Monitoring Interfaces¶
Each interface has associated counters and other state data which enable monitoring of traffic volume and errors, among other properties.
Note
To limit administrative overhead, the dataplane updates these counters every 10 seconds.
Interface Status¶
The show interface command prints important traffic volume and error
counters specific to each interface. For example:
tnsr# show interface
Interface: TenGigabitEthernet6/0/0
Admin status: up
Link up, link-speed 10 Gbps, full duplex
Link MTU: 1500 bytes
MAC address: 90:ec:77:47:5e:59
VRF: default
IPv4 addresses:
10.15.30.2/24
IPv6 addresses:
fe80::92ec:77ff:fe47:5e59/64
counters:
Five minute input rate 8864 bits/sec, 18 packets/sec
Five minute output rate 8864 bits/sec, 18 packets/sec
received: 1839300 bytes, 30655 packets, 0 errors
transmitted: 1838922 bytes, 30661 packets, 0 errors
protocols: 30601 IPv4, 0 IPv6
53 drops, 0 punts, 0 rx miss, 0 rx no buffer
The show interface command also supports keywords which filter its output or
provide additional detail. Most of these commands can run on all interfaces at
once, which provides a summary of certain properties of all interfaces, or they
can be limited to a single interface for brevity.
- access-list:
Prints the access control lists configured on an interface
- brief:
Prints a summarized list of interfaces, their status, and IP addresses.
- counters [verbose]:
Prints the interface traffic counters for an interface.
This includes the number of packets, bytes, and errors transmitted and received by the interface as well as a breakdown of protocols and notable packet outcomes such as drops. This also prints the average traffic input and output rates over the last five minutes.
The
verbosekeyword displays detailed counter statistics for the interface if they are active.- counters rolling [interval <sec>]:
Enters a special mode to follow rolling counter data for a single interface in a continual fashion. New data is printed periodically as determined by the given
intervalwhich defaults to10seconds. Data rates are calculated based on the difference between the previous and current entries.This is useful for near-real-time monitoring of interface activity.
To exit this mode, press the key combination
Ctrl-C.- ip [nat]:
Prints the IPv4 addresses present on the interface and the IPv4 route table used by the interface.
- nat:
Prints the NAT role for an interface (e.g. inside or outside)
- ipv6 [router-advertisements]:
Prints the IPv6 addresses present on the interface and the IPv6 route table used by the interface.
- router-advertisements:
Prints the current IPv6 router advertisement configuration and status, including associated timers and counters.
- link:
Prints the link status (e.g. up or down), media type and duplex, and MTU
- mac-address:
Prints the hardware MAC address, if present
- subif:
Prints VLAN subinterface attributes for an interface.
- vlan tag-rewrite:
Shows VLAN tag rewriting attributes for an interface.
- [(ip|ipv6)] vrrp-virtual-router:
Prints the VRRP status. Can optionally be limited to either IPv4 or IPv6.
For output types which support the entire list of interfaces, omit the interface name from the command, for example:
tnsr# show interface ip
The filtering may also be applied to a single interface:
tnsr# show interface TenGigabitEthernet6/0/0 link
Brief Interface Summary¶
The show interface brief command prints a summarized list of interfaces,
their status, and IP addresses:
tnsr# show interface brief
Interface Admin Status Link Status Address
DMZ down down no addresses assigned
GUEST up down 10.2.8.1/24
LAN up up 10.2.0.1/24
LAN up up 2001:db8:f0::1/64
LAN up up fe80::290:bff:fe7a:8a65/64
WAN up up 203.0.113.2/24
WAN up up 2001:db8:0:2::2/64
WAN up up fe80::290:bff:fe7a:8a67/64
When run with an interface name, the output is limited to addresses on the given interface:
tnsr# show interface WAN brief
Interface Admin Status Link Status Address
WAN up up 203.0.113.2/24
WAN up up 2001:db8:0:2::2/64
WAN up up fe80::290:bff:fe7a:8a67/64
View Interface Counters¶
The show interface [<if-name>] counters [verbose] command displays detailed
information on all available interface counters.
