network system descounters are a subset of an object. for any given object, you will have multiple...

Upload: dineth-kanishka

Post on 03-Apr-2018

214 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    1/28

    j

    Network System Design Assgnment 3

    Name SLIIT ID CURTIN ID

    T.M.G Buddhika DCN/09/C4-0780 15649142

    K.E.H Peiris DIT/07C1-0040 14250860

    P.A .D.K Ponnamperuma DCN/09/C3-0611 15647272

    1

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    2/28

    Windows Performance Monitor (PerfMon) has been around for several generations of

    Windows and allows you to monitor, either over time or in real-time, the performance

    statistics of a Windows server.

    Performance Monitor can capture a plethora of information on a Windows Server and is

    useful in diagnosing performance problems. However, to meaningfully analyze the PerfMondata captured when troubleshooting performance issues, it is critical that you have a baseline

    of normal system performance for comparison. This article focuses on using PerfMon to

    create a performance baseline on a Windows Terminal Server, but the following information

    also applies to baselining any Windows-based server.

    Using Performance Monitor, performance data can be captured in a variety of granularity,

    from total processor utilization on a server down to the processor time used by an individual

    Windows process. However, to understand how to obtain the information you want, it is

    important to understand the three fundamental levels of monitoring criteria. These three

    levels are detailed below:

    Objects: Objects are the top-most criteria for monitoring a set of attributes on the server.

    Typical objects include Memory, Network, Paging File, Processor, etc.

    Counters: Counters are a subset of an object. For any given object, you will have multiple

    counters. For example, the Processor object has various counters to choose from: %

    processor time, % privileged time, % user time, interrupts/second, etc.

    Instances: Each counter can have one or more instances. Using the example above of the

    processor object, % processor time would have two instances in a dual-processor system

    one for each processor (0 and 1). You have the ability to monitor only one instance of a given

    counter if you wish.

    Another way to look at this relationship is as follows (figure 1):

    Figure 1

    You can select the object itself, which includes all counters and all instances of each counter,

    a specific counter for an object, which includes all instances for that counter, or you can

    select only to view/track a specific instance of a given counter (for example, instance 0 of the

    % Processor Time counter of theProcessorobject).

    Using Performance Monitor

    2

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    3/28

    The default screen shows current activity on the system, measuring pages/sec, average disk

    queue length and processor utilization.

    1. To baseline a system, select Counter Logs underPerformance Logs and Alerts. By

    default, there is a basic counter log that measures the same three counters as listed

    above. Although you cant delete the sample, you can create your own custom counterlog.

    2. Right click on Counter Logs and selectNew Log Settings TheNew Log Settings

    screen comes up and prompts you to name the job. As a good rule of thumb, it is best

    to make the job name as descriptive as possible to make future references easier.

    Include things like the server name and the date that the baseline is being taken.

    Enter the job name and clickOK.

    3. Now its time to set up the counters. You will notice that there are two buttons

    available Add Objects andAdd Counters. Most of the time, you will find that adding

    entire objects will result in too much data being collected. For a proper baseline, you

    only need to capture the basic information about the performance of a server.Granular items (such asProcessor\Pool Paged Bytes) will have no bearing on the

    baseline, so its overkill. Also, with each additional counter added, the server has to

    use resources to track that performance data. Adding too many counters by selecting

    entire objects can easily put undue strain on a server and skew your baseline results.

    Therefore, its best to only add the counters you wish to track.

    ClickingAdd Counters button will bring up the following screen (figure 2)

    3

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    4/28

    Figure 2

    By selecting a performance object from the drop-down list, you can drill down to specific

    counters and instances of that object.

    Below is a list of object counters that make up a good, well-rounded baseline. You should

    include all instances of each counter except for the Network counters; they should only

    monitor the instances for the NICs that will be included in the baseline (if appropriate). The

    details on what each counter gathers will be discussed in part 2 of this article.

    Memory

    Pages/Sec

    Take care to distinguish between these two paging counters:

    1) Pages /sec (Hard page faults)

    2) Page Faults /sec counter is likely to be at least twice the value of the above.

    Two problems with monitoring in general, firstly no counter should be taken in isolation,

    secondly spikes should be ignored, or at least played down.

    The less paging the better your server's performance. Most authorities agree that Memory:Pages / sec is a key memory counter. This counter measures 'hard' page faults, in other words

    4

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    5/28

    the page in nowhere in memory, so the VMM (Virtual Memory Manager) has to fetch the

    data from the pagefile on the disk; in computing terms that takes an age.

    I am reluctant to disagree with other authorities, but from my experience, I would put the

    threshold as high as 20 pages /sec, before blaming paging as the bottleneck. Moreover, I

    would not trust pages /sec as an indicator of a bottleneck without confirmation from lowAvailable bytes. (see above)

    In truth, if you put 5 experts in the same room, they could all spot a memory bottleneck, but

    when they wrote up their notes, they would use different time slices and different thresholds,

    consequently, it would seem that there was a conflict where none actually existed.

