Professional Documents
Culture Documents
Webinar Series
In-depth Troubleshooting on NetScaler
using Command Line Tools
27 March 2014
Andrew Sandford
Senior Readiness Specialist, Worldwide Support Readiness EMEA
Agenda
NetScaler CLI recap
Whats my NetScaler?
How is my NetScaler configured?
Whats my NetScaler doing?
Time for Technical Support?
Q&A
2014 Citrix | Confidential Do Not Distribute
NetScaler CLI
Recap
>help <command>
>man <command>
>set cli prompt %u@%h-%T
>set cli mode -color ON
# tar
# head
# less
# more
# cat
# zcat
# ls
# find
2014 Citrix | Confidential Do Not Distribute
Whats my NetScaler?
Whats my NetScaler?
> show version
> show ns hostname
> show hardware
> show interface summary
>stat ssl
#sysctl a netscaler | more
2014 Citrix | Confidential Do Not Distribute
nstipster
show hardware
> show hardware
Platform: NSMPX-10500 8*CPU+2*E1K+8*E1K+2*IX+8*CVM
1620 760100
Manufactured on: 10/7/2010
CPU: 2832MHZ
Host Id: 1234567890
Serial no: M123456789
Encoded serial no: M123456789
2014 Citrix | Confidential Do Not Distribute
MTU
MAC
Suffix
-------------------------------------------------------------------------------1
0/1
1500
00:25:90:12:eb:5a
0/2
1500
00:25:90:12:eb:5b
1/1
1500
00:e0:ed:1a:24:97
1/2
1500
00:e0:ed:1a:24:96
1/3
1500
00:e0:ed:1a:24:95
1/4
1500
00:e0:ed:1a:24:94
1/5
1500
00:e0:ed:1a:24:a3
1/6
1500
00:e0:ed:1a:24:a2
1/7
1500
00:e0:ed:1a:24:a1
10
1/8
1500
00:e0:ed:1a:24:a0
11
10/1
1500
00:1b:21:77:c0:35
12
10/2
1500
00:1b:21:77:c0:34
13
LO/1
1500
00:25:90:12:eb:5a
stat ssl
> stat ssl
SSL Summary
# SSL cards present
# SSL cards UP
System
Transactions
Rate (/s)
Total
SSL transactions
301
SSLv2 transactions
SSLv3 transactions
TLSv1 transactions
301
sysctl
# sysctl -a netscaler
netscaler.developer: 0
netscaler.descr:
NetScaler Virtual Appliance 3G
netscaler.recovery: 0
netscaler.num_pe_running:
1
netscaler.sysid: 450000
netscaler.serial: 98310000cb254307ee78
netscaler.version:
NetScaler NS10.1: Build
netscaler.descr: NetScaler Virtual Appliance 3G
124.13.nc,
Date: Feb 20 2014, 18:53:27
netscaler.num_pe_running: 1
netscaler.model:
netscaler.version: NetScaler3000
NS10.1: Build 124.13.nc, Date: Feb 20 2014, 18:53:27
netscaler.model: 3000
netscaler.vmpe_max_cpus:
2
netscaler.vmpe_max_cpus: 2
netscaler.nCore:
1
netscaler.Classic: 0
netscaler.nCore: 1
2014 Citrix | Confidential Do Not Distribute
How is my NetScaler
configured?
