To display configuration information and statistics for the real servers configured on the ServerIron, enter the following command:
ServerIron(config)# show server real Real Servers Info
State - ACT:active, ENB:enabled, FAL:failed, TST:test, SUS:suspect, GDN:grace-dn, DIS:disabled, UNK:unknown, UNB:unbind, AWU:await-unbind, AWD: await-shutdown
Name: rs1 State: Enabled IP:192.168.1.10: 1
UDP-age The number of minutes the ServerIron allows a UDP connection to remain unused before closing the connection. The default is 5 minutes. To change this parameter, see “Configuring UDP Age” on page 5-63.
The value shown here is the global value. You can override this value for an individual TCP/UDP port by modifying its port profile. See “Overriding the Global TCP or UDP Age” on page 5-28.
Sticky-age The number of minutes a sticky server connection can remain inactive before aging out. The default is 5 minutes.
TCP-syn-limit The maximum number of TCP SYN connections per second the ServerIron is allowed to send to the real server. The default is 65535 connections.
You can guard against TCP SYN attacks by changing this parameter to a lower value. See “Limiting the Maximum Number of TCP SYN Requests” on page 3-27.
TCP Connections Counters
TCP-total conn The total number of TCP connections the ServerIron is currently managing.
Unsuccessful conn The number of client requests for a TCP port that the ServerIron could not fulfill because the server was busy or down, or the port was not configured on the server.
ICMP Message Feature State
ICMP-message The state of the ICMP message feature. The state can be one of the following:
• Disabled – The ServerIron does not send ICMP “Destination Unreachable” messages to a client that requests an HTTP port that is on a busy or down server or that is not configured on the server. This is the default.
• Enabled – The ServerIron does send ICMP “Destination Unreachable” messages to clients when the requested HTTP port is not available or not configured.
To change the state of this feature, see “Sending ICMP Port Unreachable or Destination Unreachable Messages” on page 3-29. Table 3.12: Global Layer 4 Configuration Information (Continued)
Mac: Unknown Weight: 0 MaxConn: 1000000 SrcNAT: not-cfg, not-op DstNAT: not-cfg, not-op Serv-Rsts: 0
Port St Ms CurConn TotConn Rx-pkts Tx-pkts Rx-octet Tx-octet Reas
---- -- -- --- --- --- --- --- --- ---- default UNB 0 0 0 0 0 0 0 0 http ENB 0 0 0 0 0 0 0 0 smtp ENB 0 0 0 0 0 0 0 0 Server Total 0 0 0 0 0 0 0 SLB-ServerIron# information for remaining real servers omitted for brevity...
Syntax: show server real This display shows the following information.
Table 3.13: Real Server Information This Field... Displays...
Server State Codes
Server State The possible values for the server state. The state of each real server is shown by the State field. See below.
General Server Parameters
Name The name of the real server. This is the name you assigned to the server when you configured it on the ServerIron.
IP The IP address of the real server.
If you configured a host range of VIPs on the server, the number following the IP address (after the colon) is the number of hosts on the server. In the example shown above, the VIP address is
209.157.23.60 and the address has been configured with a host range of four hosts. For more information, see “Web Hosting with Unlimited Virtual IP Addresses” on page 3-177.
State The state of the real server, based on Layer 3 health checks. The state can be one of the following states, also listed next to "Server State" at the top of the show server real display:
• 1 – Enabled • 2 – Failed • 3 – Test • 4 – Suspect • 5 – Graceful shutdown • 6 – Active
Note: The value in this field is based on the results of Layer 3 health checks, if enabled. The real server state can also be seen in the State column in the show server session display. To display the server state based on Layer 3 health checks, see the State field in the show server session display. (See “You can also display port-binding information by entering the show server session command:” on page 3-165.)
Wt The weight assigned to this server. The weight applies only if the predictor (load balancing method) is “weighted”. See “Changing the Load Balancing Method on a Virtual Server” on page 3-59.
Max-conn The maximum number of client connections that the ServerIron will manage for the server. A connection consists of two sessions, the client-to-server session and the server-to-client session.
By default, the ServerIron allows up to 500,000 connections (one million sessions) on a server.
If you need to lower the maximum number of connections the ServerIron will manage, see “Configuring the Maximum Number of Active Sessions” on page 5-60.
Src-nat The configured and operational states of the source NAT feature. The two states are separated by a colon ( : ). The configured state is shown first, followed by the operational state. Each state can have one of the following values:
• 0 – Disabled • 1 – Enabled
Dest-nat The configured and operational states of the destination NAT feature. The two states are separated by a colon ( : ). The configured state is shown first, followed by the operational state. Each state can have one of the following values:
• 0 – Disabled • 1 – Enabled
Table 3.13: Real Server Information (Continued)
Remote server Indicates whether the server is configured on the ServerIron as a remote server or a local server. The ServerIron uses remote servers as failovers if all the local servers are down. This field can have one of the following values:
• No – The server is not a remote server. • Yes – The server is a remote server.
