|
Cerca |
Questa guida dà una semplice visione generale sulle informazioni relative allo stato delle connessioni, dei database interni come ARP o Sticky, statistiche dei protocolli e utilizzo delle risorse. Contiene anche le informazioni sulle modalità di recupero dei dati da interfacce specifiche come metodo di risoluzione dei problemi. Elenco delle connessioni attive per porta: rbx-99-6k-ace-1/vrack1234# show conn port 80 conn-id np dir proto vlan source destination state 295812 1 in TCP 123 11.22.33.11:5747 188.123.123.123:80 ESTAB 370332 1 out TCP 1234 192.168.1.11:80 192.168.1.254:14164 ESTAB 191359 2 in TCP 123 11.22.33.44:55089 188.123.123.123:80 ESTAB -- - - — — — — -- Connessioni da rserver: rbx-99-6k-ace-1/vrack1234# sh conn rserver SERVER1 conn-id np dir proto vlan source destination state 387673 1 in TCP 123 11.22.33.11:5998 188.123.123.123:80 ESTAB 364250 1 out TCP 1234 192.168.1.11:80 192.168.1.254:14171 ESTAB Altre opzioni utilizzabili: elenco connessioni tramite protocolli, indirizzo/netmask, o serverfarm: rbx-99-6k-ace-1/vrack1234# show conn protocol tcp rbx-99-6k-ace-1/vrack1234# sh conn address 11.22.33.11 netmask 255.255.255.255 rbx-99-6k-ace-1/vrack1234# sh conn serverfarm FARM_WEB Tutti i dettagli delle connessioni: rbx-99-6k-ace-1/vrack1234# show conn detail totale connessioni attuali: 5 conn-id np dir proto vlan source destination state 360790 1 in TCP 123 11.22.33.11:3758 188.123.123.111:22 ESTAB [ idle time : 00:00:00, byte count : 16313 ] [ elapsed time: 00:04:54, packet count: 221 ] 92023 1 out TCP 123 188.123.123.111:22 11.22.33.11:3758 ESTAB [ conn in reuse pool : FALSE] [ idle time : 00:00:00, byte count : 19662 ] [ elapsed time: 00:04:54, packet count: 161 ] 191359 2 in TCP 123 11.22.33.44:55089 188.123.123.123:80 ESTAB [ idle time : 00:02:14, byte count : 100 ] [ elapsed time: 00:02:14, packet count: 2 ] -- - - — — — — -- 304827 2 in TCP 123 11.22.33.11:5997 188.123.123.123:80 ESTAB [ idle time : 00:00:02, byte count : 637 ] [ elapsed time: 00:00:02, packet count: 4 ] 315320 2 out TCP 1234 192.168.1.11:80 192.168.1.254:14583 ESTAB [ conn in reuse pool : FALSE] [ idle time : 00:00:02, byte count : 604 ] [ elapsed time: 00:00:02, packet count: 3 ] Elenco inserimenti nel database: rbx-99-6k-ace-1/vrack1234# show sticky database sticky group : type : HTTP-COOKIE timeout : 3600 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags -------------------- ---------------------------------------------+-------+12411268269029278684 SERVER1:0 53118 - sticky group : type : HTTP-COOKIE timeout : 3600 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags -------------------- ---------------------------------------------+-------+14410415696288591616 SERVER1:0 215830 - Elenco da valore di cookie: Connesso alla farm (esempio di configurazione descritto nella guida del Load balancing con Sticky) assicuratevi che il vostro browser abbia il blocco dei cookie disattivato. Ricaricate il sito, in questo modo dovreste ottenere il cookie col valore visibile: Got cookie: CookieACE = 2356 Ora sarà possibile elencare le voci del database tramite quel valore: rbx-99-6k-ace-1/vrack1234# show sticky database http-cookie 2356 sticky group : type : HTTP-COOKIE timeout : 3600 timeout-activeconns : FALSE sticky-entry rserver-instance time-to-expire flags -------------------- ---------------------------------------------+-------+14410415696288591616 