Search


print PDF Ireland

Basic status information from Cisco ACE box


This guide provides a simple overview of how to obtain status information about connections, internal databases, such as arp or sticky, protocol statistics or about resource usage. We will also introduce you to capturing data on specified interface as a method of troubleshooting.

Obtaining connection information


Listing active connections by port:
rbx-99-6k-ace-1/vrack2070# show conn port 80

conn-id np dir proto vlan source destination state

295812 1 in TCP 123 78.8.249.76:5747 188.165.125.115:80 ESTAB
370332 1 out TCP 2070 10.20.70.101:80 10.20.70.254:14164 ESTAB
191359 2 in TCP 123 78.8.249.77:55089 188.165.125.115:80 ESTAB
-- - - — — — — --



Connections by rserver:
rbx-99-6k-ace-1/vrack2070# sh conn rserver SERVER1

conn-id np dir proto vlan source destination state

387673 1 in TCP 123 78.8.249.76:5998 188.165.125.115:80 ESTAB
364250 1 out TCP 2070 10.20.70.101:80 10.20.70.254:14171 ESTAB



Other usable options: connection list by protocol, address/netmask, or serverfarm:
rbx-99-6k-ace-1/vrack2070# show conn protocol tcp

rbx-99-6k-ace-1/vrack2070# sh conn address 78.8.249.76 netmask 255.255.255.255

rbx-99-6k-ace-1/vrack2070# sh conn serverfarm FARM_WEB


All connection details:
rbx-99-6k-ace-1/vrack2070# show conn detail

total current connections : 5

conn-id np dir proto vlan source destination state

360790 1 in TCP 123 78.8.249.76:3758 188.165.125.125:22 ESTAB
[ idle time : 00:00:00, byte count : 16313 ]
[ elapsed time: 00:04:54, packet count: 221 ]
92023 1 out TCP 123 188.165.125.125:22 78.8.249.76:3758 ESTAB
[ conn in reuse pool : FALSE]
[ idle time : 00:00:00, byte count : 19662 ]
[ elapsed time: 00:04:54, packet count: 161 ]
191359 2 in TCP 123 78.8.249.77:55089 188.165.125.115:80 ESTAB
[ idle time : 00:02:14, byte count : 100 ]
[ elapsed time: 00:02:14, packet count: 2 ]
-- - - — — — — --
304827 2 in TCP 123 78.8.249.76:5997 188.165.125.115:80 ESTAB
[ idle time : 00:00:02, byte count : 637 ]
[ elapsed time: 00:00:02, packet count: 4 ]
315320 2 out TCP 2070 10.20.70.101:80 10.20.70.254:14583 ESTAB
[ conn in reuse pool : FALSE]
[ idle time : 00:00:02, byte count : 604 ]
[ elapsed time: 00:00:02, packet count: 3 ]



Sticky database


Listing entries in database:
rbx-99-6k-ace-1/vrack2070# show sticky database
sticky group : StickyGroup1?
type : HTTP-COOKIE
timeout : 3600 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
-----------------------------------------------------------------+-------+
12411268269029278684 SERVER1:0 53118 -
sticky group : StickyGroup1?
type : HTTP-COOKIE
timeout : 3600 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
-----------------------------------------------------------------+-------+
14410415696288591616 SERVER1:0 215830 -


Listing by a cookie value:
Connect to the farm (example configuration was descriped in ((VrackLoadBalancingACESimpleSticky ) using your browser which allows cookies. Refresh the website, then you'll see the cookie value displayed:
Got cookie: CookieACE = 2356


Now, when cookie value is known you could list database entries by this value:
rbx-99-6k-ace-1/vrack2070# show sticky database http-cookie 2356
sticky group : StickyGroup1?
type : HTTP-COOKIE
timeout : 3600 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
-----------------------------------------------------------------+-------+
14410415696288591616 SERVER1:0 215754 -


ARP table


Entries from the ARP table can be shown this way:
rbx-99-6k-ace-1/vrack2070# show arp


