display ipsec backup statistics
Function
The display ipsec backup statistics command displays IPSec backup statistics.
Format
display ipsec backup statistics { send | receive } [ slot slot-id cpu cpu-id ]
display ipsec backup statistics last { send | receive } slot slot-id cpu cpu-id
Parameters
| Parameter | Description | Value |
|---|---|---|
send |
Displays backup statistics about IPSec sent packets. |
- |
receive |
Displays backup statistics about IPSec received packets. |
- |
last |
Displays the last IPSec backup statistics. |
- |
slot slot-id cpu cpu-id |
Displays IPSec backup statistics on a specified CPU in a specified slot. |
The values of slot-id and cpu-id are integers and must be set according to the device configuration. |
Usage Guidelines
In IPSec dual-system hot standby or a single device with active and standby SPUs, you can run the display ipsec backup statistics command to check IPSec backup statistics to determine whether packets are lost during SA backup, helping IPSec fault location and maintenance. IPSec backup statistics include the numbers of successes and failures in sending packets, number of successes in sending backup packets, number of successes in sending batch backup packets, number of backup units and packets that are successfully sent on the data plane.
Example
<sysname> display ipsec backup statistics send Summary information: Send ok/err: 0/0 Backup pkt ok: 0 <IKEv1>ike_sa backup ok/err: 0/0 <IKEv1>ipsec_sa backup ok/err: 0/0 <IKEv1>delete_ike_sa backup ok/err: 0/0 <IKEv1>delete_ipsec_sa backup ok/err: 0/0 <IKEv1>dpd_seq backup ok/err: 0/0 <IKEv2>ike_sa backup ok/err: 0/0 <IKEv2>child_sa backup ok/err: 0/0 <IKEv2>delete_ike_sa backup ok/err: 0/0 <IKEv2>delete_child_sa backup ok/err: 0/0 <IKEv2>msg_id update ok/err: 0/0 Batch backup pkt ok: 0 Batch backup notify: 0 <IKEv1>ike_sa batch backup ok: 0 <IKEv1>ipsec_sa batch backup ok: 0 <IKEv2>ike_sa batch backup ok: 0 <IKEv2>child_sa batch backup ok: 0 DataPath send unit/pkt ok: 0/0 send unit err: 0 create seq_num unit: 0 create cur_bytes unit: 0 rcv re-backup sa unit: 0
Item
|
Description |
|---|---|
Send ok/err |
Numbers of successes and failures in sending packets. |
Backup pkt ok |
Number of successes in sending backup packets. |
<IKEv1>ike_sa backup ok/err |
Numbers of successes and failures in sending SA backup packets in IKEv1 phase 1. |
<IKEv1>ipsec_sa backup ok/err |
Numbers of successes and failures in sending SA backup packets in IKEv1 phase 2. |
<IKEv1>delete_ike_sa backup ok/err |
Numbers of successes and failures in sending IKEv1 SA deletion backup packets. |
<IKEv1>delete_ipsec_sa backup ok/err |
Numbers of successes and failures in sending IPSec SA deletion backup packets. |
<IKEv1>dpd_seq backup ok/err |
Numbers of successes and failures in sending IKEv1 DPD sequence number backup packets. |
<IKEv2>ike_sa backup ok/err |
Numbers of successes and failures in sending SA backup packets in IKEv2 phase 1. |
<IKEv2>child_sa backup ok/err |
Numbers of successes and failures in sending IKEv2 sub-SA backup packets. |
<IKEv2>delete_ike_sa backup ok/err |
Numbers of successes and failures in sending IKEv2 SA deletion backup packets. |
<IKEv2>delete_child_sa backup ok/err |
Numbers of successes and failures in sending child SA deletion backup packets. |
<IKEv2>msg_id update ok/err |
Numbers of successes and failures in sending IKEv2 msg ID backup packets. |
Batch backup pkt ok |
Numbers of successes and failures in sending batch backup packets. |
Batch backup notify |
Numbers of batch backup notification packets for the cluster. |
<IKEv1>ike_sa batch backup ok |
Numbers of successes and failures in sending SA batch backup packets IKEv1 phase 1. |
<IKEv1>ipsec_sa batch backup ok |
Numbers of successes and failures in sending SA batch backup packets IKEv1 phase 2. |
<IKEv2>ike_sa batch backup ok |
Numbers of successes and failures in sending SA batch backup packets IKEv2 phase 1. |
<IKEv2>child_sa batch backup ok |
Numbers of successes and failures in sending SA batch backup packets IKEv2 phase 2. |
