Application Control Engine Module Virtualization Configuration Guide (Software Version A1(2))
Displaying Virtualization Configuration and Statistics
Download this chapter
Displaying Virtualization Configuration and StatisticsDisplaying Virtualization Configuration and Statistics
Download the complete book
Cisco Application Control Engine Module Virtualization Configuration Guide Book-Length PDF (Software Version A1(2))Cisco Application Control Engine Module Virtualization Configuration Guide Book-Length PDF (Software Version A1(2)) (PDF - 720 KB)
give_us_feedback

Table Of Contents

Displaying Virtualization Configuration and Statistics

Displaying Context Configurations

Displaying Domain Configurations

Displaying Resource Class Configurations

Displaying Role Configurations

Displaying Context Information

Displaying Resource Allocation

Displaying Resource Usage

Displaying User Roles

Displaying Domains

Displaying User Information

Logging Out a User

Clearing All Statistics in a Context


Displaying Virtualization Configuration and Statistics

The Cisco Application Control Engine (ACE) module comes with show commands that allow you to display a range of configuration and statistical information for the contexts configured on your ACE.

This chapter contains the following major sections:

Displaying Context Configurations

Displaying Domain Configurations

Displaying Resource Class Configurations

Displaying Role Configurations

Displaying Context Information

Displaying Resource Allocation

Displaying Resource Usage

Displaying User Roles

Displaying Domains

Displaying User Information

Logging Out a User

Clearing All Statistics in a Context

Displaying Context Configurations

To display context configurations, use the show running-config context command in Exec mode. This command displays all configured user contexts and their descriptions, resource classes, and allocated VLANs. The syntax of this command is:

show running-config context

For example, enter: 

host1/Admin# show running-config context

Displaying Domain Configurations

To display domain configurations, use the show running-config domain command in Exec mode. This command displays all configured domains and their objects (ACLS, class maps, interfaces, and so on). The syntax of this command is:

show running-config domain

For example, enter: 

host1/Admin# show running-config domain

Displaying Resource Class Configurations

To display resource-class configurations, use the show running-config resource-class command in Exec mode. This command displays all configured resource classes and their resource allocation statements. The syntax of this command is:

show running-config resource-class

For example, enter: 

host1/Admin# show running-config resource-class

Displaying Role Configurations

To display role configurations, use the show running-config role command in Exec mode. This command displays all configured roles, their descriptions, and associated rules. The syntax of this command is:

show running-config role

For example, enter: 

host1/Admin# show running-config role

Displaying Context Information

To display a list of contexts including the name, description, resource class, and interfaces, use the show context command in Exec mode. The syntax of this command is:

show context name

For the name argument, enter the unique identifier of an existing context as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter: 

host1/Admin# show context C1

Table 3-1 describes the fields in the show context command output.

Table 3-1 Field Descriptions for the show context Command Output 

Field
Description

Name

Lists identifiers of all configured contexts. If you specify the name argument, the ACE displays the name of the context that you specify only.

Description

Previously configured text description of the context.

Resource-class

Resource class of which the context is a member.

VLANs

VLANs allocated to a user context from the Admin context.


Displaying Resource Allocation

To view the allocation for each resource across all resource classes and class members, use the show resource allocation command in Exec mode. The syntax of this command is:

show resource allocation

This command shows the resource allocation, but does not show the actual resources being used. See the "Displaying Resource Usage" section for more information about actual resource usage.

For example, enter: 

host1/Admin# show resource allocation

Table 3-2 describes the fields in the show resource allocation command output.

Table 3-2 Field Descriptions for the show resource allocation Command Output 

Field
Description

Parameter

Name of the resource that you can limit.

Refer to Chapter 2, Configuring Virtualization for more information about each resource name.

Min

The minimum percentage of the total system resources that is allocated for a parameter in the specified resource class. For the default resource class, the minimum value for each resource is 0.00%.

Max

Maximum percentage of the total system resources that is allocated to a parameter in the specified resource class. For the default resource class, the Max value for each resource is equal to the total Max value of all contexts using the default resource class. For example, if you configure two user contexts and do not associate them with a resource class, the ACE automatically assigns the default resource class. If the Admin context also uses the default resource class, the Max value would equal 300% for each resource.

Class

Name of the resource class.


Displaying Resource Usage

To display the resource usage for each context from the Admin context, use the show resource usage command in Exec mode. The syntax of this command is:

show resource usage [all | context name | summary | top number] [resource {acl-memory | all | conc-connections | mgmt-connections | proxy-connections | rate {bandwidth | connections | mac-miss | mgmt-traffic | ssl-bandwidth | syslog} | regexp | ssl-connections | xlates}] [all] [counter [all | current | denied | peak [count_threshold]]]

The keywords, arguments, and options are:

context name—(Optional) Displays resource usage for the specified context.

summary—(Optional) Displays total resource usage for all contexts together. For example, the denied column shows the items that have been denied for each context limit.

top number—(Optional) Displays the greatest n users of a single resource arranged from highest to lowest percentage of resources used. You must specify a single resource type and cannot use the resource all keywords with this option.