Context vrack2070
================================================================================
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
188.165.125.115 00.21.a0.82.81.41 vlan123 VSERVER LOCAL _ up
188.165.125.125 00.21.a0.82.81.41 vlan123 INTERFACE LOCAL _ up
188.123.123.124 00.11.c4.14.13.20 vlan123 GATEWAY 1443 105 sec up
10.20.70.2 00.11.c4.14.13.20 vlan2070 LEARNED 1463 7947 sec up
10.20.70.3 00.11.c4.14.13.20 vlan2070 LEARNED 1465 7959 sec up
10.20.70.4 00.11.c4.14.13.20 vlan2070 LEARNED 1446 1846 sec up
10.20.70.10 00.21.a0.82.81.41 vlan2070 INTERFACE LOCAL _ up
10.20.70.101 00.11.c4.14.13.20 vlan2070 RSERVER 1470 176 sec up
10.20.70.100 00.11.c4.14.13.20 vlan2070 LEARNED 1461 4971 sec up
10.20.70.101 00.11.c4.14.13.20 vlan2070 RSERVER 1472 193 sec up
10.20.70.1011 00.11.c4.14.13.20 vlan2070 LEARNED 1452 4178 sec up
10.20.70.254 00.21.a0.82.81.41 vlan2070 NAT LOCAL _ up
================================================================================
Total arp entries 12


Capturing packets on ACE in realtime

To capture data on ACE, follow those few steps:
- create input filter access-list
- run capture
- view capture stats
- stop capture and view capture details

Creating an access-list
Assume we want to follow the TCP packets destined to port :80 (http):
rbx-99-6k-ace-1/vrack2070(config)# access-list WWW line 1 extended permit tcp any any eq www


Running capture
Create a capture:
rbx-99-6k-ace-1/vrack2070# capture CAPT1 all access-list WWW


Run the capture:
rbx-99-6k-ace-1/vrack2070# capture CAPT1 start


Now, we can see on the console capture packets:
rbx-99-6k-ace-1/vrack2070# 13:23:09.722257 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 58: 188.165.125.115.80 > 78.8.249.76.60977: S [bad tcp cksum fc8b!] 3348706231:3348706231(0) ack 3659448056 win 32768 <mss 1460> (ttl 255, id 50882, len 44, bad cksum d0a!)
13:23:09.773021 0:24:c4:b2:16:80 0:21:a0:82:8e:41 0800 60: 78.8.249.76.60977 > 188.165.125.115.80: . [tcp sum ok] ack 1 win 5840 (DF) (ttl 58, id 39008, len 40)
13:23:09.789337 0:24:c4:b2:16:80 0:21:a0:82:8e:41 0800 511: 78.8.249.76.60977 > 188.165.125.115.80: P [tcp sum ok] 1:458(457) ack 1 win 5840 (DF) (ttl 58, id 39009, len 497)
13:23:09.789794 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 54: 188.165.125.115.80 > 78.8.249.76.60977: . [bad tcp cksum 1449!] ack 458 win 32311 (ttl 255, id 50883, len 40, bad cksum d577!)
13:23:09.791068 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 58: 10.20.70.254.14586 > 10.20.70.101.80: S [bad tcp cksum c571!] 2456020937:2456020937(0) win 32768 <mss 960> (ttl 255, id 50884, len 44, bad cksum 7376!)
13:23:09.802221 0:30:48:fb:b7:a2 0:21:a0:82:8e:41 0800 60: 10.20.70.101.80 > 10.20.70.254.14586: S [tcp sum ok] 3539703509:3539703509(0) ack 2456020938 win 5840 <mss 1460> (DF) (ttl 64, id 0, len 44)
13:23:09.802475 0:21:a0:82:8e:41 0:30:48:fb:b7:a2 0800 54: 10.20.70.254.14586 > 10.20.70.101.80: . [bad tcp cksum 7158!] ack 1 win 32768 (ttl 255, id 50885, len 40, bad cksum 3b0d!)
13:23:09.802712 0:21:a0:82:8e:41 0:30:48:fb:b7:a2 0800 539: 10.20.70.254.14586 > 10.20.70.101.80: P 1:486(485) ack 1 win 32768 (ttl 255, id 50886, len 525, bad cksum e6b7!)
13:23:09.803130 0:30:48:fb:b7:a2 0:21:a0:82:8e:41 0800 60: 10.20.70.101.80 > 10.20.70.254.14586: . [tcp sum ok] ack 486 win 6432 (DF) (ttl 64, id 59291, len 40)


