Monitoring SSL sessions/sec on CSS

f.bobes · ‎09-07-2006

Hello,

I have been trying to find the right parameter via CLI or SNMP to monitor the number of SSL sessions/sec. We are using CSS 11503 with a SSL module supporting in theory 800 to 1000 SSL sessions/sec and I'd like to know what the current load is. I am graphing already the flows/sec but this too generic.

Any help is appreciated.

Thanks,

Fabrice

Gilles Dufour · ‎09-08-2006

Fabrice,

there might not be an exact counter for connection per seconds, but what most people do [with CSS or other devices] is capture the total number of connections every X seconds, make the difference and divide by X to get the average connection per seconds.

You could use one or combination of the following counters

CSS11503-2(debug)# sho ssl statistics | grep conn

0 Handshake started for incoming SSL connections

0 Handshake completed for incoming SSL connections

0 Handshake started for outgoing SSL connections

0 Handshake completed for outgoing SSL connections

0 TCP connections failed

0 TCP connections established

0 TCP connections originated

0 TCP connections terminated

Gilles.

network · ‎09-08-2006

Thanks Gilles. I will use what you suggest.

Fabrice

network · ‎09-11-2006

Gilles,

I am looking for the MIB entries for the counters you mentioned but had no luck so far. I parsed the CSS MIBs but basically didn't find anything that would give me values I see when doing a show ssl statistics.

Thanks

Gilles Dufour · ‎09-11-2006

interestingly, this information does not exist yet in the mibs.

There is a ddts open for this

CSCek50254 - Add limited SSL MIB statistics support

Gilles.

network · ‎09-11-2006

Thanks for the info. I'll keep an eye on the ddts. Having the option to graph SSL stats will help us on capacity planning.

Thanks again,

Fabrice