Refreshing vFlow Level Statistics for Long-lived Connections



Prior to Netvisor ONE 5.1.1 release, the connection analytics displayed the connection statistics ( incoming bytes, outgoing bytes, total bytes, and the age of the connection) only after the connection is completed, which  worked well for short-timed connections. However,  for long-lived  TCP connections, the connection statistics was unreliable. This was due to the fact that the parameters involved were calculated with reference to the TCP sequence numbers, which, for a long-lived connection, always wrapped around.


To eliminate inaccuracies in  long-lived TCP connection statistics, the TCP data packets with sequence numbers that are about to wrap around are sent to the CPU. This is implemented by defining a new vflow rule (policy). Netvisor ONE provides an option to enable this functionality through the vflow-settings-modify command. When the feature is active, the  connection-stats-show and connection-show commands show accurate outputs for long-lived TCP connections.


Note

    • To enable long-lived TCP connection statistics, you must first enable the user-defined-flow knob.
    • Disable vxlan-analytics before enabling the long-lived TCP connection statistics knob.
    • You cannot enable  long-lived TCP connection statistics knob if the inflight-vxlan-analytics is enabled or vice-versa.


Note: You must restart nvOSd when you enable or disable the long-lived TCP connection statistics knob.


Use the vflow-settings-modify command to enable long-lived TCP connection statistics:


CLI (network-admin@switch) > vflow-settings-modify


vflow-settings-modify

Use this command to update a user vflow setting.

Specify one or more of the following options:


enable-user-defined-flow|no-enable-user-defined-flow

Specify to enable or disable the user defined flows.


Note: You must enable the user-defined-flow before enabling the longlived tcp connection statistics.

vxlan-analytics|no-vxlan-analytics

Specify to enable or disable VXLAN analytics.


Note: You must disable VXLAN analytics  before enabling the longlived tcp connection

inflight-vxlan-analytics|no-inflight-vxlan-analytics

Specify to enable or disable the  inflight VXLAN analytics.


Note: You must disable  inflight VXLAN analytics  before enabling the longlived tcp connection.

longlived-tcp-conn-stats|no-longlived-tcp-conn-stats

Specify to enable or disable the long-lived TCP connection statistics.


For example, to enable the long-lived TCP connection statistics, use the commands below:


CLI (network-admin@Leaf1) > vflow-settings-modify enable-user-defined-flow 


CLI (network-admin@Leaf1) > vflow-settings-modify no-vxlan-analytics no-inflight-vxlan-analytics 


CLI (network-admin@Leaf1) > vflow-settings-modify longlived-tcp-conn-stats


To view the user vflow settings, use the command vflow-settings-show. For example, after enabling long-lived TCP connection statistics, the typical output would be:


CLI (network-admin@Leaf1) > vflow-settings-show


enable-user-defined-flow: on

vxlan-analytics:          off

inflight-vxlan-analytics: off

longlived-tcp-conn-stats: on


To view the connection statistics, use the show commands:


CLI (network-admin@Leaf1) > connection-stats-show


vlan     ip       port iconns    oconns ibytes obytes total-bytes 

---- ------------ ---- --------- ------ ------ ------ ----------- 

100  132.10.3.152 32   402617119        813G   809G    1.58T

100  132.10.3.113 32   402439803        822G   818G    1.60T

100  132.10.3.191 32   402379008        828G   822G    1.61T

100  132.10.3.160 32   402531295        828G   824G    1.61T

100  132.10.3.147 32   402620992        833G   829G    1.62T

100  132.10.3.131 32   402466573        840G   836G    1.64T


CLI (network-admin@Leaf1) > connection-show


vlan   src-ip     dst-ip     dst-port cur-state latency obytes ibytes total-bytes age

---- ---------- ------------ -------- --------- ------- ------ ------ ----------- ---

100  132.10.3.2 132.10.3.127 http     fin       67.9us  198    188    386         1s

100  132.10.3.2 132.10.3.186 http     fin       62.3us  198    188    386         1s

100  132.10.3.2 132.10.3.153 http     fin       511us   198    188    386         1s

100  132.10.3.2 132.10.3.205 http     fin       66.4us  198    188    386         1s

100  132.10.3.1 132.10.3.160 http     fin       305us   198    188    386         1s


north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south