Example output:
tnsr(config)# show interface TenGigabitEthernet6/0/0 counters
Interface: TenGigabitEthernet6/0/0
counters:
received: 9253580 bytes, 61588 packets, 0 errors
transmitted: 628148 bytes, 5755 packets, 8 errors
protocols: 12810 IPv4, 5101 IPv6
50972 drops, 0 punts, 0 rx miss, 0 rx no buffer
Additional detailed packet counters for transmit and receive of unicast,
multicast, and broadcast traffic may be enabled or disabled on a per-interface
basis (Interface Configuration Options). Add the verbose keyword to display
these statistics:
tnsr(config)# show interface TenGigabitEthernet6/0/0 counters verbose
Interface: TenGigabitEthernet6/0/0
detailed counters:
received: 9258555 bytes, 61641 packets, 0 errors
received unicast: 2464 bytes, 18 packets
received multicast: 2464 bytes, 18 packets
received broadcast: 622 bytes, 8 packets
transmitted: 628676 bytes, 5761 packets, 8 errors
transmitted unicast: 2480 bytes, 18 packets
transmitted multicast: 2480 bytes, 18 packets
transmitted broadcast: 0 bytes, 0 packets
protocols: 12820 IPv4, 5105 IPv6
51016 drops, 0 punts, 0 rx miss, 0 rx no buffer
Counter values take a minimum of 10 seconds to be populated with valid data.
Rolling Interface Counters¶
The show interface <if-name> counters rolling [interval <sec>] command
enters a special mode which displays rolling counter data for a single
interface.
The command does not immediately terminate, but runs in a loop to print new data
periodically as determined by the given interval which defaults to 10
seconds.
Tip
To exit this mode, press the key combination Ctrl-C.
tnsr# show interface TenGigabitEthernet6/0/0 counters rolling
Interface: TenGigabitEthernet6/0/0
RX: bytes packets avg bits/sec errors TX: bytes packets avg bits/sec errors
29438 175 661 0 14830 149 792 1
447565 657 334501 0 73192 434 46689 1
603547 999 124785 0 126329 721 42509 1
15239110 12132 11708450 0 864320 2760 590392 1
15633162 12609 315241 0 899051 3001 27784 1
16262265 13276 503282 0 961828 3352 50221 1
21244287 17149 3985617 0 1187342 4402 180411 1
24290538 19489 2437000 0 1221964 4672 27697 1
26452934 21297 1729916 0 1272297 4976 40266 1
26475552 21460 18094 0 1291149 5121 15081 1
26491299 21609 12597 0 1313105 5257 17564 1
26535233 21892 35147 0 1360692 5554 38069 1
26592117 22169 45507 0 1399949 5794 31405 1
^C
Note
This example output has extra whitespace removed for brevity. The actual output is around 160 characters wide so that large counter values do not affect the output formatting if they increase rapidly while this command is running.
The output line wraps on narrower terminal windows, so widen terminal windows appropriately to view the output without wrapping.
Clear Interface Counters¶
The clear interface counters <name> command clears all counters on a given
interface. If no specific interface is given, all interfaces will have their
counters cleared:
tnsr# clear interface counters
Counters cleared
tnsr#
View Packet Counters¶
The show packet-counters command prints informational packet statistics and
error counters taken from the dataplane. These counters show the number of
packets which have passed through various aspects of processing, such as
encryption, along with various types of packet send/receive errors. The set of
counters displayed will vary depending on the set of enabled features, such as
NAT, IPsec, and so on.
