Use case groups:

Issues:

Connection or SPAN quality

Issue: No performance data reported

Symptoms:

The AMD doesn't report any monitored traffic performance data.

Possible causes:

It may be related to AMD configuration or connection to SPAN or tap.

  • Check whether you connected AMD's sniffing ports to SPAN or tap.

  • The tap is turned off or SPAN is defective.

  • The network cable connecting the AMD and SPAN/tap is broken.

  • In the case of using a tap, the AMD sniffing ports may require forcing link negotiation manually.

  • AMD auto-discovery feature has been accidentally disabled.

Recommended actions:

  • Check the connections.

  • Enable the auto-discovery feature on the AMD.

  • Inspect configuration of AMD's sniffing ports.

Issue: No contact with AMD

Symptoms:

DC RUM cannot connect to the AMD.

Possible causes:

  • The AMD being turned off or down

  • Broken network connection to the AMD (cable or network port/switching/routing)

Recommended actions:

  • Make sure that the AMD is up and running.

  • Check the connections

Issue: SPAN not configured

(Or there is no user activity on the network.)

Symptoms:

There is a high rate of non-IP traffic , which means that the AMD predominantly monitors traffic that doesn't come from the client-server data exchange.

Possible causes:

There is either no user activity in the monitored network, or the SPAN is not configured correctly.

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Inspect the SPAN configuration to make sure it mirrors client-server conversations.

Issue: Unidirectional traffic

Symptoms:

There is a high rate (above 5%) of unidirectional traffic.

Possible causes:

This indicates that the AMD cannot reliably monitor and analyze traffic, such that a significant portion of user sessions is not included in performance analysis.

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Change SPAN configuration to eliminate (or minimize) unidirectional traffic and make sure it mirrors bi-directional client-server conversations

Non-encrypted traffic quality cases

Issue: SPAN dropping packets - sequence gap rate

Symptoms:

A sequence gap means that a certain amount of traffic (sequence numbers) that is part of the monitored session has not been received by the AMD.

Possible causes:

Overloaded SPAN.

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Inspect SPAN (or NPB) configuration to eliminate losses

Issue: SPAN dropping packets - duplicates seen

Symptoms:

Duplicates seen by the AMD influence its performance.

Possible causes:

Too many duplicates may be a side effect of SPAN misconfiguration.

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Inspect SPAN (or NPB) configuration to eliminate or minimize duplicates.

AMD performance/capacity issues

Issue: AMD dropping packets or errors on sniffing interfaces

AMD overload deep diagnostics.

Symptoms:

AMD dropped packet rate over threshold.

Possible causes:

AMD dropped packets means that the AMD cannot process the traffic stream it is receiving due to performance reasons. Some sessions have been dropped in a controlled manner called data sampling, which turns on (and off again) automatically to prevent further AMD performance degradation.

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Inspect AMD capacity metrics to learn what might cause the AMD overload

  • Change the SPAN configuration to limit the traffic stream the AMD receives

Encrypted traffic issues

Issue: Decryption not working

Symptoms:

DC RUM detects that secure traffic decryption isn't working on the AMD.

Possible causes:

  • OpenSSL or the missing keys on the AMD.

  • Issues with the SSL accelerator .

Recommended actions:

  • Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • Make sure that OpenSSL on the AMD is up and running

  • Check whether you properly installed keys on the AMD

  • Check whether the SSL accelerator reports key or decryption issues

Issue: Missing keys for secure servers

(Only for user-defined software services.)

Symptoms:

Message: “Servers with missing keys”

Possible causes:

Some servers using encryption have no matching key.

A table lists servers that have no matching keys.

Recommended actions:

Check whether you correctly installed all the server keys. Install any missing keys so the AMDs can decrypt all secure traffic.

Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

Issue: Other session decryption failures

(Only for user-defined software services.)

Symptoms:

Message: “Servers with failed sessions”

A table lists servers on which were detected decryption failures.

Possible causes:

Some servers using encryption have failed sessions.

Select any entry in the table to see a list of possible reasons for failures.

Recommended actions:

See the table for possible actions to take.

Capture traffic on the AMD for analysis. For more information, see Capturing packets on AMD.

  • No labels