3.9. Nettest

The nettest command can be used to perform some of the tests described earlier automatic.

3.9.1. Peer reachability

The Peer Reachability test tries to set up a TCP session to port 7801 to a remote Steelhead appliance. It attempts to set them up from all configured IP addresses:

This test only supports IPv4 addresses.

Figure 3.49. Output of a peer reachability test

CSH (config) # nettest run peer-reach addr 192.168.1.6
Peer Reachability Test        Last Run: 2013/11/25 10:54:01
Passed

Address            Interface          Result
==================================================================
192.168.1.6        primary            Passed
192.168.1.6        aux                Passed
192.168.1.6        inpath0_0          Passed

The captures on the various interfaces look like this:

Figure 3.50. Capture of a peer reachability test

CSH # tcpdump -ni primary host 10.0.1.5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on primary, link-type EN10MB (Ethernet), capture size 300 bytes
11:12:09.331690 IP 10.0.1.5.65535 > 192.168.1.6.7801: Flags [S], seq 169835245, win 5840,  \
    options [rvbd-probe unkn-ver-type:1/3 31010a0001050005,nop,eol], length 0
11:12:09.634781 IP 192.168.1.6.7801 > 10.0.1.5.65535: Flags [S.], seq 20020520, ack 169835 \
    246, win 5840, options [rvbd-probe AD CSH:10.0.1.5 SSH:192.168.1.6:7800 11110a000105c0 \
    a801061e78,rvbd-probe EAD 0e3c,nop,eol], length 0
11:12:09.634888 IP 10.0.1.5.65535 > 192.168.1.6.7801: Flags [R], seq 169835246, win 0, len \
    gth 0
11:12:09.635405 IP 10.0.1.5.65535 > 192.168.1.6.7801: Flags [S], seq 169835245, win 5840,  \
    options [rvbd-probe unkn-ver-type:1/3 31020a0001050005,nop,eol], length 0
11:12:09.936657 IP 192.168.1.6.7801 > 10.0.1.5.65535: Flags [S.], seq 1081397572, ack 1698 \
    35246, win 5840, options [mss 1460], length 0
11:12:09.936697 IP 10.0.1.5.65535 > 192.168.1.6.7801: Flags [R], seq 169835246, win 0, len \
    gth 0

As can be seen, the client-side Steelhead appliance sends a SYN+, the server-side Steelhead appliance replies with a SYN/ACK+. Finally the client-side Steelhead appliance sends a TCP RST and the test is tried again.

3.9.2. Net gateway test

The Net Gateway test sends three pings the IP addresses of the local network gateways. It takes the gateways of the base interfaces routing table and the in-path interfaces routing table and tries to ping them.

In the examples below an extra destination was added to the two routing tables before the test was ran:

Figure 3.51. Output of a net gateway test

CSH (config) # show ip route
Destination       Mask              Gateway           Interface
1.2.3.4           255.255.255.255   10.0.1.67         primary
10.0.1.0          255.255.255.0     0.0.0.0           primary
default           0.0.0.0           10.0.1.9          primary

CSH (config) # show ip in-path route inpath0_0
Destination       Mask              Gateway
1.2.3.4           255.255.255.255   10.0.1.66
10.0.1.0          255.255.255.0     0.0.0.0
default           0.0.0.0           10.0.1.9

CSH (config) # nettest run net-gateway
Gateway Test                  Last Run: 2013/11/25 11:22:01
Passed

Interface          Address            Packet Loss        Result
==================================================================
Default            10.0.1.9           0%                 Passed
inpath0_0          10.0.1.66          100%               Failed
inpath0_0          10.0.1.9           0%                 Passed
Static             10.0.1.67          100%               Failed

CSH (config) # nettest run net-gateway ipv6 
Gateway Test                  Last Run: 2013/06/03 17:18:35
Passed

Interface          Address            Packet Loss        Result
==================================================================
Default            2600:809:200:4ff:20e:b6ff:fe01:6070
                                      0%                 Passed

As expected, the ones to 10.0.1.66 and 10.0.1.67 didn't get answered.