    Available Mbytes

    Committed Bytes

    If the value for committed bytes is greater than physical memory, then more RAM would

    help.

    Page Faults/Sec

    Page faults / sec is the sum of hard and soft page faults. Soft page faults are where the data is

    found elsewhere in RAM. For example, Word has opened the spellchecker, and now Outlook

    wishes to use it, there is no need for another call to the disk as the spellchecker is already inmemory.

    Network Interface

    Bytes Total/Sec

    Packets/Sec

    Paging File

    % Usage

    Physical Disk

    % Disk Time

    Avg Disk Bytes/Transfer

    Avg Disk Queue Length

    Avg Disk Sec/Transfer

    Disk Transfers/Sec

    5

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    6/28

    Processor

    % Processor Time

    This counter provides a measure of how much time the processor actually spends working on

    productive threads and how often it was busy servicing requests. This counter actuallyprovides a measurement of how often the system is doing nothing subtracted from 100%.

    This is a simpler calculation for the processor to make. The processor can never be sitting

    idle waiting to the next task, unlike our cashier. The CPU must always have something to do.

    It's like when you turn on the computer, the CPU is a piece of wire that electric current is

    always running through, thus it must always be doing something. NT give the CPU

    something to do when there is nothing else waiting in the queue. This is called the idle thread.

    The system can easily measure how often the idle thread is running as opposed to having to

    tally the run time of each of the other process threads. Then , the counter simply subtracts the

    percentage from 100%.

    % Privilege Time

    This is the total privledge time for all processors on the system collectively. See Processor :

    % Privledge Time for more details.

    % User Time

    The value of this counter helps to determine the kind of processing that is affecting the

    system. Of course the resulting value is the total amount of non-idle time that was spent onUser mode operations. This generally means application code.

    Interrupts/Sec

    The numbers of interrupts the processor was asked to respond to. Interrupts are generated

    from hardware components like hard disk controller adapters and network interface cards. A

    sustained value over 1000 is usually an indication of a problem. Problems would include a

    poorly configured drivers, errors in drivers, excessive utilization of a device (like a NIC on an

    IIS server), or hardware failure. Compare this value with the System : Systems Calls/sec. Ifthe Interrupts/sec is much larger over a sustained period, you probably have a hardware issue.

    System

    Context Switches/Sec

    Processes

    Processor Queue Length

    6

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    7/28

    The following counters are for Terminal Servers specifically, and will aid in translating the

    output into meaningful information:

    Terminal Services

    Active Sessions

    Total Sessions

    Terminal Services Session

    % Processor Time

    Page Faults/Sec

    4. Once you have added any appropriate counters, you can select the sample interval.

    The default setting of 15 seconds is usually sufficient, but if the server is utilized

    rather heavily, then set the sampling interval to 30 seconds or more to cut down on the

    impact that performance monitor may have on normal running conditions.

    To set the interval, on the General Tab (figure 3), set theSample data every:

    parameter to the desired setting, and the corresponding Units (inseconds, by default).

    7

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    8/28

    Figure 3

    5. On the Log Files tab (figure 4), you can change the type of log file and where they arestored.

    8

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    9/28

    Figure 4

    Typically, a binary log file is sufficient if you will be reviewing the data in PerfMon (typical).However you have the option of using a delimited text file (however, delimited files cannot

    be read by PerfMon) or even streaming the data to an SQL database. For the purposes of this

    article, we will stick to a binary file.

    Clicking on the Configure button will allow you to set both the file name prefix (which

    defaults to the job name) and the location of the files. You can also set a maximum size for

    your log files to prevent them from growing too large. The default of Maximum limit will

    allow the log file to continue to grow until it consumes all space on the drive, so it might be a

    good idea to set a maximum file size to prevent this if drive space is short or you will not be

    setting an end time/date for the job on the Schedule tab. Once the log file reaches the

    specified size, PerfMon will stop logging information.

    Another option, however, is to use aBinary Circular File for the log file. Once the log file

    grows to the size specified, PerfMon will begin flushing the oldest information in the log file

    to make room for the new data. This will ensure you always have the latest performance

    statistics when you stop the log, and the log file will never grow beyond the specified size.

    6. Finally, the Schedule tab (figure 5) allows you to decide whether the PerfMon job will

    start and stop at specified times or will require manual intervention. For baselining,

    you would typically set a start and stop time/date. It is always good to set a stop time

    if you dont set a maximum log file size. This will prevent the logs from accidentally

    filling the drive if you forget to turn off PerfMon. In this example below, Perfmon isset to log data for seven days.

    9

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    10/28

    Figure 5

    7. All that is left is to start collecting data. To manually start the job, right click the jobname in the Counter Logs screen and selectStart. Otherwise, the job will start

    automatically when the scheduled time arrives.

    Note: No one needs to be logged on to the server for data collection. PerfMon will

    automatically start and stop jobs without a user being logged on.

    Once the job is started, its icon will turn green in the Counter Logs screen. You can

    also view the log file location in Windows Explorer to see the actual log files as they

    grow in size.

