10-11-2023 02:06 AM
Testing Topology
1. ICX switch connected to the SZ.
Debugs and FITRACES
Execute the below commands to clear the existing counters before enabling debug/fitrace.
• clear ip revssh counters authentication
• clear ip revssh counters channel all
• clear ip revssh counters global
• clear ip revssh counters keepalive
• clear ip revssh counters tcpfwdloc
• clear ip revssh counters tcpfwdrem
• clear ip revssh counters tunnel all
• clear ip socatm counters channel all
• clear ip socatm counters global
• clear ip socatm counters locfwd
• clear ip socatm counters loopback
• clear ip socatm counters remfwd
• clear statistics ethernet <port connected with SZ>
• clear ip traffic
• logging console
(please note console logs also to be saved)
Execute the below commands to capture debug and fitrace logs.
• debug ip http client
• debug ip ssl
• debug ip tcp close
• debug ip tcp transactions
• debug ip tcp <SZ ip address>
• debug ip ssh
• dm http-ssl-tcp enable
• fitrace modules sshm all level 0,1,2,3,4,5
• fitrace modules socatm all level 0,1,2,3,4,5
Log Collection
Below commands to be collected immediately after the issue is hit.
Please use script to capture the results of below commands.
1. show ip ssl
2. show ip ssh
3. show manager status
4. show manager log
5. show sz client-log detail
6. show sz server-log detail
7. show sz uwsgi-logs
8. show sz nginx access-log
9. show sz nginx error-log
10. show ip http client
11. show sz tcp connections
12. show mem tcp
13. show ip traffic
14. show ip revssh configuration
15. show ip revssh status
16. show ip revssh authentication
17. show ip revssh tunnel summary
18. show ip revssh channels all
19. show ip revssh channels local
20. show ip revssh channels remote
21. show ip revssh anysession summary
22. show ip revssh anysession verbose
23. show ip revssh counter global
24. show ip revssh counter authentication
25. show ip revssh counter keepalive
26. show ip revssh counter tcpconnerr
27. show ip revssh counter tcpfwdloc
28. show ip revssh counter tcpfwdrem
29. show ip socatm config
30. show ip socatm channels all
31. show ip socatm channels local summary
32. show ip socatm channels remote summary
33. show ip socatm counters global
34. show ip socatm counters loopback
35. show ip socatm counters locfwd
36. show ip socatm counters remfwd
37. show tech
38. supportsave
39. show pstat dump <unit id>
40. show statistics ethernet <port connected with SZ>
41. show cpu histogram holdtime
42. show cpu histogram waittime
43. collect switchm logs
Getting packet captures
Commands to Configure:
Connect Wire shark to mirror port to collect the packet Capture. Packet capture needs to done on TX/RX ports(ports connected to ICX and SZ).
• Setup port mirroring on TX/RX ports on ICX Switch and connect wireshark to mirror port to collect the packet Capture.
a. mirror-port ethernet <STACKID/SLOT/PORT> – Command needs to be executed on config terminal.
b. int eth <STACKID/SLOT/PORT>
i. Monitor eth <STACKID/SLOT/PORT> both
Conclusions/ Points to watch out
• Check the logs collected.
• Check the packet captures.