cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1604
Views
0
Helpful
4
Replies

3660 Encryption AIM

STEPAN JANKOVIC
Level 1
Level 1

Hello, I have suspiction (low performance), that my encryption aim is not running. If i type "show crypto engine accelerator brief" the output contains:

"

crypto engine name: unknown

crypto engine type: ISA/ISM

...

crypto engine name: unknown

crypto engine type: software

...

crypto engine state: installed

crypto engine in slot: N/A

"

I am concerned about that "software" type.

When I try crypto engine accelerator command, the output is, that encryption is already enabled. Software is c3660-ik2o3s-mz.121-3a.XI5(have to be OK). Is any way to definitely recognize if the AIM is running? Thanks for any ideas. Steve

4 Replies 4

jfrahim
Level 5
Level 5

Hi Steve,

you can type " sh cry eng acceler stat" to see if your encryption card is processing the packets ( i.e, encrypting or decrypting the packets )

Hope that helps

Jazib

Thanx, I know this command, but i'm not sure about the output. From the first part (Encryption AIM in aim slot:) i should derive that it is ok, but from the part (EncryptionAIM0/13:) i have derived, that the AIM is not running. What do You think?

sh crypto eng accel stat

Encryption AIM in aim slot: 0

source limited; enabled

In Drops: 0 Out Drops: 2 Fast Sends: 2419869988

Up Calls: 2419869986 Tx disabled: 0 ifout drops: 0

Pkt Errs: 0 Pkts output: 2419869986 Bytes output: 3854887622

NULL Pkts: 0 No PKTS: 3082988493 >16 parts: 0

Huge Pkts: 0 WQ Errs: 0 HP Defers: 0

Hold Queue Events

Repar fails: 0 Enq fails: 2 Entries: 000

Fallbacks: 0 Enqueues: 926361264 Dequeues: 926361264

Stat paks: 0 Repars: 926358411 pak free: 926383514

Kaos Hi Pri Tx: Enqueued: 2419869986 paks 3363347632 bytes

Dequeued: 0 paks 0 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

Kaos Hi Pri Rx: Enqueued: 0 paks 0 bytes

Dequeued: 2419869986 paks 3448571092 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

Kaos Lo Pri Tx: Enqueued: 8712705 paks 168257683 bytes

Dequeued: 0 paks 0 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

Kaos Lo Pri Rx: Enqueued: 0 paks 0 bytes

Dequeued: 0 paks 0 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

Kaos Lo Pri MIPS Tx: Enqueued: 1815006 paks 143647923 bytes

Dequeued: 1815006 paks 136912187 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

Kaos Lo Pri MIPS Rx: Enqueued: 1815006 paks 65697111 bytes

Dequeued: 1815006 paks 65697111 bytes

Tx Disabled: 0 Ifout drops: 0 Partcnt err: 0

No bufs: 0 Errs: 0 Ringfull: 0

EnqFail: 0 many parts: 0 bad parts: 0

EncryptionAIM0/13:

ds: 0x61FE3498 idb:0x61FDF034

Statistics for Encryption Module:

0 packets in 0 packets out

0 paks/sec in 0 paks/sec out

0 Kbits/sec in 0 Kbits/sec out

rx_no_endp: 0 rx_hi_discards: 0 fw_failure: 0

invalid_sa: 0 invalid_flow: 0 cgx_errors 0

fw_qs_filled: 0 fw_resource_lock:0 lotx_full_err: 0

null_ip_error: 0 pad_size_error: 0 out_bound_dh_acc: 0

esp_auth_fail: 0 ah_auth_failure: 0 crypto_pad_error: 0

ah_prot_absent: 0 ah_seq_failure: 0 ah_spi_failure: 0

esp_prot_absent:0 esp_seq_fail: 0 esp_spi_failure: 0

obound_sa_acc: 0 invalid_sa: 0 out_bound_sa_flow: 0

invalid_dh: 0 bad_keygroup: 0 out_of_memory: 0

no_sh_secret: 0 no_skeys: 0 invalid_cmd: 0

dsp_coproc_err: 0 comp_unsupported:0 pak_too_big: 0

pak_mp_length_spec_fault: 0

tx_lo_queue_size_max 0 cmd_unimplemented: 0

4294967 seconds since last clear of counters

Interrupts: -2041009202 Immed: 3 HiPri ints: -2049428276

LoPri ints: 8712705 POST Errs: 0 Alerts: 1

Unk Cmds: 0 UnexpCmds: 0

cgx_cmd_pending:0 packet_loop_max: 0 packet_loop_limit: 0

Can you please run:

SV3-9#sh cry engine config

crypto engine name: Virtual Private Network (VPN) Module

crypto engine type: hardware

if it is in software you will see the following:

SV3-9#sh cry engine config

crypto engine name: Virtual Private Network (VPN) Module

crypto engine type: software

Let me know if you have any problems running this command.

R/Catherine

Hello Catherine,

I have tried this before:

sh crypto engine config

crypto engine name: unknown

crypto engine type: ISA/ISM

From this output I suppose, that it stands for hardware encryption.

However, other diagnostic commands outputs are not clear enough. I give it up and believe in hardware encryption.

Thanks a lot.

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: