Analytics & Visibility

  • 1.  [Warning/GTAC] Clean 8.5.4/8.5.6 XMC+EAN install - undefined applications, not recognizing apps?

    Posted 07-23-2021 19:48

    Hello folks,

     

    I had a tough night yesterday and I wanted to share my thoughts to make sure nobody gets into same situation.

    I have my lab environment with XMC/EAC/EAN deployed with 8.5.4 OVAs. Yesterday I have connected my lab to the Internet for the first time (actually XCC+EXOS making a pass-thru for end-systems to my home LAN as the provider’s equipment doesn’t allow me to play much with NAT and no routing at all, but I get analytics feeds though). I hoped to see some useful traffic for a customer presentation/PoC. EXOS 31.2 patch1-5, set for telemetry from within XMC and XCC device group template was set with Analytics IP.

    Unfortunately, all detected apps (besides very few hostnames) got identified as Undefined-somenumbers. All other data including response times are ok. I didn’t see any Hub/Knowledgebase mention regarding this.

    I see fingerprints on their tab, I see new sort of fingerprint count under Configuration > Fingerprints:

    My reports/browser/hourly dashboards are not displaying a single thing after long hours (besides response time dashboard) but maybe because I have not specified any endpoint location under the site…?

    I didn’t spot anything suspicious in the EAN GUI logs or diagnostics. On the tcpdump side of EAN appliance, I could see that sometimes (not for all packets) incoming sflow or gre packets are getting ICMP unreachable bounceoff.

    I have decided to upgrade from 8.5.4 to 8.5.6, “who knows” I told myself. Same $^#!@.

    I have reinstalled EAN from clean 8.5.6 OVA. Same old, same old.

    I have deployed XMC/EAC/EAN from clean 8.4.4 OVAs. IT WORKS!

    I assume very few people are making clean installs on 8.5 and even fewer are trying to use Analytics so perhaps the attention was not yet driven.

    I’d be grateful to see Extreme spotting any root cause for this and more likely, I’d like to make sure may I expect a fix or should I redo my whole lab deployment on my 8.4.4-deploy machines. :)

     

    CC:  

     

    Cheers,

    Tomasz

     

    P.S. The only thing I skipped in my testing was potential XMC 8.5.6 appliance reinstallation from clean OVA. I assumed it’s more likely EAN-side issue.

    P.P.S. I’m going to upgrade 8.4.4 images to 8.5.6 now and see what happens.



  • 2.  RE: [Warning/GTAC] Clean 8.5.4/8.5.6 XMC+EAN install - undefined applications, not recognizing apps?

    Posted 07-23-2021 21:21

    So I upgraded 8.4.4 machines to 8.5.6 directly. In the meantime I reconfigured them with my previous machines’ IP addresses. Then I re-added EAC and EAN with these “new” IPs to XMC. Reconfigured EXOS and XCC analytics destination. No luck:

    I also rebooted EAN engine, same as above. Rebooting XMC didn’t help either.

    I should’ve either perform 8.4.4 → 8.5.4 → 8.5.6 or IDK. I feel lost a bit. I know some of my colleagues have 8.5.4 or 8.5.6 working fine with analytics after upgrades but I don’t know the exact upgrade/update history.

     

    Cheers,

    Tomasz



  • 3.  RE: [Warning/GTAC] Clean 8.5.4/8.5.6 XMC+EAN install - undefined applications, not recognizing apps?

    Posted 07-28-2021 12:22

    Hey Tomasz, sorry for the wait here. I asked our TAC team to take a look at this post with me, and they asked if we could open a case to start investigating the root causes with you. If you could let me know the case number, I will keep an eye on the case to make sure everything stays on track. 



  • 4.  RE: [Warning/GTAC] Clean 8.5.4/8.5.6 XMC+EAN install - undefined applications, not recognizing apps?

    Posted 07-30-2021 18:30

    Hey Sam,

     

    Will do that once I am able to gather necessary support files. Thanks!

     

    Cheers,

    Tomasz