For more information about remote servers, see “Web Hosting with Geographically-Distributed Servers” on page 3-184.
Dynamic A statistic used by Foundry technical support. TCP/UDP Port Statistics
The following fields apply to all the TCP/UDP ports on the real servers.
Note: For DNS, HTTP, and RADIUS ports, the server-specific health check information for the port is listed under the port’s statistics. For information about the health check parameters, see “Changing HTTP Keepalive Method, Value, and Status Codes” on page 5-33.
Port The TCP/UDP port name or number. This field can have one of the following values:
• default
• dns – the well-known name for port 53
• ftp – the well-known name for port 21. (ports 20 and 21 both are FTP ports but on the ServerIron, the name “ftp” corresponds to port 21.)
• http – the well-known name for port 80 • imap4 – the well-known name for port 143 • ldap – the well-known name for port 389 • nntp – the well-known name for port 119 • ntp – the well-known name for port 123 • pop2 – the well-known name for port 109 • pop3 – the well-known name for port 110 • radius – the well-known name for udp port 1812 • smtp – the well-known name for port 25 • snmp – the well-known name for port 161 • ssl – the well-known name for port 443 • telnet – the well-known name for port 23 • tftp – the well-known name for port 69
• <number> – the port number, if the port is not one of those listed above
Table 3.13: Real Server Information (Continued)
State The state of the port. The state can be one of the following: • enabled • failed • test • suspect • graceful shutdown • active • unbnd
Note: If the state is unbnd, you have not bound the port to a virtual server port.
Ms The master port state. This field applies only to track ports and to ports to which you have bound other TCP/UDP ports in many-to-one configurations.
• For track ports, the state of the master port. When a port is configured to track a master port, the ServerIron sends a client’s request for the tracking port to the same real server as the master port. See “Configuring a Track Port Group” on page 3-60 and “TCP/UDP Application Groups” on page 3-180. In the example show real server output shown above, assume that port 500 is tracked by port 600. If port 500’s state changes, port 600’s state also changes to match.
• For many-to-one TCP/UDP port binding, the state of the port that is translated in the port binding between the real server and the virtual server. The ports that are not translated follow the state of the port that is translated. See “Many-To-One TCP/UDP Port Binding” on page 3-174. In the example show real server output shown above, assume that port 70 is untranslated and follows the state of port http. If port http’s state changes, port 70’s state also changes to match.
This field can have one of the following values for the types of ports listed above: • 1 – Enabled • 2 – Failed • 3 – Test • 4 – Suspect • 5 – Graceful shutdown • 6 – Active
For all other types of ports, the value is always 0.
CurConn The number of client connections currently on the server. A
connection consists of two sessions, the client-to-server session and the server-to-client session.
Table 3.13: Real Server Information (Continued)
Displaying Virtual Servers Configuration Statistics
To display configuration information and statistics for the virtual servers configured on the ServerIron, enter the following command:
ServerIron(config)# show server virtual Virtual Servers Info
Server Name: v100 IP : 209.157.23.100 : 4 Status: enabled Predictor: least-conn TotConn: 4233 Dynamic: No HTTP redirect: disabled
Sym: group = 1 state = 5 priority = 2 keep = 0 Activates = 4, Inactive= 3
Port State Sticky Concur CurConn TotConn PeakConn
radius-oenabled NO NO 0 0 0 http enabled NO NO 0 4233 39 ftp enabled NO NO 0 0 0 telnet enabled NO NO 0 0 0 ssl enabled YES NO 0 0 0 smtp enabled NO NO 0 0 0 nntp enabled NO NO 0 0 0 ntp enabled NO NO 0 0 0 dns enabled NO NO 0 0 0 pop2 enabled NO NO 0 0 0 pop3 enabled NO NO 0 0 0 tftp enabled NO NO 0 0 0 imap4 enabled NO NO 0 0 0 snmp enabled NO NO 0 0 0 ldap enabled NO NO 0 0 0 default enabled NO NO 0 0 0
information for remaining virtual servers omitted for brevity...
Syntax: show server virtual TotConns The number of client connections on the server since the ServerIron was last booted. A connection consists of two sessions, the client-to- server session and the server-to-client session. Rx-pkts The number of packets the ServerIron has received from the server. Tx-pkts The number of packets the ServerIron has sent to the server. Rx-octet The number of octets (bytes) the ServerIron has received from the server. Tx-octet The number of octets (bytes) the ServerIron has sent to the server. Reas The number of times the ServerIron has reassigned the connection to another server in the rotation because the server that is in use has not responded to two contiguous TCP SYNs from the client. When this occurs, the ServerIron directs the client to another server upon receiving the third SYN from the client. Note: Windows 98 sends two TCP SYNs for each connection attempt. Note: This statistic does not apply to SwitchBack (Direct Server Return). Table 3.13: Real Server Information (Continued) This Field... Displays...
