Etat des membres d'un cluster

VRRP sur IPSO

 1 $ cphaprob state
 2 
 3 Cluster Mode:   Sync only (IPSO cluster)
 4 
 5 Number     Unique Address  Firewall State (*)
 6 
 7 1          192.168.1.252  Active
 8 2 (local)  192.168.1.253  Active
 9 
10 (*) In IP Clustering/VRRP FW-1 also monitors the cluster status

ClusterXL sur Gaia

1 [Expert@Gaia:0]# cphaprob state
2 
3 Cluster Mode:   High Availability (Active Up) with IGMP Membership
4 
5 Number     Unique Address  Assigned Load   State
6 
7 1 (local)  192.168.1.1   100%            Active
8 2          192.168.1.1   0%              Standby

Note : EN mode IP Clustering avec partage de charge, la commande indique aussi la répartition de charge.

Affiche le monitor des "Devices" critiques

 1 $ cphaprob list
 2 
 3 Registered Devices:
 4 
 5 Device Name: Synchronization
 6 Registration number: 0
 7 Timeout: none
 8 Current state: OK
 9 Time since last report: 596635 sec
10 
11 Device Name: Filter
12 Registration number: 1
13 Timeout: none
14 Current state: OK
15 Time since last report: 596620 sec
16 
17 Device Name: cphad
18 Registration number: 2
19 Timeout: 5 sec
20 Current state: OK
21 Time since last report: 0.8 sec
22 
23 Device Name: fwd
24 Registration number: 3
25 Timeout: 5 sec
26 Current state: OK
27 Time since last report: 0.7 sec

Etat des interfaces/interfaces virtuels dans un cluster

 1 $ cphaprob -a if
 2 
 3 eth4c1          non sync(non secured)
 4 eth2c0          sync(secured), multicast
 5 eth3c0          non sync(non secured)
 6 eth1c0          non sync(non secured)
 7 eth4c2          non sync(non secured)
 8 eth4c3          non sync(non secured)
 9 
10 Virtual cluster interfaces: 10
11 
12 eth4            192.168.1.1
13 eth4            192.168.2.2
14 eth4            192.168.3.3
15 eth4            192.168.4.4
16 eth4c3          192.168.5.5
17 ...

Note : Interessant lors de modification de l'interface de synchro.

Affichage de "sync serialization statistics"

 1 $ cphaprob ldstat
 2 
 3 Operand              Calls      Bytes   Average Ratio %
 4 -------------------------------------------------------
 5 ERROR                0          0       0       0
 6 SET                  18541      3432    185     0
 7 RENAME               0          0       0       0
 8 REFRESH              7034       3368    52      1
 9 DELETE               18414      39400   34      0
10 SLINK                27634      88576   64      1
11 UNLINK               0          0       0       0
12 MODIFYFIELDS         2400       16400   76      0
13 RECORD DATA CONN     732        2088    284     0
14 COMPLETE DATA CONN   732        60280   8325    0
15 
16 Total bytes sent: 3175380 (3 kB) in 6090 packets. Average 51

Affichage des stats de synchro de la choue transport

 1 $ cphaprob syncstat
 2 
 3 Sync Statistics (IDs of F&A Peers - 1 ):
 4 
 5 Other Member Updates:
 6 Sent retransmission requests...................  1
 7 Avg missing updates per request................  1
 8 Old or too-new arriving updates................  2
 9 Unsynced missing updates.......................  0
10 Lost sync connection (num of events)...........  6
11 Timed out sync connection .....................  0
12 
13 Local Updates:
14 Total generated updates .......................  1509
15 Recv Retransmission requests...................  219
16 Recv Duplicate Retrans request.................  0
17 
18 Blocking Events................................  0
19 Blocked packets................................  0
20 Max length of sending queue....................  0
21 Avg length of sending queue....................  0
22 Hold Pkts events...............................  0
23 Unhold Pkt events..............................  0
24 Not held due to no members.....................  0
25 Max held duration (sync ticks).................  0
26 Avg held duration (sync ticks).................  0
27 
28 Timers:
29 Sync tick (ms).................................  100
30 CPHA tick (ms).................................  100
31 
32 Queues:
33 Sending queue size.............................  512
34 Receiving queue size...........................  256

Information Kernel et Connexion

 1 $ fw ctl pstat
 2 
 3 Machine Capacity Summary:
 4 Memory used: 9% (47MB out of 499MB) - below low watermark
 5 Concurrent Connections: 5% (1360 out of 24900) - below low watermark
 6 Aggressive Aging is disabled
 7 
 8 Hash kernel memory (hmem) statistics:
 9 Total memory allocated: 1145780 bytes in 7674 4KB blocks using 8 pools
10 Initial memory allocated: 201520 bytes (Hash memory extended by 10485760 bytes)
11 Memory allocation  limit: 1314280 bytes using 10 pools
12 Total memory bytes  used: 10737548   unused: 20719732 (65.87%)   peak: 31035940
13 Total memory blocks used:     3464   unused:     4210 (54%)   peak:     7674
14 Allocations: 1015119809 alloc, 983007 failed alloc, 1015281860 free
15 
16 System kernel memory (smem) statistics:
17 Total memory  bytes  used: 64543688   peak: 296204068
18 Blocking  memory  bytes   used:  1635808   peak: 211752508
19 Non-Blocking memory bytes used: 62907880   peak: 84451560
20 Allocations: 9927285 alloc, 6 failed alloc, 9926459 free, 0 failed free
21 
22 Kernel memory (kmem) statistics:
23 Total memory  bytes  used: 43701684   peak: 261319916
24 Allocations: 2025307086 alloc, 6 failed alloc, 2025208319 free, 0 failed free
25 External Allocations: 0 for packets, 0 for SXL
26 
27 Kernel stacks:
28 0 bytes total, 0 bytes stack size, 0 stacks,
29 0 peak used, 0 max stack bytes used, 0 min stack bytes used,
30 0 failed stack calls
31 
32 INSPECT:
33 0 packets, 0 operations, 0 lookups,
34 0 record, 0 extract
35 
36 Cookies:
37 4246763 total, 0 alloc, 0 free,
38 2752 dup, 164143514 get, 1114962 put,
39 4378786 len, 141 cached len, 0 chain alloc,
40 0 chain free
41 
42 Connections:
43 6676932 total, 4155369 TCP, 506307 UDP, 19741 ICMP,
44 15 other, 5973 anticipated, 419 recovered, 1360 concurrent,
45 13586 peak concurrent
46 
47 Fragments:
48 368 fragments, 102 packets, 0 expired, 0 short,
49 0 large, 0 duplicates, 0 failures
50 
51 NAT:
52 370345/0 forw, 185522/0 bckw, 6416 tcpudp,
53 105142 icmp, 286728-222013 alloc
54 
55 Sync:
56 Version: new
57 Status: Able to Send/Receive sync packets
58 Sync packets sent:
59 total : 495688,  retransmitted : 168, retrans reqs : 1,  acks : 21
60 Sync packets received:
61 total : 1024947,  were queued : 2, dropped by net : 1
62 retrans reqs : 258, received 9823 acks
63 retrans reqs for illegal seq : 0
64 dropped updates as a result of sync overload: 0

Infos CheckPoint sk34476

Etat du HA

1 $ cpstat ha
2 
3 Product name: High Availability
4 Version:      N/A
5 Status:       OK
6 HA installed: 1
7 Working mode: Sync only (IPSO cluster)
8 HA started:   yes