KPIs

6WIND KPI monitoring provides the ability to monitor and export Virtual Service Router KPIs. For this, the metrics should first be collected with the internal KPI daemon to the be sent via the Telegraf agent to external monitoring tools via its output plugins.

KPI collection

To setup the KPI daemon to collect metrics, configure:

vsr running config# / vrf main kpi telegraf metrics
vsr running config/# commit

If no metrics are specified, by default, only the most common KPIs are collected (some will be marked enabled true and some false) with a default period of collection for each that is estimated adequate. For example, the product-version does not need to be collected more frequently every 120 seconds compared to the alarm-summary that is collected every 10 seconds.

show state / vrf main kpi telegraf
telegraf
   enabled true
   metrics
      enabled true
      template default
      metric alarm-summary enabled true period 10
      metric fp-bridge-stats enabled false period 60
      metric fp-cg-nat-stats enabled false period 60
      metric fp-conntrack-stats enabled false period 60
      metric fp-cp-protect-stats enabled false period 60
      metric fp-cpu-usage enabled true period 10
      metric fp-ddos-stats enabled false period 10
      metric fp-exceptions-stats enabled false period 60
      metric fp-filling enabled true period 10
      metric fp-firewall-stats enabled false period 60
      metric fp-global-stats enabled false period 60
      metric fp-gre-stats enabled false period 60
      metric fp-gro-stats enabled false period 60
      metric fp-ip-stats enabled false period 60
      metric fp-ip6-stats enabled false period 60
      metric fp-ipsec-stats enabled false period 60
      metric fp-ipsec6-stats enabled false period 60
      metric fp-ports-stats enabled false period 60
      metric fp-status enabled true period 10
      metric fp-vlan-stats enabled false period 60
      metric fp-vxlan-stats enabled false period 60
      metric network-nic-eth-stats enabled false period 60
      metric network-nic-hw-info enabled true period 60
      metric network-nic-traffic-stats enabled true period 10
      metric network-twamp-stats enabled false period 60
      metric product-version enabled true period 120
      metric system-cpu-times enabled true period 10
      metric system-cpu-usage enabled true period 10
      metric system-disk-usage enabled true period 60
      metric system-memory enabled true period 60
      metric system-numa-stats enabled false period 60
      metric system-processes enabled true period 10
      metric system-soft-interrupts-stats enabled false period 60
      metric system-uptime enabled true period 10
      metric system-user-count enabled true period 10
      metric system-users enabled true period 10
      ..
   interval 10
   ..

To enable a specific metric, configure it enabled true:

vsr running config# / vrf main kpi telegraf metrics metric fp-bridge-stats enabled true
dut-vm running kpi# commit
Configuration committed.
vsr running kpi# show state / vrf main kpi telegraf metrics metric fp-bridge-stats
metric fp-bridge-stats enabled true period 60

To change the period of collection of a specific metric, configure:

vsr running config# / vrf main kpi telegraf metrics metric fp-bridge-stats period 10
vsr running config# commit
Configuration committed.
vsr running config# show state / vrf main kpi telegraf metrics metric fp-bridge-stats
metric fp-bridge-stats enabled true period 10

To collect all the metrics, configure the template all option:

vsr running config# / vrf main kpi telegraf metrics template all
vsr running config# commit
Configuration committed.

By default, the network interfaces whose KPIs are collected server are the fast path ports. This can be changed be specifying the list of interfaces:

vsr running config# / vrf main kpi telegraf metrics monitored-interface name vlan0 vrf main
vsr running config# / vrf main kpi telegraf metrics monitored-interface name mgmt0 vrf mgmt
vsr running config# / vrf main kpi telegraf metrics monitored-interface name vlan1 vrf main
vsr running config/# commit

Note

If a list of interfaces is specified, the default will not apply anymore and the fast path ports will have to be added manually to the kpi interface list to be exported.

To display the state:

vsr running config# show state vrf main kpi
kpi
    telegraf
        enabled true
        metrics
            enabled true
            monitored-interface vrf mgmt name mgmt0
            monitored-interface vrf main name vlan0
            monitored-interface vrf main name vlan1
            template all
            metric fp-bridge-stats enabled true period 60
            metric fp-cg-nat-stats enabled true period 60
            metric fp-conntrack-stats enabled true period 60
            metric fp-cpu-usage enabled true period 10
            metric fp-exceptions-stats enabled true period 60
            metric fp-filling enabled true period 10
            metric fp-firewall-stats enabled true period 60
            metric fp-gre-stats enabled true period 60
            metric fp-global-stats enabled true period 60
            metric fp-ip-stats enabled true period 60
            metric fp-ip6-stats enabled true period 60
            metric fp-ipsec-stats enabled true period 60
            metric fp-status enabled true period 60
            metric fp-vlan-stats enabled true period 60
            metric fp-vxlan-stats enabled true period 60
            metric fp-status enabled true period 10
            metric network-nic-hw-info enabled true period 60
            metric network-nic-traffic-stats enabled true period 10
            metric network-twamp-stats enabled true period 60
            metric product-license enabled true period 60
            metric product-version enabled true period 120
            metric system-cpu-times enabled true period 10
            metric system-cpu-usage enabled true period 10
            metric system-disk-usage enabled true period 60
            metric system-memory enabled true period 60
            metric system-numa-stats enabled true period 60
            metric system-processes enabled true period 10
            metric system-power enabled true period 10
            metric system-soft-interrupts-stats enabled true period 60
            metric system-uptime enabled true period 10
            metric system-user-count enabled true period 10
            metric system-users enabled true period 10
            ..
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vsr running config# show config xml absolute
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>main</name>
    <kpi xmlns="urn:6wind:vrouter/kpi">
      <telegraf xmlns="urn:6wind:vrouter/kpi/telegraf">
        <enabled>true</enabled>
        <metrics>
          <enabled>true</enabled>
          <monitored-interface>
            <vrf>main</vrf>
            <name>vlan0</name>
          </monitored-interface>
          <monitored-interface>
            <vrf>mgmt</vrf>
            <name>mgmt0</name>
          </monitored-interface>
          <monitored-interface>
            <vrf>main</vrf>
            <name>vlan1</name>
          </monitored-interface>
          <template>all</template>
        </metrics>
      </telegraf>
    </kpi>
  </vrf>
</config>

Telegraf plugins

When the KPIs are collected, Telegraf can be configured to export metrics to different monitoring tools. Here is the list of the supported tools:

  • Amazon CloudWatch

  • Apache Kafka

  • Elasticsearch

  • Graphite

  • InfluxDB

  • InfluxDBv2

  • Prometheus

The recommended setup to export the collected KPIs is to setup InfluxDB Telegraf plugin on the Virtual Service Router and to have an external machine running InfluxDB plugged into Grafana.

Amazon CloudWatch

Amazon CloudWatch is a service provided by AWS that allows to monitor KPIs on the Cloud via the AWS console. This service offers dashboarding solutions populated with exported KPIs values.

To configure the export of the KPIs to Amazon CloudWatch, mention the AWS region and define a namespace within this region where to store the data.

vsr> edit running
vsr running config# vrf main kpi telegraf amazon-cloudwatch-output region us-east-1 namespace InfluxData/Telegraf
vsr running amazon-cloudwatch-output namespace InfluxData/Telegraf region us-east-1#!

Then, allow Telegraf to authenticate to AWS. Choose one of the following strategies:

  • Explicit credentials

  • STS(Security Token Service)

  • EC2 authorized

Explicit credentials

Configure the access_key and secret_key of an account that has the rights to use the PutMetricData API CloudWatch endpoint:

vsr running amazon-cloudwatch-output namespace InfluxData/Telegraf region us-east-1#! authentication explicit-credentials
vsr running explicit-credentials#! access-key access-key-example
vsr running explicit-credentials#! secret-key secret-key-example
vsr running explicit-credentials# commit

STS (Security Token Service)

Configure the arn_role to which the proper policies have been added:

  • the STS AssumeRole

  • a policy to access CloudWatch API, at minimum the PutMetricData endpoint

vsr running amazon-cloudwatch-output namespace InfluxData/Telegraf region us-east-1#! authentication sts-credentials
vsr running sts-credentials#! arn-role arn:aws:iam::123456789012:role/my-role
vsr running sts-credentials# commit

EC2 authorized

If the Virtual Service Router is running on an AWS EC2 instance that has been granted the right to use the CloudWatch API by its admin, configure the ec2-authorized option.

vsr running amazon-cloudwatch-output namespace InfluxData/Telegraf region us-east-1#! authentication ec2-authorized
vsr running ec2-authorized# commit

As soon as the connection is established, the exported KPIs are visible in the Amazon CloudWatch console. Under Metrics, select the configured region:

../../../_images/kpi-cloudwatch-choose-metrics.png

Dashboards can also be made with the exported metrics in the Amazon CloudWatch console:

../../../_images/kpi-cloudwatch-dashboard.png

Apache Kafka

Apache Kafka is a distributed streaming platform that allows to monitor metrics. The instance of Telegraf that sends the metrics to Apache Kafka is called the producer. From the Apache Kafka server, a consumer can read the sent metrics.

After collecting the metrics on the Virtual Service Router, to configure the export of the KPIs to Apache Kafka, configure the broker at the IP address and port (usually the port 9092) where the Kafka server is running:

vsr> edit running
vsr running config# vrf main kpi telegraf kafka-output broker <kafka-server-ip>:9092

The connection to Apache Kafka has been tested with the following Docker image: confluentinc/cp-kafka:7.3.5.

An example of Docker configuration of an Apache Kafka server can be done with a docker-compose file on an external machine as followed:

version: '3.8'
services:
   zookeeper:
      image: confluentinc/cp-zookeeper:7.3.5
      container_name: zookeeper
      environment:
         ZOOKEEPER_CLIENT_PORT: 2181
         ZOOKEEPER_TICK_TIME: 2000
      ports:
         - 2181:2181
      networks:
         - kafka-network

   kafka:
      image: confluentinc/cp-kafka:7.3.5
      container_name: kafka
      ports:
         - 9092:9092
      volumes:
         - /root/kafka/config/server.properties:/etc/kafka/server.properties
         - /root/kafka/config/consumer.properties:/etc/kafka/consumer.properties
      environment:
         KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://<vsr-server-ip>:9092
         KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
         KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
         KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
         KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      depends_on:
         - zookeeper
      networks:
         - kafka-network

networks:
   kafka-network:
      driver: bridge

Change the vrf-server-ip by the reachable IP address of the Virtual Service Router where the monitoring is configured. Save this file in a folder /root/kafka with the name kafka.yaml on the external machine.

Note

The Apache Kafka server depends on Apache Zookeeper which is responsible for coordinating the distributed brokers within the cluster.

The Docker file also comes with two configuration files:

1. server.properties: used to configure settings for Kafka brokers. Here is a tested example of this file content:

############################# Server Basics #################################

broker.id=0

############################# Socket Server Settings ########################

num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600

############################# Log Basics ####################################

log.dirs=/tmp/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1

############################# Internal Topic Settings  ######################

offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1

############################# Log Retention Policy ##########################

log.retention.hours=168
log.retention.check.interval.ms=300000

############################# Zookeeper #####################################

zookeeper.connect=localhost:2181
zookeeper.connection.timeout.ms=18000

############################# Group Coordinator Settings ####################

group.initial.rebalance.delay.ms=0

Save this file at the path /root/kafka/config/server.properties to make it work with the Docker compose file on the external machine.

2. consumer.properties: used to configure settings for Kafka consumers. The consumer reads the data sent to Apache Kafka. Here is a tested example of this file content:

# list of brokers used for bootstrapping knowledge about the rest of the cluster
# format: host1:port1,host2:port2 ...
bootstrap.servers=localhost:9092

# consumer group id
group.id=test-consumer-group

Save this file at the path /root/kafka/config/consumer.properties to make it work with the Docker compose file on the external machine.

To run the server in the background, run the following command:

$ docker compose -f /root/kafka/kafka.yaml up -d

To test that the metrics are properly sent to the server, run a consumer of the Kafka broker that is going to read up to 1600 messages at once (rough estimation of the number of metrics sent with each batch):

$ docker exec -it kafka kafka-console-consumer \
   --topic telegraf \
   --bootstrap-server localhost:9092 \
   --from-beginning \
   --max-messages 1600 \
   --consumer.config /etc/kafka/consumer.properties

{"fields":{"licensed-feature-enabled":1},"name":"product-license","tags":{"host":"dut-vm","name":"product"},"timestamp":1712958247}

{"fields":{"licensed-feature-counter-allowed":100,"licensed-feature-counter-description":"Throughput in Gb.","licensed-feature-counter-used":0},"name":"product-license","tags":{"host":"dut-vm","licensed-feature":"product","name":"throughput"},"timestamp":1712958247}

{"fields":{"licensed-feature-enabled":1},"name":"product-license","tags":{"host":"dut-vm","name":"bng-ipoe"},"timestamp":1712958247}

{"fields":{"licensed-feature-counter-allowed":100000,"licensed-feature-counter-description":"BNG sessions. IPoE and PPPoE sessions are shared.","licensed-feature-counter-used":0},"name":"product-license","tags":{"host":"dut-vm","licensed-feature":"bng-ipoe","name":"sessions"},"timestamp":1712958247}

{"fields":{"licensed-feature-enabled":1},"name":"product-license","tags":{"host":"dut-vm","name":"bng-pppoe"},"timestamp":1712958247}

{"fields":{"licensed-feature-counter-allowed":100000,"licensed-feature-counter-description":"BNG sessions. IPoE and PPPoE sessions are shared.","licensed-feature-counter-used":0},"name":"product-license","tags":{"host":"dut-vm","licensed-feature":"bng-pppoe","name":"sessions"},"timestamp":1712958247}

...

