netstat -s

• Previous message (by thread): netstat -s
• Next message (by thread): Cisco wifi signal fluctuations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Jul 20, 2019, at 6:14 PM, Joel Jaeggli <joelja at bogus.com> wrote:
> 
> On 7/17/19 17:54, Randy Bush wrote:
> 
>> do folk use `netstat -s` to help diagnose on routers/switches?
> 
> I suspect there's an unstated question here of should metrics reported
> by netstat -s  which includes metrics from the kernel should include
> metrics derived from from the asic counters.
> 
> I do / have occasionally used netstat or the values exposed to it from
> the kernel which are generally also exposed via other metrics methods.
> 
> I would find it a little odd for ip counters in netstat for example to
> include packets that do not hit the  kernel control plane, though I
> could imagine someone wanting that.

Yeah, I avoided jumping in until now, I think the key thing is (and why some people like GUI routers/devices eg: UBNT has a decent http(s) U/I) is a device can have a lot of interfaces and traffic both in the control and data plane that don’t hit a common set of counters/interfaces.

When I look at UBNT devices, I can get a sense quickly of traffic rates and information to understand how my network is working.  When on a device with 60 or 160 interfaces, it’s much trickier.

If I’m on a 16 or 32 port device, a terminal window can tell me decent info, after that I need a summarization system, and this is where streaming telemetry stuff can come into play.  That is the aggregation layer for the information vs netstat -s, monitor interface, show | match rate, show | include bits or whatever other commands/data you want/need.

XR/JunOS have curses interface monitoring commands that work well, but in most of my cases I really would prefer to have software watch vs a human.  “monitor interface” on a Juniper for example doesn’t have separators or human readable elements.  I don’t measure my interfaces in bits per seconds these days but in gigs as my base unit and it doesn’t give me common visuals or right justified numbers to delineate if i bumped out an order of magnitude.

When I’ve used netstat -s or netstat -i the units often don’t make sense.  Similar to other commands like vmstat or similar, what used to be a big number in context switches may not be relevant with 8 cpus each with 8 cores.

- Jared

• Previous message (by thread): netstat -s
• Next message (by thread): Cisco wifi signal fluctuations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]