Wireless Access

Reply
Contributor I
Posts: 37
Registered: ‎06-17-2011

How to see Connection number?

Hi,

 

Is there any method to see connection number, aka conntrack number? I would like to see the connection stats about the statefull router performance?

 

Thanks in advance.

 

Husnu Demir.

MVP
Posts: 399
Registered: ‎07-26-2011

Re: How to see Connection number?

Try running :

 

#show datapath session counters

 

Does this provide the output you require?

ACMA, ACMP
If my post addresses your query, give kudos:)
Contributor I
Posts: 37
Registered: ‎06-17-2011

Re: How to see Connection number?

Thanks a lot.

 

http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-show-datapath-session-table/td-p/1570

 

Also gave detail info. I will look at more detailed.

 

Husnu Demir.

 

Contributor I
Posts: 37
Registered: ‎06-17-2011

Re: How to see Connection number?

[ Edited ]

A minor question comes up?

 

According to these stats what is MAX, What is Total. I mean how to understand these values?

 

Thanks in advance.

 

Husnu Demir.

 

 

show datapath session counters

Datapath Session Table Statistics
---------------------------------
Current Entries 112826
High Water Mark 130829
Maximum Entries 524287
Total Entries 3963558
Allocation Failures 0
Duplicate Entries 0
Cross linked Entries 0
No Reverse Entries 0
Max link length 128
Aged Entries 3969972
Stale Entries 0

 

 

PS: I Know this:

 

Displays counters statistics including current entries, high water mark, maximum entries,
total entries, allocation failures, duplicate entries, cross linked entries, number of reverse
entries and maximum link length.

 

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: How to see Connection number?

Maximum Entries is the maximum amount the controller can support

Total is the amount of entries over time that the controller has seen

 

You can clear those too by using the clear datapath session counters.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 37
Registered: ‎06-17-2011

Re: How to see Connection number?

So this means that I have about 524287 entry and above this level It will start to drop?

 

I have enabled statefull firewall and I am seeing lots of drop? But I know that these flows started from the inside. Can it be early timeout? Is there  a place to see timeout values?

 

Thanks in advance.

 

Husnu Demir.

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: How to see Connection number?

 

Where are you seeing these drops ?

 

You should do a show  datapath route and show  datapath route-cache ?

 

It depends of what type of timeouts you are looking for?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 37
Registered: ‎06-17-2011

Re: How to see Connection number?

Let me explain a little bit? I am using the controller as a router and wrote an ACL for that. No user database. Today I saw lots of drops on the states that not initiated from inside. e.g.

 

udp 17 161 src=10.10.16.139 dst=31.59.94.201 sport=19489 dport=46173 src=31.59.94.201 dst=10.10.16.139 sport=46173 dport=19489 [ASSURED] mark=0 use=1

 

related packet dropped by aruba is:

 

May 22 16:56:19 :124006: <WARN> |authmgr| {15698740} UDP srcip=31.59.94.201 srcport=46173 dstip=10.10.16.139 dstport=19489, action=deny, policy=wrd_mgmt_dny

 

I changed the src IP addresses. So there seems to be something wrong. I like to find it.

 

 

show datapath user counters

Datapath User Table Statistics
------------------------------
Current Entries(L2) 0
Current Entries(L3-v4) 5
Current Entries(L3-v6) 0
Total Current Entries(L2,L3) 5
Pending Deletes 0
High Water Mark 10166
Maximum Entries 65535
Total Entries 20329
Allocation Failures 0
Max link length 4

Aggregated User Entry Statistics
--------------------------------
Current Entries 5
High Water Mark 10161
Alloc Failures 0
Maximum Entries 12287
Total Entries 20319

Invalid/Denied V4 Users 80
Invalid/Denied V6 Users 0
Force Delete(IPIP) 0
Mac Mismatch 0
User L2 add fail 0
User L3 add fail 0
User L2 del fail 0
User L3 del fail 0
Pending User del High 10161

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: How to see Connection number?

[ Edited ]

 

Please share the output of the following of this command :

 

show  datapath route

 

And your ACL and where do you have it applied

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I
Posts: 37
Registered: ‎06-17-2011

Re: How to see Connection number?

Better not to give public on the list. Can I send this in private?

Search Airheads
Showing results for 
Search instead for 
Did you mean: