show app tcp-opt—Display information about TCP-optimized flows (on vEdge routers only).
show app tcp-opt (active-flows | expired-flows)
show app tcp-opt summary
- Active Flows
Display information about active TCP-optimized flows.
- Expired Flows
Display information about expired TCP-optimized flows.
- Flow Summary
Display a summary of the TCP-optimized flows.
- Expiration Reason
Why a flow expired or was deleted:
• Closed—For an optimized flow, the TCP proxy terminated the session, either because a three-way FIN termination occurred or because a TCP reset (RST) control message was received.
• FIN—For an unoptimized (passthrough) flow, the TCP session terminated normally, because a FIN control message was received, followed by a FIN-ACK control message.
• Inactive-Timeout—For an unoptimized (passthrough) flow, no packet flow occurred for a long time on the TCP session, and the vEdge router de-allocated its resources for the session.
• RST—For an unoptimized (passthrough) flow, the TCP session terminated abnormally, because either the client or the server sent a TCP reset (RST) control message
• State-Timeout—The TCP flow was terminated prematurely, either because the router did not receive an ACK in response to a SYN-ACK or because the router was using a very large amount of CPU and could not process the new connection request.
- Optimization Failure Reason
- Unopt Reason
For an unoptimized flow, why the flow was not optimized:
• INIT-CONN-LIMIT—The flow was created during a period when the router was establishing an excessive number of connections per second, probably during a packet burst, and the number of flows exceeded the router's threshold level. After this threshold is reached, all new flows are created as unoptimized (passthrough) flows. When the number of INIT requests decreases to below the threshold level, the router again attempts to optimize the flows.
• INIT-TIMEOUT—The overlay network control plane took too much time to respond to the new flow, and the flow was created as an unoptimized (passthrough) flow.
• OPT-CONN-LIMIT—The vEdge router reached its time limit for establishing a connection.
• THIRD-SYN—Before the flow could be optimized, the vEdge router received a third SYN control message from the client, and as a result, it created the flow as an upoptimized (passthrough) flow.
- Proxy Identity
- Identity of the proxy:
• Client-Proxy—vEdge router closer to the client. The client is the party initiating the TCP flow.
• Server-Proxy—vEdge router closer to the server. The client is the party listening to the TCP flow.
- TCP State
- tcp-state—State of the flow:
• Expired—Data transfer for an optimized or unoptimized flow is complete, and the data flow will shortly be aged out.
• In Progress—The flow is in the process of being optimized, and data transfer has not yet begun.
• Optimized—The flow has been optimized, and data transfer for the flow is in progress.
• Passthrough—The flow has not been optimized, but data transfer for the flow is in progress.
The remaining output fields are self-explanatory.
Display information about active and expired TCP-optimized flows:
vEdge# show app tcp-opt active-flows app tcp-opt active-flows vpn 1 src-ip 10.20.24.17 dest-ip 10.20.25.18 src-port 53723 dest-port 22 start-time "Fri Mar 17 13:21:02 2017" egress-intf-name loop0.3 ingress-intf-name ge0_4 tx-bytes 153 rx-bytes 64 tcp-state "In progress" proxy-identity Client-Proxy vEdge# show app tcp-opt expired-flows app tcp-opt expired-flows 1489781786360 vpn 1 src-ip 10.20.24.17 dest-ip 10.20.25.18 src-port 53722 dest-port 22 start-time "Fri Mar 17 13:16:26 2017" end-time "Fri Mar 17 13:17:51 2017" tx-bytes 4113 rx-bytes 4333 tcp-state Optimized proxy-identity Client-Proxy del-reason Closed
Command introduced in Viptela Software Release 17.2.