Monitoring Cisco Content Services Switch Using ehealth

Transcription

1 Focus Topic April 2006 Monitoring Cisco Content Services Switch Using ehealth The Cisco CSS Series Content Services Switch (CSS) is a layer 7 switch which routes messages to devices based on message content, going well beyond traditional routing based on layer 3 packet headers. The switch is useful for tasks like load balancing and adapting to server failure. The ehealth Suite now offers enhanced support for the switches. You can monitor them using the ehealth system to ensure that your service is performing as expected. When performance does not meet expectations, ehealth reports can help you pinpoint the cause of the problem. Support for the Cisco switch described in this topic is available with ehealth Release 5.7 Patch 2 and later. ehealth s Solution for Cisco Content Services Switch This topic describes how to actively monitor the Cisco switch using ehealth reports. It contains the following sections: License and Software Requirements lists the release requirements, third party support, ehealth licensing information, and discovery information. Element Overview describes the elements and their naming conventions that ehealth monitors. Reports describes how to run At-a-Glance, Trend, and Top N reports for Cisco switches. Live Exceptions Monitoring describes how profiles monitor Cisco switches. Reference Information provides lists of supported Trend and Top N variables and At-a-Glance charts. Further Information describes how to obtain an ehealth Element Variable report for the Cisco switch. License and Software Requirements ehealth provides support for Cisco switches running software versions 7.20 and later. Cisco switches need to be explicitly configured with policies and rules that route transactions to appropriate servers. Discovery To discover Cisco CSS elements, you use the Router mode and Application mode in the Discover dialog box. If you discover the Cisco elements using the Application mode and subsequently the router elements using Router mode, the CSS elements will not be associated with the router elements. Correct this by rediscovering the elements using both modes. The switch element uses the standard ehealth licensing model; each switch element consumes one license.

2 Element Overview Monitoring Cisco Content Services Switch Using ehealth Figure 1. Cisco CSS Data Model Figure 1 illustrates the ehealth model for the Cisco switch. The nonshaded elements represent the CSS application features and the traditional router elements are represented by the shaded elements. Elements The following describes each of the Cisco switch elements: CSS - Represents the entire device and contains box-wide flow statistics. There is a single element for each CSS device. Buffer Pool - Represents statistics associated with a buffer pool. There can be as many as 2 buffer pools per subslot. Content Rule - Represents a single content rule. There is one element per content rule. DOS Attacks - Tallies various categories of denial-of-service (DOS) attacks. There is a single element for the entire device. Group - Represents a collection of local servers that are capable of initiating flows viewed as a single virtual server with its own IP address. There is one element for each group. An element group differs from the ehealth concept of a group as a collection of monitored elements. Service - Represents a server to which connections are forwarded. There is one element per service. Service Content Rule - Represents content rule statistics broken down by service. There is one element per content rule per relevant service. Subslot/Resources - Represents resource consumption associated with a single subslot. The number of elements equals the number of subslots. Since each slot can have as many as 8 subslots, there can be as many as 14 * 8 = 112 subslots on the device. Slot/Flow Stats - Represents a slot on the device and contains per-slot flow statistics. The number of elements equals the number of slots, up to 14. This element is supported by Cisco software versions 7.50 and later only. Element Naming Conventions ehealth offers the following conventions for naming elements: Router: routerid-ah CSS Element: routerid-ah-css Buffer Pool Element: routerid-ah-css-poolslotnumber-subslotnumber-bufferpoolnumber Content Rule Element: routerid-ah-css-ruleruleowner-rulename DOS Attacks Element: routerid-ah-css-dos Group Element: routerid-ah-css-groupgroupname Service Element: routerid-ah-css-serviceservicename Service Content Rule Element: routerid-ah-css- SCR-ruleOwner-ruleName-serviceName Slot/Flow Stats Element: routerid-ah-cssslotnumber Subslot/Resources Element: routerid-ah-css- Subslot-slotNumber-subSlotNumber 2

