Skip to main content

Illumio Install, Configure, and Upgrade Guide 24.2.20

Troubleshooting

This section describes how to troubleshoot some issues when configuring or using Flowlink.

Flowlink not Receiving Data

  1. Make sure iptables is turned Off on Flowlink, or make sure iptables is not blocking the ports that Flowlink is listening on.

  2. Use netstat -a to make sure Flowlink is listening on the correct ports.

Note

netstat has a bug, which shows that applications are only listening with IPv6 on listed ports, when they are actually listening on those ports with IPv4.

Unable to Ping or TCPdump on the F5 Self-IP Interface

  1. SSH to F5 as an administrator.

  2. List the interfaces to see the interface names.

    admin@(ip-10-1-1-197)(cfg-sync Standalone)(Active)(/Common)(tmos)# show net interface
 
----------------------------------------------------------------
Net::Interface
Name  Status    Bits    Bits    Pkts    Pkts  Drops  Errs  Media
                  In     Out      In     Out
----------------------------------------------------------------
1.1       up    1.3G    1.1G    2.6M    2.6M      0     0   none
1.2       up  177.7M  301.4M  298.9K  310.4K      0     0   none
mgmt      up  310.9G  876.6G  298.8M  325.5M      0     0   none

  3. Run TCPdump to listen for traffic between Self-IP interface and flow collector IP.

  4. Generate traffic while the TCPdump is running by either opening another SSH session and doing PING test or by sending normal traffic through the virtual server. If you turned on health monitoring with gateway_icmp enabled from the Create a Pool for Flow Collector section, then F5 should already generate ICMP traffic.

    The example shown below uses interface name 1.2 with flow collector IP 13.56.210.22. Health monitoring with gateway_icmp is enabled.

    admin@(ip-10-1-1-197)(cfg-sync Standalone)(Active)(/Common)(tmos)# tcpdump -ni 1.2 host 13.56.210.22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 1.2, link-type EN10MB (Ethernet), capture size 65535 bytes
09:08:47.855318 IP 10.1.3.223 > 13.56.210.22: ICMP echo request, id 54351, seq 37906, length 20 out slot1/tmm3 lis=
09:08:47.857694 IP 13.56.210.22 > 10.1.3.223: ICMP echo reply, id 54351, seq 37906, length 20 in slot1/tmm3 lis=
09:08:52.864852 IP 10.1.3.223 > 13.56.210.22: ICMP echo request, id 54354, seq 37906, length 20 out slot1/tmm2 lis=
09:08:52.867091 IP 13.56.210.22 > 10.1.3.223: ICMP echo reply, id 54354, seq 37906, length 20 in slot1/tmm2 lis=
Network Connectivity

The flow to test network connectivity is:

  • Network device > Flowlink

  • Flowlink > PCE

TCPdump

To use TCPdump:

  • Run on a network device to verify flow records are sent out.

  • Run on Flowlink to verify flow records are coming in.

Debug Option

Flowlink has a debug option that displays:

  • Incoming flow records

  • IP, port, and protocol recorded for flow records

  • Each time flows are aggregated and uploaded to the PCE

  • PCE response code to POST

To debug Flowlink in the session, add the --debug flag to your Flowlink command.

Example with the debug option enabled:

CONFIG_FILE=/home/employee/config.yaml.netflow /usr/local/bin/illumio/flowlink --debug

Important

Using the debug flag, generates a large amount of data to the console. Enable this option only if needed.