nanog mailing list archives

Re: netstat -s

From: Jared Mauch <jared () puck nether net>
Date: Sat, 20 Jul 2019 18:22:46 -0400

On Jul 20, 2019, at 6:14 PM, Joel Jaeggli <joelja () bogus com> wrote:

On 7/17/19 17:54, Randy Bush wrote:

do folk use `netstat -s` to help diagnose on routers/switches?


I suspect there's an unstated question here of should metrics reported
by netstat -s  which includes metrics from the kernel should include
metrics derived from from the asic counters.

I do / have occasionally used netstat or the values exposed to it from
the kernel which are generally also exposed via other metrics methods.

I would find it a little odd for ip counters in netstat for example to
include packets that do not hit the  kernel control plane, though I
could imagine someone wanting that.

Yeah, I avoided jumping in until now, I think the key thing is (and why some people like GUI routers/devices eg: UBNT
has a decent http(s) U/I) is a device can have a lot of interfaces and traffic both in the control and data plane that
don’t hit a common set of counters/interfaces.

When I look at UBNT devices, I can get a sense quickly of traffic rates and information to understand how my network is
working. When on a device with 60 or 160 interfaces, it’s much trickier.

If I’m on a 16 or 32 port device, a terminal window can tell me decent info, after that I need a summarization system,
and this is where streaming telemetry stuff can come into play. That is the aggregation layer for the information vs
netstat -s, monitor interface, show | match rate, show | include bits or whatever other commands/data you want/need.

XR/JunOS have curses interface monitoring commands that work well, but in most of my cases I really would prefer to
have software watch vs a human. “monitor interface” on a Juniper for example doesn’t have separators or human readable
elements. I don’t measure my interfaces in bits per seconds these days but in gigs as my base unit and it doesn’t give
me common visuals or right justified numbers to delineate if i bumped out an order of magnitude.

When I’ve used netstat -s or netstat -i the units often don’t make sense. Similar to other commands like vmstat or
similar, what used to be a big number in context switches may not be relevant with 8 cpus each with 8 cores.

- Jared

Current thread:

Re: netstat -s, (continued)
- - - Re: netstat -s Randy Bush (Jul 18)
    - Re: netstat -s Ross Tajvar (Jul 18)
    - Re: netstat -s, but off topic a bit James R Cutler (Jul 18)
- Re: netstat -s Brett Watson (Jul 18)
- Re: netstat -s Joe Provo (Jul 18)
- Re: netstat -s Rich Kulawiec (Jul 19)
  - Re: netstat -s J. Hellenthal via NANOG (Jul 19)
- Re: netstat -s Carsten Bormann (Jul 19)
- Re: netstat -s Radu-Adrian Feurdean (Jul 20)
- Re: netstat -s Joel Jaeggli (Jul 20)
  - Re: netstat -s Jared Mauch (Jul 20)