ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Changing from MirrorN to IPFIX in ExtremeWireless

  • 1.  Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 00:31

    I have an existing integration of EWC and Purview, however I went to use it today and it seems to have stopped working after I upgraded the analytics appliances to 8.0.2.42 a month ago. Some quick debugging hinted that while Netflix and mirrorN traffic was coming through, the appid process wasn't listening on the correct ports for some reason.

    I figured it was then a good time to try and migrate to the new IPFIX-based method that doesn't need an L2 port any more. I followed https://extremeportal.force.com/ExtrArticleDetail?an=000090154 and set the Traffic Mirror L2 Port to None, and set traffic mirror to prohibited in all the VNS/Role configuration, but it's still not working. Anyone know what other configuration I need to set to make it use IPFIX?



  • 2.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 00:43
    Did you enable app visibility on WLAN? Usually it's all you need , plus the management IP of Purview appliance on global netflow setting, which I believe you already have configured


  • 3.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 09:33
    Hi James,

    Does the engine need to be enforced from the EMC server? We would expect these ports to be up and listening and may not appear until an enforce happens.

    udp6 0 0 :::2055 :::*
    udp6 0 0 :::2075 :::*
    udp6 0 0 :::2095 :::*
    udp6 0 0 :::161 :::*

    Thanks
    Jeff



  • 4.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 12:39
    Can you still connect to the EMC server with another java client? ie. Console


  • 5.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:04

    If a restart of the netsight server service does not provide relief check out this article.

    https://extremeportal.force.com/ExtrArticleDetail?an=000063533



  • 6.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    Correct. I wouldn't expect a reboot of Purview would help. Purview, like Console is considered a client machine and neither can connect because of an issue with the EMC server.


  • 7.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:44
    I had some similar issues when I upgraded to 8.0.2.42. It took a couple hours with support to figure it out. It turns out that it was a certificate error. I had generated my own certificate from a CA in my environment and NMS was having none of it. By deleting the certificate and going back to the self-signed certificate, Purview was then able to connect.

    I also had errors bringing up and of the legacy Java stuff. But I was getting different errors after fixing the cert. And I fixed the Java problem by updating the version of Java installed on my machine.



  • 8.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 00:43
    Yeah, I already have Application Visibility enabled. I did try adding the flow source from EMC, but that still expects a mirror port to be set. Removing the EWCs as flow sources and then re-adding the Purview management IP in the Netflow configuration made them re-appear, but still no data. AFAICT the java process isn't listening on the right ports:
    $ lsof -ni|grep java
    java 1188 root 182u IPv6 588 0t0 TCP *:45627 (LISTEN)
    java 1188 root 256u IPv6 12469 0t0 TCP 10.20.20.74:http-alt (LISTEN)
    java 1188 root 257u IPv6 12472 0t0 TCP 10.20.20.74:8443 (LISTEN)[/code]I would have expected ports 9191 (for IPFIX) and 2095 (for EWC Netflow) to be open at least. tcpdump shows data coming in from the EWC on UDP port 2095 but a ICMP port unreachable message being sent in reply.
    [/code]


  • 9.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 09:33
    Yeah, I did an enforce before, and just ran "Enforce all engines" now. The overview does say "Connectivity Issues: cannot establish client connection" on both engines, I don't really know what that means though.


  • 10.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 12:39
    I can connect to the EMC web interface fine, but in Analytics/Configuration/Overview it looks like this:


    I can't connect to the EMC with the fat clients as I have a third-party certificate installed, I'm waiting for 8.0.3 to come out to fix that bug.


  • 11.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:04

    Yeah, I've already been through that with GTAC, hence waiting for 8.0.3. Going back to the Purview appliances, I rebooted them as well earlier, no change.



  • 12.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    Ahh, when you put it like that, now I understand. Any idea when 8.0.3 will be out? I didn't switch to the built-in certificate as I didn't want to confuse our helpdesk but I may just have to as I need Purview working now.


  • 13.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    Cool. I believe 803 is due out at the end of this month.


  • 14.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    So I've upgraded EMC and EA to 8.0.3 but appidmgmtserver.log is still saying the certificate is untrusted ... is there a way to trust it?


  • 15.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    Hi James. I'm in the same boat as well, using a cert on EMC from our internal CA. I upgraded EMC and EA to 8.0.3, and am also getting the error.

    I tried changing the "Legacy Client Trust Mode" in EMC, to trust all server certificates, but it still cannot contact. When tailing the appidmgmtserver.log on EA, I do see "Cannot yet log in on management server".

    This is where I am now. I have a ticket open with GTAC too. Let me know if you have found a fix, and I'll do the same.



  • 16.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    I haven't done any further troubleshooing yet. I did get a note on the legacy client case that Java 8u141 has a problem that's fixed in Java 8u144, but the EA VM is running Java 8u131 so that's not it.


  • 17.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32
    Hi James,

    I have updated my appliances, EMC and Analytics, and I can confirm that the latest update, 8.0.3.53, I am no longer seeing this issue.


  • 18.  RE: Changing from MirrorN to IPFIX in ExtremeWireless

    Posted 07-18-2017 14:32

    Yep, going from EMC 8.0.3.46 to 8.0.3.53 fixed the issue here too. I actuall upgraded the Analytics engine first, but that wasn't enough.

    I also found https://extremeportal.force.com/ExtrArticleDetail?an=000081442 which notes I was wrong to disable the traffic mirror and Netflow, all I needed to do was disable the traffic mirror L2 port.