3.9.3. Duplex test

The Duplex test works by sending a large amount of ICMP ping tests over an interface. In case of a speed or duplex mismatch, there will be packet loss on it.

Figure 3.52. Output of a duplex test

CSH (config) # nettest run duplex primary target 10.0.1.9
Duplex Test                   Last Run: 2013/11/25 11:42:16
Passed

Interface          Number of Errors   Result
==================================================================
primary            0                  Passed

CSH (config) # nettest run duplex primary ipv6-target fd57:1083::3 Duplex Test Last Run: 2013/11/25 11:42:16 Passed

Interface Number of Errors Result ================================================================== primary 0 Passed

3.9.4. IP Port reachability test

The IP Port Reachability test sets up a TCP session from one of the base interfaces to the specified host.

Figure 3.53. Output of the IP Port reachability test

CSH (config) # nettest run ip-port-reach source primary addr 192.168.1.1 port 22
IP/Port Reachability Test     Last Run: 2013/11/25 11:54:17
Passed

Interface          Address            Protocol           Result
==================================================================
aux                192.168.1.1:22     Netcat             Passed

CSH (config) # nettest run ip-port-reach source primary ipv6-addr fd57:1083::3 port 22
IP/Port Reachability Test     Last Run: 2013/11/25 11:54:17
Passed

Interface          Address            Protocol           Result
==================================================================
aux                [fd57:1083::3]:22  Netcat             Passed

On the wire it looks like a normal TCP session, prefixed by some DNS resolution:

Figure 3.54. Capture of the IP Port reachability test

CSH # tcpdump -ni primary host 10.0.1.5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on primary, link-type EN10MB (Ethernet), capture size 300 bytes
11:57:42.526526 IP 10.0.1.5.32825 > 192.168.1.1.53: 18418+ PTR? 5.1.0.10.in-addr.arpa. (39 \
    )
11:57:42.827737 IP 192.168.1.1.53 > 10.0.1.5.32825: 18418 NXDomain* 0/1/0 (91)
11:57:42.828122 IP 10.0.1.5.32825 > 192.168.1.1.53: 11624+ PTR? 1.1.168.192.in-addr.arpa.  \
    (42)
11:57:43.127581 IP 192.168.1.1.53 > 10.0.1.5.32825: 11624 NXDomain* 0/1/0 (94)
11:57:43.128040 IP 10.0.1.5.33329 > 192.168.1.1.80: Flags [S], seq 3966492797, win 5840, o \
    ptions [mss 1460,sackOK,TS val 5332034 ecr 0,nop,wscale 2], length 0
11:57:43.427441 IP 192.168.1.1.80 > 10.0.1.5.33329: Flags [S.], seq 3407753711, ack 396649 \
    2798, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 3117926755 ecr 5332034], \
     length 0
11:57:43.427490 IP 10.0.1.5.33329 > 192.168.1.1.80: Flags [.], seq 1, ack 1, win 1460, opt \
    ions [nop,nop,TS val 5332333 ecr 3117926755], length 0
11:57:43.427799 IP 10.0.1.5.33329 > 192.168.1.1.80: Flags [F.], seq 1, ack 1, win 1460, op \
    tions [nop,nop,TS val 5332334 ecr 3117926755], length 0
11:57:43.729324 IP 192.168.1.1.80 > 10.0.1.5.33329: Flags [.], seq 1, ack 2, win 1040, opt \
    ions [nop,nop,TS val 3117927055 ecr 5332334], length 0
11:57:43.731237 IP 192.168.1.1.80 > 10.0.1.5.33329: Flags [F.], seq 1, ack 2, win 1040, op \
    tions [nop,nop,TS val 3117927055 ecr 5332334], length 0
11:57:43.731262 IP 10.0.1.5.33329 > 192.168.1.1.80: Flags [.], seq 2, ack 2, win 1460, opt \
    ions [nop,nop,TS val 5332637 ecr 3117927055], length 0