13-49 Field Descriptions for the show sticky database all Command
Field
|
Description
|
Client/Group
|
IP address of client D-proxy or name of sticky group.
|
Domain/DL
|
Name of the hosted domain (including wildcards) or the name of a matched domain list (DL).
|
Rule
|
Name of the DNS rule that was matched to add this entry.
|
Answer
|
VIP address of the answer (VIP-type answer).
|
SIT
|
User-specified sticky interval timeout (SIT) value.
|
TTL
|
Remaining time that the entry in the sticky database is valid.
|
Hits
|
Total number of successful lookups in the sticky database for the sticky database entry.
|
Displaying the Global Sticky Operating Status
You can display the most recent sticky database message identifiers sent by the local GSS node and received from its GSS mesh peers by using the show sticky global command. Message identifiers can be helpful when you need to verify the most recent sticky database messages sent from and received by the local GSS node.
The syntax of this command is as follows:
show sticky global [verbose]
The optional verbose keyword displays a more detailed listing of recent global sticky message identifiers.
Table 13-50 describes the fields in the show sticky global command output.
Table 13-50 Field Descriptions for the show sticky global Command
Field
|
Description
|
Mesh Peer Count
|
Total number of GSS peers in a sticky mesh (not including the local GSS node).
|
Last Message ID Sent for Each Message Type
|
Summary of the unique global sticky message identifiers last sent by the local GSS node.
|
Add
|
Unique identifier of the last Add entry-type message sent by the local GSS node.
|
Modify
|
Unique identifier of the last Modify entry-type message sent by the local GSS node.
|
Lookup Fast
|
Unique identifier of the last Lookup Fast entry-type message sent by the local GSS node.
|
Details of Most Recently Received Messages by Peer
|
Status summary of the global sticky message identifiers last received by the local GSS node.
|
Peer Name
|
Hostname of the GSS peer in the mesh.
|
Peer ID
|
Unique identifier of the GSS peer in the mesh.
|
Last Type
|
Type of the message last received from the peer.
|
Last Status
|
Status of the last message received from the peer. Status messages are as follows:
•Received OK—Message was received and processed.
•Version mismatch—Message dropped because the local GSS node was unable to communicate with a peer due to different versions of the GSS software.
•Clock out of sync—The local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by more than 3 minutes with the other GSS peers ignores update messages from all peers until you resynchronize its system clock (see Chapter 8, Configuring DNS Sticky, for details).
•Mask mismatch—Local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure. See Chapter 8, Configuring DNS Sticky, for details about globally configuring the subnet mask of all GSS devices in the mesh from the primary GSSM GUI.
|
Last MessageID Received for each Message Type...
|
Summary of the unique global sticky messages last received by the local GSS node from each GSS mesh peer.
|
Add
|
Unique identifier of the last Add entry-type message received by the local GSS node from the GSS peer.
|
Modify
|
Unique identifier of the last Modify entry-type message received by the local GSS node from the GSS peer.
|
Lookup Fast
|
Unique identifier of the last Lookup Fast entry-type message received by the local GSS node from the GSS peer.
|
Table 13-51 describes the fields in the show sticky global verbose command output.
Table 13-51 Field Descriptions for the show sticky global verbose
Command
Field
|
Description
|
Mesh Peer Count
|
Total number of GSS peers in a sticky mesh (not including the local GSS node).
|
Last Message ID Sent for Each Message Type
|
Summary of the unique global sticky message identifiers last sent by the local GSS node.
|
Add
|
Unique identifier of the last Add entry-type message sent by the local GSS node.
|
Modify
|
Unique identifier of the last Modify entry-type message sent by the local GSS node.
|
Lookup Fast
|
Unique identifier of the last Lookup Fast entry-type message sent by the local GSS node.
|
Lookup Slow
|
Unique identifier of the last Lookup Slow entry-type message sent by the local GSS node.
|
Remove
|
Unique identifier of the last Remove entry-type message sent by the local GSS node.
|
Add Sync
|
Unique identifier of the last Add Sync entry-type message sent by the local GSS node.
|
Remove All
|
Unique identifier of the last Remove All message sent by the local GSS node.
|
Request Db
|
Unique identifier of the last Request Db message sent by the local GSS node.
|
Ack ReqDb
|
Unique identifier of the last Ack ReqDb message sent by the local GSS node.
|
Refuse ReqDb
|
Unique identifier of the last Refuse ReqDb message sent by the local GSS node.
|
Sync Start
|
Unique identifier of the last Sync Start message sent by the local GSS node.
|
Sync Done
|
Unique identifier of the last Sync Done message sent by the local GSS node.
|
Details of Most Recently Received Messages by Peer
|
Status summary of the global sticky message identifiers last received by the local GSS node.
|
Peer Name
|
Hostname of the GSS peer in the mesh.
|
Peer ID
|
Unique identifier of the GSS peer in the mesh.
|
Last Type
|
Type of the message last received from the peer.
|
Last Status
|
Status of the last message received from the peer. Status messages are as follows:
•Received OK—Message was received and processed
•Version mismatch—Message dropped because the local GSS node was unable to communicate with a peer due to different versions of the GSS software.
