Monitoring VPN Bridges

To monitor Message VPN bridge configuration and status, enter the following User EXEC command:

solace> show bridge <bridge-name-pattern> [message-vpn <vpn-name-pattern>] [remote-message-vpn <remote-vpn-name-pattern>] [remote-router-name <remote-router-name-pattern>] [connect-via <addr-port>] [auto | primary | backup] [subscriptions [local | remote] | stats [queues] | connections [wide] | detail | message‑spool‑stats | ssl | client‑certificate]

When no optional parameters are provided a summary of status information for the bridges is displayed in tabular form. When an optional parameter is provided (for example, connect-via <addr-port>), more detailed information is displayed.

Where:

<bridge-name-pattern> is the Message VPN bridge name. This can be its full name or part of its name when wildcard characters are used.

<vpn-name-pattern> is the name of the Message VPN local to the bridge. This can be its full name or part of its name when wildcard characters are used.

<remote-vpn-name-pattern> is the name of the Message VPN remote to the bridge. This can be its full name or part of its name when wildcard characters are used.

<remote-router-name-pattern> is the name of the appliance where the specified Message VPN remote to the bridge is located. This can be its full name or part of its name when wildcard characters are used.

<addr-port> is the IP address and TCP port of the appliance (or the local appliance itself when bridging between two different Message VPNs on the same appliance) in the form IP_address[:port]. IPv4 addresses must be specified in the dotted decimal notation form, nnn.nnn.nnn.nnn. In SolOS version 9.12.0 and later, IPv6 formatted strings (RFC 5952) are supported, however, these addresses must be enclosed in square brackets. The port is specified as a decimal value from 0 to 65535. For example, a correctly formatted IPv4 address is: 192.168.100.1:55555. The same address in IPv6 fromat is [::ffff:c0a8:6401]:55555. If the port is unspecified, the default is 55555 for non-compressed data, and 55003 for compressed data. DNS Name Lookup is supported.

primary specifies to show information for primary virtual routers only (default is to display information for both primary and backup virtual routers)

backup specifies to show information for backup virtual routers only (default is to display information for both primary and backup virtual routers)

auto specifies to show information for

subscriptions specifies to show information for all local and remote subscriptions configured for the bridge

subscriptions local specifies to show information only for local subscriptions configured for the bridge

subscriptions remote specifies to show information only for remote subscriptions configured for the bridge

stats specifies to show statistics for the specified Message VPN bridge

stats queues specifies to show statistics for the message queues associated with the specified Message VPN bridge

connections specifies to show TCP connection status information for the specified Message VPN bridge

connections wide specifies to show detailed TCP connection status information for the specified Message VPN bridge in a wide screen computer display format (300+ character width)

detail specifies to show detailed Message VPN bridge information

message-spool-stats specifies to show message spool statistics for the specified Message VPN bridge

ssl specifies to show information related to SSL encryption for the bridge.

client-certificate specifies to show information related to the client certificate that is configured for the bridge.

Example 2 — show bridge detail

solace> show bridge b00001 message-vpn vpn0001 detail
 
Bridge Name:             b0001
Message VPN
      Local:             vpn0001
     Remote:             vpn0002 at v:solace2 via 192:168:123:456:55555 ()
Redundancy:              auto
Virtual Router:          primary
Admin State:             Enabled
Conn Establisher:        Local
Inbound Oper State:      Ready-InSync
Outbound Oper State:     NotApplicable
Queue Oper State:        NotApplicable
Connection Uptime:       0d 0h 3m 41s
Authentication
  Scheme:                Basic
  Basic
    Client Username:
    Password Configured: No
  Client Certificate
    Certificate File:
Transport Property
  Compressed:            -
  SSL:                   -
Retry Count:             0 of 0
Retry Delay:             3 seconds ( 0 remaining )
Max TTL:                 8
Dto Priority:            P1
Client Name:
One Shot Events
  TTL Exceeded:          not raised
Subscriptions
  Local:                 0
  Remote:                0
Remote Message VPN:      vpn0002 via 192.168.123.456:55555 ()
  Admin State:           Enabled
  Connect Order:         4
  Connect Port Mode:     non-compress, non-ssl
  Connection State:      Connected
  Message Spool
    Queue:
    Queue Bind State:    Not In Use
    Queue Bind Uptime:   0d 0h 0m 0s
    Window Size:         255
  Unidirectional
    Client Profile:      #client-profile

Possible reported operational states for inbound or outbound Message VPN bridge connections as displayed by the “Inbound Oper State:” and “Outbound Oper State:” fields, respectively, in Example 2 are listed below.

Reported Operational States for Inbound or Outbound VPN Bridge Connections
Operational State	Description
Init	The bridge is down but is initializing.
Shutdown	The bridge is down. It has been disabled by configuration.
Prepare-WaitToConnect	The bridge is down. It is waiting to connect to the remote event broker.
Prepare-FetchingDNS	The bridge is down. The domain name of the remote event broker is being resolved.
NotReady-Connecting	The bridge is down. It is in the process of connecting to the remote event broker.
NotReady-Handshaking	The bridge is down. It has connected to the remote event broker, and is in the process of negotiating with it.
NotReady-WaitNext	The bridge is down. It has failed to connect to a remote event broker, and is waiting for the configured remote retry delay to expire before retrying.
NotReady-WaitReuse	The bridge is down. It established its own connection to the remote event broker, but determined instead that it should use a pre-existing connection established from that remote event broker. It is waiting for its own connection to close before reusing the existing connection.
NotReady-WaitBridgeVersionMismatch	The bridge is down. The connection failed to connect due to the remote event broker presenting an unexpected version.
NotReady-WaitCleanup	The bridge is down. Its connection has closed and is in the process of being cleaned up.
Ready-Subscribing	The bridge is up and is attracting traffic. It is in the process of adding configured subscriptions to the remote event broker.
Ready-InSync	The bridge is up and is attracting traffic. All configured subscriptions have been added to the remote router.
Stalled	The bridge is down. Inbound guaranteed messages are not flowing. Administrative actions may be required to clear this state.
NotApplicable	The connection is not relevant in the inbound direction.

