Monitoring Interfaces¶
Each interface has associated counters and other state data which enable monitoring of traffic volume and errors, among other properties.
Note
To limit administrative overhead, the dataplane updates these counters every 10 seconds.
Interface Status¶
The show interface command prints important traffic volume and error
counters specific to each interface. For example:
tnsr# show interface
Interface: TenGigabitEthernet6/0/0
Admin status: up
Link up, link-speed 10 Gbps, full duplex
Link MTU: 1500 bytes
MAC address: 90:ec:77:47:5e:59
VRF: default
IPv4 addresses:
10.15.30.2/24
IPv6 addresses:
fe80::92ec:77ff:fe47:5e59/64
counters:
Five minute input rate 8864 bits/sec, 18 packets/sec
Five minute output rate 8864 bits/sec, 18 packets/sec
received: 1839300 bytes, 30655 packets, 0 errors
transmitted: 1838922 bytes, 30661 packets, 0 errors
protocols: 30601 IPv4, 0 IPv6
53 drops, 0 punts, 0 rx miss, 0 rx no buffer
The show interface command also supports keywords which filter its output or
provide additional detail. Most of these commands can run on all interfaces at
once, which provides a summary of certain properties of all interfaces, or they
can be limited to a single interface for brevity.
- access-list:
Prints the access control lists configured on an interface
- brief:
Prints a summarized list of interfaces, their status, and IP addresses.
- counters [verbose]:
Prints the interface traffic counters for an interface.
This includes the number of packets, bytes, and errors transmitted and received by the interface as well as a breakdown of protocols and notable packet outcomes such as drops. This also prints the average traffic input and output rates over the last five minutes.
The
verbosekeyword displays detailed counter statistics for the interface if they are active.- counters rolling [interval <sec>]:
Enters a special mode to follow rolling counter data for a single interface in a continual fashion. New data is printed periodically as determined by the given
intervalwhich defaults to10seconds. Data rates are calculated based on the difference between the previous and current entries.This is useful for near-real-time monitoring of interface activity.
To exit this mode, press the key combination
Ctrl-C.- ip [nat]:
Prints the IPv4 addresses present on the interface and the IPv4 route table used by the interface.
- nat:
Prints the NAT role for an interface (e.g. inside or outside)
- ipv6 [router-advertisements]:
Prints the IPv6 addresses present on the interface and the IPv6 route table used by the interface.
- router-advertisements:
Prints the current IPv6 router advertisement configuration and status, including associated timers and counters.
- link:
Prints the link status (e.g. up or down), media type and duplex, and MTU
- mac-address:
Prints the hardware MAC address, if present
- subif:
Prints VLAN subinterface attributes for an interface.
- vlan tag-rewrite:
Shows VLAN tag rewriting attributes for an interface.
- [(ip|ipv6)] vrrp-virtual-router:
Prints the VRRP status. Can optionally be limited to either IPv4 or IPv6.
For output types which support the entire list of interfaces, omit the interface name from the command, for example:
tnsr# show interface ip
The filtering may also be applied to a single interface:
tnsr# show interface TenGigabitEthernet6/0/0 link
Brief Interface Summary¶
The show interface brief command prints a summarized list of interfaces,
their status, and IP addresses:
tnsr# show interface brief
Interface Admin Status Link Status Address
DMZ down down no addresses assigned
GUEST up down 10.2.8.1/24
LAN up up 10.2.0.1/24
LAN up up 2001:db8:f0::1/64
LAN up up fe80::290:bff:fe7a:8a65/64
WAN up up 203.0.113.2/24
WAN up up 2001:db8:0:2::2/64
WAN up up fe80::290:bff:fe7a:8a67/64
When run with an interface name, the output is limited to addresses on the given interface:
tnsr# show interface WAN brief
Interface Admin Status Link Status Address
WAN up up 203.0.113.2/24
WAN up up 2001:db8:0:2::2/64
WAN up up fe80::290:bff:fe7a:8a67/64
View Interface Counters¶
The show interface [<if-name>] counters [verbose] command displays detailed
information on all available interface counters.
Example output:
tnsr(config)# show interface TenGigabitEthernet6/0/0 counters
Interface: TenGigabitEthernet6/0/0
counters:
received: 9253580 bytes, 61588 packets, 0 errors
transmitted: 628148 bytes, 5755 packets, 8 errors
protocols: 12810 IPv4, 5101 IPv6
50972 drops, 0 punts, 0 rx miss, 0 rx no buffer
Additional detailed packet counters for transmit and receive of unicast,
multicast, and broadcast traffic may be enabled or disabled on a per-interface
basis (Interface Configuration Options). Add the verbose keyword to display
these statistics:
tnsr(config)# show interface TenGigabitEthernet6/0/0 counters verbose
Interface: TenGigabitEthernet6/0/0
detailed counters:
received: 9258555 bytes, 61641 packets, 0 errors
received unicast: 2464 bytes, 18 packets
received multicast: 2464 bytes, 18 packets
received broadcast: 622 bytes, 8 packets
transmitted: 628676 bytes, 5761 packets, 8 errors
transmitted unicast: 2480 bytes, 18 packets
transmitted multicast: 2480 bytes, 18 packets
transmitted broadcast: 0 bytes, 0 packets
protocols: 12820 IPv4, 5105 IPv6
51016 drops, 0 punts, 0 rx miss, 0 rx no buffer
Counter values take a minimum of 10 seconds to be populated with valid data.