Note

For a production environment, a TLS/SSL to Apache Kafka is configurable via the nc-cli.

Elasticsearch

Elasticsearch is a scalable, distributed search and analytics engine designed for ingesting, indexing, and analyzing large volumes of monitoring and metrics data in real-time.

To configure the export of the KPIs to Elasticsearch, provide the URL with the IP address and port (usually the port 9200) where the Elasticsearch server is running:

vsr> edit running
vsr running config# vrf main kpi telegraf elasticsearch-output url http://<elasticsearch-server-ip>:9200

The connection to Elasticsearch has been tested with the following Docker image: elasticsearch/elasticsearch:7.14.0.

An example of Docker configuration of an Apache Kafka server can be done with a docker-compose file on an external machine as followed:

version: '3'
services:
   elasticsearch:
      image: docker.elastic.co/elasticsearch/elasticsearch:7.14.0
      container_name: elasticsearch
      environment:
         - node.name=elasticsearch
         - cluster.name=es-docker-cluster
         - discovery.type=single-node
      ports:
         # Expose port 9200 for HTTP REST API (External access)
         - "9200:9200"
         # Port 9300 is used for node-to-node communication within an
         # Elasticsearch cluster is not required for single-node setup but it
         # can be for troubleshooting, maintenance and testing
         # - "9300:9300"

Save this file in a folder /root/elasticsearch with the name elasticsearch.yaml.

To run the server in the background, run the following command:

$ docker compose -f /root/elasticsearch/elasticsearch.yaml up -d

After the server is launched with the above command, it is accessible on the port 9200. It can be queried with the cURL command and the Elasticsearch REST API.

First of all, find the name of the index where the metrics have been stored on the Elasticsearch server.

$ curl -XGET 'http://localhost:9200/_cat/indices?v'
health status index               uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   .geoip_databases    BI_txwnTRPi0EI0vfZC1wQ   1   0         35            0     32.4mb         32.4mb
yellow open   telegraf-2024.04.23 NiQqzZCqT1-RLxPrAaPMNw   1   1       9493            0      1.7mb          1.7mb

The index at stake is called telegraf-2024.04.23. Let’s list the metrics stored at this index:

$ curl -XGET 'http://localhost:9200/telegraf-2024.04.23/_search?pretty'
{
   "took" : 284,
   "timed_out" : false,
   "_shards" : {
      "total" : 1,
      "successful" : 1,
      "skipped" : 0,
      "failed" : 0
   },
   "hits" : {
      "total" : {
         "value" : 10000,
         "relation" : "gte"
      },
      "max_score" : 1.0,
      "hits" : [
         {
            "_index" : "telegraf-2024.04.23",
            "_type" : "_doc",
            "_id" : "numuC48BXU3WjTnEIhEj",
            "_score" : 1.0,
            "_source" : {
               "@timestamp" : "2024-04-23T17:57:25.207511552+02:00",
               "fp-vlan-stats" : {
                  "vlan-dropped-in-operative" : 0,
                  "vlan-dropped-input-unknown-interface" : 0,
                  "vlan-dropped-invalid-tag" : 0,
                  "vlan-dropped-out-operative" : 0,
                  "vlan-dropped-prepend-failure" : 0,
                  "vlan-output-unknown-interface" : 0,
                  "vlan-unknown-tag" : 0
               },
               "measurement_name" : "fp-vlan-stats",
               "tag" : {
                  "host" : "dut-vm"
               }
            }
         },
         ...
      ]
   }
}

Values for a particular service (here fp-vlan-stats) can be retrieved as followed:

$ curl -XGET 'http://localhost:9200/telegraf-2024.04.23/_search?pretty' \
-H 'Content-Type: application/json' -d '{
   "query": {
      "match": {
         "measurement_name": "fp-vlan-stats"
      }
   },
   "_source": ["@timestamp", "fp-vlan-stats.*"]
}'
{
   "took" : 296,
   "timed_out" : false,
   "_shards" : {
      "total" : 1,
      "successful" : 1,
      "skipped" : 0,
      "failed" : 0
   },
   "hits" : {
      "total" : {
         "value" : 1427,
         "relation" : "eq"
      },
      "max_score" : 11.12297,
      "hits" : [
         {
         "_index" : "telegraf-2024.04.23",
         "_type" : "_doc",
         "_id" : "numuC48BXU3WjTnEIhEj",
         "_score" : 11.12297,
         "_source" : {
            "@timestamp" : "2024-04-23T17:57:25.207511552+02:00",
            "fp-vlan-stats" : {
               "vlan-dropped-invalid-tag" : 0,
               "vlan-dropped-prepend-failure" : 0,
               "vlan-output-unknown-interface" : 0,
               "vlan-unknown-tag" : 0,
               "vlan-dropped-in-operative" : 0,
               "vlan-dropped-input-unknown-interface" : 0,
               "vlan-dropped-out-operative" : 0
            }
         }
      },
      {
         "_index" : "telegraf-2024.04.23",
         "_type" : "_doc",
         "_id" : "numuC48BXU3WjTnEIhEj",
         "_score" : 11.12297,
         "_source" : {
            "@timestamp" : "2024-04-23T17:57:25.207511552+02:00",
            "fp-vlan-stats" : {
               "vlan-dropped-invalid-tag" : 0,
               "vlan-dropped-prepend-failure" : 0,
               "vlan-output-unknown-interface" : 0,
               "vlan-unknown-tag" : 0,
               "vlan-dropped-in-operative" : 0,
               "vlan-dropped-input-unknown-interface" : 0,
               "vlan-dropped-out-operative" : 0
            }
         }
      },
      ...
   ]
}

Note

For a production environment, a TLS/SSL to Apache Kafka is configurable via the nc-cli.

Graphite

Graphite is an open-source tool for monitoring and graphing time-series data. It is designed to collect, store, and visualize numeric data over time.

To configure the export of the KPIs to Graphite, provide the server URL with the IP address and port (usually the port 2003) where the Graphite server is running:

vsr> edit running
vsr running config# vrf main kpi telegraf graphite-output server <graphite-server-ip>:2003
vsr running config# commit

Note

Graphite does not support string values metrics such as product-version.

The connection to Graphite has been tested with the following Docker image: graphiteapp/graphite-statsd:1.1.10-5.

An example of Docker configuration of a Graphite server can be done with a docker-compose file on an external machine as followed:

version: '3'
services:
   graphite:
      image: graphiteapp/graphite-statsd:1.1.10-5
      container_name: graphite
      ports:
         # Graphite-Web served locally on port 8080
         - "8080:80"
         # Carbon receiver
         - "2003:2003"
      volumes:
         # To setup MAX_CREATES_PER_MINUTE to inf for getting data quick
         - /root/graphite/carbon.conf:/opt/graphite/conf/carbon.conf
      restart: always

Save this file in a folder /root/graphite with the name graphite.yaml. The port 2003 will establish the connection to Telegraf via the internal Carbon to handle the metrics in Graphite server.

The Docker file also comes with the configuration file:

[cache]
ENABLE_LOGROTATION = True
MAX_CACHE_SIZE = inf
MAX_UPDATES_PER_SECOND = 500
MAX_CREATES_PER_MINUTE = inf
MIN_TIMESTAMP_RESOLUTION = 1
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2003
ENABLE_UDP_LISTENER = False
UDP_RECEIVER_INTERFACE = 0.0.0.0
UDP_RECEIVER_PORT = 2003
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2004
MAX_RECEIVER_CONNECTIONS = inf
USE_INSECURE_UNPICKLER = False
CACHE_QUERY_INTERFACE = 0.0.0.0
CACHE_QUERY_PORT = 7002
USE_FLOW_CONTROL = True
LOG_UPDATES = True
LOG_CREATES = True
LOG_CACHE_HITS = True
LOG_CACHE_QUEUE_SORTS = True
CACHE_WRITE_STRATEGY = sorted
WHISPER_AUTOFLUSH = False
WHISPER_FALLOCATE_CREATE = False
CARBON_METRIC_INTERVAL = 10
ENABLE_AMQP = False
AMQP_VERBOSE = False
AMQP_HOST = localhost
AMQP_PORT = 5672
AMQP_VHOST = /
AMQP_USER = guest
AMQP_PASSWORD = guest
AMQP_EXCHANGE = graphite
AMQP_METRIC_NAME_IN_BODY = False
GRAPHITE_URL = http://127.0.0.1:8080
ENABLE_TAGS = True
LOG_LISTENER_CONN_SUCCESS = True

[relay]
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2013
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2014
RELAY_METHOD = rules
REPLICATION_FACTOR = 1
DESTINATIONS = 127.0.0.1:2004
MAX_QUEUE_SIZE = 10000
MAX_DATAPOINTS_PER_MESSAGE = 500
QUEUE_LOW_WATERMARK_PCT = 0.8
TIME_TO_DEFER_SENDING = 0.0001
USE_FLOW_CONTROL = True
CARBON_METRIC_INTERVAL = 10
LOG_LISTENER_CONN_SUCCESS = False
USE_RATIO_RESET=False
MIN_RESET_STAT_FLOW=1000
MIN_RESET_RATIO=0.9
MIN_RESET_INTERVAL=121

[aggregator]
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2023
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2024
FORWARD_ALL = True
DESTINATIONS = 127.0.0.1:2004
REPLICATION_FACTOR = 1
MAX_QUEUE_SIZE = 10000
USE_FLOW_CONTROL = True
MAX_DATAPOINTS_PER_MESSAGE = 500
MAX_AGGREGATION_INTERVALS = 5
CARBON_METRIC_INTERVAL = 10
LOG_LISTENER_CONN_SUCCESS = True
LOG_AGGREGATOR_MISSES = True

Save this file at the path /root/graphite/carbon.conf to make it work with the Docker compose file on the external machine.

To run the server in the background, run the following command:

$ docker compose -f /root/graphite/graphite.yaml up -d

To test that the metrics are properly sent to the server, open the port 8080 on the monitoring sever in a browser. It will open the Graphite-Web interface on which metrics can be visualized.

../../../_images/kpi-graphite.png

Alternatively, list the sent metrics using the Graphite API:

$ curl http://127.0.0.1:8080/metrics/index.json
[
   "carbon.agents.a5f10e4c5850-a.activeConnections",
   "carbon.agents.a5f10e4c5850-a.avgUpdateTime",
   "carbon.agents.a5f10e4c5850-a.blacklistMatches",
   ...,
   "dut-vm.cpu0.system-cpu-times.guest",
   "dut-vm.cpu0.system-cpu-times.guest-nice",
   "dut-vm.cpu0.system-cpu-times.idle",
   "dut-vm.cpu0.system-cpu-times.iowait",
   "dut-vm.cpu0.system-cpu-times.irq",
   "dut-vm.cpu0.system-cpu-times.nice",
   ...
]

Note

The TLS connection to Graphite via Telegraf is not supported.

InfluxDB

InfluxDB is a time-series database designed to handle high write and query loads. It is 6WIND monitoring tool of choice to export Virtual Service Router KPIs. It can be integrated with an analytics frontend, such as Grafana

To configure the export of the KPIs to InfluxDB, provide the URL with the IP address and port (usually the port 8086) where the InfluxDB server is running and a Telegraf database where the KPIs will be collected:

vsr> edit running
vsr running config# vrf main kpi telegraf influxdb-output url http://<influxdb-server-ip>:8086 database test

Note

To connect Telegraf to a secured InfluxDB instance (https URL) that is using a self-signed certificate, insecure-skip-verify must be enabled.

The connection to Influx has been tested with the following Docker image. An end-to-end InfluxDB/Grafana setup is available on 6WIND’s github with pre-made dashboards that are easily customable. Here is an example of one of these dashboards:

../../../_images/kpi-influxdb-grafana.png

InfluxDB V2

InfluxDB V2 is the latest major version of the InfluxData time-series database platform, which is designed for handling high volumes of time-stamped data.

To configure the export of the KPIs to InfluxDB V2, provide:

  • the url with the IP address and port (usually the port 8086) where the InfluxDBv2 is running

  • the bucket where to write the metrics into

  • the organization that owns the bucket

Here is an example:

vsr> edit running
vsr running config# / vrf main kpi telegraf influxdbv2-output url http://<influxdb-v2-server-ip>:8086
vsr running config# / vrf main kpi telegraf influxdbv2-output organization 6wind
vsr running config# / vrf main kpi telegraf influxdbv2-output bucket telegraf
vsr running config# commit

Note

To connect Telegraf to a secured InfluxDB instance (https URL) that is using a self-signed certificate, insecure-skip-verify must be enabled.

Prometheus

Prometheus is an open-source monitoring and alerting toolkit designed for collecting, storing, querying, and alerting on time-series data. It is specifically tailored for monitoring dynamic, cloud-native environments and microservices architectures.

Contrary to the other monitoring services, Prometheus is a client that is going to request Telegraf for new metrics. To configure the export of the KPIs to Prometheus, provide the IP address and port (usually the port 9126) where the Prometheus client (the Virtual Service Router instance) is located:

vsr> edit running
vsr running config# vrf main kpi telegraf prometheus-client-output address <vsr-server-ip> port 9126

Note

Prometheus does not support string values metrics such as product-version.