•Clock out of sync—The local GSS node was unable to communicate with a peer due to clock synchronization issues. A GSS that has a system clock that is out of synchronization by more than 3 minutes with the other GSS peers ignores update messages from all peers until you resynchronize its system clock (see Chapter 8, Configuring DNS Sticky, for details).
•Mask mismatch—The local GSS node was unable to communicate with a peer due to a difference in global subnet mask values. A GSS will drop all global sticky messages received from a GSS with a different subnet mask. A difference in global sticky masks on a peer would occur only if a configuration change was made on the primary GSSM GUI and the peer did not receive the change due to a network failure. See Chapter 8, Configuring DNS Sticky, for details about globally configuring the subnet mask of all GSS devices in the mesh from the primary GSSM GUI.
|
Last MessageID Received for each Message Type...
|
Summary of the unique global sticky messages last received by the local GSS node from each GSS mesh peer.
|
Add
|
Unique identifier of the last Add entry-type message received by the local GSS node from the GSS peer.
|
Modify
|
Unique identifier of the last Modify entry-type message received by the local GSS node from the GSS peer.
|
Lookup Fast
|
Unique identifier of the last Lookup Fast entry-type message received by the local GSS node from the GSS peer.
|
Lookup Slow
|
Unique identifier of the last Lookup Slow entry-type message received by the local GSS node from the GSS peer.
|
Remove
|
Unique identifier of the last Remove entry-type message received by the local GSS node from the GSS peer.
|
Add Sync
|
Unique identifier of the last Add Sync entry-type message received by the local GSS node from the GSS peer.
|
Remove All
|
Unique identifier of the last Remove All message received by the local GSS node from the GSS peer.
|
Request Db
|
Unique identifier of the last Request Db message received by the local GSS node from the GSS peer.
|
Ack ReqDb
|
Unique identifier of the last Ack RegDb message received by the local GSS node from the GSS peer.
|
Refuse Db
|
Unique identifier of the last Refuse ReqDb message received by the local GSS node from the GSS peer.
|
Sync Start
|
Unique identifier of the last Sync Start message received by the local GSS node from the GSS peer.
|
Sync Done
|
Unique identifier of the last Sync Done message received by the local GSS node from the GSS peer.
|
Displaying Global Sticky Mesh Operating Status
You can display sticky mesh status information locally from the CLI of a GSS by using the show sticky mesh CLI command. This command displays the operating status of the individual GSS peers in the sticky mesh and their connection status to the local GSS node.
The syntax of this command is as follows:
show sticky mesh [session session_ID] [verbose]
The keywords and arguments are as follows:
•session session_ID—(Optional) Displays operating status information for a specific session ID, which is the point-to-point connection between the local GSS node and a sticky mesh peer. To locate the session ID for a specific GSS peer in the mesh, use the show sticky mesh command.
•verbose—(Optional) Displays additional detailed operating status information for the sticky mesh and for all GSS peers in the mesh or displays more detailed operating status information for a specific session ID.
Table 13-52 describes the fields in the show sticky mesh command output.
Table 13-52 Field Descriptions for the show sticky mesh Command
Field
|
Description
|
My GSS ID
|
Unique identifier of the local GSS node in the mesh.
|
Mesh ID
|
Unique identifier of the global sticky mesh.
|
Port
|
TCP port used by all GSS devices connected in the sticky mesh. This parameter is not user-configurable.
|
Remote GSS IP Address/Host Name
|
IP address or hostname of the GSS peer in the mesh.
|
Session ID
|
Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.
|
State
|
State of the communication link between the local GSS node and the mesh peer. The possible states include:
•SESSION_STOP—Indicates that the session is dead
•SESSION_INIT—Indicates that the session is initializing
•SESSION_OPEN—Indicates that the connection to the peer has been made
•SESSION_AUTH—Indicates that authentication is occurring
•SESSION_UP—Indicates that the session is up
•SESSION_DOWN—Indicates that the session is down or failing
|
Table 13-53 describes the fields in the show sticky mesh session command output.
Table 13-53 Field Descriptions for the show sticky mesh session
Command
Field
|
Description
|
Session Information for GSS peer
|
Hostname of the GSS peer in the mesh.
|
Session ID
|
Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.
|
RTT
|
Application-level round-trip time (RTT) between the local GSS node and the mesh peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.
|
State
|
State of the communication link between the local GSS node and the mesh peer. Possible states are as follows:
•SESSION_STOP—Indicates that the session is dead
•SESSION_INIT—Indicates that the session is initializing
•SESSION_OPEN—Indicates that the connection to the peer has been made
•SESSION_AUTH—Indicates that authentication is occurring
•SESSION_UP—Indicates that the session is up
•SESSION_DOWN—Indicates that the session is down or failing
|
IP Address
|
IP address of the GSS peer.
|
GSS ID
|
Unique identifier of the GSS peer in the mesh.
|
Table 13-54 describes the fields in the show sticky mesh session verbose command output.
