Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cristian_F_CCSM
Contributor
Contributor

VSX R1 JHA t72 - Interfaces not visible with clish command "show configuration interface"

Hello, we are going to migrate firewall to a new VSX cluster R81 JHA t72.
In this moment, the VSX cluster is installed in "lab mode" and all interfaces are lonked but in "down" state. We have 3 SGW 7k in VSLS clusterXL.
We have 3 VS (0,1,2), the clish command "show configuration interface" from vs0,1,2 show the configuration about management interface only (bond 4). The others interfaces are not visible:

fw01:0> show configuration interface
set interface bond4 comments "MGMT bond"
set interface bond4 state on
set interface bond4 ipv4-address x.x.x.x mask-length 24
fw01:0>

If we execute:

- clish command "show interfaces"
- expert command "ifconfig"
- expert command "ip address"
- expert command "cphaprob -a if"

the system show the correct interfaces:

fw01:0> show interfaces
Mgmt
Sync
bond1
bond2
bond2.x
bond2.x
bond2.x...

This is a cosmetic bug? Probably, this issue is started after installation of JHA 72 (from 69).

Thanks

0 Kudos
18 Replies
Chris_Atkinson
Employee Employee
Employee

JHF T72 is an ongoing build with some VSX fixes, as I'm sure you're aware not every build becomes GA. 

What have you attempted here since, policy install or vsx_util reconfigure?

Reverting to T69 isn't an option?

If the problem persists please contact TAC to investigate. 

CCSM R77/R80/ELITE
0 Kudos
Cristian_F_CCSM
Contributor
Contributor

Hello, I installed jha t72 bacause the number of resolved issue is high and is relased 20 days ago.

We executed push policy to VSX cluster and vs1 and 2 but the behaviour is the same.

Yes, we can unistall t72 if this is a know issue and this isn't only "cosmetic"

I opened a dedicated SR alreday.

0 Kudos
Cristian_F_CCSM
Contributor
Contributor

Hello, i uninstalled jha t72 on fw3, in this moment this gw have jha t69 and the behaviour is the same.

0 Kudos
Cristian_F_CCSM
Contributor
Contributor

Hello, i uninstalled jha t72 also on SMS, in this moment the SMS have jha t69 and the behaviour is the same.

I executed also "vsx_util reconfigure" from SMS to fw03 and the behaviour is the same.

I updated TAC, I will update you.

0 Kudos
Viktor_Karlsson
Participant
Participant

Hi,

I see this behavior on JHF take 78 in R81.10 also.

Have you gotten an answer from TAC for this?

 

0 Kudos
Erez_Carmel
Employee
Employee

Hi, 

The “show configuration interface” output was indeed changed in VSX context.

When you run “save configuration” in clish, you actually put what you get in “show configuration” in a file.

You can use this file to configure a new gw (not yet VSX) machine without involving the management.

This information should include only interfaces that were configured via clish. The other interfaces you saw before the fix were configured from the management.

These interfaces belong to VSs and you can’t configure them from the gateway so they are left out of the configuration file.

If you would try to configure a new machine with these interfaces in the configuration file that was generated, you would not be able to create a VSX gateway\cluster member on this machine.

0 Kudos
Viktor_Karlsson
Participant
Participant

I agree that this is a improvement and as you say relevent when exporting configuration from a VSX.

What I question is that no information of this change has been published. For me when noticing this change during a upgrade was more confused and thinking something was wrong. 

That is why i'm asking what the TAC has answered regarding this.

0 Kudos
Jones
Contributor
Contributor

Hi,

This creates a problem, because you don't get the synchronization interface anymore. This is a must have when configuring a new machine.

Secondly, when going in clish to another VS environment, you'll also don't get the interface information, but you do get the routing information. In my eyes this is confusing and not consistent.

0 Kudos
Erez_Carmel
Employee
Employee

You are correct about the routing information. This was brought to our attention a couple of weeks ago and it will be fixed and delivered to all the relevant jumbos.

0 Kudos
Jones
Contributor
Contributor

Hi,

On R81.10 Jumbo Take 87 (recommended), the synchronization interface is still not visible unfortunately. Also, static routes are still visible per VS.

0 Kudos
Erez_Carmel
Employee
Employee

Hi,

We will restore the previous behavior and the interfaces will be visible again. I don't know yet which jumbo release will have the fix but I'll do my best to have it in the jumbos as soon as I possible.

0 Kudos
Hrvoje_Brlek
Collaborator

@Erez_Carmel just for info, to maybe help you pinpoint, as we recently observed the same situation:

  • We are running one VSX with 80.40 JHF 173 and there is NO interface information in VS 0 clish shown.
  • On second VSX we are running 80.40 JHF Take 161 and there IS interface information in VS 0 clish shown.

We find it useful cause we use netflow data enrichment via SNMP and this way we have all the interfaces and their names aka comments (that are manually added) in one place... 

 

0 Kudos
Jones
Contributor
Contributor

Hi Erez,

Good to hear that the interface information is coming back.

I'm using a script to filter interesting information about VSX. For VS0, to get the needed interface information for a restore, I'm using the following that I added to this partial script: uitvraag-vs0-interfaces.txt

Please note, this script will work properly again once all information is available again (like in older Jumbo Takes), so when the "comments" and the "synchronization" information is back again.

0 Kudos
Robert_CCSM_E
Explorer
Explorer

Many of us out in the field DO NOT see this as a beneficial enhancement. It makes troubleshooting more cumbersome and the first time we saw this behavior traffic wouldnt flow through the VS because it didnt see the interfaces in its config. So I would recommend reverting this "so called cosmetic change" back. This change was definitely not needed.

Robert

Cristian_F_CCSM
Contributor
Contributor

Hello, the systems are in production from one month and all works fine.

Also the analysys with the TAC was OK, the situation is strange but is not problematic bacause all interfaces are in the initial config and present in the OS.

0 Kudos
spottex
Contributor

We started at JHF66 installed JHF 94. Second part of the change was to remove rouge interfaces on one node with the delete interface <Name of Physical Interface> vlan <VLAN ID> from the Admin guide.
After the JHF 94 install All interfaces except Mgmt no longer show in Clish config in all contexts, the command does not work, but the interfaces are till in GAIA i.e. ifconfig.
Also, show interface <bond#.val#> still outputs the interface.
An hour of confusion I stumble on this thread

Does anyone have a link on more information about this?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

PRJ-44745,PMTR-90616 listed in the upcoming fixes section of R81.10 JHF documentation 

Virtual System's interfaces may be missing when running the Clish command "show/save configuration".

CCSM R77/R80/ELITE
(1)
spottex
Contributor

Oh Jolly good show. I looked through all the resolved issues and only found save config fix. Didn't think to look in upcoming 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events