AppNav Controller Show Commands
You can use show commands to check status and display data.
Checking the Status of the AppNav Controller
Use the following command to check on the general status of the AppNav Controller. The command also lists all the interfaces that have “service-insertion waas” configured.
router# show service-insertion status
Platform Type:cisco (ISR4452/K9) 2RU
IOS Version: 15.3(20130102:194350)
AppNav Controller Version: 1.0.0
AppNav Enabled Interfaces:
Checking the Membership of the AppNav Controller Group
Use the following command to check the membership of the AppNav Controller group. It also lists all the service nodes configured and registered with the AppNav Controller.
router# show service-insertion appnav-controller-group
All AppNav Controller Groups in service context
Appnav Controller Group : acg
Member Appnav Controller Count : 2
AppNav Controller : 21.0.0.36
Local AppNav Controller : Yes
Current status of AppNav Controller : Alive
Time current status was reached : Wed Sep 5 15:50:06 2012
Cluster protocol ICIMP version : 1.1
Cluster protocol Incarnation Number : 1
Cluster protocol Last Sent Sequence Number : 0
Cluster protocol Last Received Sequence Number : 0
Current AC View of AppNav Controller
Current SN View of AppNav Controller
AppNav Controller : 21.0.0.160
Local AppNav Controller : No
Current status of AppNav Controller : Alive
Time current status was reached : Thu Dec 6 20:17:53 2012
Cluster protocol ICIMP version : 1.1
Cluster protocol Incarnation Number : 1
Cluster protocol Last Sent Sequence Number : 1355098374
Cluster protocol Last Received Sequence Number : 1355089899
Current AC View of AppNav Controller
Current SN View of AppNav Controller
Displaying Detailed Information About Service Node Groups and Service Nodes
Use the show service-insertion service-node-group [ sng_name | all] command to display detailed information about service node groups and individual service nodes. You can also use this command to check the status of individual application accelerators.
The output of this command shows the following:
- Cluster protocol information. The last sent sequence number and the last received sequence number values should be increasing continuously.
- Number of service nodes and associated service contexts.
- Status of each service node, which can be either Alive or Dead
- Load state, which displays the health of the application accelerators. The load state can be one of the following:
– green—application accelerator is functional and accepting new flows
– yellow—application accelerator is functional but not accepting new flows
– red—application accelerator is not functional
- Overall availability of the service node group for each application accelerator
router# show service-insertion service-node-group
Service Node Group name : sng1
Member Service Node count : 1
Service Node (SN) : 21.0.0.149
Current status of SN : Alive
Time current status was reached : Thu Dec 6 20:17:11 2012
Cluster protocol DMP version : 1.1
Cluster protocol incarnation number : 2
Cluster protocol last sent sequence number : 1355101043
Cluster protocol last received sequence number: 1348909100
video GREEN 0d 5h 39m 38s
SNG Availability per Accelerator
Displaying Class Maps and Policy Maps
The following commands reflect the running configuration and are useful for checking classifications without having to scan through an entire running configuration.
To display all type AppNav class maps and their matching criteria, or a specific AppNav class map and its matching criteria, use the following command:
router# show class-map type appnav [AppNav_class_name]
To display all type AppNav policy maps and their class and action mappings, or a specified policy map and its class or action mappings, use the following command:
router# show policy-map type appnav [AppNav_policy_name]
The show policy-map target service-context [ service_context_name ] command displays policy map information for service contexts. Use this command to view the flow level stats of all the class maps and policy maps that are configured under a service context. If you do not specify a service context name, the command displays all the configured class maps and policy maps.