Table 13-54 Field Descriptions for the show sticky mesh session verbose
Command
Field
|
Description
|
Session Information for GSS peer
|
Hostname of the GSS peer in the mesh.
|
Session ID
|
Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.
|
Session State
|
State of the communication link between the local GSS node and the mesh peer. Possible states are as follows:
•SESSION_STOP—Indicates that the session is dead
•SESSION_INIT—Indicates that the session is initializing
•SESSION_OPEN—Indicates that the connection to the peer has been made
•SESSION_AUTH—Indicates that authentication is occurring
•SESSION_UP—Indicates that the session is up
•SESSION_DOWN—Indicates that the session is down or failing
|
RTT
|
Application-level round-trip time (RTT) between the local GSS node and the mesh peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.
|
Encrypt Type
|
Encryption method performed on the data packets. The method is one of the following:
•md5hash—MD5-based hashing encryption method
•none—No encryption
See Chapter 8, Configuring DNS Sticky for details.
|
Authentication
|
Authentication method performed by the GSS peer to prevent unauthorized access. The method is one of the following:
•challenge—Challenge Handshake Authentication Protocol (CHAP)
•none—No secret string used for authentication
See Chapter 8, Configuring DNS Sticky for details.
|
KalFreq
|
Time in seconds between sending keepalive messages from the local GSS node to this GSS peer. This parameter is not user configurable.
|
Max FrameSize
|
Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user-configurable.
|
OptmlFrameSize
|
Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.
|
PrePend
|
Allocated header size in the buffer. The header size is always 8 bytes.
|
IP Address
|
IP address of the GSS peer in the mesh.
|
GSS ID
|
Unique identifier of the GSS peer in the mesh.
|
Connect from IP
|
Actual IP network address of the GSS peer in the mesh.
|
My Local Address Via Peer
|
IP address of the local GSS node as seen by the GSS peer.
|
Last Up Event
|
Day and time of the most recent Up event.
|
Last Down Event
|
Day and time of the most recent Down event.
|
FSM Events
|
Finite State Machine events as related to the Session State field.
|
STOP
|
Number of SESSION_STOP events.
|
INIT
|
Number of SESSION_INIT events.
|
OPEN
|
Number of SESSION_OPEN events.
|
AUTH
|
Number of SESSION_AUTH events.
|
UP
|
Number of SESSION_UP events.
|
DOWN
|
Number of SESSION_DOWN events.
|
Table 13-55 describes the fields in the show sticky mesh verbose command output.
Table 13-55 Field Descriptions for the show sticky mesh verbose
Command
Field
|
Description
|
Mesh Information for application sticky
|
Status and statistics about the global sticky mesh.
|
My GSS ID
|
Unique identifier of the local GSS node in the mesh.
|
Mesh ID
|
Unique identifier of the global sticky mesh.
|
Port
|
TCP port used by all GSS devices connected in the sticky mesh. This parameter is not user configurable.
|
Encrypt Type
|
Encryption method performed on the data packets. The method is one of the following:
•md5hash—MD5-based hashing encryption method
•none—No encryption
See Chapter 8, Configuring DNS Sticky for details.
|
Authentication
|
Authentication method performed by GSS peers to prevent unauthorized access. The method is one of the following:
•challenge—Challenge Handshake Authentication Protocol (CHAP)
•none—No secret string used for authentication
See Chapter 8, Configuring DNS Sticky for details.
|
KalFreq
|
Time in seconds between sending keepalive messages to GSS peers. This parameter is not user configurable and always displays as "default".
|
MaxFrameSize
|
Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user configurable.
|
OptmlFrameSize
|
Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.
|
Max Rate
|
Maximum rate that the local GSS node can transmit packets to GSS peers in the mesh.
|
Favored Peer
|
Favored GSS peer for the local GSS node, specified on the Global Sticky Configuration details page of the primary GSSM GUI. A favored peer enables you to force a faster synchronization of sticky database entries with a specific GSS peer upon reentry into the sticky mesh. If you did not specify a favored peer, the GSS displays "No Favored Peer configured."
|
Session Information for GSS peer
|
Status and statistics for a specific GSS peer in the mesh.
|
Session ID
|
Unique identifier of the point-to-point connection between the local GSS node and the mesh peer.
|
Session State
|
State of the communication link between the local GSS node and the mesh peer. Possible states are as follows:
•SESSION_STOP—Indicates that the session is dead
•SESSION_INIT—Indicates that the session is initializing
•SESSION_OPEN—Indicates that the connection to the peer has been made
•SESSION_AUTH—Indicates that authentication is occurring
•SESSION_UP—Indicates that the session is up
•SESSION_DOWN—Indicates that the session is down or failing
|
RTT
|
Application-level round-trip time (RTT) between the local GSS node and this GSS peer. If the GSS has not yet made an RTT measurement, the GSS displays "--" in the field.
|
Encrypt Type
|
Encryption method performed on the data packets. The method is one of the following:
•md5hash—MD5-based hashing encryption method
•none—No encryption
See Chapter 8, Configuring DNS Sticky for details.
|
Authentication
|
Authentication method performed by GSS peers to prevent unauthorized access. The method is one of the following:
•challenge—Challenge Handshake Authentication Protocol (CHAP)
•none—No secret string used for authentication
See Chapter 8, Configuring DNS Sticky for details.
|
KalFreq
|
Time in seconds between sending keepalive messages from the local GSS node to this GSS peer. This parameter is not user configurable.