show ip
> show ip
Ipaddress
TD
Type
Mode
Arp
Icmp
Vserver
State
---------
--
----
----
---
----
-------
------
1)
192.168.196.45
Enabled
NetScaler IP
Active
Enabled
Enabled
NA
2)
192.168.196.146
Enabled
SNIP
Active
Enabled
Enabled
NA
3)
192.168.196.147
Enabled
VIP
Active
Enabled
Enabled
Enabled
4)
22.22.22.2
VIP
Active
Enabled
Enabled
Enabled
Enabled
5)
192.168.100.44
SNIP
Active
Enabled
Enabled
NA
Enabled
6)
192.168.1.2
SNIP
Active
Enabled
Enabled
NA
Enabled
7)
192.168.196.148
Enabled
VIP
Active
Enabled
Enabled
Enabled
show feature
> show feature
Feature
Acronym
Status
-------
-------
------
1)
Web Logging
WL
ON
2)
Surge Protection
SP
OFF
3)
Load Balancing
LB
ON
4)
Content Switching
CS
ON
5)
Cache Redirection
CR
OFF
6)
Sure Connect
SC
ON
8)
Priority Queuing
PQ
ON
9)
SSL Offloading
SSL
ON
10)
GSLB
ON
11)
HDOSP
OFF
12)
Content Filtering
CF
ON
13)
Integrated Caching
IC
OFF
19)
Rewrite
REWRITE
ON
show ns mode
> show ns mode
Mode
Acronym
Status
-------
-------
------
1)
Fast Ramp
FR
ON
2)
Layer 2 mode
L2
OFF
3)
Use Source IP
USIP
OFF
4)
Client Keep-alive
CKA
OFF
5)
TCP Buffering
TCPB
OFF
6)
MAC-based forwarding
MBF
OFF
7)
Edge configuration
Edge
ON
8)
Use Subnet IP
USNIP
ON
9)
L3
ON
10)
PMTUD
ON
16)
Bridge BPDUs
BridgeBPDUs
OFF
show info
> show info
NetScaler NS10.1: Build 124.13.nc, Date: Feb 20 2014,
18:53:27
NetScaler IP: 192.168.47.6
(mask: 255.255.240.0)
NW FWMODE: NOFIREWALL
Number of MappedIP(s): 0
Node: Secondary (Primary is 192.168.47.1)
System Time: Thu Mar 27 08:52:06 2014
Last Config Changed Time: Thu Mar 27 07:52:50 2014
Last Config Saved Time: Tue Mar 25 13:28:21 2014
2014 Citrix | Confidential Do Not Distribute
Whats my NetScaler
doing?
#top/nsppe
> shell top
last pid: 13825;
60 processes:
load averages:
1.00,
1.04,
1.02
up 1+19:48:58
08:38:17
2 running, 58 sleeping
Mem: 99M Active, 51M Inact, 1492M Wired, 15M Cache, 165M Buf, 2564K Free
Swap: 4500M Total, 12K Used, 4500M Free
PID USERNAME
SIZE
814M
100%
RES STATE
815M CPU1
TIME
WCPU COMMAND
50185 root
44
11834 nobody
0:02
0.05% httpd
50206 root
1:03
0.00% nsaggregator
50251 root
0 30504K
7964K kqread 0
0:47
0.00% nsconfigd
44 root
0 15880K
1828K kqread 0
0:21
0.00% pitboss
995 root
0:13
0.00% httpd
987 root
96
50188 root
3668K
876K select 0
0:11
0.00% syslogd
0 59184K
9016K kqread 0
0:10
0.00% nsnetsvc
#ps ax | more
root@ns# ps -ax | more
PID
TT
STAT
TIME COMMAND
??
WLs
0:00.44 [swapper]
??
ILs
0:00.09 /sbin/init --
??
DL
0:02.35 [g_event]
??
DL
0:09.00 [g_up]
??
DL
0:02.21 [g_down]
??
DL
0:00.00 [xpt_thrd]
??
DL
0:00.00 [acpi_task_0]
??
DL
0:00.00 [acpi_task_1]
??
DL
0:00.00 [acpi_task_2]
??
DL
10
??
RL
--More(byte 933)
2014 Citrix | Confidential Do Not Distribute
IP related
> show route
> show ip
> show dns addrec
-type proxy
# ping
# traceroute
# telnet
2014 Citrix | Confidential Do Not Distribute
Netmask
Gateway/OwnedIP
State
TD
-------
-------
---------------
-----
--
0.0.0.0
0.0.0.0
192.168.32.1
255.0.0.0
127.0.0.1
Type
---1)
STATIC
2)
127.0.0.0
PERMANENT
3)
192.168.32.0
255.255.240.0
UP
UP
192.168.47.1
UP
DIRECT
4)
172.16.200.0
STATIC|ADV
255.255.255.0
192.168.47.2
UP
Load Balancing
show lb vserver
> show lb vserver
LB_RGB
- HTTP
1)
LB_RGB (192.168.47.3:80)
(192.168.47.3:80) - HTTP
Type: ADDRESS
Type: ADDRESS
State: UP
State:
UP change was at Wed Aug 14 09:17:14 2013
Last state
Time since last state change: 0 days, 00:30:42.140
Client
Idle Timeout: 180 sec
Effective State: UP
Client Idle
Timeout: ENABLED
180 sec
Down state
flush:
Down state flush: ENABLED
Disable
Primary
Vserver
On: DISABLED
Down : DISABLED
Disable
Primary Vserver
On Down
Appflow logging: ENABLED
Appflow
logging: ENABLED
Port Rewrite : DISABLED
Port Rewrite
No. of Bound :
Services
DISABLED
: 1 (Total)
Configured Method: ROUNDROBIN
No. of
Bound Services :
Mode: IP
1 (Active)
1 (Total)
1 (Active)
Persistence:
NONE
Configured
Method:
ROUNDROBIN
Vserver IP and Port insertion: OFF
Mode:IcmpResponse:
IP
PASSIVE
Warning:
Feature(s)
not OFF
enabled [LB]
Vserver
IP and
Port insertion:
2014 Citrix | Confidential Do Not Distribute
Type: ADDRESS
State: UP
Last state change was at Wed Aug 14 11:56:19 2013
Time since last state change: 0 days, 20:33:37.60
Effective State: UP
1) svc_blue
(192.168.196.62: 80) - HTTP State: UP Weight: 1
Client Idle Timeout: 180 sec
Down state flush: ENABLED
No. of Bound Services :
1 (Total)
1 (Active)
State:svc_blue
UP
(192.168.196.62:80) - HTTP
State: UP
1)
State:
Server Name: Blue
UP
14887
Weight: 1
Passive: 0
1)
Weight: 1
Passive: 0
Probes: 14887
show persistentSessions
> sh persistentSessions
Type
SRC-IP
PARAMETER
DST-IP
PORT
VSNAME
TIMEOUT
118
PERSISTENCE192.168.119.81
Authentication
How do I troubleshoot
deeper?
4 root
nobody
drwxr-xr-x
31 root
drwxrwxr-x
2 root
nobody
512 Oct
-rw-r--r--
1 root
nobody
2 Mar
wheel
512 Mar
1024 Dec
4 09:41 .
4 10:06 ..
8 21:28 1
4 09:36 bounds
# ls la 1/
total 10292
drwxrwxr-x
2 root
nobody
drwxrwxr-x
4 root
nobody
512 Mar
-rw-------
1 root
nobody
-rw-------
1 root
nobody
4 09:41 ..
/var/core
# cd /var/core/
# ls -la
total 14
drwxrwxr-x
6 root
nobody
drwxr-xr-x
30 root
drwxrwxr-x
2 root
nobody
-rw-r--r--
1 root
nobody
wheel
root@vpx1# ls 1/
NSPPE-00-1077.gz
nscac64p-1177.gz
nsnetsvc-1086.gz
aslearn-1148.gz
nscfsyncd-1158.gz
nsrised-1164.gz
imi-1129.gz
nsclfsyncd-1160.gz
provserverd-1162.gz
monuploadd-1154.gz
nsclusterd-1105.gz
snmpd-1152.gz
nsaaad-1131.gz
nsconfigd-1156.gz
nsaggregatord-1107.gz
nsfsyncd-1110.gz
Show commands
System
show node
show info
show license
Vserver/Service
show lb vserver
show cs vserver
show service
show persistencesession
show connectiontable
IP related
show route
show ip
show dns addrec
Diagnostic
2014 Citrix | Confidential Do Not Distribute
show techsupport
-type proxy
show node
> show node
Node
State:
NOT UP
1)
Node
ID:
0
IP:
2)
Node ID:
IP:
192.168.1.145 (NS145)
192.168.1.45
State: 1/4
DISABLED1/3 1/2 1/1
Master Enabled Interfaces : 1/8 1/7 1/6INC 1/5
