Monitoring IP
This section explains how to set a statistics baseline and use the show commands to view your IP configuration and monitor IP interfaces and statistics.
System Event Logs
To troubleshoot and monitor IP, use the following system event logs:
- ipAccessList—IP access list matching
- ipEngine—IP chassis manager
- ipGeneral— IP general information
- ipIfCreator—IP interface creator events
- ipInterface—IP interface events
- ipNhopTrackerGeneral—Next-hop tracker for IP shared interfaces
- ipProfileMgr—IP profile manager events
- ipRoutePolicy— IP routing policy events
- ipRouteTable—IP routing table events
- ipTraffic—IP frame transmit and receive events
- ipTunnel—IP tunnel events
For more information about using event logs, see the JUNOSe System Event Logging Reference Guide.
Establishing a Baseline
IP statistics are stored in system counters. The only way to reset the system counters is to reboot the router. You can, however, establish a baseline for IP statistics by setting a group of reference counters to zero.
baseline ip
- Use to set a statistics baseline for IP statistics. Baselining is not supported for IP socket statistics.
- The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.
- Use the delta keyword with IP show commands to specify that baselined statistics are to be shown.
- Example
host1#baseline ip
baseline ip udp
- Use to set a statistics baseline for UDP statistics.
- The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.
- Use the delta keyword with IP show commands to specify that baselined statistics are to be shown.
- Example
host1#baseline ip udp
baseline tcp
- Use to set a statistics baseline for all (both IPv4 and IPv6) TCP statistics or for only IPv4 or IPv6 statistics.
- The router implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.
- Use the ip keyword to implement a baseline for only IPv4 statistics.
- Use the delta keyword with IP show commands to specify that baselined statistics are to be shown.
- Example 1
host1#baseline tcp
host1#baseline ip tcp
IP show Commands
You can monitor the following aspects of IP using show ip commands:
To set a statistics baseline for IP interfaces, use the baseline tcp and baseline ip udp commands. Use the delta keyword with IP show commands to specify that baselined statistics are to be shown.
You can use the output filtering feature of the show command to include or exclude lines of output based on a text string that you specify. See JUNOSe System Basics Configuration Guide, Chapter 2, Command-Line Interface, for details.
show access-list
host1#show access-list
IP Access List 1:
permit ip 172.31.192.217 0.0.0.0 0.0.0.0 255.255.255.255
permit ip 12.40.0.0 0.0.0.3 0.0.0.0 255.255.255.255
deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
IP Access List 2:
permit ip 172.19.0.0 0.0.255.255 0.0.0.0 255.255.255.255
deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
IP Access List 10:
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
IP Access List 11:
deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
show arp
- Address—IP address of the entry
- Age—Time to live for this entry in seconds
- Hardware Addr—Physical (MAC) address of the entry
- Interface—Interface-specifier of the entry (for example, fastEthernet6/0 is an Ethernet interface on slot 6, port 0)
- *—Indicates that an ARP entry was added because of an arp validate command, rather than just an arp command.
host1#show arp
Address Age Hardware Addr Interface
172.31.192.217 21340 00d0.58f2.67e0 loopback1
192.168.1.0 20730 00e0.09ed.5312 fastEthernet6/0 *
192.168.1.1 12550 00e0.b06a.4c75 fastEthernet6/0 *
192.168.1.217 21600 0090.1a00.0230 fastEthernet6/0 *
192.168.1.255 21600 00f0.c2d1.1200 fastEthernet6/0 *
12.40.0.2 24320 0020.6393.4233 atm5/0.1
172.18.2.1 21600 0020.bed2.8738 atm5/1.1
172.18.2.2 21600 0020.5b91.60f2 atm5/1.1
172.31.192.206 21600 00d0.43b5.1032 atm5/1.1
show forwarding-table route-holddown
- Use to display the configured hold-down time allotted after an initial routing table change for the accumulation and subsequent distribution of a set of routing table updates to the line modules. The default value is 3 seconds; the range of values is 0–30 seconds.
- A higher hold-down setting can enhance SRP performance; however, a higher setting can also delay the implementation of routing table changes on the line modules.
- A hold-down timer value of zero (0) distributes an update after each change to the routing table.
- Example
host1#show forwarding-table route-holddown
Hold-down timer value is 3 seconds.
show ip
- IP Router Id—Router ID number
- Router Name—Router name
- Default TTL—Default IP TTL (time-to-live) value
- Reassemble Timeout—Amount of time (in minutes) IP waits for missing packet fragments before it drops the fragments it is holding
- SA Validate Trap—Whether the source address validation trap is enabled
host1#show ip
IP Router Id: 192.168.1.155
Router Name: default
Default TTL: 60
Reassemble Timeout: 30
SA Validate Trap: false
show ip address
- Use to display detailed or summary information about a particular IP interface.
- Specify a VRF name to view information for only that VRF.
- Use the brief keyword to display summary information about the interface.
- Use the detail keyword to display detailed information about the interface.
- Field descriptions
- Network Protocols—Network protocols configured on this interface
- Internet address—IP address and subnet mask of this interface
- Broadcast address—Broadcast address of this interface
- Operational MTU—MTU of this interface
- Administrative MTU—Value of the MTU if it has been administratively overridden using the configuration
- Operational speed—Speed of the interface
- Administrative speed—Value of the speed if it has been administratively overridden using the configuration
- Discontinuity Time—Value of the SysUpTime when the interface statistics last started being valid
- Router advertisement—Status of router discovery advertisement: enabled, disabled
- Proxy Arp—Status of the feature: enabled, disabled
- Administrative debounce-time—Configured debounce behavior, enabled or disabled. If enabled, indicates time in milliseconds that the router waits before generating an up or down event in response to a state change in the interface. If the state changes back before the debounce timer expires, no state change is reported.
- Operational debounce-time—Current debounce behavior, enabled or disabled. If enabled, indicates time in milliseconds that the router waits before generating an up or down event in response to a state change in the interface. If the state changes back before the debounce timer expires, no state change is reported.
- Access routing—Access route addition: enabled, disabled
- Multipath mode—Equal cost multipath mode method: hashed, round-robin
- In Received Packets, Bytes—Total number of packets and bytes received on this interface
- Unicast Packets, Bytes—Unicast packets and bytes received on the IP interface; link-local received multicast packets (non-multicast-routed frames) are counted as unicast packets
- Multicast Packets, Bytes—Multicast packets and bytes received on the IP interface which are then multicast-routed are counted as multicast packets
- In Policed Packets, Bytes—Packets and bytes that were received and dropped because of rate limits
- In Error Packets—Number of packets received with errors
- In Invalid Source Address Packets—Packets received with invalid source address (for example, spoofed packets)
- In Discarded Packets—Packets received that were discarded for reasons other than rate limits, errors, and invalid source address
- Out Forwarded Packets, Bytes—Total number of packets and bytes that were sent from this interface
- Unicast Packets, Bytes—Unicast packets and bytes that were sent from this interface
- Multicast Routed Packets, Bytes—Multicast packets and bytes that were sent from this interface
- Out Scheduler Drops Committed Packets, Bytes—Outgoing packets and bytes dropped by the scheduler even though they had a committed traffic contract
- Out Scheduler Drops Conformed Packets, Bytes—Outgoing packets and bytes dropped by the scheduler even though they conformed to the traffic contract
- Out Scheduler Drops Exceeded Packets, Bytes—Outgoing packets and bytes that were dropped by the scheduler because they exceeded the contract
- Out Policed Packets, Bytes—Outgoing packets and bytes dropped because of rate limiters
- Out Discarded Packets—Outgoing packets that were discarded for reasons other than those dropped by the scheduler and those dropped because of rate limits
host1#show ip address 10.6.136.73
fastEthernet0/0 is up, line protocol is up
Network Protocols: IP
Internet address is 10.6.136.73/255.255.128.0
Broadcast address is 255.255.255.255
Operational MTU = 0 Administrative MTU = 0
Operational speed = 1 Administrative speed = 0
Discontinuity Time = 5766
Router advertisement = disabled
Proxy Arp = disabled
Administrative debounce-time = 10 mSecs
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = hashed
In Received Packets 2849, Bytes 759428
Unicast Packets 2849, Bytes 759428
Multicast Packets 0, Bytes 0
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
In Discarded Packets 0
Out Forwarded Packets 1866, Bytes 84650
Unicast Packets 1866, Bytes 84650
Multicast Routed Packets 0, Bytes 0
Out Scheduler Drops Committed Packets 0, Bytes 0
Out Scheduler Drops Conformed Packets 0, Bytes 0
Out Scheduler Drops Exceeded Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
Out Discarded Packets 0
show ip as-path-access-list
host1#show ip as-path-access-list
AS Path Access List 1:
permit .*
AS Path Access List 2:
deny .*
AS Path Access List 3:
permit _109_
deny .*
AS Path Access List 4:
permit _109$
deny .*
AS Path Access List 10:
deny _109$
permit ^108_
deny .*
show ip community-list
host1#show ip community-list
Community List 1:
permit 752877569 (11488:1)
permit 752877570 (11488:2)
permit 752877571 (11488:3)
permit 752877572 (11488:4)
Community List 2:
permit 4294967043 (local-as)
show ip forwarding-table slot
- Use to display details on the forwarding table for a specific line module, including the memory used by each virtual router configured on the line module and free memory available on the module.