Viewing capture statistics
rbx-99-6k-ace-1/vrack2070# sh capture CAPT1 status
Capture session : CAPT1
Buffer size : 64 K
Circular : no
Buffer usage : 11.00%
Status : running


Stop capture, view details and final statistics
To display more detailed information, the capture must be first stopped:
rbx-99-6k-ace-1/vrack2070# capture CAPT1 stop


Now we can display messages and connections:
rbx-99-6k-ace-1/vrack2070# show capture CAPT1
0001: msg_type: ACE_HIT ace_id: 7842 action_flag: 0x3
0002: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0
0003: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0
0004: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0
0005: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0
0006: msg_type: CON_SETUP con_id: 1459994384 out_con_id: 503646368
0007: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0
0008: msg_type: PKT_RCV con_id: 503646368 other_con_id: 0
0009: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0
0010: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0
...


Useful feature - displaying full dump of pkts hex/text of specified connection by ID:
rbx-99-6k-ace-1/vrack2070# show capture CAPT1 detail connid 1459994384
0002: msg_type: PKT_XMT
con_id: 1459994384 other_con_id: 0
message_hex_dump:
0x0000: 4020 004c 0050 8034 0004 010e 0000 0080 @..L.P.4........
0x0010: 0004 0024 c4b2 1680 0021 a082 8e41 0800 ...$.....!...A..
0x0020: 4500 002c c6c2 0000 ff06 0d0a bca5 7d73 E..,..........}s
0x0030: d5fb 888b 0050 ee31 c799 33b7 da1e bef8 .....P.1..3.....
0x0040: 6012 8000 0000 0000 0204 05b4 `...........

0003: msg_type: PKT_RCV
con_id: 1459994384 other_con_id: 0
message_hex_dump:
0x0000: 0900 004e 0050 8034 0034 810e 0011 0e90 ...N.P.4.4......
0x0010: 0000 0021 a082 8e41 0024 c4b2 1680 0800 ...!...A.$......
0x0020: 4500 0028 9860 4000 3a06 0fd0 d5fb 888b E..(.`@.:.......
0x0030: bca5 7d73 ee31 0050 da1e bef8 c799 33b8 ..}s.1.P......3.
0x0040: 5010 16d0 7d79 0000 0000 0000 0000 P...}y........

0004: msg_type: PKT_RCV
con_id: 1459994384 other_con_id: 0
message_hex_dump:
0x0000: 0900 0211 0050 8034 0034 810e 0011 0e90 .....P.4.4......
0x0010: 0000 0021 a082 8e41 0024 c4b2 1680 0800 ...!...A.$......
0x0020: 4500 01f1 9861 4000 3a06 0e06 d5fb 888b E....a@.:.......
0x0030: bca5 7d73 ee31 0050 da1e bef8 c799 33b8 ..}s.1.P......3.
0x0040: 5018 16d0 fa55 0000 4745 5420 2f31 2f20 P....U..GET./1/.
0x0050: 4854 5450 2f31 2e31 0d0a 486f 7374 3a20 HTTP/1.1..Host:.
0x0060: 3138 382e 3136 352e 3132 352e 3131 350d 188.165.125.115.
0x0070: 0a55 7365 722d 4167 656e 743a 204d 6f7a .User-Agent:.Moz

0005: msg_type: PKT_XMT
con_id: 1459994384 other_con_id: 0
message_hex_dump:
0x0000: 4020 0048 0050 8034 0004 010e 0000 0080 @..H.P.4........
0x0010: 0004 0024 c4b2 1680 0021 a082 8e41 0800 ...$.....!...A..
0x0020: 4500 0028 c6c3 0000 ff06 d577 bca5 7d73 E..(.......w..}s
0x0030: d5fb 888b 0050 ee31 c799 33b8 da1e c0c1 .....P.1..3.....
0x0040: 5010 7e37 0000 0000 P.~7....


Copying capture data
If you want to use capture data later, you should copy it to the disk (or via ftp/sftp/tftp):
rbx-99-6k-ace-1/vrack2070# copy capture CAPT1 disk0: CAPTURE1


Additional documents

-Cisco Application Control Engine Module Load Balancing Guide