SERVER1:0 215754 - Le voci contenute nelle tabelle ARP possono essere identificate in questo modo: rbx-99-6k-ace-1/vrack1234# show arp Context vrack1234 ================================================================================ IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status ================================================================================ 188.123.123.123 00.21.a0.82.81.41 vlan123 VSERVER LOCAL _ up 188.123.123.111 00.21.a0.82.81.41 vlan123 INTERFACE LOCAL _ up 188.123.123.124 00.11.c4.14.13.20 vlan123 GATEWAY 1443 105 sec up 192.168.1.2 00.11.c4.14.13.20 vlan1234 LEARNED 1463 7947 sec up 192.168.1.3 00.11.c4.14.13.20 vlan1234 LEARNED 1465 7959 sec up 192.168.1.4 00.11.c4.14.13.20 vlan1234 LEARNED 1446 1846 sec up 192.168.1.10 00.21.a0.82.81.41 vlan1234 INTERFACE LOCAL _ up 192.168.1.11 00.11.c4.14.13.20 vlan1234 RSERVER 1470 176 sec up 192.168.1.100 00.11.c4.14.13.20 vlan1234 LEARNED 1461 4971 sec up 192.168.1.101 00.11.c4.14.13.20 vlan1234 RSERVER 1472 193 sec up 192.168.1.111 00.11.c4.14.13.20 vlan1234 LEARNED 1452 4178 sec up 192.168.1.254 00.21.a0.82.81.41 vlan1234 NAT LOCAL _ up ================================================================================ Totale delle voci ARP 12 Per catturare dati da ACE è sufficiente eseguire pochi passaggi. - creare un filtro di ingresso con elenco accessi - lanciare un capture - visualizzare le statistiche del capture - arrestare il capture e vedere i dettagli Supponiamo di voler seguire la trasmissione di pacchetti TCP destinati alla porta 80 (http): rbx-99-6k-ace-1/vrack1234(config)# access-list WWW line 1 extended permit tcp any any eq www Creare un capture: rbx-99-6k-ace-1/vrack1234# capture CAPT1 all access-list WWW Lanciare il capture: rbx-99-6k-ace-1/vrack1234# capture CAPT1 start Now we can see on the console capture packets: rbx-99-6k-ace-1/vrack1234# 13:23:09.722257 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 58: 188.123.123.123.80 > 11.22.33.11.60977: S [bad tcp cksum fc8b!] 3348706231:3348706231(0) ack 3659448056 win 32768 <mss 1460> (ttl 255, id 50882, len 44, bad cksum d0a!) 13:23:09.773021 0:24:c4:b2:16:80 0:21:a0:82:8e:41 0800 60: 11.22.33.11.60977 > 188.123.123.123.80: . [tcp sum ok] ack 1 win 5840 (DF) (ttl 58, id 39008, len 40) 13:23:09.789337 0:24:c4:b2:16:80 0:21:a0:82:8e:41 0800 511: 11.22.33.11.60977 > 188.123.123.123.80: P [tcp sum ok] 1:458(457) ack 1 win 5840 (DF) (ttl 58, id 39009, len 497) 13:23:09.789794 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 54: 188.123.123.123.80 > 11.22.33.11.60977: . [bad tcp cksum 1449!] ack 458 win 32311 (ttl 255, id 50883, len 40, bad cksum d577!) 13:23:09.791068 0:21:a0:82:8e:41 0:24:c4:b2:16:80 0800 58: 192.168.1.254.14586 > 192.168.1.11.80: S [bad tcp cksum c571!] 2456020937:2456020937(0) win 32768 <mss 960> (ttl 255, id 50884, len 44, bad cksum 7376!) 13:23:09.802221 0:30:48:fb:b7:a2 0:21:a0:82:8e:41 0800 60: 192.168.1.11.80 > 192.168.1.254.14586: S [tcp sum ok] 3539703509:3539703509(0) ack 2456020938 win 5840 <mss 1460> (DF) (ttl 64, id 0, len 44) 13:23:09.802475 0:21:a0:82:8e:41 0:30:48:fb:b7:a2 0800 54: 192.168.1.254.14586 > 192.168.1.11.80: . [bad tcp cksum 7158!] ack 1 win 32768 (ttl 255, id 50885, len 40, bad cksum 3b0d!) 13:23:09.802712 0:21:a0:82:8e:41 0:30:48:fb:b7:a2 0800 539: 192.168.1.254.14586 > 192.168.1.11.80: P 1:486(485) ack 1 win 32768 (ttl 255, id 50886, len 525, bad cksum e6b7!) 