CheckPoint - Commandes de synchro et HA
Alasta 14 Décembre 2014 checkpoint Checkpoint Synchro HA Commandes
Description : Voici quelques commandes sur la synchro et le HA CheckPoint.
Etat des membres d’un cluster
VRRP sur IPSO
$ cphaprob state
Cluster Mode: Sync only (IPSO cluster)
Number Unique Address Firewall State (*)
1 192.168.1.252 Active
2 (local) 192.168.1.253 Active
(*) In IP Clustering/VRRP FW-1 also monitors the cluster statusClusterXL sur Gaia
[Expert@Gaia:0]# cphaprob state
Cluster Mode: High Availability (Active Up) with IGMP Membership
Number Unique Address Assigned Load State
1 (local) 192.168.1.1 100% Active
2 192.168.1.1 0% StandbyNote : EN mode IP Clustering avec partage de charge, la commande indique aussi la répartition de charge.
Affiche le monitor des “Devices” critiques
$ cphaprob list
Registered Devices:
Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 596635 sec
Device Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 596620 sec
Device Name: cphad
Registration number: 2
Timeout: 5 sec
Current state: OK
Time since last report: 0.8 sec
Device Name: fwd
Registration number: 3
Timeout: 5 sec
Current state: OK
Time since last report: 0.7 secEtat des interfaces/interfaces virtuels dans un cluster
$ cphaprob -a if
eth4c1 non sync(non secured)
eth2c0 sync(secured), multicast
eth3c0 non sync(non secured)
eth1c0 non sync(non secured)
eth4c2 non sync(non secured)
eth4c3 non sync(non secured)
Virtual cluster interfaces: 10
eth4 192.168.1.1
eth4 192.168.2.2
eth4 192.168.3.3
eth4 192.168.4.4
eth4c3 192.168.5.5
...Note : Interessant lors de modification de l’interface de synchro.
Affichage de “sync serialization statistics”
$ cphaprob ldstat
Operand Calls Bytes Average Ratio %
-------------------------------------------------------
ERROR 0 0 0 0
SET 18541 3432 185 0
RENAME 0 0 0 0
REFRESH 7034 3368 52 1
DELETE 18414 39400 34 0
SLINK 27634 88576 64 1
UNLINK 0 0 0 0
MODIFYFIELDS 2400 16400 76 0
RECORD DATA CONN 732 2088 284 0
COMPLETE DATA CONN 732 60280 8325 0
Total bytes sent: 3175380 (3 kB) in 6090 packets. Average 51Affichage des stats de synchro de la choue transport
$ cphaprob syncstat
Sync Statistics (IDs of F&A Peers - 1 ):
Other Member Updates:
Sent retransmission requests................... 1
Avg missing updates per request................ 1
Old or too-new arriving updates................ 2
Unsynced missing updates....................... 0
Lost sync connection (num of events)........... 6
Timed out sync connection ..................... 0
Local Updates:
Total generated updates ....................... 1509
Recv Retransmission requests................... 219
Recv Duplicate Retrans request................. 0
Blocking Events................................ 0
Blocked packets................................ 0
Max length of sending queue.................... 0
Avg length of sending queue.................... 0
Hold Pkts events............................... 0
Unhold Pkt events.............................. 0
Not held due to no members..................... 0
Max held duration (sync ticks)................. 0
Avg held duration (sync ticks)................. 0
Timers:
Sync tick (ms)................................. 100
CPHA tick (ms)................................. 100
Queues:
Sending queue size............................. 512
Receiving queue size........................... 256Information Kernel et Connexion
$ fw ctl pstat
Machine Capacity Summary:
Memory used: 9% (47MB out of 499MB) - below low watermark
Concurrent Connections: 5% (1360 out of 24900) - below low watermark
Aggressive Aging is disabled
Hash kernel memory (hmem) statistics:
Total memory allocated: 1145780 bytes in 7674 4KB blocks using 8 pools
Initial memory allocated: 201520 bytes (Hash memory extended by 10485760 bytes)
Memory allocation limit: 1314280 bytes using 10 pools
Total memory bytes used: 10737548 unused: 20719732 (65.87%) peak: 31035940
Total memory blocks used: 3464 unused: 4210 (54%) peak: 7674
Allocations: 1015119809 alloc, 983007 failed alloc, 1015281860 free
System kernel memory (smem) statistics:
Total memory bytes used: 64543688 peak: 296204068
Blocking memory bytes used: 1635808 peak: 211752508
Non-Blocking memory bytes used: 62907880 peak: 84451560
Allocations: 9927285 alloc, 6 failed alloc, 9926459 free, 0 failed free
Kernel memory (kmem) statistics:
Total memory bytes used: 43701684 peak: 261319916
Allocations: 2025307086 alloc, 6 failed alloc, 2025208319 free, 0 failed free
External Allocations: 0 for packets, 0 for SXL
Kernel stacks:
0 bytes total, 0 bytes stack size, 0 stacks,
0 peak used, 0 max stack bytes used, 0 min stack bytes used,
0 failed stack calls
INSPECT:
0 packets, 0 operations, 0 lookups,
0 record, 0 extract
Cookies:
4246763 total, 0 alloc, 0 free,
2752 dup, 164143514 get, 1114962 put,
4378786 len, 141 cached len, 0 chain alloc,
0 chain free
Connections:
6676932 total, 4155369 TCP, 506307 UDP, 19741 ICMP,
15 other, 5973 anticipated, 419 recovered, 1360 concurrent,
13586 peak concurrent
Fragments:
368 fragments, 102 packets, 0 expired, 0 short,
0 large, 0 duplicates, 0 failures
NAT:
370345/0 forw, 185522/0 bckw, 6416 tcpudp,
105142 icmp, 286728-222013 alloc
Sync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 495688, retransmitted : 168, retrans reqs : 1, acks : 21
Sync packets received:
total : 1024947, were queued : 2, dropped by net : 1
retrans reqs : 258, received 9823 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0Etat du HA
$ cpstat ha
Product name: High Availability
Version: N/A
Status: OK
HA installed: 1
Working mode: Sync only (IPSO cluster)
HA started: yes