The connection to Prometheus has been tested with the following Docker image: prom/prometheus:v2.47.1.

An example of Docker configuration of a Prometheus server can be done with a docker-compose file on an external machine as followed:

version: "3"
services:
prometheus:
   image: prom/prometheus:v2.47.1
   container_name: prometheus
   command:
      - "--config.file=/etc/prometheus/config.yaml"
   volumes:
      # Make a read only volume of the Prometheus config file
      - /root/prometheus/config.yaml:/etc/prometheus/config.yaml:ro
   ports:
      # Expose Prometheus web interface on port 8080
      - "8080:9090"
   restart: always

Save this file in a folder /root/prometheus with the name prometheus.yaml.

The Docker file also comes with a YAML configuration file for the Prometheus client:

global:
scrape_interval: 10s

scrape_configs:
- job_name: 'telegraf'
   static_configs:
      - targets: ['<vsr-server-ip>:9126']

Replace the <vsr_server_ip> with the actual IP address of the Virtual Service Router on which Telegraf is configured and save his file at the path /root/prometheus/config.yaml to make it work with the Docker compose file on the external machine.

To run the Prometheus client instance in the background, run the following command:

$ docker compose -f /root/prometheus/prometheus.yaml up -d

To test that the metrics are properly sent to the server, open the port 8080 on the monitoring sever in a browser. It will open the Prometheus Web UI on which metrics can be visualized.

../../../_images/kpi-prometheus.png

Alternatively you can list the metrics using the Prometheus API <https://prometheus.io/docs/prometheus/latest/querying/api/>:

$ curl http://127.0.0.1:9090/api/v1/label/__name__/values
{
   "status":"success",
   "data":[
      "alarm_summary_cleared",
      "alarm_summary_not_cleared",
      "alarm_summary_total",
      "fp_cpu_usage_busy",
      "fp_filling_bridge_fdb_current",
      "fp_filling_bridge_fdb_max",
      "fp_filling_bridge_interfaces_current",
      "fp_filling_bridge_interfaces_max",
      "fp_filling_bridge_ports_current",
      "fp_filling_bridge_ports_max",
      "fp_filling_cg_nat_cur_block_translation_ips",
      "fp_filling_cg_nat_cur_blocks",
      "fp_filling_cg_nat_cur_nat",
      "fp_filling_cg_nat_cur_pools",
      "fp_filling_cg_nat_cur_port_translation_ips",
      ...
   ],
}

Note

For a production environment, a TLS/SSL to Prometheus is configurable via the nc-cli.

Migration from the legacy kpi system

Here is an example of migration from the legacy KPI system. Given the following configuration that enables the default KPIs, and monitors vlan0 and vlan1 in vrf main, and mgmt0 in vrf mgmt:

vsr running config# / system kpi
vsr running config# / vrf main kpi interface vlan0
vsr running config# / vrf main kpi interface vlan1
vsr running config# / vrf mgmt kpi interface mgmt0
vsr running config# / vrf main kpi telegraf influxdb-output url http://1.1.1.1:8086 database test

The following commands should be issued:

vsr running config# del / system kpi
vsr running config# del / vrf main kpi interface vlan0
vsr running config# del / vrf main kpi interface vlan1
vsr running config# del / vrf mgmt kpi
vsr running config# / vrf main kpi telegraf metrics monitored-interface name vlan0 vrf main
vsr running config# / vrf main kpi telegraf metrics monitored-interface name vlan1 vrf main
vsr running config# / vrf main kpi telegraf metrics monitored-interface name mgmt0 vrf mgmt
vsr running config# / vrf main kpi telegraf influxdb-output url http://1.1.1.1:8086 database test
vsr running config/# commit

After the migration, there can be conflicts happening in the InfluxDB database. A warning similar to this log will be displayed in the Virtual Service Router logs:

(...) telegraf[2440]: (...) [outputs.influxdb] Failed to write metric (will be dropped: 400 Bad Request):
partial write: field type conflict: input field "XXX" on measurement "YYY" is type float, already exists
as type string dropped=1

To fix those conflicts, the measurement triggering the problem must be dropped on the InfluxDB server. One way of doing it is to run this command on a machine that has access to the InfluxDB server:

# curl -XPOST "http://<influxdb-server-ip>:8086/query?db=<database>" --data-urlencode "q=drop measurement \"YYY\""

Collected metrics

All the available metrics can be found in this section.

alarm-summary

The number of alarms on the system per criticity.

Measure

Type

Description

severity

severity

Alarm summary for this severity level.

total

gauge32

Total number of alarms of this severity level.

not-cleared

gauge32

Total number of alarms of this severity level that are not cleared.

cleared

gauge32

For this severity level, the number of alarms that are cleared.

fp-bridge-stats

The fast path bridge statistics.

Measure

Type

Description

l2-forwarded-frames

uint64

Number of packets forwarded at layer 2 (bridging processing) (L2ForwFrames).

bridge-dropped-forwarding-invalid

uint64

Number of output packets dropped in bridge due to forbidden forwarding (forwarding disable or originating port) (BridgeDroppedFwdInvalid).

bridge-dropped-input-lookup-error

uint64

Number of input packets dropped in bridge due to a lookup error (BridgeDroppedInputLookupError).

bridge-dropped-invalid-output-port

uint64

Number of output packets dropped in bridge because output port index is invalid (BridgeDroppedInvalidOutPort).

bridge-dropped-invalid-source

uint64

Number of input packets dropped in bridge due to invalid mac source (BridgeDroppedInvalidSrc).

bridge-dropped-invalid-state

uint64

Number of input packets dropped in bridge due to invalid state (not learning or forwarding) of the bridge (BridgeDroppedInvalidState).

bridge-dropped-learning

uint64

Number of output packets dropped in bridge while it is in learning state (BridgeDroppedLearning).

bridge-dropped-mtu-exceeded

uint64

Number of output packets dropped in bridge due to MTU greater than the authorized one (BridgeDroppedMtuExceeded).

bridge-dropped-no-output-port

uint64

Number of output packets dropped in bridge due to no valid output (BridgeDroppedNoOutputPort).

bridge-dropped-output-lookup-error

uint64

Number of output packets dropped in bridge due to a lookup error (BridgeDroppedOutputLookupError).

bridge-dropped-out-operative

uint64

Number of output packets dropped in bridge because the outgoing interface is down (BridgeDroppedOutOperative).

bridge-dropped-output-unknown

uint64

Number of output packets dropped in bridge due to an unknown output (BridgeDroppedOutputUnknown).

bridge-dropped-pause-frame

uint64

Number of input packets dropped in bridge because it is a pause frame (BridgeDroppedPauseFrame).

bridge-dropped-unknown-interface

uint64

Number of input packets dropped in bridge due to an invalid interface (BridgeDroppedUnknownIface).

bridge-fdb-synchronization-error

uint64

Number of packets dropped in bridge due to fdb synchronization error (BridgeFdbSyncError).

fp-cg-nat-stats

The fast path CG-NAT statistics.

Measure

Type

Description

hairpinned-packets

uint64

Number of packets forwarded between two hosts under the same NAT device. The two hosts communicate with each other using their external IP address.

loop-hairpin-dropped-packets

uint64

Number of hairpinned packets dropped due to the detection of a routing loop.

self-hairpin-dropped-packets

uint64

Number of hairpinned packets dropped due to a host attempting to send packets to its own NATed address.

nat-allocations

uint64

Number of NAT allocations.

nat-destructions

uint64

Number of NAT destructions.

nat-allocation-failures

uint64

Number of NAT allocation failures.

nat-association-races

uint64

Number of NAT association races. This race occurs when a CPU attempts to associate a NAT object with a conntrack object that has already been associated by another CPU in the meantime.

nat-port-allocation-failures

uint64

Number of NAT port allocation failures.

nat-port-overloading-allocations

uint64

Number of NAT port overloaded allocations.

nat-port-overloading-destructions

uint64

Number of NAT port overloaded destructions.

nat64-udp-null-checksum-dropped-packets

uint64

Number of dropped IPv4 UDP packets with null checksums. While in IPv6, null checksums are not allowed for UDP. When nating from IPv4 to IPv6, if the UDP checksum is NULL, it cannot be modified. In this case, the packet is dropped. It is possible to compute a full checksum by setting an option for NAT64.

block-allocations

uint64

Number of block allocations.

block-destructions

uint64

Number of block destructions.

block-allocation-failures

uint64

Number of block allocation failures. It happens when there are no blocks available in the pool.

user-allocations

uint64

Number of user allocations.

user-destructions

uint64

Number of user destructions.

user-allocation-failures

uint64

Number of user allocation failures.

user-duplicate-races

uint64

Number of attempts to create a duplicate user. This race occurs when a CPU attempts to create a new user that has already been created by another CPU in the meantime.

user-association-races

uint64

Number of user association races. This race occurs when a CPU attempts to associate a NAT object with a user object, indicating that the user object has already been released by another CPU.

user-too-many-conntracks

uint64

Number of times a user attempts to create more conntracks than the maximum allowed (i.e. max-conntracks-per-user in the cgnat rule).

user-no-public-ip-errors

uint64

Number of user allocation failures due the depletion of all available public IPs.

user-full-public-ip-errors

uint64

Number of block allocation failures due to the unavailability of port blocks in the user’s public IP.

log-events-enqueued-to-logging-thread

uint64

Number of enqueued logs to logging threads.

log-events-enqueued-failures

uint64

Number of enqueued log failures.

log-build-failures

uint64

Number of log generation failures.

log-transmit-to-local-server

uint64

Number of logs successfully transmitted to the local server.

log-transmit-errors-to-local-server

uint64

Number of logs failed to transmit to the local server.

log-transmit-to-remote-server

uint64

Number of logs successfully transmitted to the remote servers.

log-transmit-errors-to-remote-server

uint64

Number of logs failed to transmit to the remote servers.

fp-conntrack-stats

The fast path conntrack statistics.

Measure

Type

Description

allocations

uint64

Number of conntrack allocations.

reverse-connections

uint64

Number of conntracks tracking a reverse connection.

destructions

uint64

Number of conntrack destructions.

allocation-failures

uint64

Number of conntrack allocation failures.

duplicate-races

uint64

Number of attempts to create a duplicate conntrack. This race occurs when a CPU attempts to create a new conntrack that has already been created by another CPU in the meantime.

tcp-non-syn-first-packet-drops

uint64

Number of TCP conntracks failed due to a non-SYN first packet.

tcp-invalid-sequence-order-rst-packet-drops

uint64

Number of dropped out-of-order TCP RST packets (See RFC 5961).

tcp-invalid-state-transition-packet-drops

uint64

Number of TCP packets dropped due to invalid transitions in the TCP state machine based on the packet’s TCP flags.

tcp-out-of-upper-bound-window-packet-drops

uint64

Number of dropped out-of window TCP packets (upper boundary).

tcp-out-of-lower-bound-window-packet-drops

uint64

Number of dropped out-of window TCP packets (lower boundary).

tcp-out-of-window-ack-packet-drops

uint64

Number of TCP ACK packets dropped for acknowledging unsent packets.

malformed-ip-header-packet-drops

uint64

Number of packets dropped due to a malformed IP header.

fp-cp-protect-stats

The control plane protection module statistics per network interface.

Measure

Type

Description

rx-control-plane-kept

uint64

When the Rx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as CP packets, which are kept and processed by the stack.

rx-control-plane-overrun

uint64

When CPU consumption used by Control Plane Protection exceeds a threshold, this system is disabled. This statistic is incremented for each Rx packet not analyzed by Control Plane Protection due to CPU overload.

rx-control-plane-passthrough

uint64

When Control Plane Protection is enabled, this statistic is incremented for each packet received when machine is not overloaded. These packets are processed normally.

rx-data-plane-drop

uint64

When the Rx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as DP packets, which are dropped.

tx-control-plane-kept

uint64

When the Tx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as CP packets, which are sent on the wire.

tx-control-plane-overrun

uint64

When CPU consumption used by Control Plane Protection exceeds a threshold, this system is disabled. This statistic is incremented for each Tx packet not analyzed by Control Plane Protection due to CPU overload.

tx-control-plane-passthrough

uint64

When Control Plane Protection is enabled, this statistic is incremented for each packet transmitted on a link that is not overloaded. These packets are sent normally.

tx-data-plane-drop

uint64

When the Tx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as DP packets, which are dropped.

fp-cpu-usage

The list of busy percentage per fast path CPU.

Measure

Type

Description

cpu

string

The CPU number.

busy

uint16

The busy percentage.

fp-ddos-stats

The fast path DDoS protection statistics.