Here are two examples:
router# show policy-map target service-context waas/1
Service-policy appnav input: p1
Class-map: c1 (match-all)
distribute service-node-group sng1
Distributed: 0 packets, 0 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 0 packets, 0 bytes
Class-map: class-default (match-any)
router# show policy-map target service-context
Service-policy appnav input: p1
Class-map: c1 (match-all)
distribute service-node-group sng1
Distributed: 0 packets, 0 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 0 packets, 0 bytes
Class-map: class-default (match-any)
Service-policy appnav input: p3
Class-map: c3 (match-all)
distribute service-node-group sng3
Distributed: 0 packets, 0 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 0 packets, 0 bytes
Class-map: class-default (match-any)
Displaying Service Context Information
To display information about service contexts, use the show service-insertion service-context [ service_context_name ] command. The output of this command displays the status of the specified service context, including the following:
- Current and last states of the Cluster Membership Manager (CMM) and FSM
- State of the cluster
- Views of the stable and current AppNav Controller and service nodes
Here is an example:
router# show service-insertion service-context waas/1
Cluster protocol ICIMP version : 1.1
Cluster protocol DMP version : 1.1
Time service context was enabled : Thu Sep 8 08:38:41 2011
Current FSM state : Operational
Time FSM entered current state : Thu Sep 8 08:48:26 2011
Last FSM state : Converging
Time FSM entered last state : Thu Sep 8 08:48:16 2011
Cluster operational state : Operational
Stable AppNav Controller View:
Current AppNav Controller View:
Displaying Data Path Statistics
Displaying AppNav Controller Group Statistics
To see the number of “keepalives” sent to the other AppNav Controllers and received from the other AppNav Controllers and other statistics related to the AppNav Controller group, use the following command:
router# show service-insertion statistics appnav-controller-group
Appnav Controller Group : acg
Number of AppNav Controllers : 2
Aggregate Appnav Controller statistics
--------------------------------------
Time since statistics were last reset/cleared : 0d 5h 47m 14s
Aggregate number of keepalives sent to ACs : 168484
Aggregate number of keepalives received from ACs : 166372
Aggregate number of invalid keepalives received :
Incompatible ICIMP version : 0
Authentication Failed : 0
Aggregate number of times liveliness lost with ACs : 1
Aggregate number of times liveliness gained with ACs : 2
Displaying Per Service Node and Service Node Group Statistics
To show the connections, packets, and bytes sent to each service node, use the following command:
router# show service-insertion statistics service-node [IP_address]
To show the aggregated connections, packets, and bytes sent to each service node group, use this command:
router# show service-insertion statistics service-node-group [NAME]
Here is an example:
router# show service-insertion statistics service-node
Statistics for Service Node 21.0.0.149
-------------------------------------------------------
Time since statistics were last reset/cleared: 0d 18h 7m 54s
Number of probe requests sent to SN : 326024
Number of probe responses received from SN : 326014
Number of invalid probe responses received:
Incompatible DMP version : 0
Authentication failed : 0
Number of times liveliness lost with SN : 0
Number of times liveliness regained with SN :1
Time since statistics were last reset/cleared: 0d 18h 8m 24s
Number of load updates received from CMM: 4
Number of erroneous load updates: 0
Time since last load update was received: 0d 14h 32m 43s
Load stats for Service Node 21.0.0.149
---------------------------------------------
Accelerator state transition statistics
---------------------------------------
Time since Accl load stats were last cleared: 0d 18h 8m 24s
Accl Current Previous Red Yellow Green
Traffic distribution statistics for service node 21.0.0.149
----------------------------------------------------------
Time since distribution stats were last cleared: 0d 18h 8m 24s
Initial Redirects Accepted : 2
Initial Redirect -> Passthrough : 0
Redirect -> Passthrough : 0
The important statistics are as follows:
- Probe Requests: The number of heartbeats sent to the service node.
- Probe Responses: The number of heartbeats received from the service node.
- Redirected Bytes: The number of bytes redirected to the service node.
- Redirected Packets: The number of data packets redirected to the service node.
- Received Bytes: The number of bytes received from the service node.
- Received Packets: The number of data packets received from the service node.
- Initial Redirects: The number of times that the SYN packet (the first packet for requesting connection in a TCP flow) was redirected to the service node.
- Initial Redirects Accepted: The number of times that the service node decided to optimize on SYN packet.
