Wireless Access

Hi,

Is there any method to see connection number, aka conntrack number? I would like to see the connection stats about the statefull router performance?

Thanks in advance.

Husnu Demir.

Try running :

#show datapath session counters

Does this provide the output you require?

Thanks a lot.

http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-show-datapath-session-table/td-p/1570

Also gave detail info. I will look at more detailed.

Husnu Demir.

A minor question comes up?

According to these stats what is MAX, What is Total. I mean how to understand these values?

Thanks in advance.

Husnu Demir.

show datapath session counters

Datapath Session Table Statistics
---------------------------------
Current Entries 112826
High Water Mark 130829
Maximum Entries 524287
Total Entries 3963558
Allocation Failures 0
Duplicate Entries 0
Cross linked Entries 0
No Reverse Entries 0
Max link length 128
Aged Entries 3969972
Stale Entries 0

PS: I Know this:

Displays counters statistics including current entries, high water mark, maximum entries,
total entries, allocation failures, duplicate entries, cross linked entries, number of reverse
entries and maximum link length.

Maximum Entries is the maximum amount the controller can support

Total is the amount of entries over time that the controller has seen

You can clear those too by using the clear datapath session counters.

So this means that I have about 524287 entry and above this level It will start to drop?

I have enabled statefull firewall and I am seeing lots of drop? But I know that these flows started from the inside. Can it be early timeout? Is there  a place to see timeout values?

Thanks in advance.

Husnu Demir.

Where are you seeing these drops ?

You should do a show  datapath route and show  datapath route-cache ?

It depends of what type of timeouts you are looking for?

Let me explain a little bit? I am using the controller as a router and wrote an ACL for that. No user database. Today I saw lots of drops on the states that not initiated from inside. e.g.

udp 17 161 src=10.10.16.139 dst=31.59.94.201 sport=19489 dport=46173 src=31.59.94.201 dst=10.10.16.139 sport=46173 dport=19489 [ASSURED] mark=0 use=1

related packet dropped by aruba is:

May 22 16:56:19 :124006: <WARN> |authmgr| {15698740} UDP srcip=31.59.94.201 srcport=46173 dstip=10.10.16.139 dstport=19489, action=deny, policy=wrd_mgmt_dny

I changed the src IP addresses. So there seems to be something wrong. I like to find it.

show datapath user counters

Datapath User Table Statistics
------------------------------
Current Entries(L2) 0
Current Entries(L3-v4) 5
Current Entries(L3-v6) 0
Total Current Entries(L2,L3) 5
Pending Deletes 0
High Water Mark 10166
Maximum Entries 65535
Total Entries 20329
Allocation Failures 0
Max link length 4

Aggregated User Entry Statistics
--------------------------------
Current Entries 5
High Water Mark 10161
Alloc Failures 0
Maximum Entries 12287
Total Entries 20319

Invalid/Denied V4 Users 80
Invalid/Denied V6 Users 0
Force Delete(IPIP) 0
Mac Mismatch 0
User L2 add fail 0
User L3 add fail 0
User L2 del fail 0
User L3 del fail 0
Pending User del High 10161

Please share the output of the following of this command :

show  datapath route

And your ACL and where do you have it applied

Better not to give public on the list. Can I send this in private?