|
Max FrameSize
|
Maximum frame size allowed for communication between GSS devices in the mesh. This parameter is not user configurable.
|
OptmlFrameSize
|
Optimal frame size for communication between GSS devices in the mesh. This parameter is not user configurable.
|
PrePend
|
Allocated header size in the buffer. The header size is always 8 bytes.
|
IP Address
|
IP address of the GSS peer in the mesh.
|
GSS ID
|
Unique identifier of the GSS peer in the mesh.
|
Connect from IP
|
Actual IP network address of the GSS peer in the mesh.
|
My Local Address Via Peer
|
IP address of the local GSS node as seen by the GSS peer.
|
Last Up Event
|
Day and time of the most recent Up event.
|
Last Down Event
|
Day and time of the most recent Down event.
|
FSM Events
|
Finite State Machine events as related to the Session State field.
|
STOP
|
Number of SESSION_STOP events.
|
INIT
|
Number of SESSION_INIT events.
|
OPEN
|
Number of SESSION_OPEN events.
|
AUTH
|
Number of SESSION_AUTH events.
|
UP
|
Number of SESSION_UP events.
|
DOWN
|
Number of SESSION_DOWN events.
|
Displaying Sticky Group Configuration
You can display a summary of all configured sticky groups by using the show sticky group-summary command.
The syntax of this command is as follows:
show sticky group-summary
Table 13-56 describes the fields in the show sticky group-summary command output.
Table 13-56 Field Descriptions for the show sticky group-summary Command
Field
|
Description
|
Name
|
Unique alphanumeric name of the DNS sticky group.
|
Address Blocks
|
IP address block of the sticky group, specified in dotted-decimal notation.
|
You can display the configuration of a specific sticky group by using the show sticky group-name command.
The syntax of this command is as follows:
show sticky group-name groupname
The groupname argument specifies the exact name of a sticky group in order to display all sticky entries related to that group.
Table 13-57 describes the fields in the show sticky group-name command output.
Table 13-57 Field Descriptions for the show sticky group-name Command
Field
|
Description
|
Name
|
Unique alphanumeric name of the DNS sticky group.
|
Address Blocks
|
IP address block of the sticky group, specified in dotted-decimal notation.
|
Clearing GSS Global Server Load-Balancing Statistics
You can reset global server load-balancing statistics for one or more of your GSS components by using the clear statistics command. Clearing the statistics for a GSS component erases all record of routing activity and performance for that device.
The syntax of this command is as follows:
clear statistics {boomerang | ddos [all | attacks | drops | global] | dns |
drpagent | keepalive {all | cra | http-head | icmp | kalap | ns |
scripted-kal | tcp} | proximity | sticky {mesh}}
The keywords are as follows:
•boomerang—Resets statistics that relate to the Boomerang server component of the GSS.
•ddos—Resets statistics that relate to the DDoS detection and mitigation component of the GSS.
•global—Resets global statistics for the GSS DDoS detection and mitigation component.
•attacks—Resets attack statistics for the GSS DDoS detection and mitigation component.
•dns—Resets statistics that relate to the DNS server component of the GSS, including proximity and sticky DNS rule statistics.
•drpagent—Resets statistics that relate to the DRP agent component of the GSS.
•keepalive—Resets statistics that relate to the keepalive function of the GSS software.
•all—Resets statistics for all keepalive types maintained by the GSS.
•cra—Resets statistics for only CRA-type keepalives maintained by the GSS.
•http-head—Resets statistics for only the VIP HTTP-HEAD type keepalive maintained by the GSS.
•icmp—Resets statistics for only the VIP ICMP-type keepalive maintained by the GSS.
•kalap—Resets statistics for only the VIP KAL-AP-type keepalive maintained by the GSS.
•ns—Resets statistics for the Name Server-type keepalive maintained by the GSS.
•scripted-kal—Resets statistics for the Scripted-Kal -type keepalive maintained by the GSS.
•tcp—Resets statistics for the IP and port TCP-type keepalive maintained by the GSS
•proximity—Resets statistics for the network proximity function.
•sticky—Resets statistics for the DNS sticky function.
•mesh—Resets sticky global mesh and session statistics for the local GSS node of the mesh.
For example, enter:
gss1.yourdomain.com# clear statistics keepalive tcp
Are you sure? (yes/no) yes
tcp keepalive statistics cleared
or
gss1.yourdomain.com# clear statistics proximity
Are you sure? (yes/no) yes
proximity statistics cleared
Displaying Global Server Load-Balancing Statistics from the GUI
From the Monitoring tab of the primary GSSM GUI, you can display the status of global load balancing on your GSS network using a variety of functions that filter and condense GSS traffic and statistics. These statistics provide you with an overview of the online status of your resources (such as answers, keepalives, DNS rules, hosted domains, and source addresses). You can also display advanced traffic management functions, such as DNS sticky and network proximity, for the GSS network.
This section contains the following topics:
•Displaying Answer Status and Statistics
•Displaying DNS Rule Statistics
•Displaying Domain Hit Counts
•Displaying Global Statistics
•Displaying Source Address Statistics
•Displaying DDoS Statistics
Displaying Answer Status and Statistics
The Answers section of the Monitoring tab displays statistics about the answer resources in your GSS network. Answer resources also include statistics about keepalive probes directed to the answer resource.