Measure

Type

Description

pool-shortage-error

uint64

Number of IP addresses not handled by the DDoS protection due to entry pool shortage.

tcp-header-error

uint64

Number of packets dropped due to invalid TCP header.

udp-header-error

uint64

Number of packets dropped due to invalid UDP header.

icmp-header-error

uint64

Number of packets dropped due to invalid ICMP header.

whitelist-hit

uint64

Number of packets forwarded because IP address is present in whitelist.

global-icmp-echo-dropped-packets

uint64

Number of packets dropped after global ICMP echo threshold reached.

global-icmp-echo-dropped-bytes

uint64

Number of bytes dropped after global ICMP echo threshold reached.

global-tcp-syn-dropped-packets

uint64

Number of packets dropped after global TCP syn echo threshold reached.

global-tcp-syn-dropped-bytes

uint64

Number of bytes dropped after global TCP syn threshold reached.

global-tcp-syn-ack-dropped-packets

uint64

Number of packets dropped after global TCP syn-ack threshold reached.

global-tcp-syn-ack-dropped-bytes

uint64

Number of bytes dropped after global TCP syn-ack threshold reached.

global-tcp-ack-dropped-packets

uint64

Number of packets dropped after global TCP ack threshold reached.

global-tcp-ack-dropped-bytes

uint64

Number of bytes dropped after global TCP ack threshold reached.

global-tcp-rst-dropped-packets

uint64

Number of packets dropped after global TCP rst threshold reached.

global-tcp-rst-dropped-bytes

uint64

Number of bytes dropped after global TCP rst threshold reached.

global-udp-dns-dropped-packets

uint64

Number of packets dropped after global UDP DNS threshold reached.

global-udp-dns-dropped-bytes

uint64

Number of bytes dropped after global UDP DNS threshold reached.

global-udp-quic-dropped-packets

uint64

Number of packets dropped after global UDP QUIC threshold reached.

global-udp-quic-dropped-bytes

uint64

Number of bytes dropped after global UDP QUIC threshold reached.

global-udp-raw-dropped-packets

uint64

Number of packets dropped after global UDP raw threshold reached.

global-udp-raw-dropped-bytes

uint64

Number of bytes dropped after global UDP raw threshold reached.

source-icmp-echo-dropped-packets

uint64

Number of packets dropped after source ICMP echo threshold reached.

source-icmp-echo-dropped-bytes

uint64

Number of bytes dropped after source ICMP echo threshold reached.

source-tcp-syn-dropped-packets

uint64

Number of packets dropped after source TCP syn echo threshold reached.

source-tcp-syn-dropped-bytes

uint64

Number of bytes dropped after source TCP syn threshold reached.

source-tcp-syn-ack-dropped-packets

uint64

Number of packets dropped after source TCP syn-ack threshold reached.

source-tcp-syn-ack-dropped-bytes

uint64

Number of bytes dropped after source TCP syn-ack threshold reached.

source-tcp-ack-dropped-packets

uint64

Number of packets dropped after source TCP ack threshold reached.

source-tcp-ack-dropped-bytes

uint64

Number of bytes dropped after source TCP ack threshold reached.

source-tcp-rst-dropped-packets

uint64

Number of packets dropped after source TCP rst threshold reached.

source-tcp-rst-dropped-bytes

uint64

Number of bytes dropped after source TCP rst threshold reached.

source-udp-dns-dropped-packets

uint64

Number of packets dropped after source UDP DNS threshold reached.

source-udp-dns-dropped-bytes

uint64

Number of bytes dropped after source UDP DNS threshold reached.

source-udp-quic-dropped-packets

uint64

Number of packets dropped after source UDP QUIC threshold reached.

source-udp-quic-dropped-bytes

uint64

Number of bytes dropped after source UDP QUIC threshold reached.

source-udp-raw-dropped-packets

uint64

Number of packets dropped after source UDP raw threshold reached.

source-udp-raw-dropped-bytes

uint64

Number of bytes dropped after source UDP raw threshold reached.

dest-icmp-echo-dropped-packets

uint64

Number of packets dropped after dest ICMP echo threshold reached.

dest-icmp-echo-dropped-bytes

uint64

Number of bytes dropped after dest ICMP echo threshold reached.

dest-tcp-syn-dropped-packets

uint64

Number of packets dropped after dest TCP syn echo threshold reached.

dest-tcp-syn-dropped-bytes

uint64

Number of bytes dropped after dest TCP syn threshold reached.

dest-tcp-syn-ack-dropped-packets

uint64

Number of packets dropped after dest TCP syn-ack threshold reached.

dest-tcp-syn-ack-dropped-bytes

uint64

Number of bytes dropped after dest TCP syn-ack threshold reached.

dest-tcp-ack-dropped-packets

uint64

Number of packets dropped after dest TCP ack threshold reached.

dest-tcp-ack-dropped-bytes

uint64

Number of bytes dropped after dest TCP ack threshold reached.

dest-tcp-rst-dropped-packets

uint64

Number of packets dropped after dest TCP rst threshold reached.

dest-tcp-rst-dropped-bytes

uint64

Number of bytes dropped after dest TCP rst threshold reached.

dest-udp-dns-dropped-packets

uint64

Number of packets dropped after dest UDP DNS threshold reached.

dest-udp-dns-dropped-bytes

uint64

Number of bytes dropped after dest UDP DNS threshold reached.

dest-udp-quic-dropped-packets

uint64

Number of packets dropped after dest UDP QUIC threshold reached.

dest-udp-quic-dropped-bytes

uint64

Number of bytes dropped after dest UDP QUIC threshold reached.

dest-udp-raw-dropped-packets

uint64

Number of packets dropped after dest UDP raw threshold reached.

dest-udp-raw-dropped-bytes

uint64

Number of bytes dropped after dest UDP raw threshold reached.

fp-exceptions-stats

The fast path exceptions statistics.

Measure

Type

Description

exception-by-module-fast-path-exception-bonding

uint64

Number of packets send in exception in bonding (fp_exception_bonding).

exception-by-module-fast-path-exception-bridge

uint64

Number of packets send in exception in bridge (fp_exception_bridge).

exception-by-module-fast-path-exception-ebtables

uint64

Number of packets send in exception in layer 2 filtering (fp_exception_ebtables).

exception-by-module-fast-path-exception-ethernet

uint64

Number of packets send in exception in generic layer 2 (fp_exception_ether).

exception-by-module-fast-path-exception-filtering

uint64

Number of packets send in exception in IPv4 filtering (fp_exception_netfilter).

exception-by-module-fast-path-exception-filtering-ipv6

uint64

Number of packets send in exception in IPv6 filtering (fp_exception_netfilter6).

exception-by-module-fast-path-exception-gre

uint64

Number of packets send in exception in GRE (fp_exception_gre).

exception-by-module-fast-path-exception-ifnet

uint64

Number of packets send in exception by a virtual interface (fp_exception_ifnet).

exception-by-module-fast-path-exception-ip

uint64

Number of packets send in exception in generic IPv4 (fp_exception_ip).

exception-by-module-fast-path-exception-ipsec

uint64

Number of packets send in exception in IPv4 IPsec (fp_exception_ipsec).

exception-by-module-fast-path-exception-ipsec-ipv6

uint64

Number of packets send in exception in IPv6 IPsec (fp_exception_ipsec6).

exception-by-module-fast-path-exception-ipv6

uint64

Number of packets send in exception in generic IPv6 (fp_exception_ipv6).

exception-by-module-fast-path-exception-macvlan

uint64

Number of packets send in exception in MACVLAN (fp_exception_macvlan).

exception-by-module-fast-path-exception-mpls

uint64

Number of packets send in exception in MPLS (fp_exception_mpls).

exception-by-module-fast-path-exception-npf

uint64

Number of packets send in exception in NPF (fp_exception_npf).

exception-by-module-fast-path-exception-reassembly

uint64

Number of packets send in exception in IPv4 reassembly (fp_exception_reass).

exception-by-module-fast-path-exception-sflow

uint64

Number of packets sent in exception in sflow (fp_exception_sflow).

exception-by-module-fast-path-exception-syslog

uint64

Number of packets send in exception for logging (for system without syslog) (fp_exception_syslog).

exception-by-module-fast-path-exception-tap

uint64

Number of packets send in exception in eBPF (Enhanced Berkeley Packet Filtering), typically when there is a tcpdump or sflow (fp_exception_tap).

exception-by-module-fast-path-exception-tunnel

uint64

Number of packets send in exception in IPinIP tunnel (fp_exception_tunnel).

exception-by-module-fast-path-exception-unknown-ifnet

uint64

Number of packets sent in exception due to unknown ifnet (fp_exception_unknown_ifnet).

exception-by-module-fast-path-exception-vethernet

uint64

Number of packets sent in exception in vEthernet (fp_exception_veth).

exception-by-module-fast-path-exception-vlan

uint64

Number of packets sent in exception in VLAN (fp_exception_vlan).

exception-by-module-fast-path-exception-vxlan

uint64

Number of packets send in exception in VXLAN (fp_exception_vxlan).

exception-dropped-fp-to-linux-add-mark-failure

uint64

Number of exception packets to Linux dropped due to a tag addition failure (ExcpDroppedFpToLinuxAddMarkFailure).

exception-dropped-fp-to-linux-fptun-failure

uint64

Number of ExcpDroppedFpToLinuxFptunFailure exceptions (ExcpDroppedFpToLinuxFptunFailure).

exception-dropped-fp-to-linux-no-ipv4-route-local

uint64

Number of exception packets to Linux dropped due to a failure to find the IPv4 route (ExcpDroppedFpToLinuxNoIPv4RouteLocal).

exception-dropped-fp-to-linux-no-ipv6-route-local

uint64

Number of exception packets to Linux dropped due to a failure to find the IPv6 route (ExcpDroppedFpToLinuxNoIPv6RouteLocal).

exception-dropped-fp-to-linux-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxPrependFailure exceptions (ExcpDroppedFpToLinuxPrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-ecmp-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxEcmpPrependFailure exceptions (ExcpDroppedFpToLinuxEcmpPrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-ecmp6-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxEcmp6PrependFailure exceptions (ExcpDroppedFpToLinuxEcmp6PrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-eth-fptun-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxEthFptunPrependFailure exceptions (ExcpDroppedFpToLinuxEthFptunPrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-eth-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxEthPrependFailure exceptions (ExcpDroppedFpToLinuxEthPrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-ipsec-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxIPsecPrependFailure exceptions (ExcpDroppedFpToLinuxIPsecPrependFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-restore-failure

uint64

Number of ExcpDroppedFpToLinuxRestoreFailure exceptions (ExcpDroppedFpToLinuxRestoreFailure).

exception-dropped-fp-to-linux-prepend-failure-detailed-exception-dropped-fp-to-linux-tuple-prepend-failure

uint64

Number of ExcpDroppedFpToLinuxTuplePrependFailure exceptions (ExcpDroppedFpToLinuxTuplePrependFailure).

exception-dropped-invalid-mtag

uint64

Number of ExcpDroppedInvalidMtag exceptions (ExcpDroppedInvalidMtag).

exception-dropped-linux-to-fp-generic-command-failure

uint64

Number of packets from Linux dropped due to a FPTUN internal error (ExcpDroppedLinuxToFpGenericCommandFailure).

exception-dropped-linux-to-fp-invalid-port-id

uint64

Number of packets from Linux dropped due to a reception of a FPTUN message on an unexpected port (ExcpDroppedLinuxToFpInvalidPortId).

exception-dropped-linux-to-fp-invalid-version

uint64

Number of packets from Linux dropped due to an invalid FPTUN version (ExcpDroppedLinuxToFpInvalidVersion).

exception-dropped-linux-to-fp-ipv4-pullup-failure

uint64

Number of packets from Linux dropped due to a failure when getting the IPv4 header of the FPTUN message (ExcpDroppedLinuxToFpIPv4PullupFailure).

exception-dropped-linux-to-fp-ipv6-pullup-failure

uint64

Number of packets from Linux dropped due to a failure when getting the IPv6 header of the FPTUN message (ExcpDroppedLinuxToFpIPv6PullupFailure).

exception-dropped-linux-to-fp-msg-too-short

uint64

Number of packets from Linux dropped due to an incomplete FPTUN message (ExcpDroppedLinuxToFpMsgTooShort).

exception-dropped-linux-to-fp-no-output-function

uint64

Number of packets from Linux dropped because no TX function has been registered (ExcpDroppedLinuxToFpNoOutputFunction).

exception-dropped-linux-to-fp-other-host

uint64

Number of packets from Linux dropped due to a reception of a FPTUN message marked as PACKET_OTHERHOST (ExcpDroppedLinuxToFpOtherHost).

exception-dropped-linux-to-fp-out-operative

uint64

Number of packets from Linux dropped because the destination interface is down (ExcpDroppedLinuxToFpOutOperative).

exception-dropped-linux-to-fp-tproxy-failure

uint64

Number of ExcpDroppedLinuxToFpTproxyFailure exceptions (ExcpDroppedLinuxToFpTproxyFailure).

exception-dropped-linux-to-fp-unknown-command

uint64

Number of packets from Linux dropped due to an invalid FPTUN command (ExcpDroppedLinuxToFpUnknownCommand).

exception-dropped-linux-to-fp-unknown-interface-uid

uint64

Number of packets from Linux dropped due to an invalid interface id for FPTUN (ExcpDroppedLinuxToFpUnknownIfUid).

exception-dropped-no-conntrack

uint64

Number of ExcpDroppedNoConntrack exceptions (ExcpDroppedNoConntrack).

local-basic-exceptions

uint64

The number of local basic exceptions (LocalBasicExceptions).

local-exception-class-fptun-exception-ether-dst

uint64

The number of FPTUN_EXC_ETHER_DST exceptions (FPTUN_EXC_ETHER_DST).

local-exception-class-fptun-exception-icmp-needed

uint64

The number of FPTUN_EXC_ICMP_NEEDED exceptions (FPTUN_EXC_ICMP_NEEDED).

local-exception-class-fptun-exception-ike-needed

uint64

The number of FPTUN_EXC_IKE_NEEDED exceptions (FPTUN_EXC_IKE_NEEDED).