Rolling Interface Counters¶
The show interface <if-name> counters rolling [interval <sec>] command
enters a special mode which displays rolling counter data for a single
interface.
The command does not immediately terminate, but runs in a loop to print new data
periodically as determined by the given interval which defaults to 10
seconds.
Tip
To exit this mode, press the key combination Ctrl-C.
tnsr# show interface TenGigabitEthernet6/0/0 counters rolling
Interface: TenGigabitEthernet6/0/0
RX: bytes packets avg bits/sec errors TX: bytes packets avg bits/sec errors
29438 175 661 0 14830 149 792 1
447565 657 334501 0 73192 434 46689 1
603547 999 124785 0 126329 721 42509 1
15239110 12132 11708450 0 864320 2760 590392 1
15633162 12609 315241 0 899051 3001 27784 1
16262265 13276 503282 0 961828 3352 50221 1
21244287 17149 3985617 0 1187342 4402 180411 1
24290538 19489 2437000 0 1221964 4672 27697 1
26452934 21297 1729916 0 1272297 4976 40266 1
26475552 21460 18094 0 1291149 5121 15081 1
26491299 21609 12597 0 1313105 5257 17564 1
26535233 21892 35147 0 1360692 5554 38069 1
26592117 22169 45507 0 1399949 5794 31405 1
^C
Note
This example output has extra whitespace removed for brevity. The actual output is around 160 characters wide so that large counter values do not affect the output formatting if they increase rapidly while this command is running.
The output line wraps on narrower terminal windows, so widen terminal windows appropriately to view the output without wrapping.
Clear Interface Counters¶
The interface clear counters <name> command clears all counters on a given
interface. This command is available in config mode. If no specific
interface is given, all interfaces will have their counters cleared:
tnsr# configure
tnsr(config)# interface clear counters
Counters cleared
tnsr(config)#
View Packet Counters¶
The show packet-counters command prints packet statistics and error counters
taken from the dataplane. These counters show the number of packets which have
passed through various aspects of processing, such as encryption, along with
various types of packet send/receive errors. The set of counters displayed will
vary depending on the set of enabled features, such as NAT, IPsec, and so on.
Example output:
tnsr# show packet-counters
Count Node Reason
624 dpdk-crypto-input Crypto ops dequeued
624 dpdk-esp-decrypt-post ESP post pkts
624 dpdk-esp-decrypt ESP pkts received
622 esp-encrypt ESP pkts received
624 ipsec-if-input good packets received
304 ip4-input Multicast RPF check failed
9 ip4-arp ARP requests sent
22 lldp-input lldp packets received on disabled interfaces
8 ethernet-input no error
2 ethernet-input unknown ethernet type
5821 ethernet-input unknown vlan
16 arp-input ARP request IP4 source address learned
28 GigabitEthernet0/14/0-output interface is down
8 GigabitEthernet3/0/0-output interface is down
Interface Status via API¶
If the RESTCONF API is enabled, the interface counter data may also be polled that way. For example:
Command:
$ curl --cert ~/tnsr/tnsr-myuser.crt \
--key ~/tnsr/tnsr-myuser.key \
--cacert ~/tnsr/tnsr-selfca.crt \
-X GET \
http://tnsr.example.com/restconf/data/netgate-interface:interfaces-state/interface=TenGigabitEthernet6%2F0%2F0/counters/
Output:
{
"netgate-interface:counters": {
"collect-time": "1719585196",
"reset-time": "0",
"detailed-counters": true,
"rx-bytes": "10381020",
"rx-packets": "173017",
"rx-unicast-bytes": "780",
"rx-unicast-packets": "13",
"rx-multicast-bytes": "0",
"rx-multicast-packets": "0",
"rx-broadcast-bytes": "0",
"rx-broadcast-packets": "0",
"rx-ip4": "172716",
"rx-ip6": "0",
"tx-bytes": "10376136",
"tx-packets": "173022",
"tx-unicast-bytes": "780",
"tx-unicast-packets": "13",
"tx-multicast-bytes": "0",
"tx-multicast-packets": "0",
"tx-broadcast-bytes": "0",
"tx-broadcast-packets": "0",
"rx-error": "0",
"tx-error": "0",
"drop": "300",
"punt": "0",
"rx-miss": "0",
"rx-no-buffer": "0",
"rx-bits-average": "8880",
"rx-packets-average": "18",
"tx-bits-average": "8875",
"tx-packets-average": "18"
}
}