    With the job now running, the PerfMon is collecting data. The best way to get the mostreliable data is to run the server in production as usual. The idea is to allow Performance

    Monitor to capture performance statistics as the server is under normal use. This will provide

    a good baseline for future comparison.

    Part 2 of this article will go into depth on how to interpret the data gathered and how to

    effectively use a baseline to troubleshoot future issue.

    Netstat

    10

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    11/28

    Netstat is a useful tool for checking network and Internet connections. Some

    useful applications for the average PC user are considered, including

    checking for malware connections.

    Syntax and switches

    The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-

    t] [-v] [interval] A brief description of the switches is given in Table I below. Some

    switches are only in certain Windows versions, as noted in the table..Note that switches for

    Netstat use the dash symbol "-" rather than the slash "/".

    Table I. Switches for Netstat command

    Switch Description

    -a Displays all connections and listening ports

    -b Displays the executable involved in creating each connection or listening port.

    (Added in XP SP2.)

    -e Displays Ethernet statistics

    -fDisplays Fully Qualified Domain Names for foreign addresses. (In Windows

    Vista/7 only)

    -n Displays addresses and port numbers in numerical form

    -o Displays the owning process ID associated with each connection

    -p protoShows connections for the protocol specified by proto; proto may be any of:

    TCP, UDP, TCPv6, or UDPv6.

    -r Displays the routing table

    -s Displays per-protocol statistics

    11

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    12/28

    -t Displays the current connection offload state, (Windows Vista/7)

    -v

    When used in conjunction with -b, will display sequence of components

    involved in creating the connection or listening port for all executables.

    (Windows XP SP2, SP3)

    [interval]

    An integer used to display results multiple times with specified number of

    seconds between displays. Continues until stopped by command ctrl+c.

    Default setting is to display once,

    Applications of Netstat

    Netstat is one of a number of command-line tools available to check the functioning of a

    network. (See this page for discussion of other tools.) It provides a way to check if various

    aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a

    new switch "-B" was added that allows the actual executable file that has opened a

    connection to be displayed. This newer capability provides a chance to catch malware that

    may be phoning home or using your computer in unwanted ways on the Internet. There are

    various ways that a system administrator might use the assortment of switches but I will give

    two examples that might be useful to home PC users.

    Checking TCP/IP connections

    TCP and UDP connections and their IP and port addresses can be seen by entering a

    command combining two switches: netstat -an An example of the output that is obtained is

    shown in Figure 1.

    Figure 1. Example output for command "netstat -an"

    12

    http://commandwindows.com/tcpiputil.htmhttp://commandwindows.com/tcpiputil.htm
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    13/28

    The information that is displayed includes the protocol, the local address, the remote

    (foreign) address, and the connection state. Note that the various IP addresses include port

    information as well. An explanation of the different connection states is given in Table II>

    Table II. Description of various connection states

    State Description

    CLOSEDIndicates that the server has received an ACK signal from the client and

    the connection is closed

    CLOSE_WAIT

    Indicates that the server has received the first FIN signal from the client

    and the connection is in the process of being closed

    ESTABLISHEDIndicates that the server received the SYN signal from the client and the

    session is established

    FIN_WAIT_1 Indicates that the connection is still active but not currently being used

    FIN_WAIT_2Indicates that the client just received acknowledgment of the first FIN

    signal from the server

    13

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    14/28

    LAST_ACK Indicates that the server is in the process of sending its own FIN signal

    LISTENING Indicates that the server is ready to accept a connection

    SYN_RECEIVED Indicates that the server just received a SYN signal from the client

    SYN_SEND Indicates that this particular connection is open and active

    TIME_WAITIndicates that the client recognizes the connection as still active but not

    currently being used

    Checking for malware by looking at which programs initiate connections

    To find out which programs are making connections with the outside world, we can use the

    command netstat -b (Note that for Windows Vista/7, this particular switch requires that the

    command prompt have elevated privileges.) Actually, it is better to check over a period of

    time and we can add a number that sets the command to run at fixed intervals. Also, it is

    best to create a written record of the connections that are made over some period of time.

    The command can then be written netstat -b 5 >> C:\connections.txt Note that as

    written, this command will run with five-second intervals until stopped by entering "Ctrl+c",

    which is a general command to exit. (Some reports say that this can be fairly CPU intensive

    so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my

    dual-core machine.) A simple example of the type of output is shown in Figure 2. Note that

    the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o'

    has to be added to display PIDs. This command can be combined with other tools such as

    Task Manager to analyze what executable files and processes are active and are trying to

    make Internet connections.

