What to check on VOS when traffic is dropped with Sessions limited to 30

1) Please check if the Director GUI is valid and functional.

2) Check if the VOS is connected to the Director and is subjugated.

Lets say, we notice that the sessions is not transiting the VOS, then enable pkttrace for the sessions in question and check if we see a pkttrace like what is shown below.

Sample pkttrace when sessions get limited to 30:

What to check on the VOS?

1) Check if Active sessions are not capped at 30.

admin@Hub-Snehal-22-HA1-cli> show device clients

CLIENT VSN CPU MEM MAX ACTIVE FAILED

ID ID LOAD LOAD SESSIONS SESSIONS SESSIONS

-----------------------------------------------------

16 0 48 43 100000 30 126 <<<<Lets check if the max. session is hitting 30.

2) Check since when was the last time the .ncconnect file was touched.

[admin@Active-Interchassis-HA1: ~] $ sudo ls -l /var/lib/vs/.files/.ncconnect

[sudo] password for admin:

-rw-r--r-- 1 versa versa 0 Jul 14 07:11 /var/lib/vs/.files/.ncconnect

[admin@Active-Interchassis-HA1: ~] $ sudo stat /var/lib/vs/.files/.ncconnect

File: /var/lib/vs/.files/.ncconnect

Size: 0 Blocks: 0 IO Block: 4096 regular empty file

Device: fd00h/64768d Inode: 1311066 Links: 1

Access: (0644/-rw-r--r--) Uid: ( 1003/ versa) Gid: ( 1000/ versa)

Access: 2023-11-28 19:47:08.621972817 -0800

Modify: 2024-07-14 07:11:01.064647221 -0700

Change: 2024-07-14 07:11:01.064647221 -0700

Birth: -

3) Check if below ports are in listening state and if there is a netconf-ssh from source-host of Director Southbound IP.

admin@Active-Interchassis-HA1-cli> show confd-state netconf

NETCONF SSH listen addresses:

IP PORT

---------------

:: 2022

0.0.0.0 2022

admin@Active-Interchassis-HA1-cli> show netconf-state sessions

IN OUT

SESSION IN BAD RPC OUT

ID TRANSPORT USERNAME SOURCE HOST LOGIN TIME RPCS RPCS ERRORS NOTIFICATIONS

-----------------------------------------------------------------------------------------------------------

124033 netconf-ssh admin 172.16.1.2 2024-07-11T18:57:44-00:00 1 0 0 0 <<<<<<<< Director Southbound IP.

161909 cli-ssh admin 172.16.66.6 2024-07-14T10:18:58-07:00 - - - -

4) Open vmod.log, and check the timestamp since when the last time the NETCONF session had been started/ended. This is just to get the timestamp since when a netconf connetion from the director was made.

[admin@Active-Interchassis-HA1: ~] $ zgrep -i "NETCONF" /var/log/versa/versa-vmod.log | grep -v "site is not" | more

2024-06-24 21:47:42.775 ALERT notif_read_cb:1536 NETCONF session 47820 started

2024-06-24 21:47:43.126 ALERT notif_read_cb:1536 NETCONF session 47820 ended

2024-06-25 01:47:43.561 ALERT notif_read_cb:1536 NETCONF session 50211 started

2024-06-25 01:47:43.956 ALERT notif_read_cb:1536 NETCONF session 50211 ended

2024-06-25 05:48:14.492 ALERT notif_read_cb:1536 NETCONF session 52602 started

2024-06-25 05:48:14.762 ALERT notif_read_cb:1536 NETCONF session 52602 ended

2024-06-25 09:48:26.283 ALERT notif_read_cb:1536 NETCONF session 54991 started

2024-06-25 09:48:26.627 ALERT notif_read_cb:1536 NETCONF session 54991 ended

2024-06-25 13:48:35.386 ALERT notif_read_cb:1536 NETCONF session 57380 started

2024-06-25 13:48:35.677 ALERT notif_read_cb:1536 NETCONF session 57380 ended

2024-06-25 17:48:48.246 ALERT notif_read_cb:1536 NETCONF session 59769 started

2024-06-25 17:48:48.556 ALERT notif_read_cb:1536 NETCONF session 59769 ended

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Incase of an event where netconf connection is there, and even after perform the below steps from the Director, if the restriction of 30 sessions doesnt get removed.

Administrator@Snehal22Active-Dir> request devices device Hub-Snehal-22-HA1 connect

result true

info (Administrator) Connected to Hub-Snehal-22-HA1 - 10.0.0.8:2022 <<<<<<<If this works, which means port :2022 is open towards the VOS.

On the VOS Appliance:

[admin@Hub-Snehal-22-HA1: ~] $ sudo ls -l /var/lib/vs/.files/.ncconnect

[sudo] password for admin:

-rw-r--r-- 1 versa versa 0 Jul 1 10:46 /var/lib/vs/.files/.ncconnect

[admin@Hub-Snehal-22-HA1: ~] $ file /opt/versa/util/ncc

/opt/versa/util/ncc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=294d1f19a085a730da19a6c55788ec08c2187039, stripped

[admin@Hub-Snehal-22-HA1: ~] $ /opt/versa/util/ncc -u admin -p versa123 --get -x /system/status/brief

/tmp/_MEIStiUv5/cryptography/hazmat/bindings/openssl/binding.py:163: CryptographyDeprecationWarning: OpenSSL version 1.0.1 is no longer supported by the OpenSSL project, please upgrade. The next version of cryptography will drop support for it.

<?xml version="1.0" encoding="UTF-8"?>

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">

<data>

<brief>

<app-status>Good</app-status>

</brief>

</status>

</system>

</data>

</rpc-reply>

Post this, check the .ncconnect file:

[admin@Hub-Snehal-22-HA1: ~] $ sudo ls -l /var/lib/vs/.files/.ncconnect

[sudo] password for admin:

-rw-r--r-- 1 versa versa 0 Jul 14 10:46 /var/lib/vs/.files/.ncconnect

+++++++++++++++++++++++++++++++++++++++++++++

https://support.versa-networks.com/a/solutions/articles/23000020005

+++++++++++++++++++++++++++++++++++++++++++++

Related enhancements/Bugs that helps to mitigate about corner case scenario where even after netconf connections from the Director is good, but session restriction of 30 is not getting removed.

+++++++++++++++++++++++++++++++++++++++++++++

Enhancement-ID: 101144

Description : Throw a message on the VOS when a user goes to the CLI to make it obvious that the max sessions are limited to 30.

For example:

admin@VOS-cli>

Message from admin at 2024-07-14 17:42:54...

License has expired, and the max session count is limited to 30.

Fix-Release:

22.1.3-GA

21.2.3-2023-09-22 or above, build

21.3.3-2023-09-22 or above, build

Bug-ID : 112199

Description: In a corner case scenario, if the Director license is active, and VOS is subjugated with the Director, and still there is a restriction, where the .ncconnect file is not getting updated, with this bug, ever notconf connect will touch the file. This is an additional safety net incase the existing checks fail.

Fix-Release:

21.2.3-7/11/2024 or above build.

21.3.3-7/14/2024 or above build.

22.1.3-7/14/2024 or above build.

22.1.4-7/14/2024 or above build.

If we still hit any issues, please feel free to write us on support@versa-networks.com.

What to check on VOS when traffic is dropped with Sessions limited to 30 | License issue on VOS

Modified on: Mon, 22 Jul, 2024 at 5:33 PM

More articles in Tshoot