This section contains the following topics:
•Displaying Answer Hit Counts
•Displaying Answer Keepalive Statistics
•Displaying the Answer Status
Displaying Answer Hit Counts
The Answer Hit Counts list page displays statistics about the GSS answer resources and the number of times that user requests have been directed to each answer resource. Answer hit counts allow you to gauge how well your GSS resources respond to user requests.
To display the number of hits recorded by each answer, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Answers navigation link.
3. Click the Answer Hit Counts navigation link (located in the Contents list). The Answer Hit Counts list page appears (see Figure 13-1).
Figure 13-1 Answer Hit Counts List Page
Table 13-58 describes the fields on the Answer Hit Counts list page.
Table 13-58 Field Descriptions for Answer Hit Counts List Page
Field
|
Description
|
Answer
|
IP address of the answer resource.
|
Name
|
Name assigned to the answer using the primary GSSM GUI.
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include: VIP, CRA, or Name Server.
|
Location
|
GSS network location of the answer.
|
Name of the GSS or GSSM
|
Number of requests directed to the answer by each GSS device.
|
4. Click the column header of any of the displayed columns to sort your answers by a particular property.
Displaying Answer Keepalive Statistics
The Answer Keepalive Statistics list page displays statistics about keepalive probes sent to the answer resource by each GSS in the network. For each answer configured on your GSS, the Answer Keepalive Statistics list page displays the number of keepalive probes directed to that answer by the primary and the standby GSSM as well as information about how that keepalive probe was handled.The Answer Keepalive Statistics list page also displays multiple keepalives if assigned for a single VIP answer.
You may discover that certain answers may be offline or have problems staying online if a large number of keepalive probes are rejected or encounter transition conditions.
To display the keepalive statistics for each answer, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Answers navigation link.
3. Click the Answer KeepAlive Statistics navigation link (located in the Contents list). The Answer KeepAlive Statistics list page appears (see Figure 13-2).
Figure 13-2 Answer Keepalive Statistics List Page
Table 13-59 describes the fields on the Answer KeepAlive Statistics list page.
Table 13-59 Field Descriptions for Answer Keepalive Statistics List Page
Field
|
Description
|
Answer
|
IP address of the answer resource probed by the GSS.
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server.
|
Name
|
Name assigned to the answer using the primary GSSM GUI.
|
Keepalive
|
Address assigned to the remote device, CRA, or name server that the GSS is to forward requests.
|
Method
|
Keepalive method used by the answer: VIP (virtual IP address), NS (name server), or CRA (content routing agent).
|
Location
|
GSS network location of the answer.
|
Name of the GSS or GSSM
|
Number of keepalive probes directed to the answer by each GSS device and the record of how those probes were handled. Statistics are presented in the following order:
•Keepalive packets sent—Total number of keepalive probes sent to the answer by each GSS on the network
•Keepalive packets received—Total number of keepalive probes returned from the answer
•Keepalive positive probe count—Total number of keepalive probes received by the GSS to which a positive (OK) response was returned
•Keepalive negative probe count—Total number of keepalive probes received by the GSS to which a negative response was returned
•Keepalive transition count—Total number of keepalive probe transitions (for example, from the INIT to the ONLINE state) experienced by the keepalive
|
4. Click the column header of any of the displayed columns to sort your answers by a particular property.
Displaying the Answer Status
The Answer Status list page displays statistics about the GSS answer resources. Answers can be sorted by IP address, name, type, location, or online status according to a particular device.
To display the status of your GSS answers, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Answers navigation link.
3. Click the Answer Status navigation link (located in the Contents list). The Answer Status list page appears (see Figure 13-3).
Figure 13-3 Answer Status List Page
Table 13-60 describes the fields on the Answer Status list page.
Table 13-60 Field Descriptions for Answer Status List Page
Field
|
Description
|
Answer
|
IP address of the answer resource.
|
Name
|
Name assigned to the answer using the primary GSSM GUI.
|
Type
|
Resources to which the GSS resolves DNS requests. The answer types include VIP, CRA, or Name Server.
|
Location
|
GSS network location of the answer.
|
Name of the GSS or GSSM
|
Online status of the answer according to the named device.
•Online—Indicates that the answer is online and can be used by any of the currently configured DNS rules.
•Offline—Indicates that the answer is offline and cannot be used by any of the currently configured DNS rules.
•Suspended—Indicates that the answer is administratively suspended and cannot be used by any of the currently configured DNS rules.
•Operational Suspend—Indicates that the GSS has suspended the answer because it was offline and the manual-reactivation option was enabled on the answer. For this state to display, you must have the global manual reactivation feature enabled on the primary GSSM.
•Unknown—Indicates that the primary GSSM was recently restarted and is waiting for an answer status from its peer GSS.
|
4. Click the column header of any of the displayed columns to sort your answers by a particular property.
Displaying DNS Rule Statistics
The DNS Rule Statistics list page displays statistics about the DNS rules, such as how many queries were processed by each DNS rule and how many of those processed queries were successfully matched with answers.