local-exception-class-fptun-exception-ip-dst

uint64

The number of FPTUN_EXC_IP_DST exceptions (FPTUN_EXC_IP_DST).

local-exception-class-fptun-exception-ndisc-needed

uint64

The number of FPTUN_EXC_NDISC_NEEDED exceptions (FPTUN_EXC_NDISC_NEEDED).

local-exception-class-fptun-exception-nf-func

uint64

The number of FPTUN_EXC_NF_FUNC exceptions (FPTUN_EXC_NF_FUNC).

local-exception-class-fptun-exception-sp-func

uint64

The number of FPTUN_EXC_SP_FUNC exceptions (FPTUN_EXC_SP_FUNC).

local-exception-class-fptun-exception-tap

uint64

The number of FPTUN_EXC_TAP exceptions (FPTUN_EXC_TAP).

local-exception-class-fptun-exception-undef

uint64

The number of FPTUN_EXC_UNDEF exceptions (FPTUN_EXC_UNDEF).

local-exception-type-fptun-basic-exception

uint64

Number of basic exception packets for Linux reception processing (FPTUN_BASIC_EXCEPT).

local-exception-type-fptun-eth-input-exception

uint64

Number of FPTUN exception packets for Linux ethernet input processing (FPTUN_ETH_INPUT_EXCEPT).

local-exception-type-fptun-eth-sp-output-req

uint64

Number of FPTUN exception packets from Linux for fast path ethernet processing (FPTUN_ETH_SP_OUTPUT_REQ).

local-exception-type-fptun-iface-input-exception

uint64

Number of FPTUN exception packets for Linux VNB iface processing (FPTUN_IFACE_INPUT_EXCEPT).

local-exception-type-fptun-ipsec-sp-output-req

uint64

Number of FPTUN exception packets from Linux for fast path IPsec processing (FPTUN_IPSEC_SP_OUTPUT_REQ).

local-exception-type-fptun-ipv4-ipsecdone-input-exception

uint64

Number of FPTUN exception packets for Linux IPv4 input after IPsec processing (FPTUN_IPV4_IPSECDONE_INPUT_EXCEPT).

local-exception-type-fptun-ipv4-ipsecdone-output-exception

uint64

Number of FPTUN exception packets for Linux IPv4 output after IPsec processing (FPTUN_IPV4_IPSECDONE_OUTPUT_EXCEPT).

local-exception-type-fptun-ipv4-natdone-input-exception

uint64

Number of FPTUN exception packets for Linux IPv4 input after NAT processing (FPTUN_IPV4_NATDONE_INPUT_EXCEPT).

local-exception-type-fptun-ipv4-output-exception

uint64

Number of FPTUN exception packets for Linux IPv4 output (FPTUN_IPV4_OUTPUT_EXCEPT).

local-exception-type-fptun-ipv4-sp-output-req

uint64

Number of FPTUN exception packets from Linux for fast path IPv4 processing (FPTUN_IPV4_SP_OUTPUT_REQ).

local-exception-type-fptun-ipv6-ipsecdone-input-exception

uint64

Number of FPTUN exception packets for Linux IPv6 input after IPsec processing (FPTUN_IPV6_IPSECDONE_INPUT_EXCEPT).

local-exception-type-fptun-ipv6-ipsecdone-output-exception

uint64

Number of FPTUN exception packets for Linux IPv6 output after IPsec processing (FPTUN_IPV6_IPSECDONE_OUTPUT_EXCEPT).

local-exception-type-fptun-ipv6-output-exception

uint64

Number of FPTUN exception packets for Linux IPv6 output (FPTUN_IPV6_OUTPUT_EXCEPT).

local-exception-type-fptun-ipv6-sp-output-req

uint64

Number of FPTUN exception packets from Linux for fast path IPv6 processing (FPTUN_IPV6_SP_OUTPUT_REQ).

local-exception-type-fptun-output-exception

uint64

Number of FPTUN exception packets for Linux interface output processing (FPTUN_OUTPUT_EXCEPT).

local-exception-type-fptun-tap

uint64

Number of FPTUN exception packets for Linux TAP (tcpdump) (FPTUN_TAP).

local-fptun-exceptions

uint64

The number of local fptun exceptions (LocalFPTunExceptions).

fp-filling

The fast path filling.

Measure

Type

Description

interfaces-current

uint32

Current number of interfaces. It includes physical ports and virtual interfaces like gre, vlan, …

vrf-current

uint32

Current number of VRFs.

neighbors-current

uint32

Current number of IPv4 and IPv6 neighbors.

ip4-cur-addr

uint32

Current number of IPv4 addresses.

routes-ipv4-current

uint32

Current number of IPv4 routes.

ip4-cur-neigh

uint32

Current number of IPv4 neighbors.

ip6-cur-addr

uint32

Current number of IPv6 addresses.

routes-ipv6-current

uint32

Current number of IPv6 routes.

ip6-cur-neigh

uint32

Current number of IPv6 neighbors.

pbr-rules-current

uint32

Current number of PBR rules.

filter-ipv4-rules-current

uint32

Current number of IPv4 Netfilter rules.

filter-ipv6-rules-current

uint32

Current number of IPv6 Netfilter rules.

conntracks-ipv4-current

uint32

Current number of IPv4 Netfilter conntracks.

conntracks-ipv6-current

uint32

Current number of IPv6 Netfilter conntracks.

ipsets-current

uint32

Current number of ipsets per VRF.

vxlan-port-current

uint32

Current number of (VXLAN destination port, VRF) pairs.

vxlan-interfaces-current

uint32

Current number of VXLAN interfaces.

vxlan-fdb-current

uint32

Current number of VXLAN forwarding database entries.

ipsec-sp-current

uint32

Current number of IPv4 and IPv6 IPsec SPs.

ipsec-sa-current

uint32

Current number of IPv4 and IPv6 IPsec SAs.

ip-cur-lpm-table

uint32

Current number of IPv4 and IPv6 tables.

ip-cur-lpm-memory

uint32

Current amount of memory reserved for IPv4 and IPv6 LPM tree.

vlan-interfaces-current

uint32

Current number of VLAN interfaces.

vlan-lower-cur-if

uint32

Current number of interfaces supporting one or more vlan(s).

macvlan-interfaces-current

uint32

Current number of MACVLAN (VRRP) interfaces.

gre-interfaces-current

uint32

Current number of GRE interfaces.

svti-interfaces-current

uint32

Current number of SVTI interfaces.

pppoe-sessions-current

uint32

Current number of PPPoE interfaces.

ipoe-sessions-current

uint32

Current number of IPoE sessions.

mpls-cur-route

uint32

Current number of pure MPLS routes.

mpls-cur-lwt

uint32

Current number of MPLS lightweight tunnels. One is needed for each IP route doing MPLS encapsulation.

qos-sched-current

uint32

Current number of interfaces with QoS enabled.

qos-filter-current

uint32

Current number of QoS filter rules.

qos-class-current

uint32

Current number of QoS classes.

qos-cur-policies

uint32

Current number of QoS policies.

qos-cur-selectors

uint32

Current number of QoS selectors.

bridge-interfaces-current

uint32

Current number of bridge interfaces.

bridge-ports-current

uint32

Current number of bridge slave ports.

bridge-fdb-current

uint32

Current number of bridge forwarding database entries.

fp-conntracks-current

uint32

Current number of fast-path firewall conntracks.

gtp-interfaces-current

uint32

Current number of GTP interfaces.

gtp-pdp-current

uint32

Current number of GTP tunnels.

gtp-qos-flow-current

uint32

Current number of GTP QoS flows.

gtp-qos-policy-current

uint32

Current number of GTP QoS policies.

tc-cur-policers

uint32

Current number of tc policers.

interfaces-max

uint32

Maximum number of interfaces. It includes physical ports and virtual interfaces like gre, vlan, …

vrf-max

uint32

Maximum number of VRFs.

neighbors-max

uint32

Maximum number of IP neighbors.

ip4-max-addr

uint32

Maximum number of IPv4 addresses.

routes-ipv4-max

uint32

Maximum number of IPv4 routes.

ip4-max-neigh

uint32

Maximum number of IPv4 neighbors.

ip6-max-addr

uint32

Maximum number of IPv6 addresses.

routes-ipv6-max

uint32

Maximum number of IPv6 routes.

ip6-max-neigh

uint32

Maximum number of IPv6 neighbors.

pbr-rules-max

uint32

Maximum number of PBR rules.

filter-ipv4-rules-max

uint32

Maximum number of IPv4 Netfilter rules.

filter-ipv6-rules-max

uint32

Maximum number of IPv6 Netfilter rules.

conntracks-ipv4-max

uint32

Maximum number of IPv4 Netfilter conntracks.

conntracks-ipv6-max

uint32

Maximum number of IPv6 Netfilter conntracks.

filter-max-ipset

uint32

Maximum number of ipsets per VRF.

ipsets-max

uint32

Maximum number of entries per ipset.

filterbridge-rules-max

uint32

Maximum number of bridge filter rules.

vxlan-port-max

uint32

Maximum number of (VXLAN destination port, VRF) pairs.

vxlan-interfaces-max

uint32

Maximum number of VXLAN interfaces.

vxlan-fdb-max

uint32

Maximum number of VXLAN forwarding database entries.

reass4-max-queue

uint32

Maximum number of simultaneous reassembly procedures for IPv4.

reass6-max-queue

uint32

Maximum number of simultaneous reassembly procedures for IPv6.

ipsec-sp-max

uint32

Maximum number of IPv4 and IPv6 IPsec SPs.

ipsec-sp-hash-slots

uint32

Number of slots in the IPsec SP hash table. The actual number of slots is rounded to the next power of two.

ipsec-sa-max

uint32

Maximum number of IPv4 and IPv6 IPsec SAs.

ipsec-sa-hash-slots

uint32

Number of slots in the IPsec SA hash table. The actual number of slots is rounded to the next power of two.

ip-max-lpm-table

uint32

Maximum number of IPv4 and IPv6 tables.

ip-max-lpm-memory

uint32

Amount of memory reserved for IPv4 and IPv6 LPM tree.

filter-max-cache

uint32

Maximum number of IPv4 flows stored in filter cache.

filter6-max-cache

uint32

Maximum number of IPv6 flows stored in filter cache.

vlan-interfaces-max

uint32

Maximum number of VLAN interfaces.

vlan-lower-max-if

uint32

Maximum number of interfaces supporting one or more vlan(s).

macvlan-interfaces-max

uint32

Maximum number of MACVLAN (VRRP) interfaces.

gre-interfaces-max

uint32

Maximum number of GRE interfaces.

svti-interfaces-max

uint32

Maximum number of SVTI interfaces.

pppoe-sessions-max

uint32

Maximum number of PPPoE channels.

ipoe-sessions-max

uint32

Maximum number of IPoE sessions.

mpls-max-label

uint8

Maximum number of MPLS labels in a route.

mpls-max-route

uint32

Maximum number of pure MPLS routes.

mpls-max-lwt

uint32

Maximum number of MPLS lightweight tunnels. One is needed for each IP route doing MPLS encapsulation.

qos-sched-max

uint32

Maximum number of interfaces with QoS enabled.

qos-filter-max

uint32

Maximum number of QoS filter rules.

qos-class-max

uint32

Maximum number of QoS classes.

qos-max-policies

uint32

Maximum number of QoS policies.

qos-max-selectors

uint32

Maximum number of QoS selectors.

bridge-interfaces-max

uint32

Maximum number of bridge interfaces.

bridge-ports-max

uint32

Maximum number of bridge slave ports.

bridge-fdb-max

uint32

Maximum number of bridge forwarding database entries.

fp-conntracks-max

uint32

Maximum number of fast-path firewall conntracks.

gtp-interfaces-max

uint32

Maximum number of GTP interfaces.

gtp-pdp-max

uint32

Maximum number of GTP tunnels the data plane can handle.

gtp-qos-flow-max

uint32

Maximum number of QoS policies that can be allocated globally.

gtp-qos-policy-max

uint32

Maximum number of GTP QoS policies that can be allocated globally.

tc-max-policers

uint32

Maximum number of tc policers.

cg-nat-max-conntracks

uint32

Maximum number of tracked connections.

cg-nat-max-nat-entries

uint32

Maximum number of NAT translations.

cgnat-nats-max

uint32

Maximum number of NAT translations.

cgnat-users-max

uint32

Maximum number of users.

cgnat-blocks-max

uint32

Maximum number of blocks.

cg-nat-min-block-size

uint32

Minimun number of ports per block.

cg-nat-max-block-size

uint32

Maximum number of ports per block.

cg-nat-max-pools

uint32

Maximum number of pools.

cg-nat-max-rules

uint32

Maximum number of rules.

cg-nat-max-block-translation-ips

uint32

Maximum number of IPs translation for block allocation mode.

cg-nat-max-port-translation-ips

uint32

Maximum number of IPs translation for port allocation mode.

cg-nat-max-port-overloading-factor

enumeration

Maximum port factor multiplier supported.

cgnat-nats-current

uint32

Current number of NAT translations.

cgnat-users-current

uint32

Current number of users.

cgnat-blocks-current

uint32

Current number of blocks.

cg-nat-cur-pools

uint32

Current number of pools.

cg-nat-cur-rules

uint32

Current number of rules.

cg-nat-cur-block-translation-ips

uint32

Current number IPs translation for block allocation mode.

cg-nat-cur-port-translation-ips

uint32

Current number IPs translation for port allocation mode.

ddos-entries-current

uint32

Current number of DDoS monitored IP addresses.

ddos-entries-max

uint32

Maximum number of DDoS monitored IP addresses.

fp-firewall-max-rules

uint32

Current number of rules.

fp-firewall-max-network-groups

uint32

Maximun number of network groups.

fp-firewall-max-networks

uint32

Maximun number of networks.

fp-firewall-cur-rules

uint32

Current number of rules.

fp-firewall-cur-network-groups

uint32

Current number of network groups.

fp-firewall-cur-networks

uint32

Current number of networks.

ipfix-ipfix-cur-flows

uint32

Current number of IPFIX flows that can be collected between two collector polls.

ipfix-ipfix-max-flows

uint32

Maximum amount of IPFIX flows that can be collected between two collector polls.

ipfix-ipfix-cur-probes

uint32

Current number of IPFIX probes that are connected.

ipfix-ipfix-max-probes

uint32

Maximum amount of IPFIX probes that could simultaneously be connected.

fp-firewall-stats

The fast path firewall statistics.