Fail-Safe Mode: OFF
INC State: DISABLED
Propagation: ENABLED
Propagation: ENABLED
Enabled Interfaces : 1/8 1/7 1/6 1/5 1/4 1/3 1/2 1/1
HA MON ON Interfaces : 1/8 1/7 1/6 1/5 1/4 1/3 1/2 1/1
HA MON ON Interfaces
: 1/8 1/7 heartbeats
1/6 1/5 1/4 1/3 1/2 1/1
Interfaces
on which
are not Interfaces
seen :
1/8heartbeats
1/6 1/5
on which
are not1/4
seen : 1/3
1/8 1/6
Interfaces on which heartbeats are not seen : 1/8 1/6
1/5 1/4 1/3 1/2 1/1
1/2
1/5 1/4 1/1
1/3 1/2 1/1
Interfaces causing Partial Failure: 1/8 1/6 1/5 1/4 1/3
Interfaces causing Partial Failure: 1/8 1/6 1/5 1/4 1/3
1/1
1/2 1/1
Interfaces
causing Partial Failure:1/2 1/8
1/6 1/5 1/4 1/3 1/2 1/1
SSL Card Status: UP
SSL Card Status: UP
>
NetScaler Processes
Process
Description
Process
Description
nsppe
nsfsyncd
nsaaad
nsnetsvc
nsconf
nsumond
nslog.sh
nsconmsg
Controls writing of
newnslog
nssync
HA sync
nscollect
nsreadfile
imi/ripd/
nscrlrefresh
ospfd/bgpd
Routing processes
stat commands
>stat ns
>stat cpu
>stat interface
>stat lb vserver
>stat cs vserver
>stat service
>stat ssl
>stat dns
>stat http
2014 Citrix | Confidential Do Not Distribute
System
Entities
Protocols
stat ns
> stat ns
System overview
Up since
0.60
0.60
0.80
190
18.73
UP
Master state
Primary
# SSL cards UP
stat cpu
> stat cpu
CPU statistics
ID
Usage
0
2014 Citrix | Confidential Do Not Distribute
stat interface
> stat interface
Interface Summary
ID
IntfState
Rx Pkts
Tx Pkts
1/8
DOWN
1/7
DOWN
1/6
DOWN
1/5
DOWN
1/4
DOWN
1/3
DOWN
1/2
DOWN
1/1
UP
14476M
21813M
10/2
DOWN
10/1
DOWN
0/1
UP
32027M
18048M
0/2
DOWN
LO/1
UP
831255M
1218G
6624M
13125M
LA/1
DOWN
LA2
442178k 56718611
292060k 67610607
LACP Statistics
Interface [1/1]:
Interface State
Link uptime
Link downtime
LACPDUs received 0
LACPDUs transmitted
Error Statistics
UP
00:40:21
00:00:00
Throughput Statistics
Rate (/s) Total
Bytes received
42393 54497294
Bytes transmitted2584
20222135
Packets received 629 710246
Packets transmitted 47 69066
Packet Statistics
Rate (/s)
Multicast packets 18 41219
NetScaler packets
85 98954
Total
Rate (/s)
0
0
0
Total
Rate (/s)
Error packets received (hw)
0
0
Error packets transmitted (hw)0
0
Inbound packets discarded (hw)
0
0
Outbound packets discarded (hw) 0
0
Packets dropped in Rx (sw)
539 599904
Packets dropped in Tx (sw)
0
0
NIC hangs
-0
Status stalls
-0
Transmit stalls
-0
Receive stalls
-0
Error-disables
-0
Duplex mismatches -0
Link re-initializations
-0
MAC moves registered
0
0
Times NIC became muted
-0
Total
stat dns
> stat dns
Non-authoritative entries
Authoritative entries
98
DNS Statistics
Error Statistics
Nonexistent domain
Runtime Statistics
Dns queries
106983
102359
Multi queries
Dns responses
Stray answers
Incorrect RD length
Server responses
102334
Requests refused
Auth answers
102347
No answer responses
Server queries
Configuration Statistics
2014 Citrix | Confidential Do Not Distribute
102334
Other errors
stat http
Total
Total requests
6251
Total responses
5885
27
293191
286
1744835
Vserver hits
Bound
RequestsService(s) Summary
Responses
LB_RGB
vsvrIP
port
80IP
192.168.47.3
Hits/s
Request bytes
inactSvcs
LB_RGB
1 192.168.33.130
Response
bytes
svc_andrews
Total
0/sPackets rcvd
VirtualPackets
Server Statistics
Total
sent
Req
Total Packets
sent
Spill
Over Threshold
80
00
0
0