To display the status of your DNS rules, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the DNS Rules navigation link. The DNS Rule Statistics list page appears (see Figure 13-4).
Figure 13-4 DNS Rule Statistics List Page
Table 13-61 describes the fields on the DNS Rule Statistics list page.
Table 13-61 Field Descriptions for DNS Rule Statistics List Page
Field
|
Description
|
Name
|
Name assigned to the answer using the primary GSSM.
|
Owner
|
GSS owner to whom the DNS rule has been assigned.
|
Name of the GSS or GSSM
|
Total hit count and successful hit count for the DNS rule from the listed GSS device. Refer to the legend that appears below the listed DNS rules for information about identifying which value represents total hits and which value represents successful DNS requests served.
|
3. Click the column header of any of the displayed columns to sort your DNS rules by a particular property.
Displaying Domain Hit Counts
The Domain Hot Counts list page displays statistics about the hosted domains that the GSS serves and information about how many queries were directed to each domain by each DNS rule. The domain hit counts function tracks the traffic directed to the individual domains, not GSS domain lists, which may include one or more domains.
To display the status of your hosted domains, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Domains navigation link. The Domain Hit Counts list page appears (see Figure 13-5).
Figure 13-5 Domain Hit Counts List Page
Table 13-62 describes the fields on the Domain Hit Counts list page.
Table 13-62 Field Descriptions for Domain Hit Counts List Page
Field
|
Description
|
Domain
|
DNS domains for which the GSS is responsible. These are the domains contained in your domain lists.
|
Name of the GSS or GSSM
|
Total number of requests for the listed domain from each GSS device.
|
3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.
Displaying Global Statistics
The Global Statistics list page displays statistics about the GSS network. Global statistics include the average number of DNS requests received by each GSS device and keepalive probes sent to your answers, as well as the online status of each GSS device.
To display the status of your GSS network, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Global navigation link. The Global Statistics list page (see Figure 13-6) appears.
Figure 13-6 Global Statistics List Page
Table 13-63 describes the fields on the Global Statistics list page.
Table 13-63 Field Descriptions for Global Statistics List Page
Field
|
Description
|
GSS Status
|
Online status of each GSS device in your GSS network.
|
Unmatched DNS Queries
|
Total number of DNS queries received by each listed device for which no answer could be found.
|
DNS Queries/sec
|
Average number of DNS queries received, per second, by each listed GSS device.
|
Keepalive Probes/sec
|
Average number of keepalive probes received by each listed GSS device each second.
|
3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.
Displaying Source Address Statistics
The Source Address Statistics list page displays statistics about the incoming requests received from each source address (the addresses that transmit DNS queries to a GSS). The source address hit counts feature tracks requests from individual address blocks, not from GSS source address lists, which may contain one or more address blocks.
To display the statistics for your source address lists, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Source Addresses navigation link. The Source Address Statistics list page appears (see Figure 13-7).
Figure 13-7 Source Address Statistics List Page
Table 13-64 describes the fields on the Source Address Statistics list page.
Table 13-64 Field Descriptions for Source Address Statistics List Page
Field
|
Description
|
Source Address Block
|
Address or range of addresses that originate the DNS queries. Source address blocks make up GSS source address lists.
|
Name of the GSS or GSSM
|
Total number of requests received by the listed GSS device from each source address or address block.
|
3. Click the column header of any of the displayed columns to sort the listed domains by a particular property.
Displaying DDoS Statistics
The Monitor DDoS Statistics page displays selections that allow you to view DDoS global or attack statistics for each GSS in the network.
To display DDoS statistics, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the DDoS navigation link. The Monitor DDoS Statistics page appears with two sub-menu items, Global Stats and Attack Stats (see Figure 13-8).
Figure 13-8 Monitor DDoS Statistics Menu Page
3. Click the Global Stats selection to view the DDoS Global Statistics (see Figure 13-9).
Figure 13-9 DDoS Global Statistics List Page
Table 13-65 describes the fields on the Global Statistics list page.
Table 13-65 Field Descriptions for Global Statistics List Page
Field
|
Description
|
Total packets received
|
Packets received and handled by the GSS. The Total packets received counter is the sum of the legitimate counter and the malicious counter.
|
Total packets dropped
|
Packets that were identified by the GSS DDoS protection and mitigation functions as part of an attack and dropped.
|
Total Anti-Spoofing triggered
|
Total number of packets that triggered the GSS DDoS protection anti-spoofing function.
|
Total Validated DNS requests
|
Total number of packets that were successfully dropped by the GSS DDoS protection anti-spoofing function.
|
Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation rate-limiting functions as part of an attack and dropped. The rate limit is the maximum number of DNS requests the GSS can receive from the D-proxy per second.
|
Global Rate-limit drops
|
Packets that were identified by the GSS DDoS protection and mitigation global rate-limiting function as part of an attack and dropped.
|
Unknown dproxies drops
|
An D-proxy that has not been classified as spoofed or non-spoofed by the DDoS protection and mitigation function is unknown. The DDoS function starts anti-spoofing for an unknown D-proxy. If the number of packets from unknown D-Proxies exceeds the specified rate limit, the unknown drops start.
|
Spoofed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation unknown D-proxy functions as part of an attack and dropped.
|
Malformed packet drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions malformed and dropped.
|
Mitigation rules drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as violating mitigation rules and dropped.
|
Global domain name drops
|
Packets that were identified by the GSS DDoS protection and mitigation functions as a global domain name and dropped.
|
Ongoing anti-spoofing drops
|
Packets that were identified by the GSS DDoS protection and mitigation anti-spoofing functions as part of an ongoing attack and dropped.
|
DDoS Status
|
DDoS detection and mitigation module status, enabled or disabled.
|
4. Click the Attack Stats selection to view the DDoS Attack Statistics (see Figure 13-10).
Figure 13-10 DDoS Attack Statistics List Page
Table 13-66 describes the fields on the Attack Statistics list page.
Table 13-66 Field Descriptions for Attack Statistics List Page
Field
|
Description
|
Reflection attacks
|
Attack in which the IP address of the victim (that is, the GSS) is spoofed and multiple DNS requests are sent to a DNS server or multiple DNS servers posing as the victim.
|
Malformed DNS packet attacks
|
Attack in which the GSS is flooded with malformed DNS packets.
|
Failed global domain attacks
|
Failed domain counter provides a total for DNS queries that failed to match the global domain name.
|
Global rate-limit exceeded attacks
|
Attack in which the maximum number of DNS requests that the GSS receives from the D-proxy per second exceeds the global limit.
|
DDoS status
|
DDoS detection and mitigation module status, enabled or disabled.
|
Monitoring Traffic Management Statistics
The Traffic Mgmt section of the Monitoring tab displays global statistics about network proximity and DNS sticky operation in your GSS network. Network proximity statistics include information about the proximity DNS rule hit counts, statistics about the number of entries in the proximity database of each GSS device, and statistics about probing requests. Sticky statistics include information about the sticky DNS rule hit counts and statistics about the number of entries in the sticky database of each GSS device.
This section contains the following topics:
•Displaying Proximity Rule Hit Count Statistics
•Displaying Proximity Database Statistics
•Displaying Proximity Lookup Statistics
•Displaying Proximity Probe Management Statistics
•Displaying Sticky Rule Hit Statistics
•Displaying Sticky Database Statistics
•Displaying Global Sticky Mesh Statistics
Displaying Proximity Rule Hit Count Statistics
The Proximity Rule Hit Count Statistics list page displays statistics about how many times a DNS rule provides an answer for a zone determined to be the most proximate.
To display statistics about proximity hits for a DNS rule, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Proximity Rule Hit Counts navigation link (located in the Contents list). The Proximity Rule Hit Statistics list page appears (see Figure 13-11).
Figure 13-11 Proximity Rule Hit Statistics List Page
Table 13-67 describes the fields on the Proximity Rule Hit Statistics list page.
Table 13-67 Field Descriptions for Proximity Rule Hit Statistics List Page
Field
|
Description
|
Name
|
Name of the matched DNS rule.
|
Owner
|
GSS owner to whom the DNS rule has been assigned.
|
Name of the GSS or GSSM
|
For each GSS or GSSM, lists the following:
•Number of DNS requests that match the DNS rule.
•Number of DNS responses successfully returned with a proximate answer for the DNS rule.
Refer to the legend that appears below the listed DNS rules for information about identifying which value represents the proximity hit count and which value represents the number of successful matches.
|
Displaying Proximity Database Statistics
The Proximity Database Statistics list page displays statistics about the number of entries in the proximity database and the number of entries dropped because the proximity database reached the maximum database limit of 500,000 entries.
To display the number of entries in the proximity database, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Proximity Database Stats navigation link (located in the Contents list). The Proximity Database Statistics list page appears (see Figure 13-12).
Figure 13-12 Proximity Database Statistics List Page
Table 13-68 describes the fields on the Proximity Database Statistics list page.
Table 13-68 Field Descriptions for Proximity Database Statistics List Page
Field
|
Description
|
Global Site Selector
|
Name of the GSS or GSSM device.
|
Entries in Use
|
Number of entries currently in the proximity database, out of a maximum of 500,000 entries.
|
Last Cleanup
|
Last time that the GSS removed the least recently used entries from the proximity database.
|
Number of Cleanups
|
Number of entries removed during the cleanup process.
|
Displaying Proximity Lookup Statistics
The Proximity Lookup Statistics list page displays statistics about the number of entries in the proximity database.
To display the lookup statistics in the proximity database, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Proximity Lookup Stats navigation link (located in the Contents list). The Proximity Lookup Statistics list page appears (see Figure 13-13).
Figure 13-13 Proximity Lookup Statistics List Page
Table 13-69 describes the fields on the Proximity Lookup Statistics list page.
