Purview not receiving traffic of GRE


Userlevel 1
Hello everyone,



I’m facing a simple issue actually with purview (Virtual Node)
purview is configured accordingly, netflow traffic are being received but the application response time is still missing. No traffic are being received over GRE.
From the Purview, the GRE source interface is reachable.
The necessary application services are running.
The Coreflow2 is a S8-Chassis with FW: S-84202-0012 and with following card types:

- SK2008-0832

- SK8008-1224-F8

The vSwitch on the ESX is in promiscuous mode!

I’m pretty sure have checked everything that should be necessary.

Note:

The Purview is connected a C5K switch which in turn is connected on the S8.

- Jumbo frame is enabled on the Purview connected interfaces on the C5K as well as on the ESX itself.

- Jumbo frame is also enabled on to the C5K

Any hint why the traffic still not being received over the GRE



Regards

Gradelain

10 replies

Userlevel 3
try tcpdump-ing the interface to see if GRE packets are coming in or not. That will tell you if the GRE tunnel is even reaching the Purview appliance or not. tcpdump -i eth0 host (IP of the GRE source) if you receive traffic then run "dnetconfig" and verify that both endpoints of the GRE tunnel are correct. Typically when the GRE tunnel is making it to the Purview appliance and the purview appliance isn't receiving it, it is usually because the IP endpoints were mistyped. You can also check the mirror config. If traffic is not being received, then you need to check the GRE source. Can you post the S8 mirror config as well as the router and policy config? (show run; show config mirror; show config policy)
Userlevel 5
Hello Gradelain

An easy to miss snafu (like jumbo but more random) has to do with the blank port being used for the tunnel's resources. It sits at 10Mb-hdx but needs to be configured for 1Gb-fdx to properly allocate resources to the l2 gre tunnel.

I'm having a bit of trouble linking you to the knowledge base doc so here's a clip of the "loopback" port treatment.

Here, mirror destination port ge.1.1 has no physically attached ethernet user, but is to be configured as a loopback port (step 2 below) which will internally forward its received mirrored traffic into the L2 GRE Tunnel (step 3 below) for delivery to the remote destination device.
Important Note!: If this is a 10/100/1000 copper port, it will try to operate in default 10HD mode because it has no attached peer device to negotiate a higher speed and duplex. For such ports, you must change from the default speed and duplex or the tunnel will not come up error-free:

SSA Switch1(rw)->set port duplex ge.1.1 full
SSA Switch1(rw)->set port speed ge.1.1 1000

Hope that helps,

Regards,
Mike
Userlevel 1
Hello Guys,

thanks a lot for you hints and recommendations. Unfortunately, all those steps were unsuccessfully taken into consideration.

What is not mentioned in the different documentations as well as configuration guide I read was:

If Using a Fiber Port (the dummy Port, where no cable is connected) for the Mirroring, make sure the GBIC is inserted.

I don’t know how I came to the following idea, “once I inserted the GBIC” to that port, I was able to get the traffic over GRE.

It would be great if this were documented in the configuration guide.

Nevertheless, I thank you all for your toughs.

Regards



Gradelain
As a side not insertion of a gbic is also required to the dummy port if using the traffic generator xmod
Userlevel 6
You may want to review this article as well, although you note that promiscuous is enabled.

https://extremeportal.force.com/ExtrArticleDetail?n=000005582
Userlevel 3
Hello Gradelain

Can you confirm that your mirror destination port and the tunnel interface are both shows as up and operational? "Show port status" will show you the status of the port and "show Tunnel" will give you the tunnel status. You could also setup a port mirror on the C5 in the middle to confirm if you are seeing the S send the GRE packets which will allow you to isolate this problem to the switch or server side.

-Alex
Userlevel 5
Hi Gradelain,

I'm adding this data to the list as one of those easily overlooked gotchas.
Nice work with the problem isolation - and for taking time to close the loop here in the community.
Adding to and clarifying documented behavior makes for a better, more user friendly product. I'll pass your input along to the product manager and documentation.

Thank you - Wins for all involved.

Mike
Userlevel 5
Hello Gradelain,

I spoke to the product manager today - requesting the Purview Deployment Guide be updated to reflect the new SFP related requirement. That item will be wrapped up in short order. Thanks again, your valuable feedback helps us get another usability improvement off the books.

Next step was our knowledge base - which offered me an appreciation of your plight while working through the "different documentations as well as configuration guide"


The following 5 articles were improved.


Purview Collector checklist for S-Series, K-Series, PV-FC-18 Mirror Port in GRE Tunnel setup does not work.

Remote Mirror via L2GRE Tunnel from 7100/S/K-Series to Third-party Device

How To Configure the S-Series or PV FC-180 for Flow Collection to a Purview Appliance

Remote Mirror via L2GRE Tunnel from 7100/S/K-Series to 7100/S/K-Series

Really, really good stuff. Looking forward to your next Hub community share.

Best regards,
Mike D


Userlevel 1
thanks a lot Mike.

Thanks a lot. Hopefully this will help others out there.



Regards



Gradelain
Userlevel 6
Here are those links Mike referenced...for those that read this in the future.

https://gtacknowledge.extremenetworks.com/articles/How_To/Purview-Collector-checklist-for-S-Series-K...

https://gtacknowledge.extremenetworks.com/articles/Solution/Mirror-Port-in-GRE-Tunnel-setup-does-not...

https://gtacknowledge.extremenetworks.com/articles/How_To/Remote-Mirror-via-L2GRE-Tunnel-from-7100-S...

https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-Configuration-for-flow-collection-t...

https://gtacknowledge.extremenetworks.com/articles/How_To/Remote-Mirror-via-L2GRE-Tunnel-from-7100-S...

Reply