show session

Description                                                    Display session information.

Syntax                                                                  show session 
[
brief |
dns-id-switch |
ds-lite [suboptions]|
filter {name | config} |
full-width 
ipv4 [addr-suboptions] |
ipv6 [addr-suboptions] |
nat44 [suboptions] |
nat64 [suboptions] |
persist [persistence-type [addr-suboptions]] |
radius |
sctp |
server [name] |
sip [addr-suboptions] |
sixrd-nat64 [suboptions] |
virtual-server [name]
]

Parameter

Description

brief

Displays summary statistics for all session types.

dns-id-switch

Displays statistics for DNS switch sessions.

ds-lite

Displays statistics for DS-Lite sessions. The following options are available:

  dest-port num—View sessions with the specified destination port (1-65535).

  dest-v4-addr ipaddr[/length]—View sessions with the specified destination IPv4 address.

  dest-v6-addr ipaddr[/length]—View sessions with the specified destination IPv6 address.

  source-port num—View sessions with the specified source port (1-65535).

  source-v4-addr ipaddr[/length]—View sessions with the specified source IPv4 address.

  source-v6-addr ipaddr[/length]—View sessions with the specified source IPv6 address.

Not all suboptions are available for use in conjunction with others. For example, if the first subop­tion you enter is dest-addr, the only additional suboption you can specify is dest-port.

filter 
{
name | config}

Displays information about configured session filters.

Specify config to view all configured session filters, or specify a filter name to view the specified filter only.

full-width

Display full IPv6 addresses. By default, IPv6 addresses are truncated to 22 characters.

ipv4

Displays information for IPv4 sessions. The following address suboptions are available:

  dest-port num—View sessions with the specified destination port (1-65535).

  dest-v4-addr ipaddr[/length]—View sessions with the specified destination IPv4 address.

  source-port num—View sessions with the specified source port (1-65535).

  source-v4-addr ipaddr[/length]—View sessions with the specified source IPv4 address.

Not all suboptions are available for use in conjunction with others. For example, if the first subop­tion you enter is dest-addr, the only additional suboption you can specify is dest-port.

ipv6

Displays information for IPv6 sessions. The following address suboptions are available:

  dest-port num—View sessions with the specified destination port (1-65535).

  dest-v6-addr ipaddr[/length]—View sessions with the specified destination IPv6 address.

  source-port num—View sessions with the specified source port (1-65535).

  source-v6-addr ipaddr[/length]—View sessions with the specified source IPv6 address.

Not all suboptions are available for use in conjunction with others. For example, if the first subop­tion you enter is dest-addr, the only additional suboption you can specify is dest-port.

nat44

Displays information for NAT44 sessions.

The supported suboptions are the same as for ipv4 (see above).

nat64

Displays information for NAT64 sessions.

The supported suboptions are the same as for ipv6 (see above).

persist
[type 
[suboptions]]

Displays session persistence information.

The following persistence types can be specified:

  dst-ip—Displays destination-IP persistent sessions.

  ipv6—Displays IPv6 sessions.

  src-ip—Displays source-IP persistent sessions.

  ssl-sid—Displays SSL-session-ID persistent sessions.

  uie—Displays sessions that are made persistent by the aFleX persist uie command.

The available suboptions are the same as the ones for ipv4 (see above).

radius

Displays RADIUS session information.

sctp

Displays SCTP sessions only.

server [name]

Displays sessions for real servers, or a specific server name.

sip

Displays information for Session Initiation Protocol (SIP) sessions. The following suboptions are available:

  dest-port num—View sessions with the specified destination port (1-65535).

  dest-v4-addr ipaddr[/length]—View sessions with the specified destination IPv4 address.

  dest-v6-addr ipaddr[/length]—View sessions with the specified destination IPv6 address.

  smp-sip-rtp num—View SIP sessions.

sixrd-nat64

Displays 6rd-NAT64 session statistics. The available suboptions are the same as for ds-lite (see above).

virtual-server [name]

Displays sessions for virtual servers, or a specific virtual server name.

