Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cristian_F_CCSM
Contributor

VSX R1 JHA t72 - Interfaces not visible with clish command "show configuration interface"

Hello, we are going to migrate firewall to a new VSX cluster R81 JHA t72.
In this moment, the VSX cluster is installed in "lab mode" and all interfaces are lonked but in "down" state. We have 3 SGW 7k in VSLS clusterXL.
We have 3 VS (0,1,2), the clish command "show configuration interface" from vs0,1,2 show the configuration about management interface only (bond 4). The others interfaces are not visible:

fw01:0> show configuration interface
set interface bond4 comments "MGMT bond"
set interface bond4 state on
set interface bond4 ipv4-address x.x.x.x mask-length 24
fw01:0>

If we execute:

- clish command "show interfaces"
- expert command "ifconfig"
- expert command "ip address"
- expert command "cphaprob -a if"

the system show the correct interfaces:

fw01:0> show interfaces
Mgmt
Sync
bond1
bond2
bond2.x
bond2.x
bond2.x...

This is a cosmetic bug? Probably, this issue is started after installation of JHA 72 (from 69).

Thanks

0 Kudos
10 Replies

JHF T72 is an ongoing build with some VSX fixes, as I'm sure you're aware not every build becomes GA. 

What have you attempted here since, policy install or vsx_util reconfigure?

Reverting to T69 isn't an option?

If the problem persists please contact TAC to investigate. 

0 Kudos
Cristian_F_CCSM
Contributor

Hello, I installed jha t72 bacause the number of resolved issue is high and is relased 20 days ago.

We executed push policy to VSX cluster and vs1 and 2 but the behaviour is the same.

Yes, we can unistall t72 if this is a know issue and this isn't only "cosmetic"

I opened a dedicated SR alreday.

0 Kudos
Cristian_F_CCSM
Contributor

Hello, i uninstalled jha t72 on fw3, in this moment this gw have jha t69 and the behaviour is the same.

0 Kudos
Cristian_F_CCSM
Contributor

Hello, i uninstalled jha t72 also on SMS, in this moment the SMS have jha t69 and the behaviour is the same.

I executed also "vsx_util reconfigure" from SMS to fw03 and the behaviour is the same.

I updated TAC, I will update you.

0 Kudos
Viktor_Karlsson
Participant

Hi,

I see this behavior on JHF take 78 in R81.10 also.

Have you gotten an answer from TAC for this?

 

0 Kudos
Erez_Carmel
Employee
Employee

Hi, 

The “show configuration interface” output was indeed changed in VSX context.

When you run “save configuration” in clish, you actually put what you get in “show configuration” in a file.

You can use this file to configure a new gw (not yet VSX) machine without involving the management.

This information should include only interfaces that were configured via clish. The other interfaces you saw before the fix were configured from the management.

These interfaces belong to VSs and you can’t configure them from the gateway so they are left out of the configuration file.

If you would try to configure a new machine with these interfaces in the configuration file that was generated, you would not be able to create a VSX gateway\cluster member on this machine.

0 Kudos
Viktor_Karlsson
Participant

I agree that this is a improvement and as you say relevent when exporting configuration from a VSX.

What I question is that no information of this change has been published. For me when noticing this change during a upgrade was more confused and thinking something was wrong. 

That is why i'm asking what the TAC has answered regarding this.

0 Kudos
Jones
Contributor

Hi,

This creates a problem, because you don't get the synchronization interface anymore. This is a must have when configuring a new machine.

Secondly, when going in clish to another VS environment, you'll also don't get the interface information, but you do get the routing information. In my eyes this is confusing and not consistent.

0 Kudos
Erez_Carmel
Employee
Employee

You are correct about the routing information. This was brought to our attention a couple of weeks ago and it will be fixed and delivered to all the relevant jumbos.

0 Kudos
Cristian_F_CCSM
Contributor

Hello, the systems are in production from one month and all works fine.

Also the analysys with the TAC was OK, the situation is strange but is not problematic bacause all interfaces are in the initial config and present in the OS.

0 Kudos