On Jul 20, 2019, at 6:14 PM, Joel Jaeggli <joelja@bogus.com> wrote:
On 7/17/19 17:54, Randy Bush wrote:
do folk use `netstat -s` to help diagnose on routers/switches?
I suspect there's an unstated question here of should metrics reported by netstat -s which includes metrics from the kernel should include metrics derived from from the asic counters.
I do / have occasionally used netstat or the values exposed to it from the kernel which are generally also exposed via other metrics methods.
I would find it a little odd for ip counters in netstat for example to include packets that do not hit the kernel control plane, though I could imagine someone wanting that.
Yeah, I avoided jumping in until now, I think the key thing is (and why some people like GUI routers/devices eg: UBNT has a decent http(s) U/I) is a device can have a lot of interfaces and traffic both in the control and data plane that don’t hit a common set of counters/interfaces. When I look at UBNT devices, I can get a sense quickly of traffic rates and information to understand how my network is working. When on a device with 60 or 160 interfaces, it’s much trickier. If I’m on a 16 or 32 port device, a terminal window can tell me decent info, after that I need a summarization system, and this is where streaming telemetry stuff can come into play. That is the aggregation layer for the information vs netstat -s, monitor interface, show | match rate, show | include bits or whatever other commands/data you want/need. XR/JunOS have curses interface monitoring commands that work well, but in most of my cases I really would prefer to have software watch vs a human. “monitor interface” on a Juniper for example doesn’t have separators or human readable elements. I don’t measure my interfaces in bits per seconds these days but in gigs as my base unit and it doesn’t give me common visuals or right justified numbers to delineate if i bumped out an order of magnitude. When I’ve used netstat -s or netstat -i the units often don’t make sense. Similar to other commands like vmstat or similar, what used to be a big number in context switches may not be relevant with 8 cpus each with 8 cores. - Jared