Measure

Type

Description

rule-accepted-packets

uint64

Number of packets accepted by matching a rule.

conntrack-accepted-packets

uint64

Number of packets accepted by matching a conntrack.

default-dropped-packets

uint64

Number of packets dropped for not matching any rules.

rule-dropped-packets

uint64

Number of packets dropped by a rule.

set-mark-actions

uint64

Number of set mark actions.

set-mss-actions

uint64

Number of set MSS actions.

set-dscp-actions

uint64

Number of set DSCP actions.

save-dscp-actions

uint64

Number of save DSCP actions.

restore-dscp-actions

uint64

Number of restore DSCP actions.

fp-global-stats

The fast path global drop statistics.

Measure

Type

Description

fast-path-dropped

uint64

Number of packets dropped by fast path (fp_dropped).

fast-path-dropped-neighbor

uint64

Number of packets dropped by fast path in ARP/NDP (fp_dropped_neigh).

fast-path-dropped-bonding

uint64

Number of packets dropped by fast path in bonding (fp_dropped_bonding).

fast-path-dropped-bridge

uint64

Number of packets dropped by fast path in bridge (fp_dropped_bridge).

fast-path-dropped-ebtables

uint64

Number of packets dropped by fast path in layer 2 filtering (fp_dropped_ebtables).

fast-path-dropped-ethernet

uint64

Number of packets dropped by fast path at the generic ethernet layer (fp_dropped_ether).

fast-path-dropped-exception

uint64

Number of packets dropped by fast path in exception path (fp_dropped_excp).

fast-path-dropped-exception-loop

uint64

Number of packets dropped by fast path due to exception loop (fp_dropped_excloop).

fast-path-dropped-filtering

uint64

Number of packets dropped by fast path in IPv4 filtering (fp_dropped_netfilter).

fast-path-dropped-filtering-ipv6

uint64

Number of packets dropped by fast path in IPv6 filtering (fp_dropped_netfilter6).

fast-path-dropped-gre

uint64

Number of packets dropped by fast path in GRE (fp_dropped_gre).

fast-path-dropped-ip

uint64

Number of packets dropped by fast path in generic IPv4 (fp_dropped_ip).

fast-path-dropped-ipsec

uint64

Number of packets dropped by fast path in IPv4 IPsec (fp_dropped_ipsec).

fast-path-dropped-ipsec-ipv6

uint64

Number of packets dropped by fast path in IPv6 IPsec (fp_dropped_ipsec6).

fast-path-dropped-ipv6

uint64

Number of packets dropped by fast path in generic IPv6 (fp_dropped_ipv6).

fast-path-dropped-macvlan

uint64

Number of packets dropped by fast path in MACVLAN (fp_dropped_macvlan).

fast-path-dropped-mpls

uint64

Number of packets dropped by fast path in MultiProtocol Label Switching (fp_dropped_mpls).

fast-path-dropped-multicast

uint64

Number of packets dropped by fast path in IPv4 multicast (fp_dropped_mcast).

fast-path-dropped-multicast-ipv6

uint64

Number of packets dropped by fast path in IPv6 multicast (fp_dropped_mcast6).

fast-path-dropped-npf

uint64

Number of packets dropped by fast path in Network Address Translation and Carrier-grade NAT (fp_dropped_npf).

fast-path-dropped-ovs

uint64

Number of packets dropped by fast path in Open vSwitch (fp_dropped_ovs).

fast-path-dropped-plugins

uint64

Number of packets dropped by fast path in plugin (fp_dropped_plugins).

fast-path-dropped-qos

uint64

Number of packets dropped by fast path in QoS (fp_dropped_qos).

fast-path-dropped-reassembly

uint64

Number of packets dropped by fast path in IPv4 reassembly (fp_dropped_reasm).

fast-path-dropped-reassembly-ipv6

uint64

Number of packets dropped by fast path in IPv6 reassembly (fp_dropped_reasm6).

fast-path-dropped-system

uint64

Number of packets dropped by fast path in internal processing (fp_dropped_system).

fast-path-dropped-tc

uint64

Number of packets dropped by fast path in generic traffic conditioning (fp_dropped_tc).

fast-path-dropped-tc-erl

uint64

Number of packets dropped by fast path in traffic conditioning by exception rate limitation (fp_dropped_tc_erl).

fast-path-dropped-tunnel

uint64

Number of packets dropped by fast path in IPinIP tunnel (fp_dropped_tunnel).

fast-path-dropped-vethernet

uint64

Number of packets dropped by fast path in vEthernet (fp_dropped_veth).

fast-path-dropped-vlan

uint64

Number of packets dropped by fast path in VLAN (fp_dropped_vlan).

fast-path-dropped-vxlan

uint64

Number of packets dropped by fast path in VXLAN (fp_dropped_vxlan).

fast-path-missing-ipsec-license

uint64

Number of packets dropped in fast path due to missing ipsec license (fp_missing_ipsec_license).

fast-path-missing-product-license

uint64

Number of packets dropped in fast path due to missing product license (fp_missing_product_license).

fp-gre-stats

The fast path GRE statistics.

Measure

Type

Description

gre-dropped-init-gre-ipv4-header-failure

uint64

Number of output packets dropped in GRE due to a failure to add the GRE header (GREDroppedInitGreIPv4HeaderFailure).

gre-dropped-init-gre-ipv6-header-failure

uint64

Number of output packets dropped in GRE6 due to a failure to add the GRE header (GREDroppedInitGreIPv6HeaderFailure).

gre-dropped-init-ipv4-header-failure

uint64

Number of output packets dropped in GRE due to a failure to add the IPv4 header (GREDroppedInitIPv4HeaderFailure).

gre-dropped-init-ipv6-header-failure

uint64

Number of output packets dropped in GRE due to a failure to add the IPv4 header (GREDroppedInitIPv6HeaderFailure).

gre-dropped-in-operative

uint64

Number of input packets dropped in GRE because the ingoing interface is down (GREDroppedInOperative).

gre-dropped-missing-checksum

uint64

Number of input packets dropped in GRE due to a missing checksum (GREDroppedMissingChecksum).

gre-dropped-out-mtu-exceeded

uint64

Number of output packets dropped in GRE due to packet size exceeding MTU (GREDroppedOutMtuExceeded).

gre-dropped-out-operative

uint64

Number of output packets dropped in GRE because the outgoing interface is down (GREDroppedOutOperative).

gre-dropped-parse-ipv4-header-failure

uint64

Number of input packets dropped in GRE due to failure to parse IPv4 header (GREDroppedParseIPv4HeaderFailure).

gre-dropped-parse-ipv6-header-failure

uint64

Number of input packets dropped in GRE due to failure to parse IPv6 header (GREDroppedParseIPv6HeaderFailure).

gre-dropped-pullup-ipv4-header-failure

uint64

Number of input packets dropped in IPv4 GRE due to pullup failure on gre header (GREDroppedPullupIPv4HeaderFailure).

gre-dropped-pullup-ipv6-header-failure

uint64

Number of input packets dropped in IPv6 GRE due to pullup failure on gre header (GREDroppedPullupIPv6HeaderFailure).

gre-dropped-unexpected-checksum

uint64

Number of input packets dropped in GRE due to an unexpected checksum (GREDroppedUnexpectedChecksum).

gre-dropped-wrong-checksum

uint64

Number of input packets dropped in GRE due to an incorrect checksum (GREDroppedWrongChecksum).

gre-exception-input-unsupported-protocol

uint64

Number of input packets sent to exception by GRE due to unsupported GRE protocol (GREExceptionInputUnsupportedProtocol).

gre-exception-ipv4-route

uint64

Number of output packets sent to exception by GRE due to specific route (for IPv4 packet) (GREExceptionIPv4Route).

gre-exception-ipv4-source-select-failed

uint64

Number of output packets sent to exception by GRE due to no src address can be set (for IPv4 packet) (GREExceptionIPv4SourceSelectFailed).

gre-exception-ipv6-route

uint64

Number of output packets sent to exception by GRE due to specific route (for IPv6 packet) (GREExceptionIPv6Route).

gre-exception-output-unsupported-protocol

uint64

Number of output packets sent to exception by GRE due to unsupported GRE protocol (GREExceptionOutputUnsupportedProtocol).

gre-exception-unknown-iface

uint64

Number of output packets sent to exception by GRE due to an invalid GRE interface id (GREExceptionUnknownIface).

gre-exception-unsupported-ethernet-type

uint64

Number of output packets sent to exception by GRE due to unsupported ethernet type (GREExceptionUnsupportedEtherType).

gre-invalid-header

uint64

Number of input packets not managed by GRE due to routing flags set (see rfc 1701) or version number different to 0. The packet can be dropped or sent to exception later in other fast path processing part (GREInvalidHeader).

gre-protocol-not-supported

uint64

Number of input packets not supported by GRE (GREProtocolNotSupported).

gretap-dropped-out-operative

uint64

Number of output packets dropped in GRETAP because the outgoing interface is down (GRETAPDroppedOutOperative).

gretap-exception-unknown-iface

uint64

Number of output packets sent to exception by GRETAP due to an invalid GRE interface id (GRETAPExceptionUnknownIface).

fp-gro-stats

The GRO module statistics per network interface.

Measure

Type

Description

current-contexts

uint64

The current number of GRO contexts in processing.

flushed-contexts

uint64

The number of GRO contexts flushed before timeout.

timeout-contexts

uint64

The number of GRO contexts flushed by timeout.

done

uint64

The number of packets merged by GRO module.

in

uint64

The number of packets entering GRO module.

out

uint64

The number of packets exiting GRO module.

per-reassembly-mean

uint64

The mean of packets per GRO reassembly.

fp-ip-stats

The fast path IP statistics.

Measure

Type

Description

ip-forwarded-datagrams

uint64

Number of IP packets forwarded (IpForwDatagrams).

ip-in-delivered

uint64

Number of IP packets delivered to user-protocols (IpInDelivers).

ip-in-received

uint64

Number of IP packets received (IpInReceives).

ip-in-truncated-packets

uint64

Number of IP packets discarded due to a truncate IP header (IpInTruncatedPkts).

ip-in-address-errors

uint64

Number of IP packets discarded due to invalid IP address (IpInAddrErrors).

ip-in-header-errors

uint64

Number of IP packets discarded due to errors in header (IpInHdrErrors).

ip-fragment-created

uint64

Number of IP fragment packets created on fragmentation processing (IpFragCreates).

ip-fragment-ok

uint64

Number of IP fragment packets sent successfully (IpFragOKs).

ip-fragment-failures

uint64

Number of IP packets discarded due to failures during fragmentation processing (IpFragFails).

ip-reassembly-ok

uint64

Number of IP packets successfully reassembled (IpReasmOKs).

ip-reassembly-required

uint64

Number of IP fragments packets submitted to reassembly processing (IpReasmReqds).

ip-reassembly-exceptions

uint64

Number of IP fragment packets sent in exception path (IpReasmExceptions).

ip-reassembly-failures

uint64

Number of IP packets discarded due to failures during reassembly processing (IpReasmFails).

ip-reassembly-dropped-duplicate

uint64

Number of IP packets dropped during reassembly considered as duplicate (IpReasmDroppedDuplicate).

ip-reassembly-dropped-session-complete

uint64

Number of IP packets dropped during reassembly because the session is complete (IpReasmDroppedSessionComplete).

ip-reassembly-dropped-session-full

uint64

Number of IP packets dropped during reassembly because the session is already full (IpReasmDroppedSessionAlreadyFull).

ip-reassembly-error-header-encapsulation

uint64

Number of IP packets discarded during reassembly due to header encapsulation error (IpReasmErrorHeaderEncap).

ip-reassembly-error-ip-option-unsupported

uint64

Number of IP packets discarded during reassembly due to unsupported IP option (IpReasmErrorIPOptionUnsupported).

ip-reassembly-error-last-already-received

uint64

Number of IP packets discarded during reassembly due to receive twice the last fragment (IpReasmErrorLastAlreadyReceived).

ip-reassembly-error-offset-too-large

uint64

Number of IP packets discarded during reassembly with offset due to an offset too big (IpReasmErrorOffsetTooLarge).

ip-reassembly-error-overlap-next

uint64

Number of IP packets discarded during reassembly due to receive overlapping fragment with next one (IpReasmErrorOverlapNext).

ip-reassembly-error-overlap-previous

uint64

Number of IP packets discarded during reassembly due to receive overlapping fragment with previous one (IpReasmErrorOverlapPrevious).