DataPath send unit/pkt ok |
Number of backup units and packets that are successfully sent on the data plane. |
send unit err |
Number of backup units that fail to be sent on the data plane. |
create seq_num unit |
Number of sequence number backup units created on the data plane. |
create cur_bytes unit |
Number of byte backup units created on the data plane. |
rcv re-backup sa unit |
Number of SA re-backup units received on the data plane. |
<sysname> display ipsec backup statistics receive
Summary information:
Receive/pkt err: 0/0
Discard sa cnt: 0
<IKEv1>ike_sa rcv/handle err: 0/0
<IKEv1>ipsec_sa rcv/handle err: 0/0
<IKEv1>delete_ike_sa rcv/ignore num: 0/0
<IKEv1>delete_ipsec_sa rcv/ignore num: 0/0
<IKEv1>dpd_seq rcv/handle err: 0/0
<IKEv2>ike_sa rcv/handle err: 0/0
<IKEv2>child_sa rcv/handle err: 0/0
<IKEv2>delete_ike_sa rcv/ignore err: 0/0
<IKEv2>delete_child_sa rcv/ignore err: 0/0
<IKEv2>msg_id rcv/ignore err: 0/0
Batch backup pkt received: 0
<IKEv1>ike_sa batch received: 0
<IKEv1>ipsec_sa batch received: 0
<IKEv2>ike_sa batch received: 0
<IKEv2>child_sa batch received: 0
DataPlane recv from HRP unit/pkt: 2/1
handle fail unit/pkt: 0/0
recv seq_num unit: 2
recv cur_bytes unit: 0
send sa re-backup cnt: 0
Item
|
Description |
|---|---|
Receive/pkt err |
Numbers of packet receiving errors, and packet errors. |
Discard sa cnt |
Number of SAs discarded by the standby device. |
<IKEv1>ike_sa rcv/handle err |
Numbers of SA backup packets received and failing to be handled in IKEv1 phase 1. |
<IKEv1>ipsec_sa rcv/handle err |
Numbers of SA backup packets received and failing to be handled in IKEv1 phase 2. |
<IKEv1>delete_ike_sa rcv/ignore num |
Numbers of IKE SA deletion packets received and failing to be handled in IKEv1. |
<IKEv1>delete_ipsec_sa rcv/ignore num |
Numbers of IPSec SA deletion packets received and failing to be handled in IKEv1. |
<IKEv1>dpd_seq rcv/handle err |
Numbers of SA IKEv1 DPD sequence numbers received and failing to be handled. |
<IKEv2>ike_sa rcv/handle err |
Numbers of SA backup packets received and failing to be handled in IKEv2 phase 1. |
<IKEv2>child_sa rcv/handle err |
Numbers of IKEv2 sub-SA backup packets received and failing to be handled. |
<IKEv2>delete_ike_sa rcv/ignore err |
Number of deleted IKE SA that fail to be received and processed in IKEv2. |
<IKEv2>delete_child_sa rcv/ignore err |
Number of deleted sub-SA that fail to be received and processed in IKEv2. |
<IKEv2>msg_id rcv/ignore err |
Numbers of msg ID backup packets that fail to be received and processed in IKEv2. |
Batch backup pkt received |
Number of received batch backup packets. |
<IKEv1>ike_sa batch received |
Number of SA batch backup packets received in IKEv1 phase 1. |
<IKEv1>ipsec_sa batch received |
Number of SA batch backup packets received in IKEv1 phase 2. |
<IKEv2>ike_sa batch received |
Number of SA batch backup packets received in IKEv2 phase 1. |
<IKEv2>child_sa batch received |
Number of received IKEv2 sub-SA batch backup packets. |
DataPlane recv from HRP unit/pkt |
Number of backup units and packets and that the data plane receives from the active device. |
handle fail unit/pkt |
Number of backup units that fail to be processed on the data plane. |
recv seq_num unit |
Number of sequence number backup units received on the data plane. |
recv cur_bytes unit |
Number of byte backup units received on the data plane. |
send sa re-backup cnt |
Number of SA re-backups triggered on the data plane. |
<sysname> display ipsec backup statistics last send slot 3 cpu 1
last backup send ok: 302
<sysname> display ipsec backup statistics last receive slot 3 cpu 1
last backup receive ok: 2
last backup write queue fail: 0
Item
|
Description |
|---|---|
last backup send ok |
Number of last backup statistics about successfully sent IPSec packets. |
last backup receive ok |
Number of last backup statistics about successfully received IPSec packets. |
last backup write queue fail |
Number of failures to write last backup statistics to a queue. |