    Figure 2. Sample output for command "netstat -b" in Windows XP

    14

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    15/28

    Windows XP batch program to check connections and terminate

    automatically

    The previous example of using "netstat -b" to check connections at intervals has the

    disadvantage that it requires manual termination. It is also possible to use a batch file that

    runs a specified number of times with a given time interval and then terminates

    automatically. In Windows XP we can make use of a command from the Windows 2003

    Server Tools called "Sleep". A possible batch file is: @echo off

    echo Checking connections

    for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)

    This particular example does 100 iterations of the netstatcommand at 30 second intervals

    and writes the results to a file C:\connections.txt. By using different combinations of the

    switches in Table I, the type of output can be varied

    Batch program to check connections in Windows Vista and Windows 7

    Windows Vista and Windows 7 do not require installing the "Sleep" file. A command "

    timeout" has been added to these operating systems that serves a similar purpose. A

    possible batch file for Windows Vista/7 is:

    @echo off

    echo Checking connections

    for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&&

    ((timeout /t 5 /nobreak)>nul)

    This batch file has to be run with administrator privileges.

    15

    http://commandwindows.com/vista-tips.htm#timeouthttp://commandwindows.com/vista-tips.htm#timeout
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    16/28

    vmstat command

    The first tool to use is the vmstat command, which quickly provides compact information

    about various system resources and their related performance problems.

    The vmstat command reports statistics about kernel threads in the run and wait queue,memory, paging, disks, interrupts, system calls, context switches, and CPU activity. The

    reported CPU activity is a percentage breakdown of user mode, system mode, idle time,and waits for disk I/O.Note: If the vmstat command is used without any interval, then it generates a singlereport. The single report is an average report from when the system was started. Youcan specify only the Count parameter with the Interval parameter. If the Intervalparameter is specified without the Count parameter, then the reports are generatedcontinuously.As a CPU monitor, the vmstat command is superior to the iostat command in that its

    one-line-per-report output is easier to scan as it scrolls and there is less overheadinvolved if there are many disks attached to the system. The following example can help

    you identify situations in which a program has run away or is too CPU-intensive to run in

    a multiuser environment.

    # vmstat 2

    kthr memory page faults cpu

    ----- ----------- ------------------------ ------------ -----------

    r b avm fre re pi po fr sr cy in sy cs us sy id wa

    1 0 22478 1677 0 0 0 0 0 0 188 1380 157 57 32 0 10

    1 0 22506 1609 0 0 0 0 0 0 214 1476 186 48 37 0 16

    0 0 22498 1582 0 0 0 0 0 0 248 1470 226 55 36 0 9

    2 0 22534 1465 0 0 0 0 0 0 238 903 239 77 23 0 0

    2 0 22534 1445 0 0 0 0 0 0 209 1142 205 72 28 0 0

    2 0 22534 1426 0 0 0 0 0 0 189 1220 212 74 26 0 0

    3 0 22534 1410 0 0 0 0 0 0 255 1704 268 70 30 0 0

    2 1 22557 1365 0 0 0 0 0 0 383 977 216 72 28 0 0

    2 0 22541 1356 0 0 0 0 0 0 237 1418 209 63 33 0 4

    1 0 22524 1350 0 0 0 0 0 0 241 1348 179 52 32 0 16

    1 0 22546 1293 0 0 0 0 0 0 217 1473 180 51 35 0 14

    This output shows the effect of introducing a program in a tight loop to a busy multiuser

    system. The first three reports (the summary has been removed) show the system

    balanced at 50-55 percent user, 30-35 percent system, and 10-15 percent I/O wait.

    When the looping program begins, all available CPU cycles are consumed. Because the

    looping program does no I/O, it can absorb all of the cycles previously unused because

    of I/O wait. Worse, it represents a process that is always ready to take over the CPUwhen a useful process relinquishes it. Because the looping program has a priority equal

    16

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    17/28

    to that of all other foreground processes, it will not necessarily have to give up the CPU

    when another process becomes dispatchable. The program runs for about 10 seconds

    (five reports), and then the activity reported by the vmstat command returns to a more

    normal pattern.

    Optimum use would have the CPU working 100 percent of the time. This holds true in

    the case of a single-user system with no need to share the CPU. Generally, ifus + sy

    time is below 90 percent, a single-user system is not considered CPU constrained.

    However, ifus + sy time on a multiuser system exceeds 80 percent, the processes may

    spend time waiting in the run queue. Response time and throughput might suffer.

    To check if the CPU is the bottleneck, consider the four cpu columns and the two kthr

    (kernel threads) columns in the vmstat report. It may also be worthwhile looking at the

    faults column:

    cpu

    Percentage breakdown of CPU time usage during the interval. The cpu columns are

    as follows:

    us

    The us column shows the percent of CPU time spent in user mode. A UNIX

    process can execute in either user mode or system (kernel) mode. When in

    user mode, a process executes within its application code and does not require

    kernel resources to perform computations, manage memory, or set variables.

    sy

    The sy column details the percentage of time the CPU was executing a process

    in system mode. This includes CPU resource consumed by kernel processes

    (kprocs) and others that need access to kernel resources. If a process needs

    kernel resources, it must execute a system call and is thereby switched to

    system mode to make that resource available. For example, reading or writing

    of a file requires kernel resources to open the file, seek a specific location, and

    read or write data, unless memory mapped files are used.

    id

    The id column shows the percentage of time which the CPU is idle, or waiting,

    without pending local disk I/O. If there are no threads available for execution

    (the run queue is empty), the system dispatches a thread called wait, which is

    also known as the idle kproc. On an SMP system, one wait thread per

    processor can be dispatched. The report generated by the ps command (with

    the -k or -g 0 option) identifies this as kproc or wait. If the ps report shows a

    high aggregate time for this thread, it means there were significant periods of

    time when no other thread was ready to run or waiting to be executed on the

    CPU. The system was therefore mostly idle and waiting for new tasks.

