IP Test

This test monitors the IP (Internet Protocol) traffic on the ADC appliance, measures the current IP load on the ADC device, and promptly captures IP-related anomalies.

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the ADC appliance being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the ADC Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Data received

Indicates the amount of IP data received during the last measurement period.

MB

 

Data transmitted

Indicates the amount of IP data transmitted during the last measurement period.

MB

 

Packets transmitted

Indicates the IP packets transmitted during the last measurement period.

Number

Packets received

Indicates the number of IP packets received during the last measurement period.

Number

Routed IP packets

Indicates the number of IP packets that were routed during the last measurement period.

Number

 

Routed IP data

Indicates the amount of IP data that was routed during the last measurement period.

Mbits

 

IP fragments received

Indicates the number of IP packet fragments received during the last measurement period.

Number

The Internet Protocol (IP) implements fragmentation, so that packets may be formed that can pass through a link with a smaller maximum transmission unit (MTU) than the original datagram size.

IP fragments received by the ADC appliance will have to be reassembled by the appliance before they are forwarded to the virtual server they are meant for. IP fragmentation and reassembly operations can cause the ADC appliance to incur heavy overheads. To alleviate this, you can enable the Path MTU discovery algorithm of the Netcaler apliance for dynamically learning the MTU (Maximum Transmission Unit) of any Internet path. The discovered Path MTU is then used by the TCP/IP stack on the ADC to create packets of this size (or smaller). Path MTU Discovery is disabled by default.

IP packets successful reassembly

Indicates the number of IP packets that were successfully reassembled by the ADC appliance during the last measurement period.

Number

IP fragments received by the ADC appliance will have to be reassembled by the appliance before they are forwarded to the virtual server they are meant for. Ideally therefore, the value of this measure should be high. A low value indicates too many reassembly failures. This can occur when there is a checksum failure, an identification field mismatch, or when one of the fragments is missing.

IP packets attempts to reassembly

Indicates the number of fragmented IP packets that the ADC attempted to reassemble during the last measurement period.

Number

 

IP address lookups

Indicates the number of IP address lookups performed by the ADC during the last measurement period.

Number

When an IP packet is received on a non-established session, the ADC checks if the destination IP address is one of the ADC owned IP addresses. The ADC-owned IP Addresses—ADC IP Address (NSIP), Virtual IP Addresses (VIPs), Subnet IP Addresses (SNIPs), Mapped IP Addresses (MIPs), and Global Server Load Balancing Site IP Addresses (GSLBIPs)—exist only on the ADC appliance. The NSIP uniquely identifies the ADC on your network, and it provides access to the appliance.

The IP address lookup failure occurs when the destination IP address of the packet does not match any of the ADC owned IP addresses.

Naturally therefore, the value of IP address lookup failures measure should be very low.

IP address lookup failures:

Indicates the number of IP address lookups that failed during the last measurement period.

Number

Percent of IP address lookup success

Indicates the percentage of IP address lookups that were successfully performed by the ADC during the last measurement period.

Percent

 

 

A high value is desired for this measure.

Percent of IP address lookup failure

Indicates the percentage of IP address lookups that failed during the last measurement period.

Percent

The IP address lookup failure occurs when the destination IP address of the packet does not match any of the ADC owned IP addresses.

The value of this measure is computed using the following formula:

(IP address lookup failures/IP address lookups) * 100.0

A low value is is desired for this measure.

UDP fragments forwarded

Indicates the number of UDP fragments that were forwarded to the client or server during the last measurement period.

Number

 

TCP fragments forwarded

Indicates the number of TCP fragments that were forwarded to the client or server during the last measurement period.

Number

 

Fragmented packets created

Indicates the number of UDP fragments that were forwarded to the client or server during the last measurement period.

Number

 

Bad IP checksum

Indicates the number of IP packets that were received with IP checksum error during the last measurement period.

Number

 

Unsuccessful reassambly

Indicates the number of received IP packets that could not be reassembled during the measurement period.

Number

IP fragments received by the ADC appliance will have to be reassembled by the appliance before they are forwarded to the virtual server they are meant for. Ideally therefore, the value of this measure should be low. A high value indicates too many reassembly failures. This can occur when there is a checksum failure, an identification field mismatch, or when one of the fragments is missing.

Reassembled data too big

Indicates the number of IP packets whose data length exceeds the Ethernet packet data length of 1500 bytes after being reassembled by the ADC during the last measurement period.

Number

 

Zero fragment length received

Indicates the number of IP packets that were received with a fragment length of 0 bytes during the last measurement period.

Number

 

Duplicate fragments received

Indicates the number of duplicate IP fragments received during the last measurement period.

Number

This can occur when the acknowledgement was not received within the expected time.

Out of order fragments received

Indicates the number of IP fragments that were received in out of order condition during the last measurement period.

Number

When a datagram is fragmented, each fragment becomes its own datagram and is routed to the ADC independently of any other datagrams. This is why, the original datagram often arrives at the ADC out of order.

Unknown destination received

Indicates the number of IP packets received with the destination IP address not reachable or not owned by the ADC during the last measurement period.

Number

Ideally, the value of this measure should be 0.

Bad transport

Indicates the number of packets received in which the protocol specified in the IP header is unknown to the ADC during the last measurement period.

Number

Ideally, the value of this measure should be 0.

VIP down

Indicates the number of IP packets received by the ADC when the Virtual IP (VIP) is down during the last measurement period.

 

A VIP is a public IP address to which a client sends requests.

The ADC receives these request packets when all the services bound to the VIP are down or the VIP is manually disabled.

Fix header failure

Indicates the number of received packets with errors in one or more fields of the IP header during the last measurement period.

Number

Ideally, this value should be 0.

Time-to-live expired during transit

Indicates the number of packets for which the time-to-live (TTL) expired during transit during the last measurement period.

Number

These packets are dropped.

Max Non-TCP clients

Indicates the  total number of times during the last measurement period ADC tried to open a new connection to a service having maximum number of allowed open client connections.

Number

 

Unknown services

Indicates the number of IP packets received on a port or service that is not configured for the ADC during the last measurement period.

Number

 

Land-attack packets received

Indicates the number of Land-attack packets received by the ADC during the last measurement period.

Number

The Land-attack packets are spoofed packets that are designed to attack systems. A Land Attack consists of a stream of TCP SYN packets that have the source IP address and TCP port number set to the same value as the destination address and port number (i.e., that of the attacked host).

Invalid IP header size packets received

Indicates the number of IP packets received with an invalid header size during the last measurement period.

Number

The IP header size may be termed as invalid due to an invalid data length in the header or when the value in the length field and the actual data length does not match.

Invalid IP packet size received

Indicates the number of IP packets received by the ADC with invalid packet size during the last measurement period.

Number

 

Truncated IP packet received

Indicates the number of truncated IP packets received during the last measurement period.

Number

An overflow in the routers along the path can truncate the IP packets.

Truncated Non-IP packets received

Indicates the number of truncated non-IP packets received during the last measurement period.

Number

 

Zero next hop

Indicates the number of IP packets received with a 0 value in the next hop field during the last measurement period.

Number

These packets are dropped.

Packets with length greaterthen 1514 received

Indicates the number of IP packets received with a length greater than the normal MTU (maximum transmission unit) of 1514 bytes during the last measurement period.

Number

 

Packets with bad MAC sent

Indicates the number of IP packets transmitted with a bad MAC address during the last measurement period.

Number