Skip to main content
Cisco SD-WAN
Product Documentation
Viptela Documentation

show app tcp-opt

show app tcp-opt—Display information about TCP-optimized flows (on vEdge routers only).

Command Syntax

show app tcp-opt (active-flows | expired-flows)
show app tcp-opt summary


Active Flows
Display information about active TCP-optimized flows.
Expired Flows
Display information about expired TCP-optimized flows.
Flow Summary
Display a summary of the TCP-optimized flows.

Output Fields

Expiration Reason
Why a flow expired or was deleted:
• Closed—For an optimized flow, the TCP proxy terminated the session, either because a three-way FIN termination occurred or because a TCP reset (RST) control message was received.
• FIN—For an unoptimized (passthrough) flow, the TCP session terminated normally, because a FIN control message was received, followed by a FIN-ACK control message. 
• Inactive-Timeout—For an unoptimized (passthrough) flow, no packet flow occurred for a long time on the TCP session, and the vEdge router de-allocated its resources for the session.
• RST—For an unoptimized (passthrough) flow, the TCP session terminated abnormally, because either the client or the server sent a TCP reset (RST) control message
• State-Timeout—The TCP flow was terminated prematurely, either because the router did not receive an ACK in response to a SYN-ACK or because the router was using a very large amount of CPU and could not process the new connection request.
Optimization Failure Reason
Unopt Reason
For an unoptimized flow, why the flow was not optimized:
• INIT-CONN-LIMIT—The flow was created during a period when the router was establishing an excessive number of connections per second, probably during a packet burst, and the number of flows exceeded the router's threshold level. After this threshold is reached, all new flows are created as unoptimized (passthrough) flows. When the number of INIT requests decreases to below the threshold level, the router again attempts to optimize the flows.
• INIT-TIMEOUT—The overlay network control plane took too much time to respond to the new flow, and the flow was created as an unoptimized (passthrough) flow.
• OPT-CONN-LIMIT—The vEdge router reached its time limit for establishing a connection.
• THIRD-SYN—Before the flow could be optimized, the vEdge router received a third SYN control message from the client, and as a result, it created the flow as an upoptimized (passthrough) flow.
Proxy Identity
Identity of the proxy:
• Client-Proxy—vEdge router closer to the client. The client is the party initiating the TCP flow.
• Server-Proxy—vEdge router closer to the server. The client is the party listening to the TCP flow.
TCP State
tcp-state—State of the flow:
• Close-wait—The local flow has been closed and is waiting for the remote end of the flow to acknowledge the closure.
• Expired—Data transfer for an optimized or unoptimized flow is complete, and the data flow will shortly be aged out.
• In Progress—The flow is in the process of being optimized, and data transfer has not yet begun.
• Optimized—The flow has been optimized, and data transfer for the flow is in progress.
• Passthrough—The flow has not been optimized, but data transfer for the flow is in progress.

The remaining output fields are self-explanatory.

Example Output

Display information about active and expired TCP-optimized flows:

vEdge# show app tcp-opt active-flows                                                                                                                                                            
app tcp-opt active-flows vpn 1 src-ip dest-ip src-port 53723 dest-port 22
 start-time        "Fri Mar 17 13:21:02 2017"                                    
 egress-intf-name  loop0.3                                                               
 ingress-intf-name ge0_4                                                  
 tx-bytes          153                                                            
 rx-bytes          64                                                               
 tcp-state         "In progress"                          
 proxy-identity    Client-Proxy

vEdge# show app tcp-opt expired-flows
app tcp-opt expired-flows 1489781786360 vpn 1 src-ip dest-ip src-port 53722 dest-port 22
 start-time     "Fri Mar 17 13:16:26 2017"
 end-time       "Fri Mar 17 13:17:51 2017"
 tx-bytes       4113
 rx-bytes       4333
 tcp-state      Optimized
 proxy-identity Client-Proxy
 del-reason     Closed

Release Information

Command introduced in Viptela Software Release 17.2.

Additional Information

See the Configure TCP Optimization article for your software release.

  • Was this article helpful?