    17

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    18/28

    wa

    The wa column details the percentage of time the CPU was idle with pending

    local disk I/O and NFS-mounted disks. If there is at least one outstanding I/O

    to a disk when wait is running, the time is classified as waiting for I/O. Unless

    asynchronous I/O is being used by the process, an I/O request to disk causes

    the calling process to block (or sleep) until the request has been completed.

    Once an I/O request for a process completes, it is placed on the run queue. If

    the I/Os were completing faster, more CPU time could be used.

    A wa value over 25 percent could indicate that the disk subsystem might not be

    balanced properly, or it might be the result of a disk-intensive workload.

    For information on the change made to wa, see Wait I/O time reporting.

    kthr

    Number of kernel threads in various queues averaged per second over the sampling

    interval. The kthr columns are as follows:

    r

    Average number of kernel threads that are runnable, which includes threads

    that are running and threads that are waiting for the CPU. If this number is

    greater than the number of CPUs, there is at least one thread waiting for a CPU

    and the more threads there are waiting for CPUs, the greater the likelihood of a

    performance impact.

    b

    Average number of kernel threads in the VMM wait queue per second. This

    includes threads that are waiting on filesystem I/O or threads that have been

    suspended due to memory load control.

    If processes are suspended due to memory load control, the blocked column

    (b) in the vmstat report indicates the increase in the number of threads rather

    than the run queue.

    p

    For vmstat -I The number of threads waiting on I/Os to raw devices per

    second. Threads waiting on I/Os to filesystems would not be included here.

    faults

    Information about process control, such as trap and interrupt rate. The faults

    columns are as follows:

    in

    18

    http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htm
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    19/28

    Number of device interrupts per second observed in the interval. Additional

    information can be found in Assessing disk performance with the vmstat

    command.

    sy

    The number of system calls per second observed in the interval. Resources are

    available to user processes through well-defined system calls. These calls

    instruct the kernel to perform operations for the calling process and exchange

    data between the kernel and the process. Because workloads and applications

    vary widely, and different calls perform different functions, it is impossible to

    define how many system calls per-second are too many. But typically, when

    the sy column raises over 10000 calls per second on a uniprocessor, further

    investigations is called for (on an SMP system the number is 10000 calls per

    second per processor). One reason could be "polling" subroutines like the

    select() subroutine. For this column, it is advisable to have a baseline

    measurement that gives a count for a normal sy value.

    cs

    Number of context switches per second observed in the interval. The physical

    CPU resource is subdivided into logical time slices of 10 milliseconds each.

    Assuming a thread is scheduled for execution, it will run until its time slice

    expires, until it is preempted, or until it voluntarily gives up control of the CPU.

    When another thread is given control of the CPU, the context or working

    environment of the previous thread must be saved and the context of thecurrent thread must be loaded. The operating system has a very efficient

    context switching procedure, so each switch is inexpensive in terms of

    resources. Any significant increase in context switches, such as when cs is a lot

    higher than the disk I/O and network packet rate, should be cause for further

    investigation

    Important stages of vmstat usage.

    The vmstat command includes information that you can use to diagnose CPU and virtual

    memory problems. The following fields are particularly important:

    1. Virtual memory information (memory), including the number of pages that are on the

    active list, including inactive pages and Unified Buffer Cache least-recently used

    (UBC LRU) pages (act); the number of pages on the free list (free), and the number

    of pages on the wire list (wire). Pages on the wire list cannot be reclaimed.

    2. The number of pages that have been paged out (pout).

    3. Interrupt information (intr), including the number of nonclock device interrupts per

    second (in), the number of system calls called per second (sy), and the number of

    task and thread context switches per second (cs).

    19

    http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htm
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    20/28

    4. CPU usage information (cpu), including the percentage of user time for normal and

    priority processes (us), the percentage of system time (sy), and the percentage of idle

    time (id). User time includes the time the CPU spent executing library routines.

    System time includes the time the CPU spent executing system calls.

    df (Unix)

    df (abbreviation fordiskfree) is a standardUnixcomputer program used to display the

    amount of available disk space forfilesystems on which the invoking user has appropriate

    read access. df is usually implemented by reading the mtabfile or using statfs.

    df first appeared in Version 1 AT&T UNIX.

    o

    Usage

    The Single UNIX Specification specifications fordf are:

    df [-k] [-P|-t] [-del] [file...]

