01-09-2003 02:38 AM - edited 02-20-2020 10:28 PM
Hello, I have suspiction (low performance), that my encryption aim is not running. If i type "show crypto engine accelerator brief" the output contains:
"
crypto engine name: unknown
crypto engine type: ISA/ISM
...
crypto engine name: unknown
crypto engine type: software
...
crypto engine state: installed
crypto engine in slot: N/A
"
I am concerned about that "software" type.
When I try crypto engine accelerator command, the output is, that encryption is already enabled. Software is c3660-ik2o3s-mz.121-3a.XI5(have to be OK). Is any way to definitely recognize if the AIM is running? Thanks for any ideas. Steve
01-09-2003 07:01 AM
Hi Steve,
you can type " sh cry eng acceler stat" to see if your encryption card is processing the packets ( i.e, encrypting or decrypting the packets )
Hope that helps
Jazib
01-09-2003 07:16 AM
Thanx, I know this command, but i'm not sure about the output. From the first part (Encryption AIM in aim slot:) i should derive that it is ok, but from the part (EncryptionAIM0/13:) i have derived, that the AIM is not running. What do You think?
sh crypto eng accel stat
Encryption AIM in aim slot: 0
source limited; enabled
In Drops: 0 Out Drops: 2 Fast Sends: 2419869988
Up Calls: 2419869986 Tx disabled: 0 ifout drops: 0
Pkt Errs: 0 Pkts output: 2419869986 Bytes output: 3854887622
NULL Pkts: 0 No PKTS: 3082988493 >16 parts: 0
Huge Pkts: 0 WQ Errs: 0 HP Defers: 0
Hold Queue Events
Repar fails: 0 Enq fails: 2 Entries: 000
Fallbacks: 0 Enqueues: 926361264 Dequeues: 926361264
Stat paks: 0 Repars: 926358411 pak free: 926383514
Kaos Hi Pri Tx: Enqueued: 2419869986 paks 3363347632 bytes
Dequeued: 0 paks 0 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
Kaos Hi Pri Rx: Enqueued: 0 paks 0 bytes
Dequeued: 2419869986 paks 3448571092 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
Kaos Lo Pri Tx: Enqueued: 8712705 paks 168257683 bytes
Dequeued: 0 paks 0 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
Kaos Lo Pri Rx: Enqueued: 0 paks 0 bytes
Dequeued: 0 paks 0 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
Kaos Lo Pri MIPS Tx: Enqueued: 1815006 paks 143647923 bytes
Dequeued: 1815006 paks 136912187 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
Kaos Lo Pri MIPS Rx: Enqueued: 1815006 paks 65697111 bytes
Dequeued: 1815006 paks 65697111 bytes
Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0
No bufs: 0 Errs: 0 Ringfull: 0
EnqFail: 0 many parts: 0 bad parts: 0
EncryptionAIM0/13:
ds: 0x61FE3498 idb:0x61FDF034
Statistics for Encryption Module:
0 packets in 0 packets out
0 paks/sec in 0 paks/sec out
0 Kbits/sec in 0 Kbits/sec out
rx_no_endp: 0 rx_hi_discards: 0 fw_failure: 0
invalid_sa: 0 invalid_flow: 0 cgx_errors 0
fw_qs_filled: 0 fw_resource_lock:0 lotx_full_err: 0
null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0
esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0
ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0
esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0
obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0
invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0
no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0
dsp_coproc_err: 0 comp_unsupported:0 pak_too_big: 0
pak_mp_length_spec_fault: 0
tx_lo_queue_size_max 0 cmd_unimplemented: 0
4294967 seconds since last clear of counters
Interrupts: -2041009202 Immed: 3 HiPri ints: -2049428276
LoPri ints: 8712705 POST Errs: 0 Alerts: 1
Unk Cmds: 0 UnexpCmds: 0
cgx_cmd_pending:0 packet_loop_max: 0 packet_loop_limit: 0
01-10-2003 03:38 AM
Can you please run:
SV3-9#sh cry engine config
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: hardware
if it is in software you will see the following:
SV3-9#sh cry engine config
crypto engine name: Virtual Private Network (VPN) Module
crypto engine type: software
Let me know if you have any problems running this command.
R/Catherine
01-10-2003 04:12 AM
Hello Catherine,
I have tried this before:
sh crypto engine config
crypto engine name: unknown
crypto engine type: ISA/ISM
From this output I suppose, that it stands for hardware encryption.
However, other diagnostic commands outputs are not clear enough. I give it up and believe in hardware encryption.
Thanks a lot.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide