20 Dec 2023

Linux - System Performance tools

sysstat is a great set of tools that you can use to collect statistics for I/O, CPU, memory, network and processes for troubleshooting and monitoring purposes.

Here's summary of the tools.

  • iostat reports CPU statistics and input/output statistics for block devices and partitions.
  • mpstat reports individual or combined processor related statistics.
  • pidstat reports statistics for Linux tasks (processes) : I/O, CPU, memory, etc.
  • tapestat reports statistics for tape drives connected to the system.
  • cifsiostat reports CIFS statistics.

Sysstat also contains tools you can schedule via cron or systemd to collect and historize performance and activity data:

  • sar collects, reports and saves system activity information (see below a list of metrics collected by sar).
  • sadc is the system activity data collector, used as a backend for sar.
  • sa1 collects and stores binary data in the system activity daily data file. It is a front end to sadc designed to be run from cron or systemd.
  • sa2 writes a summarized daily activity report. It is a front end to sar designed to be run from cron or systemd.
  • sadf displays data collected by sar in multiple formats (CSV, XML, JSON, etc.) and can be used for data exchange with other programs. This command can also be used to draw graphs for the various activities collected by sar using SVG (Scalable Vector Graphics) format.



 

Posted by at No comments:
Labels:

11 Dec 2023

IPsec VPN Lab, with stateful failover (SSO, Dual Interface Model)



Lots of stuff going on here.
We have two sites for our company named Central-Office and Branch-33.

The CO is connected to our ISP w/ two edge routers, CE_1 w/ an E3 line and CE_2 w/ a backup E1 line. Our branch33 site is using R4, which will establish the IPSec tunnels, allowing the private networks 10.1.33.0/21 talk to the central office 10.1.8.0/21 networks.

Behing them are the two IPSec Concentrators (R1 and R2, 7200 Cisco routers) which have public IP addresses on their out facing interfaces. Here all 4 routers connected to a switch, but of course in a production network you would have redundant switches there also.

Two first hop redundancy plans are integrated as an HSRP group facing to our internal network and the HSRP group facing to our edge routers, which also provides the IPsec redundandcy.

Crypto maps are setup as SSO stateful failover, R1 acting as the primary IPsec point, with R2 being the standby.

There is an extra flavor as IP SLA and reachability tracking is done where R1 and R2 are checking their next-hop routers to the outside world, CE_1 & CE_2. No routing protocol is run inside our company, for claritys sake. Thus we have two static default routes w/ different AD and the mentioned icmp tracking.

One Note, considering the Stateful Failover: "Each time an active device relinquishes control to become the standby device, the active device will reload. This functionality ensures that the state of the new standby device synchronizes correctly with the new active device." (Ref) So since Dynamips doesnt support reloading, the Router dynamips process will crash and you must shut down and turn on the router again to get it going.

Download Project files for GNS3

Links:
Cisco High Availability Solution: Stateful Failover for IPsec
Fun with IPsec stateful failover @ packetlife
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)