Hits
65
HTTP
188
DOWN
Total
--
Rsp/s Throughp
ClntConn
0
--
-- 0/s
--
-0 ActvTran
MaxConn
00
State
0 0
0/s
Total Packets
rcvd
Requests
in service's
surgeQs
actSvcs
Rsp
0
Requests
in vserver's
surgeQReuseP
Response bytes
SvrConn
Health
Type
0DOWN
Req/s
Requests
in surge queue
Request bytes
svc_andrews
port
HTTP
Rate (/s)
0
State
Protocol
---
0
0
0
0
65
188
SvrTTFB
Load
SurgeQ
0
Requests
Service Summary
Responses
svc_blue
IP
192.168.196.62
Request
bytes
Service Stats:
port
Type
80
Response bytes
865
855
22
67683
767
2304810
State
HTTP
UP
Rate (/s)
Requests
Total
865
855
--
22
67683
767
2304810
--
--
--
--
0
9
--
Connections
reuse pool
Current Server Estin
connections
---
--
Connections server
in reuse pool
Maximum
connections
--
0
0
--
Average
server
TTFB
Average server
TTFB
---
--
--
--
Current
client connections
Responses
Request bytes
Requests
in surge queue
Response bytes
Current
server
connections
Current client
connections
Current server connections
Current loadload
on the on
service
Current
the service
2014 Citrix | Confidential Do Not Distribute
# df -h
Filesystem
Size
Used
/dev/md0c
286M
245M
35M
88%
devfs
1.0K
1.0K
0B
100%
/dev
procfs
4.0K
4.0K
0B
100%
/proc
/dev/ad0s1a
1.4G
965M
368M
72%
/flash
/dev/ad0s1e
14G
3.1G
9.5G
24%
/var
Avail Capacity
Mounted on
/
Logs
Firmware
Crash Files
NetScaler Configuration
SSL Certificates
Monitor Scripts
License Files
NetScaler
NetScaler Binaries
Binaries
Packet
Packet Trace
Trace Files
Files
dmesg
root@ns# dmesg
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.3-NETSCALER-10.1 #0: Thu Feb 20 18:54:22 PST 2014
root@sjcpbldbsd6301.eng.citrite.net:/usr/obj/amd64/usr/home/build/rs_101_124_8/usr.src/sys/NS64
Preloaded elf kernel "/ns-10.1-124.13" at 0xffffffff930b3000.
Calibrating clock(s) ... i8254 clock: 1189606 Hz
CLK_USE_I8254_CALIBRATION not specified - using default frequency
Timecounter "i8254" frequency 1193182 Hz quality 0
Calibrating TSC clock ... TSC clock: 3325066248 Hz
CPU: Intel(R) Core(TM)2 Duo CPU
Origin = "GenuineIntel"
E8600
Id = 0x1067a
Stepping = 10
Features=0x789fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,MMX,FXSR,SSE,SSE2>
Features2=0x81282201<SSE3,SSSE3,CX16,<b19>,<b21>,<b24>,<b31>>
AMD Features=0x20000800<SYSCALL,LM>
AMD Features2=0x1<LAHF>
real memory
/var/log
# ls
auth.log
httperror.log
ns.log
auth.log.0.gz
httperror.log.0
ns.log.0
callhome.log
lastlog
nscollect.log
callhomedebug.log
license.log
nscollect_cl.log
cron
lpd-errs
nsvpn.log
cron.0.gz
maillog
nsvpnd.log
ctxslsboc.log
maillog.0.gz
ntpd.log
db
messages
security
httpaccess.log
messages.0
snmpd.log
httpaccess.log.0.gz
nitro.log
wicmd.log
httpd.scoreboard
nitro.log.0.gz
/var/nslog
# cd /var/nslog/
# ls
asl
lspci_tv.last
nsagg.conf
aslearn.log
lspci_tv.prev
nsagg.log
aslearn_old_db.tar.gz
lspci_vvvxxx.boot
nslog.nextfile
conmsg.log
lspci_vvvxxx.last
nsumond
dmesg.boot
lspci_vvvxxx.prev
nsumond.log
dmesg.last
newnslog
snmpdebug.log
dmesg.prev
newnslog.0.gz
lspci_tv.boot
ns.log
# cd newnslog
# ls
newnslog.ppe.0
2014 Citrix | Confidential Do Not Distribute
Troubleshooting Techniques
Use
cases
2014 Citrix | Confidential Do Not Distribute
View events
View console messages
View statistics
Debug system counters
Debug load balancing issues
Debug CPU/Memory utilization