Mode                                                                   All

Usage                                                                  For convenience, you can save session display options as a session filter. (See session-filter.)

Note on Clearing Sessions

After entering the clear session command, the ACOS device may remain in session-clear mode for up to 10 seconds. During this time, any new connections are sent to the delete queue for clearing.

Example                                                            The following command lists information for all IPv4 sessions:

ACOS(config)#show session ipv4

Traffic Type                       Total                     

--------------------------------------------

TCP Established                    2             

TCP Half Open                      0             

TCP Half Close                     0             

UDP                                0             

Non TCP/UDP IP sessions            0             

Other                              0             

Reverse NAT TCP                    0             

Reverse NAT UDP                    0             

Free Buff Count                    0             

Curr Free Conn                     2007033       

Conn Count                         10            

Conn Freed                         8             

TCP SYN Half Open                  0             

Conn SMP Alloc                     13            

Conn SMP Free                      2             

Conn SMP Aged                      2             

Conn Type 0 Available              3997696

Conn Type 1 Available              2031615

Conn Type 2 Available              999424

Conn Type 3 Available              499712

Conn Type 4 Available              249856

Conn SMP Type 0 Available          3997696

Conn SMP Type 1 Available          1998848

Conn SMP Type 2 Available          999424

Conn SMP Type 3 Available          507875

Conn SMP Type 4 Available          249856

 

Prot Forward Source         Forward Dest           Reverse Source         Reverse Dest           Age   Hash Flags

-----------------------------------------------------------------------------------------------------------

Tcp  1.0.4.147:49107        1.0.100.1:21           1.0.3.148:21           1.0.4.147:49107        120   2 OS

Tcp  1.0.16.2:58736         1.0.100.1:21           1.0.3.148:21           1.0.16.2:58736         60    2 OS

Total Sessions:          2

The following table describes the fields in the command output.

Field

Description

TCP Established

Number of established TCP sessions.

TCP Half Open

Number of half-open TCP sessions. A half-open session is one for which the ACOS device has not yet received a SYN ACK from the backend server.

TCP Half Close

Number of half-closed TCP sessions. A half-closed TCP session is a session in which the server sends a FIN but the client does not reply with an ACK.

UDP

Number of UDP sessions.

Non TCP/UDP IP sessions

Number of IP sessions other than TCP or UDP sessions.

This counter applies specifically to IP protocol load balancing. (See the “IP Protocol Load Balancing” chapter in the Application Delivery and Server Load Balancing Guide.)

Other

Number of internally used sessions. As an example, internal sessions are used to hold fragmentation information.

Reverse NAT TCP

Number of reverse-NAT TCP sessions.

Reverse NAT UDP

Number of reverse-NAT UDP sessions.

Free Buff Count

Number of IO buffers currently available.

Curr Free Conn

Number of Layer 4 sessions currently available.

Conn Count

Number of connections.

Conn Freed

Number of connections freed after use.

TCP SYN Half Open

Number of half-open TCP sessions. These are sessions that are half-open from the client’s perspective.

Conn SMP Alloc

Statistics for session memory resources.

Conn SMP Free

Conn SMP Aged

Conn Type 0-4 Available

Conn SMP Type 0-4 Available

Prot

Transport protocol.

Forward Source

Client IP address when connecting to a VIP.

Notes: 

  For DNS sessions, the client’s DNS transaction ID is shown instead of a protocol port number.

  The output for connection-reuse sessions shows 0.0.0.0 for the forward source and forward desti­nation addresses.

  For source-IP persistent sessions, if the option to include the client source port (incl-sport) is enabled in the persistence template, the client address shown in the Forward Source column includes the port number.

  IPv4 client addresses – The first two bytes of the displayed value are the third and fourth octets of the client IP address. The last two bytes of the displayed value represent the client source port. For example, “155.1.1.151:33067” is shown as “1.151.129.43”.

