Oneview/Purview application response times missing

  • 0
  • 3
  • Question
  • Updated 2 years ago
  • Answered
Hi,

i see no network or applications response times in Purview/Oneview, what to check in my configuration?
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb

Posted 4 years ago

  • 0
  • 3
Photo of KeN Chung

KeN Chung, Employee

  • 250 Points 250 badge 2x thumb
I also deployed purview in HK customer site. Just see the application flows, but none matched with application group. I already enforcers application on configuration tab from netsight.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
I think if you see just the flows - that just means it sees netflow data. For application detection you need to give the appliance some more data from a coreflow2 device via port mirror or policy mirror.
In my case (just a quick test with standard nms-adv license) i use policy mirror + gre tunnel, works fine - just missing the response times.
Photo of KeN Chung

KeN Chung, Employee

  • 250 Points 250 badge 2x thumb
Can you post your configuration of coreflow2 device and purview? I already enabled Netflow, policy mirror and port mirror, but didn't use GRE tunnel.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
i setup a purview appliance with 1 interface in VMWare, using GRE Tunnel for mirrored traffic. If you use policy manager, configure a rule/mirror there.

# tg.2.24 is an unused dummy port
set mirror create 1
set mirror 1 mirrorN 15
set mirror ports tg.2.24 1

# tg.2.15 is the port with the traffic that should be mirrored
set policy profile 9 name PurviewMirror pvid-status enable pvid 4095 mirror-destination 1
set policy rule admin-profile port tg.2.15 mask 16 port-string tg.2.15 admin-pid 9



# GRE Tunnel
# 10.10.10.1 - routable address
# gre tunnel set on the "dummy" port tg.2.24
# x.x.x.x your purview appliance
interface loop.0.1
ip address 10.10.10.1 255.255.255.255 primary
no shutdown
exit
interface tun.0.1
tunnel destination x.x.x.x
tunnel mode gre l2 tg.2.24
tunnel mirror enable
tunnel source 10.10.10.1
no shutdown
exit

then configure the gre endpoint at the purview appliance (specify source 10.10.10.1)

This example is almost from "purview deployment guide". There you can find various implementation options.
Photo of KeN Chung

KeN Chung, Employee

  • 250 Points 250 badge 2x thumb
Thanks, all. I can see traffic flows with application groups and respone times shown.
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Good!
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
for my case...i still dont see any response times. I doubt its all at 0ms.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
any idea why I see no network or application response times? All other data is fine...
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
Hi,

I just checked the onboard netflow collector of netsight. I dont see any response times for these flows neither. Maybe a general problem with my netsight installation?
Should response times get collected for any flow? I double checked documentation and dont see any advise that I have to enable something to get these data...
Photo of James A

James A, Embassador

  • 7,492 Points 5k badge 2x thumb
Is the tunneled data making it to the appliance? Run
tcpdump -i eth0 ip proto 47
in the VM to confirm the GRE tunnel is working.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
yes, the gre tunnel is working, and data is collected - just the response times are missing
Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb
Do you have a Virtual or Hardware Purview Appliance? 
(Edited)
Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb
In VM Ware it ́s necessary to configure the Port Group for mirroring specially. The Promiscuous Mode had to be "Accepted" and the VLAN Type had to be "VLAN-Trunking" In the VLAN Area you have to be defined the VLAN "0-4094". So you can mirror tagged and untagged traffic and you will see Network and application Response Time. In our Installation with a virtual purview appliance the missing VLAN type and vlan Definition 0-4094 resolved the Problem.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
Hi,
its a virtual appliance, the vmware specific configuration options are in place but we didnt set for vlan 0-4096. I'll try this...
Photo of Nico Willamowski

Nico Willamowski

  • 886 Points 500 badge 2x thumb
Okay, in our case it just take some minutes. Then we saw application and Network Response time.
Photo of Rex Kong

Rex Kong

  • 72 Points

I also experienced the same issue. After changing the VM port group VLAN ID from 0(default) to 4095, I could see the network and application response time.

Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
what purview deployment mode you run? i use "single interface" for management + the gre tunnel for mirroring. If i change the vlan id management will be affected
Photo of Rex Kong

Rex Kong

  • 72 Points

The purview deployment mode was in overlay mode with a purview engine(virtual appliance) of 2 interfaces, i.e. eth0 for management, eth1 for monitoring mirrored netflow traffic from a purview sensor(CoreFlow2 switch). I changed the VM port group(eth1) VLAN ID from 0 to 4095. 

Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
ok thanks for sharing, I guess the vlan issue shouldnt apply in my case because the mirrored data leaves the gre tunnel within the VM. Or maybe I need to check vlan id handling within the data leaving the gre tunnel.
Photo of Michael Kirchner

Michael Kirchner

  • 1,846 Points 1k badge 2x thumb
On the purview appliance there is a script for testing if the necessary data is collected. I think it its appstatus or something similar. It checks if netflow and TopN Data is collected.

Regards
Michael
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
ah nice script :-)

My setup looks ok:
--------------------------------------------------
Process appid is running at pid 1662
Process appidserver is running at pid 1027
--------------------------------------------------
Checking for traffic on interface gre1
Checking for Netflow records on interface eth0..
Checking for IPFIX records on loopback interface..
--------------------------------------------------
Waiting for captures to complete..
Mirror appears to be setup correctly on gre1.
IPFIX appears to be setup correctly.
Netflow appears to be setup correctly on eth0.
--------------------------------------------------
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,036 Points 5k badge 2x thumb
I have run into this issue a few times, all of the times it has to do with the mirror.  The fix that I have seen is in a Virtual environment to make sure that promiscuous mode is selected on the vswitch, otherwise you will NOT get the identification nor response times.  Also confirm the time is synced to NTP on the virtual appliance and switch is correct as well.  
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
I tried the promiscuous mode settings in vMWare (vSwitch and Portgroup) with no effect. But the GRE Traffic itself is just directed unicast traffic, how could the vSwitch settings apply to this?
Checked the time - its synced.
Photo of Rob Yamry

Rob Yamry

  • 90 Points 75 badge 2x thumb
Did you ever find the solution to this?  Im having the same issue as well...
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
no, still have this problem. But I wasnt further investigating it. Maybe I'll get back to it if we setup a test installation with a partner.
Photo of Vincent Devriese

Vincent Devriese

  • 80 Points 75 badge 2x thumb

Hi all,

We just solved a problem like this.

The problem was that you must use a "real" port to create the GRE tunnel. If you use an empty physical port ( with no gbic Inside) no traffic will be submitted to the tunnel.


Photo of aloeffle

aloeffle

  • 980 Points 500 badge 2x thumb
Hi all.

please not, that if you use L2 GRE Tunnel to transmit the mirrored traffic to purview and if your gre port is tg.2.24 you need to insert an 10GE optic. It will not work with an 1GE optic.

even if tg.2.24 is up and also the tunnel interface is up. no applications are detected and no fingerprints will match.

Save some time in troubleshooting, insert an 10GE optic and reset the tunnel interface. Then you will see some applications.
Photo of M.Nees

M.Nees, Embassador

  • 9,958 Points 5k badge 2x thumb
Hi,
are there (in the fail state) no policy-n mirror packets in the GRE tunnel ?
(test with: tcpdump -i gre1 / tcpdump -i eth0 ip proto 47)

Or is it a problem of the bandwith 1 GB vs. 10GB ?

Regards
Photo of aloeffle

aloeffle

  • 980 Points 500 badge 2x thumb

Hi Matthias.

in the fail state, no traffic is sent through the gre tunnel. No packets were seen with tcpdump.

As soon as I changed the optic from 1GE to 10GE and reset the tun.0.1 interface traffic pass the tunnel.