ip-reassembly-error-packet-too-short

uint64

Number of IP packets discarded during reassembly due to reception of a too short fragment (IpReasmErrorPacketTooShort).

ip-reassembly-error-queue-allocation

uint64

Number of IP packets discarded during reassembly due to reassembly queue allocation failure (IpReasmErrorQueueAlloc).

ip-reassembly-error-queue-full

uint64

Number of IP packets discarded during reassembly due to reassembly queue full (too many fragments have been received) (IpReasmErrorQueueFull).

ip-reassembly-error-size-exceed

uint64

Number of IP packets discarded during reassembly due to total received bytes greater than the maximal authorized value (65535) (IpReasmErrorSizeExceed).

ip-reassembly-error-size-overflow

uint64

Number of IP packets discarded during reassembly due to total received bytes greater than the expected value (IpReasmErrorSizeOverflow).

ip-reassembly-error-too-many-segments

uint64

Number of IP packets discarded during reassembly due to too many segments in IP packets (IpReasmErrorTooManySegments).

ip-reassembly-timeout

uint64

Number of IP packets discarded due to timeout in reassembly processing (IpReasmTimeout).

ip-checksum-errors

uint64

Number of IP packets discarded due to an invalid checksum (IpCsumErrors).

ip-dropped-blackhole

uint64

Number of IP packets discarded due to matching blackhole route (IpDroppedBlackhole).

ip-dropped-filtering

uint64

Number of IP packets discarded by filtering processing (IpDroppedNetfilter).

ip-dropped-forwarding

uint64

Number of IP packets discarded due to forwarding being disabled (IpDroppedForwarding).

ip-dropped-invalid-interface

uint64

Number of IP packets discarded due to invalid outgoing interface (IpDroppedInvalidInterface).

ip-dropped-ipsec

uint64

Number of IP packets discarded by IPsec processing (IpDroppedIPsec).

ip-dropped-mtu-exceeded

uint64

Number of IP packets discarded due to exceeding MTU (IpDroppedMtuExceeded).

ip-dropped-no-arp

uint64

Number of IP packets discarded due to missing ARP resolution (IpDroppedNoArp).

ip-dropped-no-memory

uint64

Number of IP packets discarded due to memory allocation errors (IpDroppedNoMemory).

ip-dropped-out-operative

uint64

Number of IP packets discarded because the outgoing interface is down (IPDroppedOutOperative).

ip-dropped-route-exception

uint64

Number of IP packets sent to exception due to specific route (IpDroppedRouteException).

ip-nhrp-packet

uint64

Number of IP NHRP packets (IpNhrpPacket).

ip-nhrp-error-send

uint64

Number of discarded sent IP NHRP packets (IpNhrpErrorSend).

fp-ip6-stats

The fast path IPv6 statistics.

Measure

Type

Description

ip6-forwarded-datagrams

uint64

Number of IPv6 packets forwarded (IpForwDatagrams).

ip6-in-delivered

uint64

Number of IPv6 packets delivered to user-protocols (IpInDelivers).

ip6-in-received

uint64

Number of IPv6 packets received (IpInReceives).

ip6-in-truncated-packets

uint64

Number of IPv6 packets discarded due to a truncate IP header (IpInTruncatedPkts).

ip6-in-address-errors

uint64

Number of IPv6 packets discarded due to invalid IPv6 address (IpInAddrErrors).

ip6-in-header-errors

uint64

Number of IPv6 packets discarded due to errors in header (IpInHdrErrors).

ip6-fragment-created

uint64

Number of IPv6 fragment packets created on fragmentation processing (IpFragCreates).

ip6-fragment-ok

uint64

Number of IPv6 fragment packets sent successfully (IpFragOKs).

ip6-fragment-failures

uint64

Number of IPv6 packets discarded due to failures during fragmentation processing (IpFragFails).

ip6-fragment-reassembly-exceptions

uint64

Number of IP fragment packets sent in exception path.

ip6-reassembly-ok

uint64

Number of IPv6 packets successfully reassembled (IpReasmOKs).

ip6-reassembly-required

uint64

Number of IPv6 fragments packets submitted to reassembly processing (IpReasmReqds).

ip6-reassembly-exceptions

uint64

Number of IPv6 fragment packets sent in exception path (IpReasmExceptions).

ip6-reassembly-failures

uint64

Number of IPv6 packets discarded due to failures during reassembly processing (IpReasmFails).

ip6-reassembly-dropped-session-complete

uint64

Number of IPv6 packets dropped during reassembly because the session is complete (IpReasmDroppedSessionComplete).

ip6-reassembly-dropped-session-full

uint64

Number of IPv6 packets dropped during reassembly because the session is already full (IpReasmDroppedSessionAlreadyFull).

ip6-reassembly-error-fragment-header

uint64

Number of IPv6 packets discarded during reassembly due to header reading error (IpReasmErrorFragmentHeader).

ip6-reassembly-error-header-encapsulation

uint64

Number of IPv6 packets discarded during reassembly due to header encapsulation error (IpReasmErrorHeaderEncap).

ip6-reassembly-error-ip6-option-too-large

uint64

Number of IPv6 packets discarded during reassembly due to IPv6 option too large (IpReasmErrorIPOptionTooLarge).

ip6-reassembly-error-last-already-received

uint64

Number of IPv6 packets discarded during reassembly due to receive twice the last fragment (IpReasmErrorLastAlreadyReceived).

ip6-reassembly-error-offset-too-large

uint64

Number of IPv6 packets discarded during reassembly with offset due to an offset too big (IpReasmErrorOffsetTooLarge).

ip6-reassembly-error-overlap-next

uint64

Number of IPv6 packets discarded during reassembly due to receive overlapping fragment with next one (IpReasmErrorOverlapNext).

ip6-reassembly-error-overlap-previous

uint64

Number of IPv6 packets discarded during reassembly due to receive overlapping fragment with previous one (IpReasmErrorOverlapPrevious).

ip6-reassembly-error-packet-too-short

uint64

Number of IPv6 packets discarded during reassembly due to reception of a too short fragment (IpReasmErrorPacketTooShort).

ip6-reassembly-error-queue-allocation

uint64

Number of IPv6 packets discarded during reassembly due to reassembly queue allocation failure (IpReasmErrorQueueAlloc).

ip6-reassembly-error-queue-full

uint64

Number of IPv6 packets discarded during reassembly due to reassembly queue full (too many fragments have been received) (IpReasmErrorQueueFull).

ip6-reassembly-error-size-exceed

uint64

Number of IPv6 packets discarded during reassembly due to total received bytes greater than the maximal authorized value (65535) (IpReasmErrorSizeExceed).

ip6-reassembly-error-size-overflow

uint64

Number of IPv6 packets discarded during reassembly due to total received bytes greater than the expected value (IpReasmErrorSizeOverflow).

ip6-reassembly-error-too-many-segments

uint64

Number of IPv6 packets discarded during reassembly due to too many segments in IP packets (IpReasmErrorTooManySegments).

ip6-reassembly-timeout

uint64

Number of IPv6 packets discarded due to timeout in reassembly processing (IpReasmTimeout).

ip6-dropped-blackhole

uint64

Number of IPv6 packets discarded due to matching blackhole route (IpDroppedBlackhole).

ip6-dropped-filtering

uint64

Number of IPv6 packets discarded by filtering processing (IpDroppedNetfilter).

ip6-dropped-forwarding

uint64

Number of IPv6 packets discarded due to forwarding being disabled (IpDroppedForwarding).

ip6-dropped-invalid-interface

uint64

Number of IPv6 packets discarded due to invalid outgoing interface (IpDroppedInvalidInterface).

ip6-dropped-ipsec

uint64

Number of IPv6 packets discarded by IPsec processing (IpDroppedIPsec).

ip6-dropped-mtu-exceeded

uint64

Number of IPv6 packets discarded due to exceeding MTU (IpDroppedMtuExceeded).

ip6-dropped-no-arp

uint64

Number of IPv6 packets discarded due to missing ARP resolution (IpDroppedNoArp).

ip6-dropped-no-memory

uint64

Number of IPv6 packets discarded due to memory allocation errors (IpDroppedNoMemory).

ip6-dropped-out-operative

uint64

Number of IPv6 packets discarded because the outgoing interface is down (IPDroppedOutOperative).

ip6-dropped-route-exception

uint64

Number of IPv6 packets sent to exception due to specific route (IpDroppedRouteException).

ip6-nhrp-packet

uint64

Number of IPv6 NHRP packets (IpNhrpPacket).

ip6-nhrp-error-send

uint64

Number of discarded sent IPv6 NHRP packets (IpNhrpErrorSend).

fp-ipsec-stats

The fast path IPsec statistics.

Measure

Type

Description

ipsec-ipv4-in-sa

uint64

Number of IPv4 packets decrypted with a security association (IpsecInSA).

ipsec-ipv4-out-sa

uint64

Number of IPv4 packets encrypted with a security association (IpsecOutSA).

fp-ipsec6-stats

The fast path IPv6 statistics.

Measure

Type

Description

ipsec-ipv6-in-sa

uint64

Number of IPv6 packets decrypted with a security association (Ipsec6InSA).

ipsec-ipv6-out-sa

uint64

Number of IPv6 packets encrypted with a security association (Ipsec6OutSA).

fp-ports-stats

The list of fast path statistics per port.

Measure

Type

Description

vrf

string

The interface VRF.

name

string

The interface name.

interface-cp-protection-rx-control-plane-kept

uint64

When the Rx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as CP packets, which are kept and processed by the stack.

interface-cp-protection-rx-control-plane-overrun

uint64

When CPU consumption used by Control Plane Protection exceeds a threshold, this system is disabled. This statistic is incremented for each Rx packet not analyzed by Control Plane Protection due to CPU overload.

interface-cp-protection-rx-control-plane-passthrough

uint64

When Control Plane Protection is enabled, this statistic is incremented for each packet received when machine is not overloaded. These packets are processed normally.

interface-cp-protection-rx-data-plane-drop

uint64

When the Rx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as DP packets, which are dropped.

interface-cp-protection-tx-control-plane-kept

uint64

When the Tx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as CP packets, which are sent on the wire.

interface-cp-protection-tx-control-plane-overrun

uint64

When CPU consumption used by Control Plane Protection exceeds a threshold, this system is disabled. This statistic is incremented for each Tx packet not analyzed by Control Plane Protection due to CPU overload.

interface-cp-protection-tx-control-plane-passthrough

uint64

When Control Plane Protection is enabled, this statistic is incremented for each packet transmitted on a link that is not overloaded. These packets are sent normally.

interface-cp-protection-tx-data-plane-drop

uint64

When the Tx ring filling reaches a threshold, packets are inspected by the Control Plane Protection mechanism. This statistic is incremented for packets recognized as DP packets, which are dropped.

interface-gro-current-contexts

uint64

The current number of GRO contexts in processing.

interface-gro-flushed-contexts

uint64

The number of GRO contexts flushed before timeout.

interface-gro-timeout-contexts

uint64

The number of GRO contexts flushed by timeout.

interface-gro-done

uint64

The number of packets merged by GRO module.

interface-gro-in

uint64

The number of packets entering GRO module.

interface-gro-out

uint64

The number of packets exiting GRO module.

interface-gro-per-reassembly-mean

uint64

The mean of packets per GRO reassembly.

*

uint64

The driver vendor specific NIC statistics (rx_*, tx_*, etc).

fp-status

The fast path status.

Measure

Type

Description

value

uint8

The Fast Path status in number. 0 - ok, 1 - loaded, 2 - stopped, 3 - bad.

fp-vlan-stats

The fast path VLAN statistics.

Measure

Type

Description

vlan-dropped-in-operative

uint64

Number of input packets dropped in VLAN because the incoming interface is down (VlanDroppedInOperative).

vlan-dropped-input-unknown-interface

uint64

Number of input packets dropped in VLAN due to unknown interface (VlanDroppedInputUnknownIf).

vlan-dropped-invalid-tag

uint64

Number of input packets dropped in VLAN due to an invalid tag (VlanDroppedInvalidTag).

vlan-dropped-out-operative

uint64

Number of output packets dropped in VLAN because the outgoing interface is down (VlanDroppedOutOperative).

vlan-dropped-prepend-failure

uint64

Number of output packets dropped in VLAN due to a failure to add VLAN tag (VlanDroppedPrependFailure).

vlan-output-unknown-interface

uint64

Number of output packets with unknown interface (VlanOutputUnknownIf).

vlan-unknown-tag

uint64

Number of packets with unknown VLAN tag (VlanUnknownTag).

fp-vxlan-stats

The fast path VXLAN statistics.