    -k

    Use 1024-byte units, instead of the default 512-byte units, when writing space figures.-P

    Use a standard, portable, output format

    -tIfXSI compliant, show allocated space as well[dubiousdiscuss]

    -h

    Display in Kb, Mb, or Gbfile

    Write the amount of free space of the file system containing the specified file

    Most Unix and Unix-like operating systems add extra options. The BSD and GNU coreutils

    versions include -h, where free space is listed in human readable format, adding units with

    the appropriate SI prefix (e.g. 10MB), -i, listing inode usage, and -l, restricting display to

    only local filesystems. GNUdf includes -T as well, listing filesystem type information, but

    the GNU df shows the sizes in 1K blocks by default.

    Specification

    The Single Unix Specification (SUS) specifies by default space is reported in blocks of 512

    bytes, and that at a minimum, the file system names and the amount of free space.

    The use of 512-byte units is historical practice and maintains compatibility with ls and other

    utilities. This does not mandate that the file system itself be based on 512-byte blocks. The -k

    option was added as a compromise measure. It was agreed by the standard developers that

    512 bytes was the best default unit because of its complete historical consistency on SystemV (versus the mixed 512/1024-byte usage on BSD systems), and that a -k option to switch to

    20

    http://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSD
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    21/28

    1024-byte units was a good compromise. Users who prefer the more logical 1024-byte

    quantity can easily aliasdf to df -k without breaking many historical scripts relying on the

    512-byte units.

    The output with -P shall consist of one line of information for each specified file system.

    These lines shall be formatted as follows:

    , , , , ,

    In the following list, all quantities expressed in 512-byte units (1024-byte when -k is

    specified) shall be rounded up to the next higher unit. The fields are:

    The name of the file system, in an implementation-defined format.

    total space>

    The total size of the file system in 512-byte units. The exact meaning of this figure is

    implementation-defined, but should include , , plus any

    space reserved by the system not normally available to a user.

    The total amount of space allocated to existing files in the file system, in 512-byte

    units.

    The total amount of space available within the file system for the creation of new files

    by unprivileged users, in 512-byte units. When this figure is less than or equal to zero,

    it shall not be possible to create any new files on the file system without first deleting

    others, unless the process has appropriate privileges. The figure written may be less

    than zero.

    The percentage of the normally available space that is currently allocated to all fileson the file system. This shall be calculated using the fraction:

    / (+ )

    expressed as a percentage. This percentage may be greater than 100 if is

    less than zero. The percentage value shall be expressed as a positive integer, with any

    fractional result causing it to be rounded to the next highest integer.

    The directory below which the file system hierarchy appear

    21

    http://en.wikipedia.org/wiki/Alias_(Unix_shell)http://en.wikipedia.org/wiki/Alias_(Unix_shell)
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    22/28

    Example

    $ df -k

    Filesystem 1024-blocks Free %Used Iused %Iused Mounted on

    /dev/hd4 32768 16016 52% 2271 14% /usr

    /dev/hd2 4587520 1889420 59% 37791 4% /usr/dev/hd9var 65536 12032 82% 518 4% /var

    /dev/hd3 819200 637832 23% 1829 1% /tmp

    /dev/hd1 524288 395848 25% 421 1% /home

    /proc - - - - - /proc

    /dev/hd10opt 65536 26004 61% 654 4% /opt

    ifconfig Command

    About ifconfig

    The "ifconfig" command allows the operating system to setup network interfaces and allow

    the user to view information about the configured network interfaces.

    Syntax

    ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength]

    [dest_address]] [parameters]

    ifconfig interface destroy

    ifconfig -a [-L] [-d] [-m] [-u] [address_family]

    ifconfig -l [-d] [-u] [address_family]

    ifconfig [-L] [-d] [-m] [-u] [-C]

    address For the DARPA-Internet family, the address is either a host name

    present in the host name data base, or a DARPA Internet address

    expressed in the Internet standard ``dot notation''.

    It is also possible to use the CIDR notation (also known as the slash

    notation) to include the netmask. That is, one can specify an address

    like 192.168.0.1/16.

    addres_family Specify the address family which affects interpretation of the

    remaining parameters. Since an interface can receive transmissions in

    differing protocols with different naming schemes, specifying the

    address family is recommended. The address or protocol families

    currently supported are ``inet'', ``inet6'',

    dest_address Specify the address of the correspondent on the other end of a point to

    point link.

    22

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    23/28

    interface This parameter is a string of the form `name unit'', for example,

    ``en0''.

    add Another name for thealias parameter. Introduced for compatibility

    with BSD/OS.

    alias Establish an additional network address for this interface. This is

    sometimes useful when changing network numbers, and one wishes to

    accept packets addressed to the old interface. If the address is on the

    same subnet as the first network address for this interface, a netmask

    of 0xffffffff has to be specified.

    -alias Remove the network address specified. This would be used if you

    incorrectly specified an alias, or it was no longer needed. If you have

    incorrectly set an NS address having the side effect of specifying the

    host portion, removing all NS addresses will allow you to respecify

    the host portion.

    anycast (Inet6 only.) Specify that the address configured is an anycast address.

    Based on the current specification, only routers may configure anycast

    addresses. Anycast address will not be used as source address of any

    of outgoing IPv6 packets.

    arp Enable the use of the Address Resolution Protocol in mapping

    between network level addresses and link level addresses (default).

