fw monitor stops working after upgrade to R80.40

Lincoln_Webber · ‎2020-05-27

Hi Guys,

We upgrade our R80.30 VSX cluster to R80.40 JHF Take 45 over the weekend and fw monitor complains that it cant allocate buffer then throws me back to the shell. See the screenshot for the actual messages.

Has anyone experienced this of has insight into the cause and solution?

HeikoAnkenbrand · ‎2020-05-27

Hi @Lincoln_Webber,

Add your VS to fw monitor:

fw monitor -v <vsx instance> -e "accept(host ...);"

Specifies the capture filter (for both accelerated and non-accelerated traffic):

-F "<Source IP>,<Source Port>,<Dest IP>,<Dest Port>,<Protocol Number>"

If that doesn't help, I'd open a TAC case.

PS:
With R80.40 fw monitor works slightly different than in older versions. Showing list of chain modules with the "fw monitor", when you do not change the default capture positions:

in chain (17):
0: -7fffffff (0000000000000000) (00000000) SecureXL inbound (sxl_in)
1: -7ffffffe (0000000000000000) (00000000) SecureXL inbound CT (sxl_ct)
2: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (in) (ipopt_strip)
3: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
4: - 1fffff8 (ffffffff8b66f6f0) (00000001) Stateless verifications (in) (asm)
5: - 1fffff7 (ffffffff8b66f210) (00000001) fw multik misc proto forwarding
6: 0 (ffffffff8b8506a0) (00000001) fw VM inbound (fw)
7: 2 (ffffffff8b671d10) (00000001) fw SCV inbound (scv)
8: 4 (ffffffff8b061ed0) (00000003) QoS inbound offload chain module
9: 5 (ffffffff8b564d30) (00000003) fw offload inbound (offload_in)
10: 10 (ffffffff8b842710) (00000001) fw post VM inbound (post_vm)
11: 100000 (ffffffff8b7fd6c0) (00000001) fw accounting inbound (acct)
12: 22000000 (ffffffff8b0638d0) (00000003) QoS slowpath inbound chain mod (fg_sched)
13: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
14: 7f730000 (ffffffff8b3c40b0) (00000001) passive streaming (in) (pass_str)
15: 7f750000 (ffffffff8b0e5b40) (00000001) TCP streaming (in) (cpas)
16: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (in) (ipopt_res)

out chain (16):
0: -7f800000 (ffffffff8b6718c0) (ffffffff) IP Options Strip (out) (ipopt_strip)
1: -70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (i/f side)
2: - 1fffff0 (ffffffff8b0d0190) (00000001) TCP streaming (out) (cpas)
3: - 1ffff50 (ffffffff8b3c40b0) (00000001) passive streaming (out) (pass_str)
4: - 1f00000 (ffffffff8b66f6f0) (00000001) Stateless verifications (out) (asm)
5: - 1ff (ffffffff8aeec0a0) (00000001) NAC Packet Outbound (nac_tag)
6: 0 (ffffffff8b8506a0) (00000001) fw VM outbound (fw)
7: 10 (ffffffff8b842710) (00000001) fw post VM outbound (post_vm)
8: 15000000 (ffffffff8b062540) (00000003) QoS outbound offload chain modul (fg_pol)
9: 21000000 (ffffffff8b0638d0) (00000003) QoS slowpath outbound chain mod (fg_sched)
10: 70000000 (ffffffff8b6774d0) (ffffffff) fwmonitor (IP side)
11: 7f000000 (ffffffff8b7fd6c0) (00000001) fw accounting outbound (acct)
12: 7f700000 (ffffffff8b0e4660) (00000001) TCP streaming post VM (cpas)
13: 7f800000 (ffffffff8b671870) (ffffffff) IP Options Restore (out) (ipopt_res)
14: 7f900000 (0000000000000000) (00000000) SecureXL outbound (sxl_out)
15: 7fa00000

Ilya_Yusupov · ‎2020-05-28

Hi @Lincoln_Webber ,

Can you share the exact command you used for fw monitor? it's not seen in the screenshot.

Also any chance that you run some debug on the system before running the fw monitor command?

In general looks like your buffer is full this is why the fw monitor is not able to load.

Lincoln_Webber · ‎2020-05-28

Hi Ilya,
The command is in the first line of the screenshot (fw monitor -e 'accept host(x.x.x.x);'

Ilya_Yusupov · ‎2020-05-31

Hi @Lincoln_Webber ,

i tried same command in my lab and it works, as i mention before it looks like buffer issue.

Are you sure you don't have any debugs turned on?

Lincoln_Webber · ‎2020-05-28

Hey Heiko,

I got it to run by adding the -v option.