- The Load Errors field records any failed routing table distribution attempt as an error. Attempts can fail for many reasons during normal operation; a failed attempt does not necessarily indicate a problem. It is normal to see many Load Errors per day.
- If the Status field does not indicate Valid, then the routing table distribution has failed constantly for that VR. It is normal and appropriate behavior for the Status field to indicate Valid while the Load Error field increases daily.
- Field descriptions
- Free Memory—Amount of routing table memory free on the line module, in kilobytes
- Virtual Router—Name of the virtual routers configured on the line module
- Memory (KB)—Amount of routing table memory consumed by the virtual router, in kilobytes
- Load Errors—Count of errors made while loading the routing table on the line module
- Status—Whether the routing table for the virtual router is valid
host1#show ip forwarding-table slot 9
Free Memory = 3,166KB
Virtual Router Memory Load Errors Status
(KB)
---------------- --------- ------------- --------
vr1 4128 0 Valid
vr2 3136 0 Valid
vr3 2256 0 Valid
default 1024 0 Valid
-----------------------------------------------------------
show ip interface
- Use to display the current state of all IP interfaces or the IP interfaces you specify.
- The default is all interface types and all interfaces.
- The show-virtual-router-keyword displays virtual router information.
- Field descriptions
- interface—Interface type and interface specifier
- interface status—Status of the interface
- line protocol—Status of the line protocol
- Description—Text description or alias if configured for the interface
- Link up/down trap—Status of SNMP link up/down traps on the interface
- Internet address—IP address of the interface
- IP Statistics Rcvd:
- local destination—Frames with this router as their destinations
- hdr errors—Number of packets containing header errors
- addr errors—Number of packets containing addressing errors
- unkn proto—Number of packets received containing unknown protocols
- discards—Number of discarded packets
- reasm ok—Number of reassembled packets
- reasm req—Number of requests for reassembly
- reasm fails—Number of reassembly failures
- frag ok—Number of packets fragmented successfully
- frag req—Number of frames requiring fragmentation
- frag fails—Number of packets unsuccessfully fragmented
- generated—Number of packets generated
- no routes—Number of packets that could not be routed
- discards—Number of packets that could not be routed that were discarded
- errors—Error packets received
- dst unreach—Packets received with destination unreachable
- time exceed—Packets received with time-to-live exceeded
- param probs—Packets received with parameter errors
- src quench—Source quench packets received
- redirect—Receive packet redirects
- echo req—Echo request (ping) packets
- echo rpy—Echo replies received
- timestamp req—Requests for a timestamp
- timestamp rpy—Replies of timestamp requests
- addr mask req—Mask requests sent
- addr mask rpy—Mask replies sent
- errors—Error packets sent
- dst unreach—Packets sent with destination unreachable
- time excd—Packets sent with time-to-live exceeded
- param probs—Packets sent with parameter errors
- src quench—Source quench packets sent
- redirect—Send packet redirects
- timestamp req—Requests for a timestamp
- timestamp rpy—Replies to timestamp requests
- addr mask req—Address mask requests
- addr mask rpy—Address mask replies
- Unicast Packets, Bytes—Unicast packets and bytes received on the IP interface; link-local received multicast packets (non-multicast-routed frames) are counted as unicast packets
- Multicast Packets, Bytes—Multicast packets and bytes received on the IP interface which are then multicast-routed are counted as multicast packets
- In Forwarded Packets, Bytes—Packets and bytes forwarded into an output IP interface
- In Total Dropped Packets, Bytes—Total number of packets and bytes that were dropped on the interface; sum of all the drop reasons indented below this field
- In Policed Packets—Packets discarded on a receive IP interface because of token bucket limiting, a drop action in a policy, or discarded MAC validation packets
- In Invalid Source Address Packets—Packets discarded on a receive IP interface due to invalid IP source address (sa-validate enabled)
- In Error Packets—Packets discarded on a receive IP interface due to IP header errors
- In Discarded Packets—Packets discarded on the ingress interface due to a configuration problem rather than a problem with the packet itself
- In Fabric Dropped Packets—Packets discarded on a receive IP interface due to internal fabric congestion
- Unicast Packets, Bytes—Unicast packets and bytes forwarded out the IP interface
- Multicast Routed Packets, Bytes—Multicast packets and bytes forwarded out the IP interface
- Out Requested Packets, Bytes—Packets and bytes requested to be forwarded out an IP interface
- Out Total Dropped Packets, Bytes—Total number of packets and bytes that were discarded on the egress interface; sum of all the drop reasons indented below this field
- Out Scheduler Drops Committed Packets, Bytes—Packets and bytes dropped by the scheduler even though they had a committed traffic contract
- Out Scheduler Drops Conformed Packets, Bytes—Packets and bytes dropped by the scheduler even though they conformed to the traffic contract
- Out Scheduler Drops Exceeded Packets, Bytes—Packets and bytes dropped by the scheduler because they exceeded the contract
- Out Policed Packets—Packets discarded on the egress interface due to rate limiting
- Out Discarded Packets—Packets discarded on the egress interface due to a configuration problem rather than a problem with the packet itself
- Out Fabric Dropped Packets—Packets dropped due to internal fabric congestion
host1#show ip interface detailfastEthernet 0/0
fastEthernet0/0 is up, line protocol is up
Description: boston00 fast ethernet interface
Link up/down trap is disabled
Internet address is 1.1.1.2/255.255.255.0
IP statistics:
Rcvd: 0 local destination
0 hdr errors, 0 addr errors
0 unkn proto, 0 discards
Frags: 0 reasm ok, 0 reasm req, 0 reasm fails
0 frag ok, 0 frag creates, 0 frag fails
Sent: 31656835 generated, 0 no routes, 0 discards
ICMP statistics:
Rcvd: 0 errors, 0 dst unreach, 0 time exceed
0 param probs, 0 src quench, 0 redirect,
0 echo req, 31656816 echo rpy
0 timestmp req, 0 timestmp rpy
0 addr mask req, 0 addr mask rpy
Sent: 0 errors, 0 dst unreach, 0 time excd
0 param probs, 0 src qnch, 0 redirect
0 timestamp req, 0 timestamp rpy
0 addr mask req, 0 addr mask rpy
In Received Packets 246220, Bytes 344624800
Unicast Packets 246162, Bytes 344621410
Multicast Packets 58, Bytes 3390
In Forwarded Packets 245464, Bytes 343566400
In Total Dropped Packets 756, Bytes 1058400
In Policed Packets 756
In Invalid Source Address Packets 0
In Error Packets 0
In Discarded Packets 0
In Fabric Dropped Packets 0
Out Forwarded Packets 117, Bytes 87297
Unicast Packets 117, Bytes 87297
Multicast Routed Packets 0, Bytes 0
Out Requested Packets 117, Bytes 87297
Out Total Dropped Packets 0, Bytes 0
Out Scheduler Drops Committed Packets 0, Bytes 0
Out Scheduler Drops Conformed Packets 0, Bytes 0
Out Scheduler Drops Exceeded Packets 0, Bytes 0
Out Policed Packets 0
Out Discarded Packets 0
Out Fabric Dropped Packets 0
If you are losing packets because of fabric congestion, you can use the In Fabric Dropped Packets and Out Fabric Dropped Packets statistics to help determine the location of the bottleneck. Both statistics count the same thing—the same packets dropped because of fabric congestion—but in different directions.