This display shows the following information.
Table 3.14: Virtual Server Information
This Field... Displays...
General Server Parameters
Server Name The name of the virtual server. This is the name you assigned to the server when you configured it on the ServerIron.
IP The IP address of the virtual server.
If you configured a host range of VIPs on the server, the number following the IP address (after the colon) is the number of hosts on the server. In the example above, the VIP has a host range of 4
addresses.
Status The status of the virtual server. The status can be one of the following:
• enabled • disabled
Predictor The load balancing predictor the ServerIron uses to balance traffic among the real servers bound to this virtual server. The predictor can be one of the following:
• least-conn (least connections) • least-sess (least sessions)
• response-time (server response time)
Note: This value also applies to the combined method of least connections and server response time weights.
• round-robin (round robin) • weighted (weighted percentage)
• least-local-conn (least local connections) • least-local-sess (least local sessions)
You can assign these metrics on a global basis and an individual virtual server basis.
For more information or to globally change the predictor, see “Globally Changing the Load-Balancing Method” on page 3-22.
To locally change the predictor for a virtual server, see “Changing the Load Balancing Method on a Virtual Server” on page 3-59.
TotConn The number of client connections on the server since the ServerIron was last booted or restarted. A connection consists of two sessions, the client-to-server session and the server-to-client session.
HTTP-redirect The state of the HTTP redirect feature. This feature enables the ServerIron to send an HTTP redirect message to the client if all the real servers are down and the ServerIron is therefore sending client requests to a remote server.
The HTTP redirect message instructs the client to redirect its HTTP connection directly to the remote server, bypassing the ServerIron. The state can be one of the following:
• disabled • enabled
For more information, see “Using HTTP Redirect with Geographically- Distributed Servers” on page 3-187.
Sym Information for Symmetric SLB. The following information is displayed:
• group – The Symmetric SLB group number.
• state – State 3 means the VIP is inactive. State 5 means the VIP is active.
• priority – The Symmetric SLB priority configured on the ServerIron.
• keep – The number of times an SSLB backup has failed to communicate with the active ServerIron. By default, the counter is incremented by 1 every 400 milliseconds the backup
ServerIron is late responding to the active ServerIron’s keepalive message. The counter is reset to 0 each time the backup ServerIron replies to a keepalive message. If the counter goes higher than the maximum number allowed (20 by default, thus 8 seconds), the standby ServerIron takes over as the new active ServerIron. Normally, this field almost always contains 0. Note: This field is applicable only on the active ServerIron. • dyn priority/factor – The current dynamically set priority and the
decrement value. In this example, an application has failed a health check, so the dynamic priority is 20 instead of 30. The decrement value is 10. If the priority and dyn priority values match, then all the VIP’s applications that are configured for SSLB are responding to their health checks.
• Activates – The number of times this ServerIron has become the active ServerIron.
• Inactive – The number of times this ServerIron has changed from being the active ServerIron.
• Best-standby-mac – The MAC address of the backup ServerIron with the second-highest priority. This ServerIron will become the active ServerIron if a failover occurs.
For more information about Symmetric SLB, see “Symmetric SLB” on page 7-15.
TCP/UDP Port Information and Statistics
Table 3.14: Virtual Server Information (Continued)
Port The TCP/UDP port name or number. This field can have one of the following values:
• default
• dns – the well-known name for port 53
• ftp – the well-known name for port 21. (ports 20 and 21 both are FTP ports but on the ServerIron, the name “ftp” corresponds to port 21.)
• http – the well-known name for port 80 • imap4 – the well-known name for port 143 • ldap – the well-known name for port 389 • nntp – the well-known name for port 119 • ntp – the well-known name for port 123 • pop2 – the well-known name for port 109 • pop3 – the well-known name for port 110 • radius – the well-known name for udp port 1812
• radiuso – UDP port 1645, which is used in some older RADIUS implementations instead of port 1812
• smtp – the well-known name for port 25 • snmp – the well-known name for port 161 • ssl – the well-known name for port 443 • telnet – the well-known name for port 23 • tftp – the well-known name for port 69
• <number> – the port number, if the port is not one of those listed above
State The state of the port. The state can be one of the following: • enabled • failed • test • suspect • graceful shutdown • active • unbnd
Note: If the status is unbnd, you have not bound the port to a real server port.
Table 3.14: Virtual Server Information (Continued)