  IPv6 client addresses – The first two bytes in the displayed value are a “binary OR” of the first two bytes of the client’s IPv6 address and the client’s source port number. For example, “2001:ff0:2082:1:1:1:d1:f000” with source port 38287 is shown as “b58f:ff0:2082:1:1:1:d1:f000”.

Also see the output examples below.

Forward Dest

VIP to which the client is connected.

Reverse Source

Real server’s IP address.

Note: If the ACOS device is functioning as a cache server (RAM caching), asterisks ( * ) in this field and the Reverse Dest field indicate that the ACOS device directly served the requested content to the cli­ent from the ACOS RAM cache. In this case, the session is actually between the client and the ACOS device rather than the real server.

Reverse Dest

IP address to which the real server responds.

  If source NAT is used for the virtual port, this address is the source NAT address used by the ACOS device when connecting to the real server.

  If source IP NAT is not used for the virtual port, this address is the client IP address.

Age

Number of seconds since the session started.

Hash

CPU ID.

Flags

This is an internal flag used for debugging purposes. This identifies the attributes of a session.

Type

Indicates the session type, which can be one of the following:

  SLB-L4 – SLB session for Layer 4 traffic.

  SLB-L7 – SLB session for Layer 7 traffic.

  NAT – Network Address Translation (NAT) session for dynamic NAT.

  ST-NAT – NAT session for static NAT.

  ACL – Session for an ACL.

  TCS – Transparent Cache Switching session.

  XNT – Transparent session.

The following counters apply only to the current partition:

     TCP Established

     TCP Half Open

     UDP

     Non TCP/UDP IP sessions

     Other

     Reverse NAT TCP

     Reverse NAT UDP

The other counters apply to all partitions, regardless of the partition from which the command is entered.

Example                                                            The following command displays the IPv4 session for a specific source IP address:

ACOS(config)#show session ipv4 source-addr 1.0.4.147

Prot Forward Source         Forward Dest           Reverse Source         Reverse Dest           Age   Hash Flags

-----------------------------------------------------------------------------------------------------------

Tcp  1.0.4.147:49107        1.0.100.1:21           1.0.3.148:21           1.0.4.147:49107        120   2 OS

Total Sessions:          1

 

Example                                                            The following commands display IPv4 source-IP persistent sessions, clear one of the sessions, then verify that the session has been cleared:

ACOS(config)#show session persist src-ip

Prot Forward Source   Forward Dest           Reverse Source         Age   Hash Flags

------------------------------------------------------------------------------------

src  1.0.16.2         1.0.100.1:21           1.0.3.148        6000  120   2    OS

src  1.0.4.147        1.0.100.1:21           1.0.3.148        6000  120   2    OS

Total Sessions:          2

ACOS(config)#clear sessions persist src-ip source-addr 1.0.16.2

ACOS(config)#show session persist src-ip

Prot Forward Source   Forward Dest           Reverse Source         Age   Hash Flags

------------------------------------------------------------------------------------

src  1.0.4.147        1.0.100.1:21           1.0.3.148              5880  2    OS

In this example, IPv4 source-IP persistent sessions are shown. The incl-sport option in the source-IP persistence template is enabled, so the value shown in the Forward Source column is a combination of the client source IP address and source port number. The first two bytes of the displayed value are the third and fourth octets of the client IP address. The last two bytes of the displayed value represent the client source port.

Example                                                            The following commands display IPv6 source-IP persistent sessions:

ACOS(config)#show session persist ipv6

Prot Forward Source

    Forward Dest

    Reverse Source                                         Age

------------------------------------------------------------------

src  [2001:ff0:2082:1:1:1:d1:f000]

    [2001:ff0:2082:1:1:1:f000:1111]:80

    [2001:ff0:2082:4:1:1:f000:1e4]:6880                    300

In the output above, the Forward Source column shows the client’s IPv6 address but does not show the port number. The port number is omitted because the incl-sport option in the source-IP persistence template is disabled.