At any given time, the total number of packets dropped in the fabric for all interfaces in the chassis is equal to the sum of all In Fabric Dropped Packets for all interfaces in the chassis, which equals the sum of all Out Fabric Dropped Packets for all interfaces in the chassis.
Packets not dropped for another listed reason are considered to have been dropped in the fabric. The router calculates In Fabric Dropped Packets by subtracting the total number of inbound packets dropped for all other reasons from the In Total Dropped Packets number. The router calculates Out Fabric Dropped Packets by subtracting the total number of outbound packets dropped for all other reasons from the Out Total Dropped Packets number.
The router calculates In Total Dropped Packets by subtracting In Forwarded Packets from In Received Packets. The router calculates Out Total Dropped Packets by subtracting Out Forwarded Packets from Out Received Packets. These statistics are reported while traffic is moving through the router. The router can get false statistics based on packets being forwarded or received after polling and based on which of the statistics is reported first. For example, In Forwarded Packets can be reported as greater than In Received Packets. Rather than displaying In Total Dropped Packets as a negative value, the command displays it as the sum of all drop reasons other than fabric drops; fabric drops are reported as 0, but might actually be nonzero. If you halt traffic, the In Total Dropped Packets and Out Total Dropped Packets values are always correct.
show ip interface shares
- Use to display information about shared IP interfaces.
- If you specify an IP interface specifier, the command displays information only for that interface and any shared IP interfaces associated with it.
- Field descriptions
- Interface—Interface specifier or name of the interface
- IP-Address—IP address associated with the interface
- Status—Operational state of the interface
- Protocol—State of the protocol running on the interface
- Virtual Router—Virtual router in which the interface is configured
host1#show ip interface shares brief
Interface IP-Address Status Protocol Virtual Router
null0 255.255.255.255/32 up up
fastEthernet0/0 10.13.5.17/24 up up
loopback100 202.1.1.1/24 up up
atm4/0.1 10.1.1.1/24 up up
ip si0 Unnumbered up up vr-a
ip si1 Unnumbered up up vr-b:vrf-1
host1#show ip interface shares brief atm 4/0.1
Interface IP-Address Status Protocol Virtual Router
atm4/0.1 10.1.1.1/24 up up
ip si0 Unnumbered up up vr-a
ip si1 Unnumbered up up vr-b:vrf-1
host1#show ip interface shares atm 4/0.1
atm4/0.1 is up, line protocol is up
Network Protocols: IP
Unnumbered Interface on loopback100
( IP address 202.1.1.1 )
Operational MTU = 1500 Administrative MTU = 0
Operational speed = 155520000 Administrative speed = 0
Discontinuity Time = 0
Router advertisement = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = hashed
In Received Packets 120, Bytes 12000
Unicast Packets 60, Bytes 6000
Multicast Packets 60, Bytes 6000
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
Out Forwarded Packets 101, Bytes 5252
Unicast Packets 101, Bytes 5252
Multicast Routed Packets 0, Bytes 0
Out Scheduler Drops Committed Packets 0, Bytes 0
Out Scheduler Drops Conformed Packets 0, Bytes 0
Out Scheduler Drops Exceeded Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
ip si0 is up, line protocol is up
Network Protocols: IP
Virtual Router vr-a
Layer 2 interface atm4/0.1
Unnumbered Interface on loopback100
( IP address 202.1.1.1 )
Operational MTU = 1500 Administrative MTU = 0
Operational speed = 155520000 Administrative speed = 0
Discontinuity Time = 0
Router advertisement = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = hashed
In Received Packets 0, Bytes 0
Unicast Packets 0, Bytes 0
Multicast Packets 0, Bytes 0
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
Out Forwarded Packets 101, Bytes 5252
Unicast Packets 101, Bytes 5252
Multicast Routed Packets 0, Bytes 0
Out Scheduler Drops Committed Packets 0, Bytes 0
Out Scheduler Drops Conformed Packets 0, Bytes 0
Out Scheduler Drops Exceeded Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
ip si1 is up, line protocol is up
Network Protocols: IP
Virtual Router vr-b:vrf-1
Layer 2 interface atm4/0.1
.
.
.
Out Policed Packets 0, Bytes 0
host1#show ip interface shares ip si0
ip0 is up, line protocol is up
Network Protocols: IP
Layer 2 interface atm4/0.1
Unnumbered Interface on loopback100
( IP address 202.1.1.1 )
Operational MTU = 1500 Administrative MTU = 0
Operational speed = 155520000 Administrative speed = 0
Discontinuity Time = 0
Router advertisement = disabled
Administrative debounce-time = disabled
Operational debounce-time = disabled
Access routing = disabled
Multipath mode = hashed
In Received Packets 0, Bytes 0
Unicast Packets 0, Bytes 0
Multicast Packets 0, Bytes 0
In Policed Packets 0, Bytes 0
In Error Packets 0
In Invalid Source Address Packets 0
Out Forwarded Packets 101, Bytes 5252
Unicast Packets 101, Bytes 5252
Multicast Routed Packets 0, Bytes 0
Out Scheduler Drops Committed Packets 0, Bytes 0
Out Scheduler Drops Conformed Packets 0, Bytes 0
Out Scheduler Drops Exceeded Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
show ip profile
- IP profile—Profile name
- IP address—IP address and subnet mask of the interface or none if the interface is unnumbered
- Unnumbered interface—Specifier for the unnumbered interface or none if the interface is numbered
- Router—Router name
- Directed Broadcast—Enabled or disabled
- ICMP Redirects—Enabled or disabled
- Access Route Addition—Enabled or disabled
- Network Address Translation—Enable or disable; domain location (inside or outside)
- Source-Address Validation—Enabled or disabled
- Ignore DF Bit—Enabled or disabled
- Administrative MTU—MTU size
- Auto Detect—Router automatically detects packets that do not match any entries in the demultiplexer table; enabled or disabled
- Auto Configure—Dynamic creation of subscriber interfaces on a primary IP interface; enabled or disabled
- IP FlowStats—Enabled or disabled
host1#show ip profile foo
IP profile : foo
IP address : none
Unnumbered interface : none
Router :
Directed Broadcast : Enabled
ICMP Redirects : Disabled
Access Route Addition : Enabled
Network Address Translation: Enabled, domain inside
Source-Address Validation : Enabled
Ignore DF Bit : Disabled
Administrative MTU : 0
Auto Detect : Disabled
Auto Configure : Disabled
Auto Detect : Disabled
IP FlowStats : Enabled
show ip protocols
- Redistributing—Protocol to which BGP is redistributing routes
- Default local preference—Local preference value
- IGP synchronization—Status of IGP synchronization: enabled, disabled
- Always compare MED—Status of multiexit discrimination: enabled, disabled
- Router flap damping—Status of route dampening: enabled, disabled
- Administrative Distance—External, internal, and local administrative distances
- Neighbor Address—IP address of the BGP neighbor
- Neighbor Incoming/Outgoing update distribute list—Number of the access list for outgoing routes
- Neighbor Incoming/Outgoing update prefix list—Number of the prefix list for incoming or outgoing routes
- Neighbor Incoming/Outgoing update prefix tree—Number of the prefix tree for incoming or outgoing routes
- Neighbor Incoming/Outgoing update filter list—Number of filter list for incoming routes
- Routing for Networks—Network for which BGP is currently injecting routes
- System Id—6-byte value of the system
- IS-Type—Routing type of the router: Level 1, Level 2
- Distance—Administrative distance for IS-IS learned routes
- Address Summarization—Aggregate addresses defined in the routing table for multiple groups of addresses at a given level or routes learned from other routing protocols
- Routing for Networks—Network for which IS-IS is currently injecting routes
- Router ID—OSPF process ID for the router
- Distance—Administrative distance for OSPF learned routes
- Redistributing—Protocol to which OSPF is redistributing routes
- Address Summarization—Aggregate addresses defined in the routing table for multiple groups of addresses at a given level or routes learned from other routing protocols
- Routing for Networks—Network for which OSPF is currently injecting routes
- Router Administrative State—RIP protocol state. Enable means that the interface is allowed to send and receive updates. Disable means that the interface, if it is configured, is not enabled to run yet.