13:23:09.803130 0:30:48:fb:b7:a2 0:21:a0:82:8e:41 0800 60: 192.168.1.11.80 > 192.168.1.254.14586: . [tcp sum ok] ack 486 win 6432 (DF) (ttl 64, id 59291, len 40) rbx-99-6k-ace-1/vrack1234# sh capture CAPT1 status Capture session : CAPT1 Buffer size : 64 K Circular : no Buffer usage : 11.00% Status : running Per visualizzare informazioni maggiormente dettagliate, è necessario prima di tutto interrompere la cattura: rbx-99-6k-ace-1/vrack1234# capture CAPT1 stop Ora è possibile visualizzare messaggi e connessioni: rbx-99-6k-ace-1/vrack1234# show capture CAPT1 0001: msg_type: ACE_HIT ace_id: 7842 action_flag: 0x3 0002: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0 0003: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0 0004: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0 0005: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0 0006: msg_type: CON_SETUP con_id: 1459994384 out_con_id: 503646368 0007: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0 0008: msg_type: PKT_RCV con_id: 503646368 other_con_id: 0 0009: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0 0010: msg_type: PKT_XMT con_id: 503646368 other_con_id: 0 ... Opzione estremamente utile - mostra l'intero dump dei pacchetti hex/text di una connessione specifica tramite ID: rbx-99-6k-ace-1/vrack1234# show capture CAPT1 detail connid 1459994384 0002: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0 message_hex_dump: 0x0000: 4020 004c 0050 8034 0004 010e 0000 0080 @..L.P.4........ 0x0010: 0004 0024 c4b2 1680 0021 a082 8e41 0800 ...$.....!...A.. 0x0020: 4500 002c c6c2 0000 ff06 0d0a bca5 7d73 E..,..........}s 0x0030: d5fb 888b 0050 ee31 c799 33b7 da1e bef8 .....P.1..3..... 0x0040: 6012 8000 0000 0000 0204 05b4 `........... 0003: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0 message_hex_dump: 0x0000: 0900 004e 0050 8034 0034 810e 0011 0e90 ...N.P.4.4...... 0x0010: 0000 0021 a082 8e41 0024 c4b2 1680 0800 ...!...A.$...... 0x0020: 4500 0028 9860 4000 3a06 0fd0 d5fb 888b E..(.`@.:....... 0x0030: bca5 7d73 ee31 0050 da1e bef8 c799 33b8 ..}s.1.P......3. 0x0040: 5010 16d0 7d79 0000 0000 0000 0000 P...}y........ 0004: msg_type: PKT_RCV con_id: 1459994384 other_con_id: 0 message_hex_dump: 0x0000: 0900 0211 0050 8034 0034 810e 0011 0e90 .....P.4.4...... 0x0010: 0000 0021 a082 8e41 0024 c4b2 1680 0800 ...!...A.$...... 0x0020: 4500 01f1 9861 4000 3a06 0e06 d5fb 888b E....a@.:....... 0x0030: bca5 7d73 ee31 0050 da1e bef8 c799 33b8 ..}s.1.P......3. 0x0040: 5018 16d0 fa55 0000 4745 5420 2f31 2f20 P....U..GET./1/. 0x0050: 4854 5450 2f31 2e31 0d0a 486f 7374 3a20 HTTP/1.1..Host:. 0x0060: 3138 382e 3136 352e 3132 352e 3131 350d 188.123.123.123. 0x0070: 0a55 7365 722d 4167 656e 743a 204d 6f7a .User-Agent:.Moz 0005: msg_type: PKT_XMT con_id: 1459994384 other_con_id: 0 message_hex_dump: 0x0000: 4020 0048 0050 8034 0004 010e 0000 0080 @..H.P.4........ 0x0010: 0004 0024 c4b2 1680 0021 a082 8e41 0800 ...$.....!...A.. 0x0020: 4500 0028 c6c3 0000 ff06 d577 bca5 7d73 E..(.......w..}s 0x0030: d5fb 888b 0050 ee31 c799 33b8 da1e c0c1 .....P.1..3..... 0x0040: 5010 7e37 0000 0000 P.~7.... Se volete utilizzare i dati ottenuti in un secondo momento, dovreste copiarli su un disco (oppure scaricarli tramite ftp/sftp/tftp): rbx-99-6k-ace-1/vrack1234# copy capture CAPT1 disk0: CAPTURE1 Cisco Application Control Engine Module Load Balancing Guide |
