The values on the IPSec tab report successful and failed IKE operations when Dynamic IPSec is used to protect control or bearer plane traffic.
In the default view, the Reports tab displays the Summary view, which summarizes the measurements for the test session. If your test includes multiple test cases, you can view the report for a single test case by changing the report view...
Unless otherwise noted, cumulative values report the number of occurrences or rates calculated since the start of the test, and per-interval values report the number of occurrences or rates calculated during the interval. You can view either by changing the measurement values...
Elapsed Time is the first measurement on every tab. It reports the amount of time between the start of the test and the end of the report interval.
Test Iteration reports the current iteration in a repeating test session. It is only displayed when a Number of Iterations is defined for the test session.
Packets Encrypted — The total number of outgoing packets encrypted.
Packets Decrypted — The total number of incoming packets decrypted.
Packets Lost — The total number of packets which were lost on the accelerator card due to it being too busy (The accelerator card is being pushed beyond its limits and cannot handle/keep up with the data).
Packets Discarded — The total number of incoming packets that were discarded.
Duplicate Packets — The total number of incoming packets that were duplicated.
Packet Authentication Failures — The total number of incoming packets that failed authentication.
IKE Messages Sent — The number of messages sent during IKE Phase I and Phase II.
IKE Messages Received — The number of messages received during IKE Phase I and Phase II.
IKE Encrypted Blocks — The number of SSL blocks encrypted during IKE Phase I and Phase II.
IKE Decrypted Blocks — The number of SSL blocks decrypted during IKE Phase I and Phase II.
IKE Max Liveness Attempts — The maximum number of times the test attempted to establish an IPSec tunnel before marking it as failure to establish IPSec Tunnel.
IKE Dead Peer Detection Sent — The number of dead peer detection messages sent.
IKE Dead Peer Detection Received — The number of dead peer detection messages received.
IKE Dead Peer Detection Timeouts — The number of times IKE failed due to a detection of a dead peer.
IKE Average Connect Time — The average time required to establish an IPSec tunnel.
IKE Average Disconnect Time — The average time required to tear down an IPSec tunnel.
IKE Phase I Average Rekey Time — The average time required to refresh an IKE SA when its lifetime expires.
IKE Phase I Average Setup Time — The average time required to establish an IKE SA.
IKE Phase II Average Setup Time — The average time required to establish an IPSec SA.
IKE Phase II Average Rekey Time — The average time required to refresh an IPSec SA when its lifetime expires.
The following measurements report the progress of IKE Phase I and the negotiation of ISAKMP SAs between the IPSec peers. IKE Phase I is not performed when the IKE mode is Pre-Provisioned.
IKE Phase I Timeouts — The number of times IKE Phase I failed due to a non-responsive peer.
IKE Phase I Re-Key Attempts — The number of times the local peer attempted to refresh the IKE SA prior to expiration of its lifetime.
IKE Phase I Re-Key Successes — The number of times an IKE SA was successfully refreshed.
IKE Phase I Attempts — The number of times IKE Phase I was attempted. This measurement should match the number of MNs or Client Nodes defined in the test case.
IKE Phase I Successes — The number of times IKE Phase I was successful, resulting in an ISAKMP SA.
IKE Phase I Failures — The number of times IKE Phase I failed due to a timeout, a hash mismatch, a decryption failure, or a specific error returned by the peer.
IKE Phase I Retries — The number of times an IKE Phase I message was re-transmitted because a response was not received from the peer in the time allotted.
|
NOTE: This error will not prevent IKE Phase I from succeeding if a reply is received before all retries have been exhausted. |
IKE Phase I Hash Mismatches — The number of IKE Phase I messages that were discarded due to a mismatch between the payload and the hashed payload.
IKE Phase I RSA Decryption Failures — The number of times IKE Phase I failed due to a mismatch between public and private keys.
The following measurements report the progress of IKE Phase II and the negotiation of IPSec SAs between the IPSec peers. IKE Phase II is not performed when the IKE mode is Pre-Provisioned.
IKE Phase II Attempts — The number of times IKE Phase II was attempted. This measurement should match the number of MNs or Client Nodes defined in the test case multiplied by the number of tunnels defined on the IPSec tab.
IKE Phase II Successes — The number of times IKE Phase II was successful, resulting in an IPSec SA.
IKE Phase II Failures — The number of times IKE Phase II failed due to a timeout, a hash mismatch, or a specific error returned by the peer.
IKE Phase II Retries — The number of times an IKE Phase II message was re-transmitted because a response was not received from the peer in the time allotted.
|
NOTE: This error will not prevent IKE Phase II from succeeding if a reply is received before all retries have been exhausted. |
IKE Phase II Re-Key Attempts — The number of times the local peer attempted to refresh an IPSec SA prior to expiration of its lifetime.
IKE Phase II Re-Key Successes — The number of times an IPSec SA was successfully refreshed.
IKE Phase II Hash Mismatches — The number of IKE Phase II messages that were discarded due to a mismatch between the payload and the hashed payload.
IKE Redirect Tunnel Sent —
IKE Redirect Tunnel Rcvd —
Redirect Failure Notifications —
The following counters report the Delete requests sent and received by the local peer. Each peer sends a Delete request containing a list of SAs to be deleted when one or more tunnels is deactivated.
IKE Delete Tunnel Sent — The number of Delete request messages sent by the local peer, directing the remote peer to delete the referenced SAs.
IKE Delete Tunnel Received — The number of Delete request messages received by the local peer, directing the local peer to delete the referenced SAs.
The following counters report the number of Informational Exchange messages sent and received by the local peer. An Informational Exchange can contain a Notification, Delete, or Configuration payload.
IKE Information Exchange Sent
IKE Information Exchange Received
The following counters report IKE errors, by notification type, received from the remote peer during SA negotiation.
Invalid Payload Type Notifications
Doi Not Supported Notifications
Situation Not Supported Notifications
Invalid Cookie Notifications
Invalid Major Version Notifications
Invalid Minor Version Notifications
Invalid Exchange Type Notifications
Invalid Flags Notifications
Invalid Message ID Notifications
Invalid Protocol ID Notifications
Invalid Spi Notifications
Invalid Transform ID Notifications
Attributes Not Supported Notifications
No Proposal Chosen Notifications
Bad Proposal Syntax Notifications
Payload Malformed Notifications
Invalid Key Information Notifications
Invalid Id Information Notifications
Invalid Cert Encoding Notifications
Invalid Certificate Notifications
Cert Not Supported Notifications
Invalid Certificate Authority Notifications
Invalid Hash Information Notifications
Authentication Failed Notifications
Invalid Signature Notifications
Address Notifications
Notify Sa Lifetime Notifications
Certificate Unavailable Notifications
Unsupported Exchange Type Notifications
Unequal Payload Length Notifications
Single Pair Required Notifications
No Additional SAs Notifications
Internal Address Failure Notifications
Failed Cp Required Notifications
Ts Unacceptable Notifications
Invalid Selectors Notifications