- System version—RIP versions allowed for sending and receiving RIP updates. The router version is currently set to RIP1, which sends RIP version 1 but will receive version 1 or 2. If the version is set to RIP2, the router will send and receive version 2 only. The default is configured for RIP1.
- Update interval—Current setting of the update timer (in seconds)
- Invalid after—Current setting of the invalid timer (in seconds)
- hold down time—Current setting of the hold down timer (in seconds)
- flushed interval—Current setting of the flush timer (in seconds)
- Filter applied to outgoing route update—Access list applied to outgoing RIP route updates
- Filter applied to incoming route update—Access list applied to incoming RIP route updates
- Global route map—Route map that specifies all RIP interfaces on the router
- Distance—Value added to RIP routes added to the IP routing table; the default is 120.
- Interface—Interface type on which RIP protocol is running
- Redistributing—Protocol to which RIP is redistributing routes
- Routing for Networks—Network for which RIP is currently injecting routes
host1#show ip protocols
Routing Protocol is "bgp 100"
Redistributing: ospf
Default local preference is 100
IGP synchronization is enabled
Always compare MED is disabled
Router flap damping is disabled
Administrative Distance: external 20 internal 200 local 200
Neighbor(s):
Address 1.1.1.1
Outgoing update distribute list is 2
Outgoing update prefix list is efg
Incoming update prefix tree is abc
Incoming update filter list is 1
Routing for Networks:
192.168.1.0/24
Routing Protocol is "isis isisOne"
System Id: 0000.0000.0011.00 IS-Type: level-1-2
Distance: 115
Address Summarization:
None
Routing for Networks:
fastEthernet0/0
Routing Protocol is "ospf 1" with Router ID 192.168.1.151
Distance is 110
Redistributing: isis
Address Summarization:
None
Routing for Networks:
192.168.1.0/255.255.255.0 area 0.0.0.0
Routing Protocol is "rip"
Router Administrative State: enable
System version RIP1: send = 1, receive = 1 or 2
Update interval: 30 seconds
Invalid after: 180 seconds
hold down time: 120 seconds
flushed interval: 300 seconds
Filter applied to outgoing route update is not set
Filter applied to incoming route update is not set
No global route map
Distance is 120
Interface Tx Rx Auth
fastEthernet0/0 1 1,2 none
Redistributing: ospf
Routing for Networks:
192.168.1.0/255.255.255.0
show ip redistribute
- To—Protocol that routes are distributed into
- From—Protocol that routes are distributed from
- status—Redistribution status
- route map number—Number of the route map
host1#show ip redistribute
To ospf, From static is enabled with route map 4
To ospf, From connected is enabled with route map 3
show ip route
- Use to display the current state of the routing table, including routes not used for forwarding.
- You can display all routes, a specific route, best route to a resolved domain name, all routes beginning with a specified address, routes for a particular protocol (BGP, IS-IS, OSPF, or RIP), locally connected routes, internal control routes, static routes, or summary counters for the routing table.
- Field descriptions
- Protocol/Route type codes—Protocol and route type codes for the table that follows
- Prefix—IP address prefix of network destination
- Length—Network mask length for prefix
- Next Hop—IP address of the next hop to the route, whether it is a local interface or another router
- Dist—Administrative distance for the route; see Table 6
- Met—Number of hops
- Intf—Interface type and interface specifier
host1#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VR/VRF, *- indirect next-hop
Prefix/Length Type Next Hop Dist/Met Intf
------------- ---- -------- -------- ------
172.16.2.0/24 Bgp 192.168.1.102 20/1 fastEthernet0/0
10.10.0.112/32 Static 192.168.1.1 1/1 fastEthernet0/0
10.1.1.0/24 Connect 10.1.1.1 0/1 atm3/0.100
host1#show ip route static
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VR/VRF, *- indirect next-hop
Prefix/Length Type Next Hop Dist/Met Intf
------------- ---- -------- -------- --------------
10.10.0.112/32 Static 192.168.1.1 1/1 fastEthernet0/0
host1#show ip route summary
Unicast routes:
8 total routes, 576 bytes in route entries
0 isis routes
0 rip routes
3 static routes
2 connected routes
1 bgp routes
0 ospf routes
2 other internal routes
0 access routes
0 internally created access host routes
Last route added/deleted: 2::4/128 by BGP
At MON FEB 04 2008 14:18:25 UTC
Unicast routes used only for Multicast RPF check:
0 total routes, 0 bytes in route entries
0 isis routes
0 rip routes
0 static routes
0 connected routes
0 bgp routes
0 ospf routes
0 other internal routes
0 access routes
0 internally created access host routes
0 mbgp routes
0 dvmrp routes
Last route added/deleted: null by Invalid
At MON FEB 04 2008 14:18:04 UTC
MPLS tunnel routes (not used for forwarding):
3 total routes, 216 bytes in route entries
1 bgp tunnel routes
1 ldp tunnel routes
1 rsvp tunnel routes
Last route added/deleted: 2::4/128 by BGP Tunnel
At MON FEB 04 2008 14:18:26 UTC
host1#show ip route all
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VR/VRF, *- indirect next-hop
Prefix/Length Type Next Hop Dist/Met Intf
------------- ---- -------- -------- ------
0.0.0.0/0 Static 192.168.1.1 1/1 fastEthernet0/0 1.1.1.1/32 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 6.6.6.0/24 Static 192.168.1.1 1/1 fastEthernet0/0 6.33.5.0/24 Static 0.0.0.0 1/1 loopback2 8.8.8.0/24 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 9.9.9.9/32 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 10.0.0.0/8 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 10.10.0.156/32 Static 192.168.1.1 1/1 fastEthernet0/0 11.1.1.1/32 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 11.11.11.12/32 I2-I-i 192.168.1.105 115/10 fastEthernet0/0 22.2.0.0/16 I2-I-i 92.168.1.105 115/10 fastEthernet0/0 34.0.0.0/8 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 172.20.32.0/24 Static 192.168.1.1 1/1 fastEthernet0/0 174.20.32.0/24 I2-I-i 192.168.1.105 115/20 fastEthernet0/0 176.20.32.0/24 Connect 176.20.32.1 0/1 loopback1 192.168.1.0/24 Connect 192.168.1.214 0/1 fastEthernet0/0 201.1.1.0/24 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 201.2.1.0/24 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 201.3.1.0/24 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 202.1.1.1/32 I2-E-i 192.168.1.105 115/10 fastEthernet0/0 207.1.1.0/24 I2-E-i 192.168.1.105 115/10 fastEthernet0/0
host1#show ip route
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VR/VRF, *- indirect next-hop
Prefix/Length Type Next Hop Dst/Met Intf
------------------ ------- --------------- ---------- ------------------------
21.21.21.2/32 Static 0.0.0.0 1/0 loopback0[V:pe2]
2.2.2.2/32 O-I 30.30.30.2 110/3 ATM2/0.30
31.31.31.2 110/3 ATM2/0.31
10.10.10.0/24 Connect 10.10.10.1 0/0 ATM2/0.10
20.20.20.0/24 Connect 20.20.20.1 0/0 ATM2/0.21
4.4.4.4/32 Bgp 2.2.2.2* 200/2
3.3.3.3* 200/2
5.5.5.5/32 Bgp 4.4.4.4* 20/2
host1#show ip route 4.4.4.4 detail
Protocol/Route type codes:
I1- ISIS level 1, I2- ISIS level2,
I- route type intra, IA- route type inter, E- route type external,
i- metric type internal, e- metric type external,
O- OSPF, E1- external type 1, E2- external type2,
N1- NSSA external type1, N2- NSSA external type2
L- MPLS label, V- VRF
4.4.4.4/32 Type: Bgp Distance: 200 Metric: 0 Tag: 0
Indirect NHop: virtual-router: pe1
Address 1.1.1.1 Type Bgp Index 1
NHop: 10.10.10.2 IfIndx: 28 Intf: ATM2/0.10
NHop: 20.20.20.2 IfIndx: 28 Intf: ATM2/0.20
Indirect NHop: virtual-router: pe1
Address 2.2.2.2 Type Bgp Index 2
NHop: 10.10.10.2 IfIndx: 28 Intf: ATM2/0.10
NHop: 20.20.20.2 IfIndx: 28 Intf: ATM2/0.20
show ip route slot
- Use to display the interface and next hop for an IP address in the routing table of a line module.