nsconmsg examples
Live CPU related stats
<newnslog-filename> -d event
Archived events
current -g ha_cur_master_state
HA Failover cause
ConLb=2 -d oldconmsg
LB stats
ConCSW=2 -d oldconmsg
CS related counters
current -g pol_hits
Real-time policy hits
ConSSL=2 -d oldconmsg
SSL related counters
ConCMP=2 -d oldconmsg Compression related counters
# nsconmsg -K
# nsconmsg -d
# nsconmsg -s
# nsconmsg -s
# nsconmsg -d
# nsconmsg -s
# nsconmsg -s
Policy Hits
# cd /var/nslog/newnslog
# nsconmsg -K newnslog.ppe.0 -d current -g pol_hits
Displaying performance information
NetScaler V20 Performance Data
NetScaler NS10.1: Build 124.13.nc, Date: Feb 20 2014, 18:53:27
reltime:mili second between two records Fri Oct 25 09:45:52 2013
Index
rtime totalcount-val
0 3038060
1 3500159
15
Policy(__ESNS_PREBODY_POLICY)
15
2 pol_hits
2
0
15
Policy(__ESNS_POSTBODY_POLICY)
15
2 pol_hits
0 pol_hits Policy(CTX-LDAP)
1906
PPE-0 'interface(1/1)'
has been disabled
NetScaler3910
V20 Performance
Data
NetScaler
1907
1912
0 PPE-0 'server_svc_cfg_NSSVC_DNS_192.168.204.50:53(SVC_CTXANG_DNS1)'
DOWN Wed
seqno rtime event-message
event-time
Aug
1906 14
3910
12:27:25
PPE-0 'interface(1/1)'
2013
has been disabled
Wed Aug 14 12:27:16 2013
1907
1913
0 PPE-0 'server_svc_cfg_NSSVC_DNS_192.168.204.51:53(SVC_CTXANG_DNS2)' DOWN Wed
1908
7 PPE-0 MonServiceBinding_192.168.47.16:4739_(ping-default)(service_192.168.47.16_33554): DOWN; Last
Aug
14 12:27:25
2013
response:
Failure - Probe
timed out. Wed Aug 14 12:27:25 2013
1909
0 PPE-0 MonServiceBinding_192.168.224.5:53_(ping-default)(SVC_CTX_DNS1): DOWN; Last response: Failure - Probe
timed out. Wed Aug 14 12:27:25 2013
1910
0 PPE-0 MonServiceBinding_192.168.204.51:53_(ping-default)(SVC_CTXANG_DNS2):
1910
0 PPE-0 MonServiceBinding_192.168.204.51:53_(ping-default)(SVC_CTXANG_DNS2): DOWN; Last response: Failure DOWN;
Last response: Failure - Probe timed out. Wed Aug 14 12:27:25 2013
Probe timed out. Wed Aug 14 12:27:25 2013
1911
0 PPE-0
MonServiceBinding_192.168.204.50:53_(ping-default)(SVC_CTXANG_DNS1):
DOWN; Last response: Failure 1911
0 PPE-0
MonServiceBinding_192.168.204.50:53_(ping-default)(SVC_CTXANG_DNS1):
Probe timed out. Wed Aug 14 12:27:25 2013
DOWN;
Last response: Failure - Probe timed out. Wed Aug 14 12:27:25 2013
1912
1913
VIP(127.0.0.2:53:DOWN:WEIGHTEDRR):
Hits(0, 0/sec)
NetScaler NS10.1: Build 124.13.nc, Date: Feb 20 2014, 18:53:27
Mbps(0.00)
Pers(OFF) Err(0) SO(0) LConn_BestIdx: 1024
current time is Wed Aug 14 10:17:10 2013
Pkt(0/sec, 0 bytes) actSvc(0) DefPol(NONE)
NATSession: Cur(Tcp[0] Udp[1]
Icmp[0] Other[0])
override(0)
newlyUP(0)
------------------------------------------------------NATSession : Free(6552)A(6553)InUse(1)
IP Conflict
# cat /var/log/ns.log
Aug 14 12:39:11 <local0.info> 192.168.47.1
ipConflict (ipConflictAddr = 192.168.47.1,
sysIpAddress = 192.168.47.1)
Aug 14 12:39:42 <local0.info> 192.168.47.1 last
message repeated 169 times
Troubleshooting Techniques
HDD Issues
Flash Issues
Memory starvation
CPU starvation
Logging fails
/var missing
Config fails to save
Config saves partially
Sync fails
Device fails to boot
Dropped sessions
All services failing
All VIPS down
Degraded performance
show techsupport I
> show techsupport
show techsupport II
... copied 6 files from this directory.