Measure

Type

Description

vxlan-dropped-header-too-short

uint64

Number of input packets dropped in VXLAN due to a VXLAN header too short (VxlanDroppedHeaderTooShort).

vxlan-dropped-in-operative

uint64

Number of input packets dropped in VXLAN because the incoming interface is down (VxlanDroppedInOperative).

vxlan-dropped-invalid-ip-family

uint64

Number of output packets dropped in VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIpFamily).

vxlan-dropped-invalid-ipv4-checksum

uint64

Number of input packets dropped in IPv4 VXLAN due to an invalid checksum (VxlanDroppedInvalidIPv4Csum).

vxlan-dropped-invalid-ipv4-header

uint64

Number of input packets dropped in IPv4 VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIPv4Header).

vxlan-dropped-invalid-ipv6-checksum

uint64

Number of input packets dropped in IPv4 VXLAN due to an invalid checksum (VxlanDroppedInvalidIPv6Csum).

vxlan-dropped-invalid-ipv6-header

uint64

Number of input packets dropped in IPv6 VXLAN due to a failure to get the VXLAN header (VxlanDroppedInvalidIPv6Header).

vxlan-dropped-ipv4-mtu-exceeded

uint64

Number of output packets dropped in IPv4 VXLAN due to a MTU exceeded the authorized value (VxlanDroppedIPv4MtuExceeded).

vxlan-dropped-ipv4-no-destination

uint64

Number of output packets dropped in IPv4 VXLAN due to a null destination address (VxlanDroppedIPv4NoDst).

vxlan-dropped-ipv6-mtu-exceeded

uint64

Number of output packets dropped in IPv6 VXLAN due to a MTU exceeded the authorized value (VxlanDroppedIPv6MtuExceeded).

vxlan-dropped-ipv6-no-destination

uint64

Number of output packets dropped in IPv6 VXLAN due to a null destination address (VxlanDroppedIPv6NoDst).

vxlan-dropped-ovs-mtu-exceeded

uint64

Number of output packets dropped in OVS VXLAN due to a MTU exceeded the authorized value (VxlanDroppedOvsMtuExceeded).

vxlan-dropped-ovs-no-destination

uint64

Number of output packets dropped in OVS VXLAN due to a null destination address (VxlanDroppedOvsNoDst).

vxlan-dropped-prepend-ipv4-failure

uint64

Number of output packets dropped in IPv4 VXLAN due to add IP header (VxlanDroppedPrependIPv4Failure).

vxlan-dropped-prepend-ipv6-failure

uint64

Number of output packets dropped in IPv6 VXLAN due to add IP header (VxlanDroppedPrependIPv6Failure).

vxlan-dropped-prepend-ovs-failure

uint64

Number of output packets dropped in OVS VXLAN due to add IP header (VxlanDroppedPrependOvsFailure).

vxlan-dropped-unknown-iface

uint64

Number of input packets dropped in VXLAN due to an invalid interface (VxlanDroppedUnknownIface).

vxlan-dropped-unknown-vni

uint64

Number of input packets dropped in VXLAN due to an invalid VNI (VxlanDroppedUnknownVNI).

vxlan-exception-i-flag-not-set

uint64

Number of input packets sent to exception by VXLAN due a I flags not set (see rfc 7348) (VxlanExceptionIFlagNotSet).

vxlan-exception-ipv4-no-multicast-source

uint64

Number of output packets sent to exception by IPv4 VXLAN due to no valid src address found for a multicast packet (VxlanExceptionIPv4NoMcastSrc).

vxlan-exception-ipv4-route

uint64

Number of output packets sent to exception by IPv4 VXLAN due to specific route (VxlanExceptionIPv4Route).

vxlan-exception-ipv6-no-multicast-source

uint64

Number of output packets sent to exception by IPv6 VXLAN due to no valid src address found for a multicast packet (VxlanExceptionIPv6NoMcastSrc).

vxlan-exception-ipv6-route

uint64

Number of output packets sent to exception by IPv6 VXLAN due to specific route (VxlanExceptionIPv6Route).

vxlan-exception-no-input-fdb

uint64

Number of input packets sent to exception by VXLAN due to no valid fdb found (VxlanExceptionNoInputFdb).

vxlan-exception-no-output-fdb

uint64

Number of output packets sent to exception by VXLAN due to no valid fdb found (VxlanExceptionNoOutputFdb).

vxlan-exception-no-remote

uint64

Number of output packets sent to exception by VXLAN due to no remote found (VxlanExceptionNoRemote).

vxlan-exception-ovs-route

uint64

Number of output packets sent to exception by Ovs VXLAN due to specific route (VxlanExceptionOvsRoute).

vxlan-exception-too-many-flags

uint64

Number of input packets sent to exception by VXLAN due to a presence of an unsupported flag (neither I and G ones, see rfc 7348) (VxlanExceptionTooManyFlags).

vxlan-fdb-forwarding-duplicate-error

uint64

Number of failure to duplicate a packet for fdb forwarding (VxlanFdbForwDuplicateError).

network-nic-eth-stats

The list of eth statistics per network interface.

Measure

Type

Description

vrf

string

The interface VRF.

name

string

The interface name.

*

uint64

The driver vendor specific NIC statistics (rx_*, tx_*, etc).

network-nic-hw-info

The list of network interface hardware information.

Measure

Type

Description

name

string

The interface name.

vrf

string

The interface vrf.

driver

string

The interface driver used.

description

string

The interface description.

model

string

The interface model.

pci-address

string

The interface pci address.

speed

uint64

The interface speed.

network-nic-traffic-stats

The list of traffic statistics per network interface.

Measure

Type

Description

bytes-recv

counter64

The total number of octets received on the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

in-unicast-pkts

counter64

The number of packets, delivered by this sub-layer to a higher (sub-)layer, that were not addressed to a multicast or broadcast address at this sub-layer. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

in-discards

counter64

The number of inbound packets that were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

in-errors

counter64

For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character- oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

bytes-sent

counter64

The total number of octets transmitted out of the interface, including framing characters. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

out-unicast-pkts

counter64

The total number of packets that higher-level protocols requested be transmitted, and that were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

out-discards

counter64

The number of outbound packets that were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

out-errors

counter64

For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ‘last-clear’.

network-twamp-stats

The list of TWAMP client sessions and their statistics.

Measure

Type

Description

starts

date-and-time

The start date of the test session.

clock-sync

boolean

Indicate if the clock between the sender and the reflector seems synchronized. If not, only the round-trip statistics are relevant.

send-hops-average

uint8

Hops average between the sender and the reflector.

reflect-hops-average

uint8

Hops average between the reflector and the sender.

packets-lost-average

uint32

The average of packets responses not received back from reflector before timeout expired.

round-trip-delay-minimum

int64

The minimum observed delay.

round-trip-delay-median

int64

The median value for observed delays.

round-trip-delay-average

int64

The median value for observed delays.

round-trip-delay-maximum

int64

The maximum observed delay.

send-delay-minimum

int64

The minimum observed delay.

send-delay-median

int64

The median value for observed delays.

send-delay-average

int64

The median value for observed delays.

send-delay-maximum

int64

The maximum observed delay.

reflect-delay-minimum

int64

The minimum observed delay.

reflect-delay-median

int64

The median value for observed delays.

reflect-delay-average

int64

The median value for observed delays.

reflect-delay-maximum

int64

The maximum observed delay.

round-trip-jitter-median

int64

The median value for observed jitters.

round-trip-jitter-average

int64

The median value for observed jitters.

send-jitter-median

int64

The median value for observed jitters.

send-jitter-average

int64

The median value for observed jitters.

reflect-jitter-median

int64

The median value for observed jitters.

reflect-jitter-average

int64

The median value for observed jitters.

product-license

The license detailed information.

Measure

Type

Description

enabled

boolean

True if the license daemon is enabled on the system.

valid

boolean

True if the license is valid.

state

string

The license state.

activation-type

string

How the license was activated.

license-type

string

The license type.

short-license-type

enumeration

A shorter version of the license type.

subscription-end-date

string

The subscription or evaluation end date.

support-type

enumeration

The type of support (none, standard or extended).

support-end-date

string

The support end date.

remaining-days-count

int32

The remaining days until support end date.

remaining-days

string

The remaining days until support end date, in string format.

throughput-allowed

decimal64

The allowed throughput.

throughput-used

used-resource

The througput currently in use.

cgnat-conntracks-allowed

uint32

The number of CG-NAT conntracks allowed.

cgnat-conntracks-used

used-resource

The number of CG-NAT conntracks currently in use.

ipsec-tunnels-allowed

uint32

The number of IPsec tunnels allowed.

ipsec-tunnels-used

used-resource

The number of IPsec tunnels currently in use.

licensed-feature-name

string

The name of the feature.

licensed-feature-enabled

boolean

The status of the feature.

licensed-feature-counter-name

string

The name of the counter.

licensed-feature-counter-description

string

The description of the counter.

licensed-feature-counter-allowed

union

The number of objects allowed.

licensed-feature-counter-used

used-resource

The number of objects used.

online-serial

string

The currently used serial number.

online-connected

boolean

True if the cloud license server is reachable.

online-last-healthcheck-date

string

The last contact with license server date.

online-lease-end-date

string

The end of the license lease date.

online-current-activations

uint32

How many devices already hold this license.

online-allowed-activations

uint32

How many devices can hold this license at a time.

online-license-tokens

uint32

How many tokens are authorized by license.

online-computer-id

string

This computer ID.

online-vrf

vrf-name

The VRF to use for connecting to the license server.

online-proxy-host

host

The hostname or address of an HTTP proxy to use for connecting to the online license server.

online-proxy-port

port-number

The TCP port of the HTTP proxy server.

online-proxy-user

string

The username for connecting to the HTTP proxy server.

online-proxy-password

string

The password for connecting to the HTTP proxy server.

online-export-analytics

boolean

True if the analytics are exported to the license server.

online-use-ipv6-dns

boolean

True if the licensing server is accessed using IPv6.

online-source-ip

ip-address

Source address used to join the server.

offline-certificate-serial

string

The currently used serial number.

offline-certificate-computer-id

string

This computer ID.

offline-serial

string

The currently used serial number.

snmp

boolean

True if the snmp agent is enabled, else false.

product-version

The product version.

Measure

Type

Description

product:version

string

Version currently running.

system-cpu-times

The list of CPU times per CPU.

Measure

Type

Description

cpu

string

The CPU number.

user

decimal64

The percentage of CPU usage spent in user mode.

nice

decimal64

The percentage of CPU usage spent in user mode with nice priority.

system

decimal64

The percentage of CPU usage spent in kernel mode.

idle

decimal64

The percentage of CPU usage spent doing nothing.

iowait

decimal64

The percentage of CPU usage spent waiting for I/O to complete.

irq

decimal64

The percentage of CPU usage spent servicing hardware interrupts.

softirq

decimal64

The percentage of CPU usage spent servicing software interrupts.

steal

decimal64

The percentage of CPU usage spent in involuntary wait by the virtual CPU or CPUs while the hypervisor was servicing another virtual processor.

guest

decimal64

The percentage of CPU usage spent running a virtual processor.

guest-nice

decimal64

The percentage of CPU usage spent running a virtual processor with nice property.

system-cpu-usage

The list of busy percentage per CPU.

Measure

Type

Description

cpu

string

The CPU number.

busy

uint16

The busy percentage.

system-disk-usage

The disk usage information per device.

Measure

Type

Description

disk

string

The disk name.

total

uint64

The disk total size.

free

uint64

The disk free size.

system-memory

The total and available memory.

Measure

Type

Description

available

uint64

The memory that can be given instantly to processes without the system going into swap.

total

uint64

The total physical memory.

system-numa-stats

The list of current NUMA-nodes and their statistics.

Measure

Type

Description

node

string

Numa node unique identifier.

numa-hit

uint64

Number of pages successfully allocated to this node as intended.

numa-miss

uint64

Number of pages allocated on this node despite the process preferring some different node.

numa-foreign

uint64

Number of pages intended for this node but actually allocated on some different node.

interleave-hit

uint64

Number of interleave policy pages successfully allocated to this node.

local-node

uint64

Number of pages successfully allocated on this node by a process on this node.

other-node

uint64

Number of pages allocated on this node by a process on another node.

system-power

The power relate metrics (consumption, frequency, processor sleep states). The data is only available when directly running on an Intel server.

Measure

Type

Description

global-cpu-power

decimal64

Total CPU(s) consumption.

cpu

string

The CPU number.

per-cpu-busy

uint8

The busy percentage, i.e. when the processor is not in an hardware sleep state.

per-cpu-idle

uint8

The busy percentage, i.e. when the processor is in an hardware sleep state.

per-cpu-frequency

uint32

The current cpu frequency.

system-processes

The list of processes on the system.

Measure

Type

Description

name

string

The name of the process.

pid

uint64

The pid of the process.

fds

uint32

The number of file descriptors opened by this process.

memory

uint64

The memory used by this process.

busy

decimal64

The busy percentage for this process.

voluntary-context-switches

uint64

The number of voluntary context switches.

involuntary-context-switches

uint64

The number of involuntary context switches.

system-soft-interrupts-stats

The list of soft interrupts statistics per CPU.

Measure

Type

Description

cpu

string

The CPU number.

hi

uint64

Number of high priority tasklets.

timer

uint64

Number of timer interrupts.

net-tx

uint64

Number of interrupts for transmitting packets to network cards.

net-rx

uint64

Number of interrupts for receiving packets from network cards.

irq-poll

uint64

Number of polling interrupts.

block

uint64

Number of block-device I/O interrupts.

tasklet

uint64

Number of regular tasklets interrupts.

high-resolution-timer

uint64

Number of high resolution timer interrupts.

sched

uint64

Number of scheduling interrupts.

rcu

uint64

Number of read-copy-update interrupts.

system-uptime

The system uptime.

Measure

Type

Description

system:uptime

string

A human readable value (e.g DD days, HH:mm:ss).

system-user-count

The number of logged user sessions.

Measure

Type

Description

session-count

uint16

The number of running sessions.

system-users

The list of logged user sessions.

Measure

Type

Description

terminal

string

The terminal name.

user

string

The user.

source

string

The host from where the user logged in.

started

string

The date at which the connection was started.