- A next hop is displayed only for protocols where ARP is used to resolve the addresses, such as for fastEthernet, gigabitEthernet, bridged Ethernet over ATM, and so on.
- Field descriptions
- IP address—Address reachable via the interface
- Interface—Interface type and specifier associated with the IP address; displays "Local Interface" if a special interface index is present in the routing table for special IP addresses, such as broadcast addresses
- Next Hop—IP address of the next hop router to reach the IP address; displays "---" if no next hop is associated with the IP address; displays "Down" if the ECMP set for a specific route on a slot is down
host1#show ip route slot 6 10.10.0.231
IP address Interface Next Hop
------------ ---------------- ------------
10.10.0.231 fastEthernet 6/0 10.10.0.231
host1#show ip route slot 9 90.248.1.2
IP address Interface Next Hop
------------ ---------------- ------------
90.248.1.2 serial9/23:2 ---
host1#show ip route slot 9 90.249.255.255
IP address Interface Next Hop
------------ ---------------- ------------
90.249.255.255 Local Interface ---
show ip socket statistics
- Use to display basic information about BSD sockets that have been instantiated in the VR in whose context you issue the command. The information includes the connection information (source and destination IP address and port numbers), socket type, the options in effect on the socket, and the socket's state.
- Use the detailed keyword to display blocks of extensive information about every socket, such as how many times various APIs have been called and the socket event log. The detailed keyword displays information about only the sockets that are associated with the VR in whose context you issue the command or sockets that are not associated with any VR.
- Baselining is not supported for this command.
- Field descriptions
- socketNumber ipAddress:portNumber --> ipAddress:portNumber—Socket and the IP address and port number for each end of the connection, with the E-series router shown on the left and the remote peer on the right
- type—Type of connection: SOCK_STREAM (uses TCP) or DGRAM (datagram; uses UDP)
- opts—Options set on the individual sockets
- SO_DEBUG—Turn on debugging; has no effect
- SO_ACCEPTCONN—Socket can accept incoming connections
- SO_REUSEADDR—Allow reuse of the local address
- SO_KEEPALIVE—Do keepalives on the connection
- SO_DONTROUTE—Do not route packets, use interface addresses
- SO_BROADCAST—Broadcasts can be sent over the socket
- SO_USELOOPBACK—Bypass the hardware if/when possible
- SO_LINGER—Linger on a close() if data is present
- SO_OOBINLINE—Leave received out-of-band data in-line
- SO_REUSEPORT—Allow reuse of local port
- so_state—State of each socket; knowledge of BSD Sockets API is useful to understand this information
- SS_NOFDREF—No file table reference any more
- SS_ISCONNECTED—Socket is connected to a peer
- SS_ISCONNECTING—Socket is in process of connecting to peer
- SS_ISDISCONNECTING—Socket is in process of disconnecting
- SS_CANTSENDMORE—Socket cannot send more data to peer
- SS_CANTRCVMORE—Socket cannot receive more data from peer
- SS_RCVATMARK—Socket at mark on input
- SS_PRIV—Socket is privileged for broadcast, raw
- SS_NBIO—Socket allows nonblocking operations
- SS_ASYNC—Socket allows asynchronized I/O notifications
- SS_ISCONFIRMING—Socket is deciding to accept connection request
- pending xmit byte count = 0 recv count—Number of bytes that are pending to be sent (queued up) and received
- Keep alive idle time—Number of seconds before TCP sends an initial keepalive probe to an idle remote node
- keep alive poll time—Interval in seconds at which TCP sends keepalive probes to idle remote nodes
- Additional state flags—State of the following flags in the socket_stats structure: ss_Bound, ss_BindError, ss_ListenOk, ss_ListenError, ss_AcceptOk, ss_AcceptError, ss_RsAcceptOk, ss_RsAcceptError, ss_ConnectOk, ss_ConnectErrors, ss_ConnectToOk, ss_ConnectToError, ss_CalledShutdown, and ss_CalledRsSocreate.
- Counters that show how often the indicated routine has been called: so_SendtoCalls, so_SendMsgCalls, so_SendCalls, so_SockWriteCalls, so_SendErrors, so_SentBytes, so_BsdCloseNotClosed, so_RecvBytes, so_RecvErrors, so_RecvFroms, so_Recvs, so_RecvMsgs, so_Reads
- Socket Event Log (most recent at bottom)—Event log on this socket. Each one shows a call to a particular function within the socket library. Includes a repetition counter that displays only nonzero values.
- Call to sofree()—Call included because in some circumstances an sofree() call does not result in the socket being destroyed (and memory being returned to the free pool)
- Call to rsSocket()—Call to create the socket using rsSocket() as opposed to socket()
- Call to socket()—8-bit value indicating how the call went
- Call to connect()—8-bit value indicating how the call went
- Call to listen()—8-bit value indicating how the call went
- Call to accept()—8-bit value indicating how the call went
- Call to bind()—8-bit value indicating how the call went
- Call to connectto()—8-bit value indicating how the call went
- Call to rsAccept()—8-bit value indicating how the call went
- Call to sobind()—8-bit value indicating how the call went
- Call to solisten()—8-bit value indicating how the call went
- Call to soclose()—8-bit value indicating how the call went
- Call to soabort()—8-bit value indicating how the call went
- Call to soaccept()—8-bit value indicating how the call went
- Call to soconnect()—8-bit value indicating how the call went
- Call to soconnect2()—8-bit value indicating how the call went
- Call to sodisconnect()—8-bit value indicating how the call went
- Call to soshutdown()—8-bit value indicating how the call went
- Call to sowakeup()—8-bit value indicating what kind of wakeup it is. 1 (SELREAD) indicates that data is available on the socket for the application. 2 (SELWRITE) means that more buffer space is available and the application can queue up more data to be transmitted.
- Call to soclose()—8-bit value indicating how the call went
- Call to sendto()—16-bit value indicating the return status
- Call to write()—16-bit value indicating the return status
- Call to sendmsg()—16-bit value indicating the return status
- Call to send()—16-bit value indicating the return status
- Call to recvfrom()—16-bit value indicating the return status
- Call to recv()—16-bit value indicating the return status
- Call to recvmsg()—16-bit value indicating the return status
- Call to read()—16-bit value indicating the return status
host1#show ip socket statistics
5 10.13.5.70:23 --> 10.10.132.71:2000
type: 1 (SOCK_STREAM)
opts = 13 SO_DEBUG SO_REUSEADDR SO_KEEPALIVE
so_state = 177 SS_NOFDREF SS_CANTSENDMORE SS_CANTRCVMORE SS_PRIV
18 0.0.0.0:23 --> 0.0.0.0:0
type: 1 (SOCK_STREAM)
opts = 7 SO_DEBUG SO_ACCEPTCONN SO_REUSEADDR
so_state = 128 SS_PRIV
host1#show ip socket statistics detailed
18 0.0.0.0:23 --> 0.0.0.0:0
type: 1 (SOCK_STREAM)
opts = 7 SO_DEBUG SO_ACCEPTCONN SO_REUSEADDR
so_state = 128 SS_PRIV
pending xmit byte count = 0 recv count 0
Keep alive idle time = 14400 keep alive poll time = 150
Additional state flags:
so_Bound
so_ListenOk
ss_CalledRsSocreate
so_SendtoCalls = 0
so_SendMsgCalls = 0
so_SendCalls = 0
so_SockWriteCalls = 0
so_SendErrors = 0
so_SentBytes = 0
so_BsdCloseNotClosed = 0
so_RecvBytes = 0
so_RecvErrors = 0
so_RecvFroms = 0
so_Recvs = 0
so_RecvMsgs = 0
so_Reads = 0
Socket Event Log (most recent at bottom)
rssocket
sobind - 0
bind - 0
solisten - 0
listen - 0
show ip static
- Use to display the status of static routes in the routing table.