Table 13-69 Field Descriptions for Proximity Lookup Statistics List Page
Field
|
Description
|
Global Site Selector
|
Name of the GSS or GSSM device.
|
Count
|
Total number of proximity lookup requests made to the GSS.
|
Crnt Rate
|
Current request rate per second that requests are made to the GSS to perform a proximity lookup in the database.
|
No Entry
|
Number of times that the GSS was unable to locate a proximate answer from the proximity database.
|
Partial Data
|
Number of times that only round-trip time (RTT) data for a partial set of zones was available in the proximity database.
|
Req. Dropped
|
Number of proximity lookup queries dropped by the GSS.
|
Db Full
|
Number of times that the GSS was unable to perform a proximity add because the database exceeded the maximum number of entries.
|
Displaying Proximity Probe Management Statistics
The Proximity Probe Management Statistics list page displays statistics about the ICMP and TCP probes transmitted from the proximity probing agents.
To display statistics about the probing requests and responses, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Proximity Probe Mgmt Stats navigation link (located in the Contents list). The Proximity Probe Mgmt Statistics list page appears (see Figure 13-14).
Figure 13-14 Proximity Probe Mgmt Statistics List Page
Table 13-70 describes the fields on the Proximity Probe Mgmt Statistics list page.
Table 13-70 Field Descriptions for Proximity Probe Mgmt Statistics List Page
Field
|
Description
|
Zone Index
|
Numerical identifier of the proximity zone.
|
Zone Name
|
Name of the proximity zone.
|
Name of the GSS or GSSM
|
For each GSS or GSSM, lists the following:
•IP address of the probe device.
•Total number of DRP echo and measurement packets sent by the GSS to the proximity probing agent in the proximity zone.
•Total number of DRP echo and measurement packets received by the GSS from the proximity probing agent in the proximity zone.
•Current packet send rate per second.
Refer to the legend that appears below the listed zones for information about identifying which value represents sent echo and measurement packets, which value represents received echo and measurement packets, and which value represents the current packet send rate.
|
Displaying Sticky Rule Hit Statistics
The Sticky Rule Hit Statistics list page displays how many times the GSS accesses a DNS rule and makes a best effort to provide identical A-record responses to the requesting client D-proxy.
To display statistics about sticky hits for a DNS rule, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Sticky Rule Stats navigation link (located in the Contents list). The Sticky Rule Hit Statistics list page appears (see Figure 13-15).
Figure 13-15 Sticky Rule Hit Statistics List Page
Table 13-71 describes the fields on the Sticky Rule Hit Statistics list page.
Table 13-71 Field Descriptions for Sticky Rule Hit Statistics List Page
Field
|
Description
|
Name
|
Name of the matched DNS rule.
|
Owner
|
GSS owner to whom the DNS rule has been assigned.
|
Name of the GSS or GSSM
|
For each GSS or GSSM, lists the following:
•Total number of successful sticky answer matches in the sticky database for the DNS rule.
•Total number of failed sticky answer lookups in the sticky database for the DNS rule.
Refer to the legend that appears below the listed DNS rules for information about identifying which value represents successful matches and which value represents failed lookups.
|
Displaying Sticky Database Statistics
The Sticky Database Statistics list page displays the number of entries in the sticky database.
To display the number of entries in the sticky database, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Sticky Database Stats navigation link (located in the Contents list). The Sticky Database Statistics list page appears (see Figure 13-16).
Figure 13-16 Sticky Database Statistics List Page
Table 13-72 describes the fields on the Sticky Database Statistics list page.
Table 13-72 Field Descriptions for Sticky Database Statistics List Page
Field
|
Description
|
Global Site Selector
|
Name of the GSS device (GSSM or GSS).
|
Status
|
Sticky status of the named device and sticky mode. Status conditions can include Disabled, Local, Global, and Stopped.
|
Entries in Use
|
Number of entries currently in the sticky database out of a maximum of 400,000 entries.
|
Displaying Global Sticky Mesh Statistics
The Sticky Mesh Statistics list page displays the global mesh statistics for all GSS devices in the mesh. This list page identifies all of the GSS devices in the mesh in an X by Y matrix, with each cell displaying the device online status, packets received, packets sent, and any connection down events encountered between the nodes. The statistics appear from the local GSS node's view (X) of the session to each mesh peer (Y).
To display the global mesh statistics, perform the following steps:
1. From the primary GSSM GUI, click the Monitoring tab.
2. Click the Traffic Mgmt navigation link.
3. Click the Sticky Mesh Stats navigation link (located in the Contents list). The Sticky Mesh Statistics list page appears (see Figure 13-17).
Figure 13-17 Sticky Mesh Stats List Page
Table 13-73 describes the fields on the Sticky Mesh Statistics list page.
Table 13-73 Field Descriptions for Sticky Mesh Statistics List Page
Field
|
Description
|
GSS/Peer
|
Name of the GSS device (GSSM or GSS) in the mesh along with its peers.
|
Name of the GSS or GSSM in the mesh
|
For each GSS peer in the mesh, each column lists the following statistics:
•Connection to peer status—Online status of each peer in the mesh. The possible states are Stopped, Init, Opened, Authentication, Up, and Down.
•Packets transmitted—Number of packets transmitted from the GSS or GSSM to each peer in the mesh.
•Packets received—Number of packets received by the GSS or GSSM from each peer in the mesh.
•Down Events—The number of down events encountered for the session between the peers in the mesh.
Refer to the legend that appears below the listed peer GSS or GSSM in the mesh for information about identifying which statistic represents the online peer status, packets transmitted, packets received, and session down events.
|