Possible reported causes for VPN bridge connection failures as displayed by the “Last Conn Failure Reason:” field in Example 2 are listed in the table below.

Reported Causes for VPN Bridge Connection Failures
Cause	Description
bridge to self	A loopback bridge connection to the identical local and remote Message VPN, which is not allowed.
bridging not allowed	The client username connected to the remote appliance does not allow VPN bridge clients.
compression error	Processing error occurred when compressing data to be sent to the remote peer.
connection down	The remote peer gracefully closed the TCP connection due to, for example, shutting down SMF service or routing.
could not allocate	Buffer or resource allocation request failed.
decompression error	The data received from the peer could not be decompressed. This may be because the event broker thinks the connection is carrying compressed data, while the remote peer thinks it is carrying decompressed data (that is, the specified remote TCP port is for decompressed data).
keep-alive failure	The remote peer did not respond to TCP Keepalives. This usually happens when the remote peer is no longer reachable because it either crashed, restarted, or does not exist, or there is a problem with the network connectivity.
link closed	The IP interface inferred from the request is administratively disabled.
no compatible bridge available	The bridge is using the appliance name form of a remote Message VPN connection (rather than connect-via) and there is no compatible remote VPN bridge connection available for it to share.
not found	Either the event broker does not have any client information for the client ID specified in the request, or there is no IP interface for the physical interface and virtual router index specified in the request.
ok	All is normal.
open failed	Failures typically at the TCP socket layers. For example, the specified remote peer IP address and port are already in use by another TCP connection, or there is no IP route to the specified remote peer IP address.
parse error	The event broker could not understand the data sent by the remote peer.
peer draining too slowly	The remote peer, or the network path to it, cannot accommodate the volume of messages being sent to it, and the local event broker was forced to do a “slow connection” disconnection of the TCP connection.
peer refused connection	The remote peer refused the TCP connection. This usually occurs because the remote peer is not listening on the specified remote TCP port.
peer reset	The remote peer sent the local event broker a TCP reset. This usually happens when the local event broker and the remote peer disagree on whether the TCP connection exists; the remote peer believes it does not.
too many retransmissions	The remote peer did not respond to the TCP connection. This usually happens when the remote peer is not reachable because it either crashed, restarted, or does not exist, or there is a problem with the network connectivity.

Example 4 — show bridge stats

The statistical values displayed by “Avg. Rate (60 sec interval)” are not an average, but an approximation based on a smoothing function which has a 60 second time constant.

solace> show bridge b00001 message-vpn vpn00001 stats
 
Bridge Name:           b00001
Message VPN
  Local:               vpn00001
  Remote:              vpn00001 at v:lab-128-97 via 192.168.160.197:55555 ()
Redundancy:            primary
Admin State:           Enabled
Conn Establisher:      Local
Client Name:      #bridge/0:localhost/3009/0
Subscriptions:    0
Message VPN:      vpn00001
Description:      Local Bridge (b00001)
                                               Received                  Sent
                                   --------------------  --------------------
Total Client Messages                                 3                     2
  Client Data Messages                                0                     0
    Persistent                                        0                     0
    Non-persistent                                    0                     0
    Direct                                            0                     0
  Client Control Messages                             3                     2
Total Client Bytes                                  307                   255
  Client Data Bytes                                   0                     0
    Persistent                                        0                     0
    Non-persistent                                    0                     0
    Direct                                            0                     0
  Client Control Bytes                              307                   255
                                      Ingress (msg/sec)      Egress (msg/sec)
                                   --------------------  --------------------
Current Rate (1 sec sample)                           0                     0
Avg. Rate (60 sec interval)                           0                     0
                                     Ingress (bytes/sec)   Egress (bytes/sec)
                                   --------------------  --------------------
Current Rate (1 sec sample)                           0                     0
Avg. Rate (60 sec interval)                           0                     0
Total Ingress Discards                                                      0
Total Egress Discards                                                       0

Clearing VPN Bridge Statistics

To clear the statistics for one or Message VPN bridges, enter the following Privileged EXEC level command:

solace> enable
solace# clear bridge <bridge-name-pattern> message-vpn <vpn-name-pattern> [primary | backup | auto] stats

Where:

<bridge-name-pattern> is the full name of the specified Message VPN bridge, or part of this Message VPN bridge name with the wildcard character ? used to represent one character of the name, or the wildcard character * used to represent zero or more characters of the name, where entering only the wildcard character * for the name clears all Message VPN bridges.

<vpn-name-pattern> is the full name of the Message VPN local to the bridge, or part of the Message VPN name with the wildcard character ? used to represent one character of the name, or the wildcard character * used to represent zero or more characters of the name, where entering only the wildcard character * for the name clears all Message VPNs local to the bridge.

primary specifies to clear information for primary virtual routers only. By default, all bridge stats are cleared.

backup specifies to clear information for backup virtual routers only. By default, all bridge stats are cleared.

auto specifies to clear information for bridge configured as using the auto virtual router. By default, all bridge stats are cleared.

Provide feedback