- You can specify an IP mask that filters specific routes.
- Field descriptions
- Prefix—IP address prefix
- Length—Prefix length
- Next Hop—IP address of the next hop
- Met—Number of hops
- Dist—Administrative distance of the route; see Table 6
- Tag—Tag value of the route
- Intf—Interface type and interface specifier
- Verify—Status of the RTR or BFD operation associated with the specified static route; this field is blank if the verify (BFD) or verify rtr (RTR) keywords were not specified as part of the ip route command. The display can include the following:
- BFD up/down—Current status of the associated BFD operation
- operation number—Number of the associated RTR operation
- up/down—Current status of the associated RTR operation
- (lr)—Indicates that although the associated RTR operation is currently down, the router will install this route in the routing table, provided that no other static route to the same network prefix is available; this field appears for an RTR operation that is down when the last-resort keyword is specified as part of the ip route verify rtr command
host1#show ip static
Prefix/Length Next Hop Met Dist Tag Intf Verify
1.1.1.2/32 1.1.1.2 0 1 0 FastEthernet4/0 2 up
1.1.1.2/32 1.1.1.2 0 1 0 FastEthernet4/1
10.10.133.17/32 10.6.128.1 1 1 0 unresolved 1 down
11.11.11.11/32 3.3.3.3 0 1 0 unresolved 1 down(lr)
show tcp ack-rst-and-syn
host1#show tcp ack-rst-and-syn
TCP Ack Rst and Syn Protection is ENABLED
show tcp resequence-buffers
- Use to display the configuration, current per-VR, and per-router state of the TCP resequencing buffer management functions.
- Use the vrfName variable to specify a specific VRF for which you want to view information.
- Field descriptions
TCP Resequence Buffer Management Configuration
- Global Maximum—Number of buffers that can be on the reordering queues of all connections in all virtual routers
- Default Per-VR Maximum—Default maximum number of buffers for all connections in a single VR
- Default Connection Maximum—Default maximum number of buffers for each connection in each virtual router
- This VR Maximum—Maximum number of outstanding resequencing buffers in the current VR
- This VR Connection Maximum—Maximum number of outstanding resequencing buffers on any one connection in this VR
TCP Resequence Buffer Management State
- High Water—Largest number of outstanding resequencing buffers that the router has experienced since the last reset
- High Water—Largest number of outstanding resequencing buffers for the current virtual router since the last reset
- Buffers Discarded Because Global Limit Exceeded—Number of resequencing buffers discarded because the global limit was reached
- Buffers Discarded Because VR Limit Exceeded—Number of resequencing buffers that have been discarded in this virtual router because the virtual router buffer limit was reached
host1#show tcp resequence-buffers
TCP Resequence Buffer Management Configuration
Global Maximum: ###
Default Per-VR Maximum: 250
Default Connection Maximum: 15
This VR Maximum: 300
This VR Connection Maximum: 15
TCP Resequence Buffer Management State
Global buffers in use: 5
High Water: 15
VR Buffers in use: 17
High Water: 32
Buffers Discarded Because Global Limit Exceeded: 25
Buffers Discarded Because VR Limit Exceeded: 15
show tcp path-mtu-discovery
- TCP PMTU Discovery—State of the PMTUD functions (ENABLED or DISABLED)
- Administrative Minimum MTU—Administrative minimum PMTU that is supported or none if there is no minimum
- Administrative Maximum MTU—Administrative maximum PMTU that is supported or none if there is no maximum
- Timer 1—Value of timer 1 in minutes
- Timer 2—Value of timer 2 in minutes
- Black Hole Detect Threshold—Number of retransmissions allowed before TCP/PMTUD assumes that there is a black hole and attempts to reduce impact in the MSS
- # ICMP TooBigs—Number of ICMP Too Big messages that have been received
- # ICMP TooBigs for unk. connections—Number of ICMP Too Big messages that have been received which were not for a valid connection
host1#show tcp path-mtu-discovery
TCP PMTU Discovery is ENABLED
Administrative Minimum MTU: 512
Administrative Maximum MTU: 65535
Timer 1: 10 minutes
Timer 2: 2 minutes
Black Hole Detect Threshold: 0 retransmissions
# ICMP TooBigs: 0
# ICMP TooBigs for unk. connections: 0
show tcp paws
host1#show tcp paws
TCP PAWS is disabled
show tcp statistics
- Use to display all TCP statistics.
- Baselining is supported for this command.
- Use the ip keyword to display only IPv4 statistics.
- Use the ipv6 keyword to display only IPv6 statistics.
- Use the brief keyword to display summary information or the detailed keyword to display extensive information.
- Use the diagnostic keyword to display diagnostic information collected on the TCP statistics in addition to the detailed information. This command shows information only for the connections that are active within the context of the VR in which you issue the command.
- Field descriptions
- attempted—Number of outgoing TCP connections attempted
- accepted—Number of incoming TCP connections accepted
- established—Number of TCP connections established
- total pkts—Total number of packets received
- in-sequence pkts—Number of packets received in sequence
- bytes—Number of bytes received
- chksum err pkts—Number of checksum error packets received
- authentication err pkts—Number of authentication error packets received
- bad offset pkts—Number of bad offset packets received
- short pkts—Number of short packets received
- duplicate pkts—Number of duplicate packets received
- out of order pkts—Number of packets received out of order
- total pkts—Total number of packets sent
- data pkts—Number of data packets sent
- bytes—Number of bytes sent
- retransmitted pkts—Number of packets retransmitted
- retransmitted bytes—Number of bytes retransmitted
- Source address/port – local port—Shows the 32 most recent TCP connection attempts that were rejected, including the remote node's IP address and port, the local port for the connection attempt, and the number of identical attempts that have been received on that port in a row. The reason for rejection is not given. This information may be useful in tracking down DoS attacks.
- # connection-reqs rejected—Total number of connection attempts that have been rejected
- # connection-reqs pending—Current number of connection attempts that are pending, awaiting additional data from the peer
- # sonewconn calls that fail—Number of calls to sonewconn that have failed. This statistic often indicates that either a socket connection limit has been reached or that there was no memory to hold the socket data structures.
- Local addr—Local address of the TCP connection
- Local port—Local port number of the TCP connection
- Remote addr—Remote address of the TCP connection
- Remote port—Remote port number of the TCP connection
- State—Current state of the TCP connection
- Authentication—Authentication status of the TCP connection
- total pkts—Total number of packets sent on the TCP connection
- data pkts—Number of data packets sent on the TCP connection
- bytes—Number of bytes sent on the TCP connection
- retransmitted pkts—Number of packets retransmitted on the TCP connection
- retransmitted bytes—Number of bytes retransmitted on the TCP connection
- total pkts—Total number of packets received on the TCP connection
- in-sequence pkts—Number of packets received in sequence on the TCP connection
- bytes—Number of bytes received on the TCP connection
- chksum err pkts—Number of checksum error packets received on the TCP connection
- bad offset pkts—Number of bad offset packets received on the TCP connection
- short pkts—Number of short packets received on the TCP connection
- duplicate pkts—Number of duplicate packets received on the TCP connection
- out of order pkts—Number of packets received out of order on the TCP connection
- Diagnostics: PRU_ Operations counters—Number of calls for each of the indicated PRU_operations within the TCP service API. These are per-connection statistics.
- Wildcard Matches—Number of packets received that matched this TCP connection due to wildcard matching. Matching is expected for listening server connections, such as Telnet, but is not expected for established connections. This is a per-connection statistic.
- Rcv'd Packets after connection closed—Number of packets received on the connection after the connection has been closed (and before the data structure gets removed). This is a per-connection statistic.