Copying core files from /var/core ...(last 5 files created within the last week)
NSPPE core (2/NSPPE-00-1077.gz) file present! Skipping this file because of size
restrictions..
... copied 5 files from this directory.
Copying core files from /var/crash ...(last 5 files created within the last week)
... Nothing to copy...No files created within the last one week
Copying messages,ns.log,dmesg and other log files ....
Copying imported files and mapping files ...
Copying GSLB location database files ....
Archiving all the data into
"/var/tmp/support/collector_P_192.168.47.1_25Oct2013_11_12.tar.gz"....Done.
Created a symbolic link for the archive with /var/tmp/support/support.tgz
/var/tmp/support/support.tgz ---- points to --->
/var/tmp/support/collector_P_192.168.47.1_25Oct2013_11_12.tar.gz
If this node is part of HA pair, please run it on the other node also!!
2014 Citrix | Confidential Do Not Distribute
nstcpdump
Common syntax:
Nstrace.sh sz 0
Nstrace.sh sz 0 filter SOURCEIP
= 10.198.4.10 link enabled
Filter qualifiers and operators:
SOURCEIP, SOURCEPORT, DESTIP,
DESTPORT, SVCNAME, VSVRNAME,
STATE
==, eq, !=, neq, >, gt, <, lt, >=,
ge, <=, le, BETWEEN
Compound filters using || and &&
Common syntax:
Nstcpdump.sh X tcp port 80
Nstcpdump.sh w testcapture.cap
X src host 10.198.4.10 tcp port 80
Filter qualifiers and operators:
tcpdump standard
Packet Tracing
Nstcpdump.sh
Useful if traces are to be viewed on
standard output
Nstrace.sh
Useful for offline collection
nstrace.sh sz 0
Saves traces in /var/nstrace in cap format
nstrace.sh
# nstrace.sh --?
-h
- prints this message - exclusive option
nstrace - utility to start NetScaler packets trace
-nf
usage:
- number
of <number_of_files]
files to be generated
24)
nstrace.sh
[-h] [-nf
[-time <time>] in
[-m cycle
<mode>] (def.
[-nic <boolean>]
-time
-h
-sz
-time
-
-nf
-sz
- seconds
per file
(def. 3600)
(could
be an expression)
size
of the
captured
data
(bytes
from 60 to 1514)
- size of the captured data (bytes from 60 to 1514)
-m - 0=nstrace-format
- Capturing mode: sum of
the values (def.
18):
-tcpdump
(default)
or 1=tcpdump-format
-tcpdump - 0=nstrace-format (default) or 1=tcpdump-format
-name
-
- name
the trace
file
name
ofofthe
trace
file
-filter - Filter expression for nstrace. The maximum length of filter expression is 255 and it can of
-filter
- Filter
expression
nstrace. The maximum length of filter expression
following format:
<expression>
[<relop>for
<expression>]
-link
Log filtered
peer's format:
(linked connection's)
traffic.
