CheckPoint - Commandes de synchro et HA
Alasta 14 Décembre 2014 checkpoint Checkpoint Synchro HA Commandes
Description : Voici quelques commandes sur la synchro et le HA CheckPoint.
Etat des membres d'un cluster
VRRP sur IPSO
1 $ cphaprob state
2
3 Cluster Mode: Sync only (IPSO cluster)
4
5 Number Unique Address Firewall State ()
6
7 1 192.168.1.252 Active
8 2 (local) 192.168.1.253 Active
9
10 () In IP Clustering/VRRP FW-1 also monitors the cluster status
ClusterXL sur Gaia
1 [Expert@Gaia:0]# cphaprob state
2
3 Cluster Mode: High Availability (Active Up) with IGMP Membership
4
5 Number Unique Address Assigned Load State
6
7 1 (local) 192.168.1.1 100% Active
8 2 192.168.1.1 0% Standby
Note : EN mode IP Clustering avec partage de charge, la commande indique aussi la répartition de charge.
Affiche le monitor des "Devices" critiques
1 $ cphaprob list
2
3 Registered Devices:
4
5 Device Name: Synchronization
6 Registration number: 0
7 Timeout: none
8 Current state: OK
9 Time since last report: 596635 sec
10
11 Device Name: Filter
12 Registration number: 1
13 Timeout: none
14 Current state: OK
15 Time since last report: 596620 sec
16
17 Device Name: cphad
18 Registration number: 2
19 Timeout: 5 sec
20 Current state: OK
21 Time since last report: 0.8 sec
22
23 Device Name: fwd
24 Registration number: 3
25 Timeout: 5 sec
26 Current state: OK
27 Time since last report: 0.7 sec
Etat des interfaces/interfaces virtuels dans un cluster
1 $ cphaprob -a if
2
3 eth4c1 non sync(non secured)
4 eth2c0 sync(secured), multicast
5 eth3c0 non sync(non secured)
6 eth1c0 non sync(non secured)
7 eth4c2 non sync(non secured)
8 eth4c3 non sync(non secured)
9
10 Virtual cluster interfaces: 10
11
12 eth4 192.168.1.1
13 eth4 192.168.2.2
14 eth4 192.168.3.3
15 eth4 192.168.4.4
16 eth4c3 192.168.5.5
17 ...
Note : Interessant lors de modification de l'interface de synchro.
Affichage de "sync serialization statistics"
1 $ cphaprob ldstat
2
3 Operand Calls Bytes Average Ratio %
4 -------------------------------------------------------
5 ERROR 0 0 0 0
6 SET 18541 3432 185 0
7 RENAME 0 0 0 0
8 REFRESH 7034 3368 52 1
9 DELETE 18414 39400 34 0
10 SLINK 27634 88576 64 1
11 UNLINK 0 0 0 0
12 MODIFYFIELDS 2400 16400 76 0
13 RECORD DATA CONN 732 2088 284 0
14 COMPLETE DATA CONN 732 60280 8325 0
15
16 Total bytes sent: 3175380 (3 kB) in 6090 packets. Average 51
Affichage des stats de synchro de la choue transport
1 $ cphaprob syncstat
2
3 Sync Statistics (IDs of F&A Peers - 1 ):
4
5 Other Member Updates:
6 Sent retransmission requests................... 1
7 Avg missing updates per request................ 1
8 Old or too-new arriving updates................ 2
9 Unsynced missing updates....................... 0
10 Lost sync connection (num of events)........... 6
11 Timed out sync connection ..................... 0
12
13 Local Updates:
14 Total generated updates ....................... 1509
15 Recv Retransmission requests................... 219
16 Recv Duplicate Retrans request................. 0
17
18 Blocking Events................................ 0
19 Blocked packets................................ 0
20 Max length of sending queue.................... 0
21 Avg length of sending queue.................... 0
22 Hold Pkts events............................... 0
23 Unhold Pkt events.............................. 0
24 Not held due to no members..................... 0
25 Max held duration (sync ticks)................. 0
26 Avg held duration (sync ticks)................. 0
27
28 Timers:
29 Sync tick (ms)................................. 100
30 CPHA tick (ms)................................. 100
31
32 Queues:
33 Sending queue size............................. 512
34 Receiving queue size........................... 256
Information Kernel et Connexion
1 $ fw ctl pstat
2
3 Machine Capacity Summary:
4 Memory used: 9% (47MB out of 499MB) - below low watermark
5 Concurrent Connections: 5% (1360 out of 24900) - below low watermark
6 Aggressive Aging is disabled
7
8 Hash kernel memory (hmem) statistics:
9 Total memory allocated: 1145780 bytes in 7674 4KB blocks using 8 pools
10 Initial memory allocated: 201520 bytes (Hash memory extended by 10485760 bytes)
11 Memory allocation limit: 1314280 bytes using 10 pools
12 Total memory bytes used: 10737548 unused: 20719732 (65.87%) peak: 31035940
13 Total memory blocks used: 3464 unused: 4210 (54%) peak: 7674
14 Allocations: 1015119809 alloc, 983007 failed alloc, 1015281860 free
15
16 System kernel memory (smem) statistics:
17 Total memory bytes used: 64543688 peak: 296204068
18 Blocking memory bytes used: 1635808 peak: 211752508
19 Non-Blocking memory bytes used: 62907880 peak: 84451560
20 Allocations: 9927285 alloc, 6 failed alloc, 9926459 free, 0 failed free
21
22 Kernel memory (kmem) statistics:
23 Total memory bytes used: 43701684 peak: 261319916
24 Allocations: 2025307086 alloc, 6 failed alloc, 2025208319 free, 0 failed free
25 External Allocations: 0 for packets, 0 for SXL
26
27 Kernel stacks:
28 0 bytes total, 0 bytes stack size, 0 stacks,
29 0 peak used, 0 max stack bytes used, 0 min stack bytes used,
30 0 failed stack calls
31
32 INSPECT:
33 0 packets, 0 operations, 0 lookups,
34 0 record, 0 extract
35
36 Cookies:
37 4246763 total, 0 alloc, 0 free,
38 2752 dup, 164143514 get, 1114962 put,
39 4378786 len, 141 cached len, 0 chain alloc,
40 0 chain free
41
42 Connections:
43 6676932 total, 4155369 TCP, 506307 UDP, 19741 ICMP,
44 15 other, 5973 anticipated, 419 recovered, 1360 concurrent,
45 13586 peak concurrent
46
47 Fragments:
48 368 fragments, 102 packets, 0 expired, 0 short,
49 0 large, 0 duplicates, 0 failures
50
51 NAT:
52 370345/0 forw, 185522/0 bckw, 6416 tcpudp,
53 105142 icmp, 286728-222013 alloc
54
55 Sync:
56 Version: new
57 Status: Able to Send/Receive sync packets
58 Sync packets sent:
59 total : 495688, retransmitted : 168, retrans reqs : 1, acks : 21
60 Sync packets received:
61 total : 1024947, were queued : 2, dropped by net : 1
62 retrans reqs : 258, received 9823 acks
63 retrans reqs for illegal seq : 0
64 dropped updates as a result of sync overload: 0
Etat du HA
1 $ cpstat ha
2
3 Product name: High Availability
4 Version: N/A
5 Status: OK
6 HA installed: 1
7 Working mode: Sync only (IPSO cluster)
8 HA started: yes