• Downloads
• Verifying the Flow Bypass Feature    

• Related Topics
• Enabling the Flow Bypass Feature
• scio const
• scio counter
• scio subs
• scio var

Verifying the Flow Bypass Feature

Purpose

You can use the command-line interface (CLI) to verify successful implementation of the flow bypass feature.

Action

To verify successful implementation of the flow bypass feature:

1. Log into the CLI as admin and enter su - to switch to root.
2. Enter the following command to verify the feature is enabled:
   
   

   [root@defaulthost admin]# scio subs status s0

   Status for subs 's0'
    up since - Mon Apr 27 13:11:43 2009
    Packets/second: 6873       peak: 251741 @ Mon Apr 27 16:17:31 2009
    KBits/second:   2953       peak: 108170 @ Mon Apr 27 16:17:31 2009
    Packets received: icmp 1121, tcp 2823211, udp 1855862, other 0
    Current flows: icmp 0, tcp 0, udp 98905, other 0
    Current sessions: icmp 0, tcp 0, udp 40481, other 0
    Current bypassed flows : 45076
    Current bypass mode : ON
    Latency Statistics (time in micro seconds):
     Min: 0  Max: 0  Ave: 0
    Performance statistics
     Average packet lifetime:
     Cycles: 0 Instructions: 0 CPI: 0.00 Cache misses: 0 hits: 0
    Current policy: idpengine v0

   The scio subs status command returns details on whether flow bypass is enabled and the number of flows currently marked for flow bypass (if any).

3. Enter the following command to display the current system packet queue size and IDP engine packet queue size:
   
   

   [root@defaulthost admin]# scio var -s s0 sc_bypass_counts

   sc_bypass_counts:
   |   System PktRxQueue Count  /  EnginePktRxQueue Count  |
   |----------------------------+--------------------------|
      103441 / 103441 
      103415 / 103415 
      103411 / 103411 
      103372 / 103372 
      103466 / 103466  

   This is not a count of flows that have been bypassed, rather the running packet count used in the calculation to trigger flow bypass. When the flow bypass feature is enabled and functioning properly, the counts will increment and decrement. The first number is the number of packets in the queue for all IDP engines (the system count). The second number is the number of packets in the queue for the particular IDP engine.

4. Enter the following command to verify the system packet size rising threshold:
   
   

   [root@defaulthost admin]# scio const -s s0:flow get sc_flow_bypass_threshold_hi

   scio: sc_flow_bypass_threshold_hi = 0x5a
   [root@defaulthost admin]#

   The command returns the rising packet size threshold (percent).

5. Enter the following command to verify the system packet size reset threshold:
   
   

   [root@defaulthost admin]# scio const -s s0:flow get sc_flow_bypass_threshold_low

   scio: sc_flow_bypass_threshold_low = 0x50
   [root@defaulthost admin]#

   The command returns the reset packet size threshold (percent).

6. Enter the following command to display statistics for any current flows marked for flow bypass:
   
   

   [root@defaulthost admin]# scio var -s s0 sc_bypass_flow_table

   sc_bypass_flow_table:
   |   Source IP   |  Port | Destination IP |  Port |FSt| Dir |Xtra info| VLAN | Timeout |
   |---------------+-------+----------------+-------+---+-----+---------+------+---------|
   [8.0.0.51         14253] [8.0.0.201        24253]  B   CTS      -     0      39/60
   [8.0.0.201        24253] [8.0.0.51         14253]  B   STC      -     0      39/60
   

   The command returns details of current flows marked for flow bypass.

7. Enter the following command to display counters related to flow bypass:
   
   

   [root@defaulthost admin]# scio counter get flow

   Name                            Value
   sc_flow_fast_path               2526998
   sc_flow_slow_path               196631
   sc_flow_icmp_error              0
   sc_flow_session_failed          0
   sc_flow_session_deleted         0
   sc_flow_session_ageout          0
   sc_flow_ageout_in_use           0
   sc_flow_ageout_in_fpga          0
   sc_flow_delete_wrong_cookie     0
   sc_flow_delete_null_session     0
   sc_flow_packet_log              0
   sc_flow_busy_packet             0
   sc_flow_out_of_order            0
   sc_flow_device_fifo_size        0
   sc_flow_device_fifo_overflow    0
   sc_flow_policy_cache_hit        0
   sc_flow_policy_cache_miss       11519
   sc_flow_hash_collision_max      8192
   sc_flow_hash_collision          4095
   sc_flow_ha_flip                 0
   sc_flow_bad_udp_csum            0
   sc_flow_gate_add                0
   sc_flow_gate_found              0
   sc_flow_cookie_unmatched        0
   sc_flow_tag_cookie_unmatched    0
   sc_flow_sm_cookie_unmatched     0
   sc_flow_idp_cookie_unmatched    0
   sc_flow_tag_cookie_unmatched_no 0
   sc_flow_go_away                 0
   sc_flow_wrong_sm_index          0
   sc_flow_periodic_stat_update    15764
   sc_flow_stack_max_usage         0
   sc_avt_update_drop_sess         1
   sc_avt_update_drop_nobuf        862
   sc_avt_update_flow_init         0
   sc_avt_update_flow_fini         7264
   sc_avt_update_flow_stat         14901
   sc_avt_buf_size                 478
   sc_flow_bypass_flows            185103
   sc_flow_bypass_mode_on          3
   sc_flow_bypass_mode_off         2

   The command returns counts related to flow statistics. Table 1 describes the counters related to flow bypass.

   Table 1: scio counters Related to Flow Bypass

   Counter	Description
   sc_flow_bypass_flows	Total number of flows marked for flow bypass.
   sc_flow_bypass_mode_on	Number of times flow bypass mode was triggered.
   sc_flow_bypass_mode_off	Number of times flow bypass mode was reset.