3 Live Exceptions Monitoring ehealth offers two default Live Exceptions profiles to monitor Cisco switches. Apply these profiles to groups (or group lists) that contain these elements in order to raise alarms for failures and unusual workload: The Cisco CSS - Failure profile contains Time over Threshold rules to indicate when there are too many switch failures. This can indicate: availability problems, any DOS attacks, subslot CPU utilization is too high, or buffer use is too high. The Cisco CSS - Unusual Workload profile uses Deviation from Normal rules to indicate unusually large number of content rule requests and flows per second boxwide. The profile can help show sudden and unexpected growth in capacity. Reports ehealth offers Top N, Trend, and At-a-Glance reports for Cisco switches. Use these reports to gain insight into the performance of your switches. At-a-Glance reports contain a set of pre-defined charts that provide insight into the performance of the elements. Review Table 1 on page 5 for a list of At-a- Glance charts that appear for each element. You can use the At-a-Glance reports to compare variables and look for combinations of problems that could indicate problem sources. From At-a-Glance charts, you can drill down to Trend reports and view performance data in greater detail. The ehealth software supports drill downs between the At-a-Glance reports associated with the switch elements. This allows you to navigate to a higher or lower view for a resource, and enables you to review the performance of related elements. Also, the linking capabilities between At-a-Glance reports follow the element hierarchy as shown in Figure 1., where each element can drill down to its subordinate element or drill up to its superordinate element. Trend reports allow you to view more granular data on a particular performance variable or set of variables for an element. You can also view trends over time from both At-a-Glance and Trend reports. Top N reports provide information on groups of elements. These reports use the same variables as Trend reports, but in addition they offer variables such as peak values. You use this report type when you want to compare variables for multiple elements in a group. When you run Top N reports, you select a group of elements and the variables that you want ehealth to compare for each element in that group. Sample At-a-Glance Report When you run At-a-Glance reports for Cisco switch devices and you choose a Technology, select App Service. This At-a-Glance report displays several charts for the 360:4186 Subslot element. The charts show the percentage of Submobile Availability, CPU utilization, and the Available System Heap Memory in the previous 24 hours. 3

4 Sample Trend Report When you run a Trend report for an element, you can select up to 10 variables. For instructions on accessing the most current list of Trend and Top N variables for each element, refer to the Trend and Top N Variables section on page 5. This Trend report shows that the percentage of average CPU utilization remained consistent over a one hour period. Sample Top N Report When you run a Top N report, you select a group of elements for which you want to view common values, and then select up to six variables for comparison. The sample Top N report displays the percentage of average CPU utilization for the Cisco switch elements in the selected group. 4

5 Reference Information This section lists the following: How to access current Trend and Top N variables for the Cisco CSS elements. Supported At-a-Glance charts that gauge the performance of each Cisco CSS element over a specified time period. Accessing Trend and Top N Variables You can use the ehealth Element Variable Report (available from the ehealth Web interface Organization Page) to obtain details about supported Trend and Top N variables. This sample Element Variable Report shows the Trend variables for a Cisco switch element. It shows how ehealth combines and evaluates the MIB variables to obtain the data for each Trend variable for the element. At-a-Glance Charts Table 1. At-a-Glance Charts for the Cisco CSS Elements (Sheet 1 of 2) Element Charts Element Charts Buffer Pool Buffer Failures /sec Buffer Pool Low Threshold Count Content Rule Average Load, Local Services Bytes Passed /sec Drops /sec Frames Passed /sec Primary Sorry Server Hits /sec Redirects /sec Rejects /sec, no service Rejects /sec, service overload Rule Hits /sec Secondary Sorry Server Hits /sec CSS Box-Wide Active Flows Box-Wide Dropped Flows /sec Box-Wide Hits /sec Box-Wide TCP Flows /sec Box-Wide Total Flows /sec Box-Wide UDP Flows /sec Subslot CPU Utilization DOS Attacks Denial of Service Attacks /sec Denial of Service Illegal Destination xxattacks /sec Denial of Service Illegal Source xxattacks /sec Denial of Service LAND Attacks / xxsec Denial of Service Port 0 Attacks /sec Denial of Service Smurf Attacks /sec Denial of Service SYN Attacks /sec 5

6 Table 1. At-a-Glance Charts for the Cisco CSS Elements (Sheet 2 of 2) Element Charts Element Charts Group Bytes Passed /sec Connections /sec Current Connections Current FTP Control Connections Group Uses /sec Frames Passed /sec FTP Control Connections /sec Service Availability (%) Average Load Average Response Time (msec) Current TCP Connections Load, Long Lived Flows Load, Short Lived Flows State Transitions /sec Service Content Rule Service Bytes Passed /sec Service Frames Passed /sec Service Rule Hits /sec Slot/Flow Stats Active Flows Dropped Flows /sec Hits /sec TCP Flows /sec Total Flows /sec UDP Flows /sec Subslot/Resources Available System Heap Memory xx(bytes) CPU Utilization (%) Submodule Availability (%) System Heap Chain Depth Copyright 2006 CA. All rights reserved. 6