- Initial Redirects -> Passthrough: The number of times that the service node decided to pass-through on SYN packet.
- Redirect -> Passthrough: The number of times that the service node decided to pass-through a flow after it was initially accepted for optimize (e.g. due to lack of peer).
Displaying Service Context Statistics
To display statistics about the service context, use the show service-insertion statistics service-context [ name ] command. The output of this command displays the time spent in each FSM state by the CMM and the amount of time that each service context has been in each FSM state.
Here is an example:
Router# show service-insertion statistics service-context
Time spent in various FSM states
Converging : 0d 0h 0m 31s
Initializing : 0d 0h 0m 0s
Operational : 1d 19h 27m 53s
Internal Error : 0d 0h 0m 0s
Admin Disabled : 0d 0h 0m 0s
Number of entries into Converging State: 3
Number of entries into Initializing State: 1
Number of entries into Operational State: 3
Number of entries into Degraded State: 0
Number of entries into Internal Error State: 0
Number of entries into Admin Disabled State: 0
Displaying Flow Statistics
To query the flows in the flow table and to optionally filter the output by using specific criteria, use the following command:
router# show service-insertion statistics connection [[summary] | [vrf-name name] [client-ip IP_address] [client-port port_number] [server-ip IP_address] [server-port port_number] [detail]]
As part of the flow query, the following information for every flow is available:
- Client IP address, client TCP port and server IP address, server TCP port number
- Service node IP address, passthrough
- VRF name
Here is an example:
router# show service-insertion statistics connection
Collecting Records. Please wait...
Client Server SN-IP VRF-Name
51.0.222.4:64234 11.0.0.3:80 21.0.0.104 br_vrf
51.0.222.4:22415 11.0.0.3:80 21.0.0.104
51.0.222.4:15264 11.0.0.3:80 21.0.0.104
51.0.222.4:37759 11.0.0.3:80 21.0.0.104
51.0.222.4:55408 11.0.11.2:23 Passthrou
If you include the detail keyword, the report also displays the following on a per flow basis:
- Presence of session (3T) or App (2T) association
- Application ID
- Peer ID
The following is an example:
router# show service-insertion statistics connection detail
Collecting Records. Please wait...
Client: 192.168.80.4:60973
Server: 192.168.180.4:135
Service Node IP: 172.16.0.2
Flow association: 2T:No,3T:No
Peer-ID: 00:21:5e:76:65:08
Client: 192.168.80.4:60959
Server: 192.168.180.4:1092
Service Node IP: 172.16.0.2
Flow association: 2T:Yes,3T:Yes
Peer-ID: 00:21:5e:76:65:08
If you include the summary keyword, the report displays only the number of 2T and 3T entries, the number of optimized flows, the number of passthrough flows, and the number of flow synchronization failures due to VRF config mismatch on the AppNav Controllers.
The following is an example:
router# show service-insertion statistics connection summary
Number of 2T optimized flows = 0
Number of 3T optimized flows = 0
Number of optimized flows = 3
Number of pass-through flows = 1
Flow sync failures due to vrf mismatch = 0
You can also use the show platform software command. It works exactly the same as the show service-insertion statistics command, but it can also be used to query the flows on the standby FP.
router# show platform software appnav-controller <f0 | f1 | fp active | fp standby> connections …
Displaying Application and Session Statistics
To query the application and session entries and to optionally filter the output by using specific criteria, use the following command:
router# show service-insertion statistics sessions [[vrf-name name] [client-ip IP_address][server-ip IP_address] [server-port port_number] [detail]]
Application entries do not have client or service node IP addresses.
Here is an example:
router# show service-insertion statistics sessions
Collecting Records. Please wait...
Client Server SN-IP VRF-Name
N/A 192.168.180.4:1092 N/A
192.168.80.4:0 192.168.180.4:1092 172.16.0.2
If you include the detail keyword, the report also displays the application ID and the time since the last activity.
Here is an example:
Router# show service-insertion statistics sessions detail
Collecting Records. Please wait...