- Connect request rejected—Number of times an incoming connection request was not approved. This is a per-connection statistic.
- Connect request approval pending—Number of times that an incoming connection request was held pending, waiting for a subsequent packet. This is a per-connection statistic.
- New soconnect failed—Number of times a SONEWCONN() was tried on a listening connection and failed. This is a per-connection statistic.
- # Write-Wakeups—Number of times a "write wakeup" occurred on the connection. This is a per-connection statistic.
- # Read wakeups—Number of times a "read wakeup" occurred on the connection. This is a per-connection statistic.
- # receives after close—Number of packets received with data after the connection entered the close-wait state. This is a per-connection statistic.
- Retransmit timer—Current value of the retransmit timer
- Persistence timer—Current value of the persistence timer
- Keepalive timer—Current value of the keepalive timer
- 2MSL timer—Current value of the 2MSL (max segment lifetime) timer
- tcpDisconnect()s—Number of times BsdTcp::tcpDisconnect() was called. This is a per-connection statistic.
- keep T/O pre-estab—Number of times the keepalive timer expired before the connection reached the established state. This is a per-connection statistic.
- tcpkeeptimeo_idle—Number of times the keepalive timer popped, but no keepalive was sent because of connection idle-time considerations. This is a per-connection statistic.
- TCP Connection Event Log (most recent at bottom)—Event log for the TCP connection. It shows the last 32 events that occurred on the connection. The most recent event is at the bottom of the list. This is per-connection data.
The following events can be recorded:
The keepalive timer popped. An 8-bit argument that describes how the timer was handled: |
- RSTs acked—Number of RSTs received and then acknowledged by the TCP stack.
- Bogus RSTs—Number of RSTs that were judged to be invalid (that is, their timer expired) and therefore ignored
- SYNs acked—Number of SYNs received and then acknowledged by the TCP stack.
- Bogus SYNs—Number of RSTs that were judged to be invalid (that is, their timer expired) and therefore ignored
- Data Insertions rejected—Number of packets received and dropped because they are believed to have been inserted by an attacker
- PMTUD—Status of path MTU discovery on the virtual router: enabled or disabled
- Administrative Minimum MTU—Minimum MTU that is enabled on any connection; a value of "none" indicates that the minimum is zero (0)
- Administrative Maximum MTU—Maximum MTU that is enabled on any connection; a value of "none" indicates that the maximum is 65535
- Timer 1—Amount of time the virtual router waits after receiving an ICMP Too Big message before attempting to increase the path MTU
- Timer 2—Amount of time the virtual router waits after successfully increasing the MTU before attempting to increase it more
- # ICMP TooBigs—Number of ICMP Too Big messages that the router has received. When PMTU is disabled, this counter does not increase.
- # ICMP TooBigs for unk. connection—Number of ICMP Too Big messages that the router has received for TCP connections that do not exist. When PMTU is disabled, this counter does not increase.
- PMTU Increase Attempts—Number of attempts the router has made to increase the PMTU
- Black Hole Detect Threshold—Number of successive transmissions that must occur on a connection before that connection treats retransmissions as indications that something is wrong
- Override MSS—MSS that is advertised to peers, overriding the MSS that is derived from the interface MTU. This line does not appear in the output if you do not set the value.
- PMTU—Status of MTU/MSS on this virtual router: enabled or disabled
- MSS in effect—MSS currently being used for transmission to the peer. This number changes while various network events occur to cause the router to increase or decrease its estimate of the MSS.
- Calculated MSS to peer—MSS that path MTU discovery has calculated (if PMTUD is enabled) to the peer
- MSS received from peer—MSS that the peer received in a TCP MSS option. If no option is received, the value is zero (0).
- Application set MSS—MSS that an application might have set for the connection
- Xmit Interface MSS—MSS for the interface used to transmit packets to the peer; calculated as the interface MTU minus the size of the TCP and IP headers.
- MSS Sent to Peer—MSS that has been advertised to the peer
- "ICMP DestUn, Frag Req'd and DF Set" messages—Number of ICMP "Destination Unreachable: Fragmentation Required and DF set" messages that the router has received
- Number of attempts to increase PMTU—Number of times the router has attempted to increase the PMTU by probing with a packet that is larger than the known MTU
- Time to next increase attempt—Amount of time, in seconds, until the router retries to increase the MTU
- Black Hole Detection State—State of the black hole detection mechanism: none, detecting, probable, or unknown
- Buffers Outstanding—Number of buffers currently on the connection reordering queue
- High Water—Most buffers that have ever been on the connection reordering queue
- Buffers discarded—Number of buffers that were discarded because keeping them would have exceeded the connection maximum
- TCP PAWS is [enabled/disabled]—Status of the TCP PAWS option; enabled indicates that PAWS is functioning normally (default mode) for TCP segments; disabled indicates that PAWS is disabled for TCP segments
host1#show ip tcp statistics
TCP Global Statistics:
Connections: 7358 attempted, 4 accepted, 7362 established
0 dropped, 14718 closed
Rcvd: 75923 total pkts, 53608 in-sequence pkts, 3120303 bytes
0 chksum err pkts, 0 authentication err pkts, 0 bad offset pkts
0 short pkts, 0 duplicate pkts, 0 out of order pkts
Sent: 82352 total pkts, 44404 data pkts, 657095 bytes
34 retransmitted pkts, 487 retransmitted bytes
TCP Session Statistics:
Local addr: 0.0.0.0, Local port: 23
Remote addr: 0.0.0.0, Remote port: 0
State: LISTEN Authentication: None
Rcvd: 4 total pkts, 0 in-sequence pkts, 0 bytes
0 chksum err pkts, 0 bad offset pkts, 0 short pkts
0 duplicate pkts, 0 out of order pkts
Sent: 0 total pkts, 0 data pkts, 0 bytes
0 retransmitted pkts, 0 retransmitted bytes
Local addr: 192.168.1.250, Local port: 23
Remote addr: 10.10.0.77, Remote port: 2170
State: ESTABLISHED Authentication: None
Rcvd: 61 total pkts, 34 in-sequence pkts, 41 bytes
0 chksum err pkts, 0 bad offset pkts, 0 short pkts
0 duplicate pkts, 0 out of order pkts
Sent: 64 total pkts, 45 data
Local addr: 192.168.1.250, Local port: 23
Remote addr: 10.10.0.77, Remote port: 2170
State: ESTABLISHED Authentication: None
Rcvd: 61 total pkts, 34 in-sequence pkts, 41 bytes
0 chksum err pkts, 0 bad offset pkts, 0 short pkts
0 duplicate pkts, 0 out of order pkts
Sent: 64 total pkts, 45 data pkts, 2304 bytes
0 retransmitted pkts, 0 retransmitted bytes
Local addr: 192.168.1.250, Local port: 23
Remote addr: 192.168.1.139, Remote port: 1038
State: ESTABLISHED Authentication: None
Rcvd: 295 total pkts, 159 in-sequence pkts, 299 bytes
0 chksum err pkts, 0 bad offset pkts, 0 short pkts
0 duplicate pkts, 0 out of order pkts
Sent: 281 total pkts, 210 data pkts, 3089 bytes
0 retransmitted pkts, 0 retransmitted bytes
host1#show ip tcp statistics diagnostic
...
Global Diagnostic Data
Unknown Connection log
Source address/port -> local port
128.127.126.125/124 -> 8080 count: 3
111.111.111.111/222 -> 3333 count: 4
# connection-reqs rejected: 0
# connection-reqs pending: 0
# sonewconn calls that fail: 0
...
