|
|
|
This section describes and explains the output parameters of the show cluster statistics sync and cphaprob syncstat commands.
Example output from a Cluster Member:
Delta Sync Statistics
Sync status: OK
Drops: Lost updates................................. 0 Lost bulk update events...................... 0 Oversized updates not sent................... 0
Sync at risk: Sent reject notifications.................... 0 Received reject notifications................ 0
Sent updates: Total generated sync messages................ 12316 Sent retransmission requests................. 0 Sent retransmission updates.................. 0 Peak fragments per update.................... 1
Received updates: Total received updates....................... 12 Received retransmission requests............. 0
Queue sizes (num of updates): Sending queue size........................... 512 Receiving queue size......................... 256 Fragments queue size......................... 50
Timers: Delta Sync interval (ms)..................... 100
Reset on Sun Jun 3 14:37:26 2018 (triggered by fullsync). |
The "Sync status:" section
This section shows the status of the Delta Sync mechanism. One of these:
Sync status: OKSync status: Off - Full-sync failureSync status: Off - Policy installation failureSync status: Off - Cluster module not startedSync status: Off - SIC failureSync status: Off - Full-sync checksum errorSync status: Off - Full-sync received queue is fullSync status: Off - Release version mismatchSync status: Off - Connection to remote member timed-outSync status: Off - Connection terminated by remote memberSync status: Off - Could not start a connection to remote memberSync status: Off - cpstartSync status: Off - cpstopSync status: Off - Manually disabled syncSync status: Off - Was not able to start for more than X secondSync status: Off - BootSync status: Off - Connectivity Upgrade (CU)Sync status: Off - cphastopSync status: Off - Policy unloadedSync status: Off - HibernationSync status: Off - OSU deactivatedSync status: Off - Sync interface downSync status: Fullsync in progressSync status: Problem (Able to send sync packets, unable to receive sync packets)Sync status: Problem (Able to send sync packets, saving incoming sync packets)Sync status: Problem (Able to send sync packets, able to receive sync packets)Sync status: Problem (Unable to send sync packets, unable to receive sync packets)Sync status: Problem (Unable to send sync packets, saving incoming sync packets)Sync status: Problem (Unable to send sync packets, able to receive sync packets)The "Drops:" section
This section shows statistics for drops on the Delta Sync network.
Field |
Description |
|---|---|
Lost updates |
Shows how many Delta Sync updates this Cluster Member considers as lost (based on sequence numbers in CCP packets). If this counter shows a value greater than 0, this Cluster Member lost Delta Sync updates. Possible mitigation: Increase the size of the Sending Queue and the size of the Receiving Queue:
|
Lost bulk update events |
Shows how many times this Cluster Member missed Delta Sync updates. (bulk update = twice the size of the local receiving queue) This counter increases when this Cluster Member receives a Delta Sync update with a sequence number much greater than expected. This probably indicates some networking issues that cause massive packet drops. This counter increases when the amount of missed Delta Sync updates is more than twice the local Receiving Queue Size. Possible mitigation:
|
Oversized updates not sent |
Shows how many oversized Delta Sync updates were discarded before sending them. This counter increases when Delta Sync update is larger than the local Fragments Queue Size. Possible mitigation:
|
The "Sync at risk:" section
This section shows statistics that the Sending Queue is at full capacity and rejects Delta Sync retransmission requests.
Field |
Description |
|---|---|
Sent reject notifications |
Shows how many times this Cluster Member rejected Delta Sync retransmission requests from its peer Cluster Members, because this Cluster Member does not hold the requested Delta Sync update anymore. |
Received reject notification |
Shows how many reject notifications this Cluster Member received from its peer Cluster Members. |
The "Sent updates:" section
This section shows statistics for Delta Sync updates sent by this Cluster Member to its peer Cluster Members.
Field |
Description |
|---|---|
Total generated sync messages |
Shows how many Delta Sync updates were generated. This counts the Delta Sync updates, Retransmission Requests, Retransmission Acknowledgments, and so on). |
Sent retransmission requests |
Shows how many times this Cluster Member asked its peer Cluster Members to retransmit specific Delta Sync update(s). Retransmission requests are sent when certain Delta Sync updates (with a specified sequence number) are missing, while the sending Cluster Member already received Delta Sync updates with advanced sequences. Note - Compare the number of Sent retransmission requests to the Total generated sync messages of the other Cluster Members. A large counter's value can imply connectivity problems. If the counter's value is unreasonably high (more than 30% of the Total generated sync messages of other Cluster Members), contact Check Point Support equipped with the entire output and a detailed description of the network topology and configuration. |
Sent retransmission updates |
Shows how many times this Cluster Member retransmitted specific Delta Sync update(s) at the requests from its peer Cluster Members. |
Peak fragments per update |
Shows the peak amount of fragments in the Fragments Queue on this Cluster Member (usually, should be 1). |
The "Received updates:" section
This section shows statistics for Delta Sync updates that were received by this Cluster Member from its peer Cluster Members.
Field |
Description |
|---|---|
Total received updates |
Shows the total number of Delta Sync updates this Cluster Member received from its peer Cluster Members. This counts only Delta Sync updates (not Retransmission Requests, Retransmission Acknowledgments, and others). |
Received retransmission requests |
Shows how many retransmission requests this Cluster Member received from its peer Cluster Members. A large counter's value can imply connectivity problems. If the counter's value is unreasonably high (more than 30% of the Total generated sync messages on this Cluster Member), contact Check Point Support equipped with the entire output and a detailed description of the network topology and configuration. |
The "Queue sizes (num of updates):" section
This section shows the sizes of the Delta Sync queues.
Field |
Description |
|---|---|
Sending queue size |
Shows the size of the cyclic queue, which buffers all the Delta Sync updates that were already sent until it receives an acknowledgment from the peer Cluster Members. This queue is needed for retransmitting the requested Delta Sync updates. Each Cluster Member has one Sending Queue. Default: 512 Delta Sync updates, which is also the minimal value. |
Receiving queue size |
Shows the size of the cyclic queue, which buffers the received Delta Sync updates in two cases:
Each Cluster Member has one Receiving Queue. Default: 256 Delta Sync updates, which is also the minimal value. |
Fragments queue size |
Shows the size of the queue, which is used to prepare a Delta Sync update before moving it to the Sending Queue. Notes:
Default: 50 Delta Sync updates, which is also the minimal value. |
The "Timers:" section
This section shows the Delta Sync timers.
Field |
Description |
|---|---|
Delta Sync interval (ms) |
Shows the interval at which this Cluster Member sends the Delta Sync updates from its Sending Queue. The base time unit is 100ms (or 1 tick). Default: 100 ms, which is also the minimum value. |
The "Reset on XXX (triggered XXX)" section
Shows the date and the time of last statistics reset.
In parentheses, it shows how the last statistics was triggered - manually, or by fullsync.