Server: 192.168.180.4:1098
Service Node IP: 172.16.0.2
Time since last activity : 0hr 36min 30sec
Server: 192.168.180.4:1098
Time since last activity : 0hr 36min 30sec
You can also use the show platform software command. It works exactly the same as the show service-insertion statistics command, but it can also be used to query the application and session entries on the standby FP.
router# show platform software appnav-controller <f0 | f1 | fp active | fp standby> sessions …
Displaying Classification Statistics
Use the show policy-map target service-context [ service_context_name ] command to view the flow level statistics of all the class maps and policy maps that are configured under a service context. If you do not enter a service context name, the system displays all the configured class maps and policy map output.
The following are examples:
router# show policy-map target service-context waas/1
Service-policy appnav input: p1
Class-map: c1 (match-all)
distribute service-node-group sng
Distributed: 313450 packets, 135820480 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 313450 packets, 135820480 bytes
Class-map: c2 (match-all)
Distributed: 0 packets, 0 bytes
Passed through: 40 packets, 30000 bytes
Aggregate: 40 packets, 30000 bytes
Class-map: class-default (match-any)
router# show policy-map target service-context
Service-policy appnav input: p1
Class-map: c1 (match-all)
distribute service-node-group sng1
Distributed: 0 packets, 0 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 0 packets, 0 bytes
Class-map: class-default (match-any)
Service-policy appnav input: p3
Class-map: c3 (match-all)
distribute service-node-group sng3
Distributed: 0 packets, 0 bytes
Passed through: 0 packets, 0 bytes
Aggregate: 0 packets, 0 bytes
Class-map: class-default (match-any)
Displaying Pass Through Reason Statistics
To view the passthrough reason statistics aggregated for all the classes of a policy associated with the specified service context, use the following command:
router# show policy-map target service-context context_name passthru-reason
To view the passthrough reason statistics for a particular class of a policy associated with the specified service context, use the following command:
router# show policy-map target service-context context_name class class_name passthru-reason
Here is an example:
router# show policy-map target service-context waas/1 class c4 passthru-reason
Service-policy appnav input: p4
Class-map: c4 (match-all)
distribute service-node-group sng4
Distributed: 11 packets, 222 bytes
Passed through: 100 packets, 22000 bytes
Aggregate: 111 packets, 22222 bytes
Passthrough Reasons Packets Bytes
------------------------ ------- - ------
PT Flow Learn Failure 0 0
Passthrough Reasons Packet Bytes
------------------------ ------- - ------
PT AD Version Mismatch 0 0
PT AD AO Incompatible 0 0
PT DM Version Mismatch 0 0
PT Non-optimizing Peer 0 0
PT SN Interception ACL 0 0
PT IP Fragment Unsupported 0 0
Displaying Alarms
Use the following command to display the alarms seen on the AppNav Controller. The detail option gives a brief explanation of each alarm and the support option gives a longer explanation along with a recommended action.
router# show service-insertion alarms [critical | major | minor] [detail [support]]
The following is an example:
router# show service-insertion alarms detail
Alarm Instance Alm ID Module AC/SN IP Addr AO SNG
1 degraded_cluster 29002 cmm N/A N/A N/A
Cluster protocol detected inconsistency in AC view of peer ACs. Device will pass-through all new connections.
Alarm Instance Alm ID Module AC/SN IP Addr AO SNG
1 ac_unreachable 29006 cmm 192.168.1.11 N/A N/A
Cluster protocol on device cannot communicate with peer AC ("192.168.1.11").
2 sn_unreachable 29007 cmm 192.168.2.31 N/A N/A
Cluster protocol on device cannot communicate with peer SN ("192.168.2.31").
3 sng_unavailable 30001 fdm N/A N/A sng1
Service Node Group ("sng1") has become unavailable.
4 sng_ao_unavailable 30000 fdm N/A sslsng
Service Node Group ("sng") has become unavailable for accelerator - ("ssl").