    This is currently implemented for mapping between DARPA Internet

    addresses and IEEE 802 48-bit MAC addresses (Ethernet, FDDI, and

    Token Ring addresses).

    -arp Disable the use of the Address Resolution Protocol

    broadcast (Inet only.) Specify the address to use to represent broadcasts to the

    network. The default broadcast address is the address with a host part

    of all 1's.

    debug Enable driver dependent debugging code; usually, this turns on extra

    console error logging.

    -debug Disable driver dependent debugging code.

    delete Another name for the -alias parameter.

    down Mark an interface `down''. When an interface is marked `down'', thesystem will not attempt to transmit messages through that interface. If

    possible, the interface will be reset to disable reception as well. This

    action does not automatically disable routes using the interface.

    ether Another name for the lladdr parameter.

    lladdraddr Set the link-level address on an interface. This can be used to e.g. set a

    new MAC address on an ethernet interface, though the mechanism

    used is not ethernet-specific. The address addris specified as a series

    of colon-separated hex digits. If the interface is already up when this

    option is used, it will be briefly brought down and then brought

    backup again in order to ensure that the receive filter in the underlying

    23

    http://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htm
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    24/28

    ethernet hardware is properly reprogrammed.

    media type If the driver supports the media selection system, set the media type of

    the interface to type. Some interfaces support the mutually exclusive

    use of one of several different physical media connectors. For

    example, a 10Mb/s Ethernet interface might support the use of eitherAUI or twisted pair connectors. Setting the media type to

    ``10base5/AUI'' would change the currently active connector to the

    AUI port. Setting it to ``10baseT/UTP'' would activate twisted pair.

    Refer to the interfaces' driver specific documentation or man page for

    a complete list of the available types.

    -mediaopt opts If the driver supports the media selection system, set the specified

    media options on the interface. The opts argument is a comma

    delimited list of options to apply to the interface. Refer to the

    interfaces' driver specific man page for a complete list of available

    options.tunnelsrc_addr

    dest_addr

    (IP tunnel devices only.) Configure the physical source and

    destination address for IP tunnel interfaces. The argumentssrc_addr

    and dest_addrare interpreted as the outer source/destination for the

    encapsulating IPv4/IPv6 header.

    deletetunnel Unconfigure the physical source and destination address for IP tunnel

    interfaces previously configured with tunnel.

    create Create the specified network pseudo-device. If the interface is given

    without a unit number, try to create a new device with an arbitrary

    unit number. If creation of an arbitrary device is successful, the new

    device name is printed to standard output.

    destroy Destroy the specified network pseudo-device.

    plumb Another name for the create parameter. Included for Solaris

    compatibility.

    unplumb Another name for the destroy parameter. Included for Solaris

    compatibility.

    metric n Set the routing metric of the interface to n, default 0. The routing

    metric is used by the routing protocol. Higher metrics have the effect

    of making a route less favorable; metrics are counted as addition hopsto the destination network or host.

    mtu n Set the maximum transmission unit of the interface to n, default is

    interface specific. The MTU is used to limit the size of packets that

    are transmitted on an interface. Not all interfaces support setting the

    MTU, and some interfaces have range restrictions.

    netmaskmask (Inet only.) Specify how much of the address to reserve for

    subdividing networks into subnetworks. The mask includes the

    network part of the local address and the subnet part, which is taken

    from the host field of the address. The mask can be specified as a

    single hexadecimal number with a leading `0x', with a dot-notationInternet address, or with a pseudo-network name listed in the network

    24

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    25/28

    table. The mask contains 1's for the bit positions in the 32-bit address

    which are to be used for the network and subnet parts, and 0's for the

    host part. The mask should contain at least the standard network

    portion, and the subnet field should be contiguous with the network

    portion. The netmask can also be specified in CIDR notation after the

    address. See the address option above for more information.

    prefixlen len (Inet6 only.) Specify that len bits are reserved for subdividing

    networks into sub-networks. The len must be integer, and for

    syntactical reason it must be between 0 to 128. It is almost always 64

    under the current IPv6 assignment rule. If the parameter is omitted, 64

    is used.

    remove Another name for the -alias parameter. Introduced for compatibility

    with BSD/OS.

    link[0-2] Enable special processing of the link level of the interface. These

    three options are interface specific in actual effect, how- ever, they arein general used to select special modes of operation. An example of

    this is to enable SLIP compression, or to select the connector type for

    some Ethernet cards. Refer to the man page for the specific driver for

    more information.

    -link[0-2] Disable special processing at the link level with the specified

    interface.

    Up Mark an interface `up''. This may be used to enable an interface after

    an ``ifconfigdown''. It happens automatically when setting the first

    address on an interface. If the interface was reset when previously

    marked down, the hardware will be re-initialized.

    Examples

    ifconfig eth0

    View the network settings on the first Ethernet adapter installed in the computer.

    ifconfig -a

    Display info on all network interfaces on server, active or inactive.

    ifconfig eth0 down

    If eth0 exists would take it down causing it cannot send or receive any information.

    ifconfig eth0 up

    If eth0 exists and in the down state would return it back to the up state allowing to to send

    and receive information.

    ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255

    25

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    26/28

    Assign eth0 with the above values forIP, netmaskandbroadcast address

    du Command

    Purpose

    Summarizes disk usage.

    Syntax

    du [ -a | -s ] [ -k ] [ -m ] [ -g ][ -l ] [ -r ] [ -x ] [ -H | -L ]

    Description

    The du command displays the number of blocks used for files. If the File parameterspecified is actually a directory, all files within the directory are reported on. If no Fileparameter is provided, the du command uses the files in the current directory.

    If the File parameter is a directory, then the number of blocks reported is the sum ofblocks allocated for the files in the directory and the blocks allocated for the directoryitself.

    If the object of the du command is a file or directory that exists inside a JFS2 snapshot,the du command gives information for the point-in-time object when the snapshot is

    created. This information does not include how much space is recovered if the snapshotitself is deleted.

    Specifying the -a flag reports the number of blocks in individual files. Whether the -aflag is used or not, individual files specified by the File parameter are always listed.

    Specifying the -s flag reports the total blocks for all specified files or all files in adirectory.

    The block count includes indirect blocks of each file. Block count is calculated in 512-byte

    units independent of the cluster size used by the system. Specifying the -k flagcalculates the block count in 1024-byte units.

    Notes:

    1. Files with multiple links are counted and written for only one entry.

    2. Block counts are based only on file size; therefore, unallocated blocks are not

    accounted for in the reported block counts.

    3. If du cannot obtain the file attributes or cannot read directories, it reports an

    error and the exit status of the command is affected.

    26

    http://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bobhttp://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bob
  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    27/28

    Flags

    -a

    For each file specified, displays the disk usage of the file. For each directory

    specified, displays the disk usage of each individual file within the directory,including all subdirectories. Contrast this flag with the -s flag.

    -gCalculates the block count in GB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.

    -HIf a symbolic link is specified on the command line, the du command shall

    count the size of the file or file hierarchy referenced by the link.

    -kCalculates the block count in 1024-byte units rather than the default 512-

    byte units.

    -lAllocates blocks evenly among the links for files with multiple links. Bydefault, a file with two or more links is counted only once.

    -L

    If a symbolic link is specified on the command line or encountered during the

    traversal of a file hierarchy, the du command shall count the size of the fileor file hierarchy referenced by the link.

    -mCalculates the block count in MB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.

    -r Reports names of inaccessible files and directories. This is the default.

    -sFor each file specified, displays the disk usage of the file. For each directoryspecified, displays the total disk usage of all files within the directory,

    including all subdirectories. Contrast this flag with the -a flag.

    -x

    When evaluating file sizes, evaluates only those files that reside on the samedevice as the file or directory specified by the File parameter. For example,you may specify a directory that contains files on several devices. In thiscase, the -x flag displays block sizes for all files that reside on the same

    device as the directory.

    If all or any two of the -k, -m and -g flags are specified, the last one specified takes

    effect. The output of the disk usage with the flags -m and -g would be rounded off to

    the nearest second decimal digit.

    Exit Status

    This command returns the following exit values:

    0 Successful completion.

    >0 An error occurred.

    Examples

    1. To summarize the disk usage of a directory tree and each of its subtrees, enter:

    du /home/fran

    This displays the number of disk blocks in the /home/fran directory and each of its

    subdirectories.

    2. To summarize the disk usage of a directory tree and each of its subtrees in 1024-byte blocks, enter:

    27

  • 7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo

    28/28

    du -k /home/fran

    This displays the number of 1024-byte disk blocks in the /home/fran directory

    and each of its subdirectories.

    3. To summarize the disk usage of a directory tree and each of its subtrees in MB

    blocks, enter:

    du -m /home/fran

    This displays the number of MB disk blocks rounded off to nearest 2nd decimal digit

    in the /home/fran directory and each of its subdirectories.

    4. To summarize the disk usage of a directory tree and each of its subtrees in GB

    blocks, enter:

    du -g /home/fran

    This displays the number of GB disk blocks rounded off to nearest 2nd decimal digit

    in the /home/fran directory and each of its subdirectories.

    5. To display the disk usage of each file, enter:

    du -a /home/fran

    This displays the number of disk blocks contained in each file and subdirectory of

    the /home/fran directory. The number beside a directory is the disk usage of that

    directory tree. The number beside a regular file is the disk usage of that file alone.

    6. To display only the total disk usage of a directory tree, enter:

    du -s /home/fran

    The -s flag instructs the du command to display only the sum total disk usage of

    the /home/fran directory and the files it contains. By default, the du command

    displays an error message if it cannot read a file or directory.

    7. To display the disk usage of the files and file hierarchies referenced by all the

    symbolic links in addition to the normal files found during traversal of a the

    /home/fran directory, type:

    du -L /home/fran

    8. To report the disk usage of the file or file hierarchy referenced by the symbolic

    link mylink, type:

    du -H mylink