resource—(Optional) Displays statistics for one of the following specified resources:

acl-memory—Displays ACL memory usage

all—Displays resource usage for all resources used by the specified context or contexts

conc-connections—Displays resource usage for the number of simultaneous connections

mgmt-connections—Displays resource usage for the number of management connections

proxy-connections—Displays resource usage for proxy connections

rate—Displays the rate per second for the specified connections or syslog messages

regexp—Displays resource usage for regular expressions

ssl-connections—Displays resource usage for Secure Sockets Layer (SSL) connections

xlates—Displays resource usage by NAT and PAT entries

all—(Default) Displays resource usage for each context individually.

counter name3—Specify one of the following keywords as the counter name:

all—(Default) Displays all statistics.

current—Displays the active concurrent instances or the current rate of the resource.

denied—Displays the number of denied uses of the resource, since the resource statistics were last cleared.

peak—Displays the peak concurrent instances, or the peak rate of the resource since the statistics were last cleared, either using the clear resource usage command or because the device rebooted.

count_threshold—Sets the number above which resources are shown. Enter an integer from 0 to 4294967295. The default is 1. If the usage of the resource is below the number you set, then the resource is not shown. If you specify all for the counter name, then the count_threshold applies to the current usage. To show all resources, set the count_threshold to 0.

For example, enter: 

host1/Admin# show resource usage context C1 resource 
concurrent-connections counter denied 0

Table 3-3 describes the fields in the show resource usage command output.

Table 3-3 Field Descriptions for the show resource usage Command
Output 

Field
Description

Resource

The name of the limited resource in each context.

Refer to Chapter 2, Configuring Virtualization for more information about each resource name.

Current

Active concurrent instances or the current rate of the resource.

Peak

Highest value of resource usage.

Allocation (Min/Max)

The allocation minimum value indicates the resource units that are guaranteed to be available to each context. The allocation maximum value indicates the resource units that may be available to each context and are shared among all contexts from the oversubscription pool. When you configure the maximum value as equal-to-minimum, the maximum value is automatically set to 0. When the allocation maximum value is 0, no additional resource units are available beyond the allocation minimum value to each context.

Denied

Number of denied resources because of oversubscription or resource depletion.


Note The show resource usage command 100 percent Allocation Min and Allocation Max values for conc-connections, proxy-connections, and other parameters display the bidirectional connections (inbound leg and outbound leg) for both IXPs in the ACE. For example, the maximum number of concurrent connections that the ACE supports is 4,000,000, but the show resource usage command displays a maximum conc-connections value of 8000000, which is equal to 4,000,000 unidirectional connection records for each IXP times two IXPs.

Displaying User Roles

To display the roles (predefined and user-configured), use the show role command. The syntax of this command is:

show role [name]

For the optional name argument, enter the unique identifier of the role as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. This parameter displays only the named role you specify. To display all roles, enter the command without a name.

For example, to display all roles, enter: 

host1/C1# show role

Table 3-4 describes the fields in the show role command output.

Table 3-4 Field Descriptions for the show role Command Output 

Field
Description

Role

Name of the role (for example, Admin).

Description

Text describing the role (for example, Administrator).

Number of Rules

Number of rules associated with the role.

Rule

Sequence number of the rule.

Type

Type of rule. Possible values are: Permit or Deny

Permission

Permission level of the rule. The possible permission values ranked from highest to lowest, are: Create, Modify, Debug, and Monitor

Feature

Software feature associated with the rule (for example, access-list).


Displaying Domains

To display information about the configured domains in the ACE, use the show domain command. The syntax of this command is:

show domain [name]

For the optional name argument, enter the unique identifier of an existing domain as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter: 

host1/C1# show domain D1

Table 3-5 describes the fields in the show domain command output.

Table 3-5 Field Descriptions for the show domain Command Output 

Field
Description

Name

Unique identifier of the domain

Object Type

List of objects associated with the domain (for example, Class-map)

Object Name

Configured identifier of the object


Displaying User Information

To display information for users that are currently logged in to the ACE, use the show users command. The syntax of this command is:

show users [name]

For the optional name argument, enter the unique identifier of a user as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter: 

host1/Admin# show users admin

Table 3-6 describes the fields in the show users name command output.

Table 3-6 Field Descriptions for the show users name
Command Output 

Field
Description

User

Name of user

Context

Name of the context associated with the user

Line

Port through which the user connected to the ACE (for example, pts/1)

Login Time

Month, day, and time that the user logged in to the ACE (for example, Dec 7 20:11)

Location

Location of the user expressed as an IP address

Role

Role assigned to the user (for example, Admin)

Domain(s)

Domain associated with the user (for example, default-domain)


To display user account information, use the show user-account command in Exec mode. The syntax of this command is:

show user-account name

For example, enter: 

host1/Admin# show user-account admin

Table 3-7 describes the fields in the show user-account command output.

Table 3-7 Field Descriptions for the show user-account Command
Output 

Field
Description

User

Name of the user

Account Expiry

Date, if any, that the user account expires

Roles

Role assigned to the user (for example, Admin)

Domain

Domain associated with the user (for example, default-domain)

Context

Name of the context associated with the user (for example, Admin)


Logging Out a User

To force a user to log out (clear the user session), use the clear user command in Exec mode. The syntax of this command is:

clear user name

For the name argument, enter the name of an existing user as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.

For example, to log out the user named John, enter: 

host1/Admin# clear user John

Clearing All Statistics in a Context

To clear all statistical information in a context, use the clear stats all command in Exec mode. The syntax of this command is:

clear stats all

For example, to clear all statistical information for context C1, enter: 

host1/Admin# clear statistics all