Diagnostics:
PRU_ Operations counters:
PRU_ATTACH: 0
PRU_DETACH: 0
PRU_BIND: 1
PRU_LISTEN: 1
PRU_CONNECT: 0
PRU_ACCEPT: 0
PRU_DISCONNECT: 0
PRU_SHUTDOWN: 0
PRU_RCVD: 0
PRU_SEND: 0
PRU_ABORT: 0
PRU_CONTROL: 0
PRU_SENSE: 0
PRU_RCVOOB: 0
PRU_SENDOOB: 0
PRU_SOCKADDR: 0
PRU_PEERADDR: 0
PRU_CONNECT2: 0
PRU_FASTTIMO: 0
PRU_SLOWTIMO: 0
PRU_PROTORCV: 0
PRU_PROTOSEND: 0
Wildcard Matches: 2
Rcv'd Packets after connection closed: 0
Connect request rejected: 0
Connect request approval pending 0
New soconnect failed 0
# Write-Wakeups: 0
# Read wakeups 0
# receives after close 0
Retransmit timer: 0
Persistance timer: 0
Keepalive timer: 0
2MSL timer: 0
tcpDisconnect()s: 0
keep T/O pre-estab: 0
tcpkeeptimeo_idle: 0
...
TCP Connection Event Log (most recent at bottom)
TCPS_ELOG_PRU_ATTACH
TCPS_ELOG_PRU_BIND
host1#show ip tcp statistics detailed
...
RST/SYN-Ack Protection is: ENABLED
RSTs acked: 0
...Bogus RSTs: 0
SYNs acked: 0
...Bogus SYNs: 0
Data Insertions rejected: 0
PMTUD Information: PMTUD: ENABLED
Administrative Minimum MTU: 512
Administrative Maximum MTU: none
Timer 1: 10 minutes
Timer 2: 2 minutes
# ICMP TooBigs: 0
# ICMP TooBigs for unk. connection: 0
PMTU Increase Attempts: 17
Black Hole Detect Threshold: 50 retransmissions
...
MTU/MSS Information
ENABLED on this connection
MSS in effect: 536
Calculated MSS to peer: 536
MSS received from peer: 0
Application set MSS: 0
Xmit Interface MSS: 0
MSS Sent to Peer: 0
"ICMP DestUn, Frag Req'd and DF Set" messages: 0
Number of attempts to increase PMTU: 0
Time to next increase attempt: 0 seconds
Black Hole Detection State: none
...
Out-of-order Packet Queue Information
Buffers Outstanding: 25
High Water: 28
Buffers discarded: 15
...
TCP-Paws is disabled
show ip traffic
- Use to display statistics about IP traffic.
- You can use the ipTraffic log to show consumable IP traffic to the SRP module; the traffic is filterable per router and IP interface. You can show ICMP, TCP, and UDP traffic with the icmpTraffic, udpTraffic, and tcpTraffic logs.
- Field descriptions
- router Id—Router ID number
- total—Number of frames received
- local destination—Frames with this router as their destination
- hdr errors—Number of packets containing header errors
- addr errors—Number of packets containing addressing errors
- unkn proto—Number of packets received containing unknown protocols
- discards—Number of discarded packets
- reassembled—Number of reassembled packets
- reasm timed out—Number of reassembled packets that timed out
- reasm req—Number of requests for reassembly
- reasm fails—Number of reassembly failures
- frag ok—Number of fragmented packets reassembled successfully
- frag fail—Number of fragmented packets reassembled unsuccessfully
- frag creates—Number of packets created by fragmentation
- forwarded—Number of packets forwarded
- generated—Number of packets generated
- out disc—Number of outbound packets discarded
- no routes—Number of packets that could not be routed
- routing discards—Number of packets that could not be routed and were discarded
- total—Total number of ICMP packets received
- errors—Number of error packets received
- dst unreach—Number of packets received with destination unreachable
- time exceed—Number of packets received with time-to-live exceeded
- param probs—Number of packets received with parameter errors
- src quench—Number of source quench packets received
- redirects—Number of receive packet redirects
- echo req—Number of echo request (ping) packets
- echo rpy—Number of echo replies received
- timestamp req—Number of requests for a timestamp
- timestamp rpy—Number of replies to timestamp requests
- addr mask req—Number of mask requests received
- addr mask rpy—Number of mask replies received
- total—Total number of ICMP packets sent
- errors—Number of error packets sent
- dest unreach—Number of packets sent with destination unreachable
- time excd—Number of packets sent with time-to-live exceeded
- param prob—Number of packets sent with parameter errors
- src quench—Number of source quench packets sent
- redirects—Number of send packet redirects
- echo req—Number of echo request (ping) packets
- echo rpy—Number of echo replies sent
- timestamp req—Number of requests for a timestamp
- timestamp rpy—Number of replies to timestamp requests
- addr mask req—Number of address mask requests sent
- addr mask rpy—Number of replies to address mask requests
- total—Total number of UDP packets received
- checksum—Number of checksum error packets received
- no port—Number of packets received for which no E-series router application listener was listening on the destination port
- attempted—Number of outgoing TCP connections attempted
- accepted—Number of incoming TCP connections accepted
- established—Number of TCP connections established
- dropped—Number of TCP connections dropped
- closed—Number of TCP connections closed
- currently established—Number of TCP connections currently established
- total pkts—Total number of TCP packets received
- in-sequence pkts—Number of packets received in sequence
- bytes—Number of bytes received
- chksum err pkts—Number of checksum error packets received
- authentication err pkts—Number of authentication error packets received
- bad offset pkts—Number of packets received with bad offsets
- short pkts—Number of short packets received
- duplicate pkts—Number of duplicate packets received
- out of order pkts—Number of packets received out of order
- total pkts—Total number of TCP packets sent
- data pkts—Number of data packets sent
- bytes—Number of bytes sent
- retransmitted pkts—Number of packets retransmitted
- retransmitted bytes—Number of retransmitted bytes
- OSPF Statistics—Provides statistics on OSPF
- IGMP Statistics—Provides statistics about queries, reports sent or received
- ARP Statistics—Not supported for this version of the router
host1#show ip traffic
IP statistics: Router Id: 172.31.192.217
Rcvd: 97833 total, 171059 local destination
0 hdr errors, 0 addr errors
167 unkn proto, 0 discards
Frags: 4 reassembled, 30 reasm timed out, 8 reasm req
0 reasm fails, 145 frag ok, 0 frag fail
290 frag creates
Sent: 15 forwarded, 25144 generated, 0 out disc
0 no routes,0 routing discards
Route: 57680 routes in table
0 timestamp req, 0 timestamp rpy
0 addr mask req, 0 addr mask rpy
ICMP statistics:
Rcvd: 561 total, 0 errors, 15 dst unreach
0 time exceed, 0 param probs, 0 src quench
0 redirects, 0 echo req, 0 echo rpy
0 timestamp req, 0 timestamp rpy
0 addr mask req, 0 addr mask rpy
Sent: 463866 total, 0 errors, 163676 dest unreach
0 time excd, 0 param prob, 0 src quench
20 redirects, 463846 echo req, 0 echo rpy
0 timestamp req, 0 timestamp rpy
0 addr mask req, 0 addr mask rpy
UDP Statistics:
Rcvd: 93326 total, 0 checksum errors, 90610 no port
Sent: 0 total, 0 errors
TCP Global Statistics:
Connections: 7358 attempted, 4 accepted, 7362 established
0 dropped, 14718 closed
Rcvd: 75889 total pkts, 53591 in-sequence pkts, 3120283 bytes
0 chksum err pkts, 0 authentication err pkts, 0 bad offset
0 short pkts, 0 duplicate pkts, 0 out of order pkts
Sent: 82318 total pkts, 44381 data pkts, 656321 bytes
34 retransmitted pkts, 487 retransmitted bytes
OSPF Statistics:
IGMP Statistics:
ARP Statistics:
show ip udp statistics
- total—Total number of UDP packets received
- checksum—Number of checksum error packets received
- no port—Number of packets received for which no E-series router application listener was listening on the destination port
host1#show ip udp statistics
UDP Statistics:
Rcvd: 39196 total, 0 checksum errors, 29996 no port
Sent: 210 total, 0 errors
show profile brief
host1#show profile brief
Profile :
foo
trill
profile4
show route-map
- Use to display the configured route maps.
- The displayed information includes the instances of each access list such as match and set commands.
- Example
host1(config)#route-map westford permit 10
host1(config-route-map)#match community 44
host1(config-route-map)#set local-pref 400
host1(config-route-map)#exit
host1(config)#exit
host1#show route-map westford
route-map 1, permit, sequence 10
Match clauses:
match community 44
Set clauses:
set local-pref 400