Works only <expression>]
with -filter option
is
255- and
it canconnection's
of following
<expression>
[<relop>
-id
- ID for the trace file name for uniqueness. Should be used only with -name option
-link
- Log filtered connection's peer's (linked connection's) traffic. Works
-stop
- can be used to disable tracing (when 'nstrace.sh' is run in the background)
only
with
-filter
option
#
2014 Citrix | Confidential Do Not Distribute
Packet Tracing
nstrace.sh
Proprietary capture format
Native format captures more
information
Files are stored in /var/nstrace
Needs custom dissector in
Wireshark (1.6+)
nstcpdump.sh
TCPdump PCAP capture format
Useful for live capture from CLI
Option to write to a file
Most TCPdump options supported
Works in standard Wireshark
Trace analysis
nstrace.sh
Trace Analysis
Command
Purpose
# nstrace.sh
# nstrace.sh
-tcpdump 1
Begins to save the traces in the TCPDUMP format for a default 3600
seconds
# nstrace.sh
-tcpdump 1 -nic 1
Logs the traces (in TCPDUMP format) into separate log files based on
the NIC IDs
# nstrace.sh nf
<value>
# nstrace.sh time
<value>
# nstrace.sh -sz 0
# nstrace.sh m
Trace Analysis
Command
Purpose
# nstcpdump.sh
<type>
Possible types are host, net and port .If there is no type
qualifier host assumed
# nstcpdump.sh
<dir>
# nstcpdump.sh
<proto>
# nstcpdump.sh c
<value>
# nstcpdump.sh F I
r
# nstcpdump.sh w
nstcpdump.sh
# nstcpdump.sh --?
Setting 1000 pages (8000 KB) of trace buffers ...
Enabling all nic trace mode=6 ...
Done.
Done.
Done.
Done.
Trace analysis
Core Dumps/Crashes
4 root
nobody
drwxr-xr-x
31 root
drwxrwxr-x
2 root
nobody
512 Oct
-rw-r--r--
1 root
nobody
2 Mar
wheel
512 Mar
1024 Dec
4 09:41 .
4 10:06 ..
8 21:28 1
4 09:36 bounds
# ls la 1/
total 10292
drwxrwxr-x
2 root
nobody
drwxrwxr-x
4 root
nobody
512 Mar
-rw-------
1 root
nobody
-rw-------
1 root
nobody
4 09:41 ..
/var/core
# cd /var/core/
# ls -la
total 14
drwxrwxr-x
6 root
nobody
drwxr-xr-x
30 root
drwxrwxr-x
2 root
nobody
-rw-r--r--
1 root
nobody
wheel
root@vpx1# ls 1/
NSPPE-00-1077.gz
nscac64p-1177.gz
nsnetsvc-1086.gz
aslearn-1148.gz
nscfsyncd-1158.gz
nsrised-1164.gz
imi-1129.gz
nsclfsyncd-1160.gz
provserverd-1162.gz
monuploadd-1154.gz
nsclusterd-1105.gz
snmpd-1152.gz
nsaaad-1131.gz
nsconfigd-1156.gz
nsaggregatord-1107.gz
nsfsyncd-1110.gz
show techsupport
> show techsupport
----SNIP---Copying core files from /var/core ...(last 5 files created within the
last week)
NSPPE core (1/NSPPE-00-1077.gz) file present! Skipping this
file because of size restrictions..
... copied 5 files from this directory.
Copying core files from /var/crash ...(last 5 files created within the
last week)
... Nothing to copy...No files created within the last one
week
----SNIP-- 2014 Citrix | Confidential Do Not Distribute
1 root
wheel
-rw-------
1 root
wheel
-rw-------
1 root
wheel
-rw------124.13
1 root
wheel
-rw-------
1 root
wheel
-rw-------
1 root
wheel
-rw-------
1 root
wheel
Useful Links
CTX1093 Data Collection Procedure to Troubleshoot NetScaler
04
Related Issues
http://www.slideshare.net/davidmcg/common-pitfalls-when-setting-up-a-n
et-scaler-for-the-first-time
http://support.citrix.com/search/basic?searchQuery=counters&refin
ement=Content+Type,Technotes&refinement=Product+Family,NetScaler
CTX1149 How to Troubleshoot Authentication with Aaad.debug
99
https://taas.citrix.com/
2014 Citrix | Confidential Do Not Distribute
Citrix Services
make sure
you succeed with
About
your
Citrix
Services
virtualization
programs.