In the output below, the same client IPv6 address is shown. However, in this case, the incl-sport option in the source-IP persistence template is enabled. Therefore, the Forward Source column includes the port number. The first two bytes in the displayed value are a “binary OR” of the first two bytes of the client’s IPv6 address and the client's source port number. In this example, the Forward source value is “b58f:ff0:2082:1:1:1:d1:f000”. The first two bytes, “b58f”, are a “binary OR” value of “2001” and port number 38287.

ACOS(config)#show session persist ipv6

Prot Forward Source

    Forward Dest

    Reverse Source                                         Age

------------------------------------------------------------------

src  [b58f:ff0:2082:1:1:1:d1:f000]

    [2001:ff0:2082:1:1:1:f000:1111]:80

    [2001:ff0:2082:4:1:1:f000:1e3]:6880                    300

 

Example                                                            The following command shows active RADIUS sessions:

ACOS#show session radius

Traffic Type                       Total

--------------------------------------------

TCP Established                    0

TCP Half Open                      0

UDP                                30

...

 

Prot Forward Source         Forward Dest           Reverse Source         Reverse Dest           Age   Hash Flags Radius ID

----------------------------------------------------------------------------------------

Udp   10.11.11.50:32836      10.11.11.90:1812       10.11.11.15:1812       10.11.11.50:32836      120   1    NSe0 104

Udp   10.11.11.50:32836      10.11.11.90:1812       10.11.11.12:1812       10.11.11.50:32836      120   1    NSe0 111

...

Udp   10.11.11.50:32836      10.11.11.90:1812       10.11.11.14:1812       10.11.11.50:32836      120   7    NSe0 103

Udp   10.11.11.50:32836      10.11.11.90:1812       10.11.11.11:1812       10.11.11.50:32836      120   7    NSe0 222

Total Sessions:          30

The session table contains a separate session for each RADIUS Identifier value. The following address information is shown for each session:

     Forward Source – The sender of the RADIUS message. This is the IP address of the BRAS.

     Forward Dest – The RADIUS VIP on the ACOS device.

     Reverse Source – The RADIUS server to which the ACOS device sends requests that have the Identifier listed in the RADIUS ID field.

     Reverse Dest – The destination of the RADIUS server reply forwarded by the ACOS device. (This is the sender of the initial RADIUS message that started the session, the BRAS in the example above.)

Example                                                            The following example displays the output when viewing the sessions on a real server named “s2” whose IP address is 172.16.1.11:

ACOS(config)#show session server s2

Traffic Type Total

--------------------------------------------

TCP Established                5

TCP Half Open                0

UDP                0

Non TCP/UDP IP sessions                0

Other                0

Reverse NAT TCP 0               

Reverse NAT UDP                0

Curr Free Conn                2018015

Conn Count                47300

Conn Freed                46529

TCP SYN Half Open                0

Conn SMP Alloc                22

Conn SMP Free                0

Conn SMP Aged                0

Conn Type 0 Available                3866493

Conn Type 1 Available                1932797

Conn Type 2 Available                950272

Conn Type 3 Available                482942

Conn Type 4 Available                241406

Conn SMP Type 0 Available                3801088

Conn SMP Type 1 Available                1900544

Conn SMP Type 2 Available                950272

Conn SMP Type 3 Available                483305

Conn SMP Type 4 Available                237568

Prot Forward Source Forward Dest Reverse Source Reverse DestAge Hash Flags Type

------------------------------------------------------------------------------

Tcp 172.16.2.10:59992 172.16.2.200:80 172.16.1.11:80 172.16.1.50:18254

600 1 NSe1 SLB-L7

Tcp 172.16.2.10:60171 172.16.2.200:44333 172.16.1.11:80 172.16.1.50:18253

600 1 NSe1 SLB-L7

Total Sessions: 2

Table of Contents

Index

Glossary

-Search-

Back