More discussions in Orion Network Performance MonitorWhere is this place located?
1 Reply Latest reply: Feb 21, 2012 11:24 AM by JustinY RSS

Cisco monitor crypto engine?

JustinY
JustinY Feb 14, 2012 11:30 AM
Currently Being Moderated

Hi there,

I have a whole bunch of 2811s that I am sending almost 100% of our traffic through the onboard crypto engine.  I have some sites with more bandwidth than others and I need to monitor the crypto engine to determine if its overloaded/dropping packets.  I also have 7200s with SA-VAM2+ doing the same thing.

It would be great if this could be collected via snmp but the only way I have found is via the command "show crypto engine accelerator statistic"

show crypto engine accelerator statistic
Device: NETGX
Location: Onboard: 0
:Statistics for encryption device since the last clear
of counters 3432641 seconds ago
808722334 packets in 808650062 packets out
368108617535 bytes in 367973730758 bytes out
235 paks/sec in 235 paks/sec out
857 Kbits/sec in 857 Kbits/sec out
389962806 packets decrypted 418687256 packets encrypted
127542676560 bytes before decrypt 240338168075 bytes encrypted
108835368258 bytes decrypted 259138362784 bytes after encrypt
0 packets decompressed 0 packets compressed
0 bytes before decomp 0 bytes before comp
0 bytes after decomp 0 bytes after comp
0 packets bypass decompr 0 packets bypass compres
0 bytes bypass decompres 0 bytes bypass compressi
0 packets not decompress 0 packets not compressed
0 bytes not decompressed 0 bytes not compressed
1.0:1 compression ratio 1.0:1 overall
Last 5 minutes:
158594 packets in 158506 packets out
528 paks/sec in 528 paks/sec out
1420127 bits/sec in 1422918 bits/sec out
18559180 bytes decrypted 29269415 bytes encrypted
501599 Kbits/sec decrypted 791065 Kbits/sec encrypted
1.0:1 compression ratio 1.0:1 overall
pkts dropped: 72272
fw_failure: 0 invalid_flow: 0 netgx sessions: 2
ownership_err: 0 null_data: 0 reqId mismatch: 0
fw_qs_filled: 0 fw_resource_lock:0
tx_hi_drops: 0 pak_too_big: 0
pak_mp_length_spec_fault: 0
Interrupts: Notify = 0, Reflected = 0, Spurious = 0
ring limit:64 current desc used: 0 current ring index: 34
wait session queue: 0 msg session buf queue: 1024
So I really want to see this somewhere that I can create an alert on it and add it to my dashboard.  Unfortunatly I dont think there is any easy way to determine the "Load" on the crypto engine.  From my understanding though if its dropping packets its overloaded.
  • 151 Views
  • Re: Cisco monitor crypto engine?
    JustinY
    JustinY Feb 21, 2012 11:24 AM (in response to JustinY)
    Currently Being Moderated

    Anyone?

    I need to monitor when packets are being dropped due to the crypto accelerator not being able to handle the traffic.  This stat is not exposed via SNMP so I am going to need to poll via a script or something then compare it to the previous query to determine if there have been any additional packets lost.  If so I have to trigger an alert.

    This is the output of the command I need to monitor. 
    show cry engine acc statistic | i dropped
            pkts dropped:      113701

    The Universal Device Poller will not work because this is not accessible via SNMP.

    Is there any other way to monitor this?

    Thanks.

Actions

More Like This

  • Retrieving data ...