Example output:
tnsr# show packet-counters
Count Node Reason Severity
711208 vrrp4-input VRRP packets processed error
344818 vrrp4-input VRRP version is not 3 error
355726 vrrp4-input VRRP message does not match known V error
1980 vpf-ha-ip4-udp-import backward key mismatch error
1 vpf-ha-ip4-udp-import unrecognised interface error
12615 vpf-ha-ip4-udp-import invalid state enumeration value error
9821 vpf-ha-ip4-udp-import connection not found error
23424 vpf-ha-ip4-udp-import connection created info
1202602 vpf-ha-ip4-udp-import connection updated info
100 vpf-ha-ip4-udp-import connection deleted info
14258 vpf-ha-ip4-udp-import tcp connection entry allocation info
8684 vpf-ha-ip4-udp-import udp connection entry allocation info
1 vpf-ha-ip4-udp-import other connection entry allocation info
7 vpf-ha-ip4-udp-import unexpected partial key match error
4727 vpf-ha-ip6-udp-import-handoff handoff due to race during hash ins info
9934 vpf4-ha-export Buffer allocation info
8641 vpf4-ha-export Interface mappings info
4967 vpf4-ha-export Interface mapping packets info
22704 vpf4-ha-export IP4 delete events info
345 vpf4-ha-export IP4 update events info
4623 vpf4-ha-export IP4 delete event packets info
344 vpf4-ha-export IP4 update event packets info
114 vpf4-nat-output-feature packet seen by nat info
1 vpf4-nat-input-feature nat entry allocation info
111 vpf4-nat-input-feature packet seen by nat info
56 vpf6-filter-output-feature block - default info
28 vpf6-filter-output-feature packet seen by filter info
6 vpf4-filter-output-feature block - default info
9947 vpf4-filter-output-feature pass - rule info
99 vpf4-filter-output-feature pass - state info
15 vpf4-filter-output-feature connection entry allocation info
15 vpf4-filter-output-feature connection entry destruction info
12 vpf4-filter-output-feature udp connection entry allocation info
3 vpf4-filter-output-feature other connection entry allocation info
10049 vpf4-filter-output-feature packet seen by filter info
14100 vpf6-filter-input-mcast-feature block - default info
7050 vpf6-filter-input-mcast-feature packet seen by filter info
94872 vpf4-filter-input-mcast-feature block - default info
1411856 vpf4-filter-input-mcast-feature pass - rule info
13 vpf4-filter-input-mcast-feature pass - state info
106 vpf4-filter-input-mcast-feature connection entry allocation info
106 vpf4-filter-input-mcast-feature connection entry destruction info
106 vpf4-filter-input-mcast-feature udp connection entry allocation info
1459305 vpf4-filter-input-mcast-feature packet seen by filter info
242099 vpf4-filter-input-feature pass - rule info
11 vpf4-filter-input-feature pass - state info
100 vpf4-filter-input-feature connection entry allocation info
100 vpf4-filter-input-feature connection entry destruction info
100 vpf4-filter-input-feature udp connection entry allocation info
1 vpf4-filter-input-feature nat entry destruction info
242110 vpf4-filter-input-feature packet seen by filter info
297 dpdk-input no error error
18798 arp-reply ARP replies sent info
289 arp-reply IP4 source address not local to sub error
1 arp-reply IP4 source address matches local in error
2663 arp-reply ARP request IP4 source address lear info
1 arp-reply ARP hw addr does not match L2 frame error
3 arp-input IP4 destination address is unset error
241999 ip4-udp-lookup No error info
1 ip4-glean ARP requests throttled info
1 ip4-glean ARP requests sent info
2 ip6-local-hop-by-hop Unknown protocol ip6 local h-b-h pa error
1 ip4-input Multicast RPF check failed error
4 ethernet-input no error error
1 LAN-output interface is down error
Interface Status via API¶
If the RESTCONF API is enabled, the interface counter data may also be polled that way. For example:
Command:
$ curl --cert ~/tnsr/tnsr-myuser.crt \
--key ~/tnsr/tnsr-myuser.key \
--cacert ~/tnsr/tnsr-selfca.crt \
-X GET \
http://tnsr.example.com/restconf/data/netgate-interface:interfaces-state/interface=TenGigabitEthernet6%2F0%2F0/counters/
Output:
{
"netgate-interface:counters": {
"collect-time": "1719585196",
"reset-time": "0",
"detailed-counters": true,
"rx-bytes": "10381020",
"rx-packets": "173017",
"rx-unicast-bytes": "780",
"rx-unicast-packets": "13",
"rx-multicast-bytes": "0",
"rx-multicast-packets": "0",
"rx-broadcast-bytes": "0",
"rx-broadcast-packets": "0",
"rx-ip4": "172716",
"rx-ip6": "0",
"tx-bytes": "10376136",
"tx-packets": "173022",
"tx-unicast-bytes": "780",
"tx-unicast-packets": "13",
"tx-multicast-bytes": "0",
"tx-multicast-packets": "0",
"tx-broadcast-bytes": "0",
"tx-broadcast-packets": "0",
"rx-error": "0",
"tx-error": "0",
"drop": "300",
"punt": "0",
"rx-miss": "0",
"rx-no-buffer": "0",
"rx-bits-average": "8880",
"rx-packets-average": "18",
"tx-bits-average": "8875",
"tx-packets-average": "18"
}
}