Login
- Released At: 14-09-2023
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
H3C SeerEngine-DC |
System Log Messages Reference |
|
|
Document version: 5W600-20200527
Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Viewing system log messages· 1
Failure to synchronize ARP bus messages· 5
Start of ARP configuration recovery on non-active leader controllers· 5
End of ARP configuration recovery on non-active leader controllers· 6
Migration times of the VM reached the maximum within the migration time period· 6
Conflict between the VM MAC address and the gateway MAC address or reserved gateway MAC address 7
NETCONF configuration deployment failure· 8
Two master nodes exist in a vBGP cluster 8
vBGP cluster restores master/backup mode· 9
vBGP session being established· 9
vBGP session successfully established· 10
License acquisition success· 11
License acquisition failure· 11
Disconnection from the license server 13
Failure of connection to the license server 13
Controller forced offline by license server 14
Reconnection to the license server 14
Entered fail-safe state due to authorization failure· 15
Entered fail-safe state due to connection failure· 15
Exited fail-safe state after the fail-safe period· 16
Exited fail-safe state after authorization· 16
Exited fail-safe state after disconnection· 17
Remote license expiration pre-warning· 17
Insufficient quantity-based licenses· 18
CPU usage exceeded threshold· 19
CPU usage dropped below threshold· 19
Memory usage exceeded threshold· 20
Memory usage dropped below threshold· 20
Disk usage exceeded threshold· 21
Disk usage dropped below threshold· 21
NETCONF session in up state· 22
NETCONF session in down state· 23
Start of NETCONF configuration recovery on non-active leader controllers· 23
End of NETCONF configuration recovery on non-active leader controllers· 24
NETCONF configuration deployment failure· 25
NETCONF SSH session authentication failure· 26
Unhealthy device operating status· 27
Device operating status changes from unhealthy to healthy· 27
Periodic radar detection task failure· 28
Periodic radar detection task result changes from failure to success· 29
Abnormal OpenFlow connection· 30
Successful OpenFlow connection· 30
Disconnected OpenFlow connection· 31
OpenFlow port in down state· 32
Failure to deploy flow entries· 33
Packet-in message rate reaches threshold on controller 33
Packet-in message rate reaches threshold on OpenFlow device· 34
Packet-in message rate reaches threshold on OpenFlow device port 34
Keystore certificate expiration early warning· 35
Keystore certificate expired· 35
Change of port operating status from healthy to unhealthy· 36
Change of port operating status from unhealthy to healthy· 37
Failure to restore region settings· 40
Network device connection to a master 41
Master change for network devices· 41
Network device disconnection from a master 42
OpenFlow device connection with multiple regions· 42
Abnormal status of the other controller in the region· 43
Normal status of the other controller in the region· 43
Traditional NE created SNMP connection with controller 44
Traditional NE broke SNMP connection to controller 44
Database operation failure because of a nonexistent user 46
Database operation failure because of refused connections· 46
End of controller configuration recovery· 47
Controller configuration backup not performed when backup file exists· 47
Failed to send the backup file to the remote server 48
Up to six backup files created by using the same backup method at a time· 48
Controller became active leader 51
Member left team unexpectedly· 52
Member left team expectedly· 53
Different team token than the active leader 53
Reboot for completing team merge· 54
Reboot to act as the leader 54
RADIUS authentication success· 56
RADIUS authentication rejection· 57
RADIUS authentication failure· 57
RADIUS attribute check failure· 58
TACACS+ authentication success· 58
TACACS+ authentication rejection· 58
TACACS+ authentication failure· 59
TACACS+ attribute check failure· 59
Start of user configuration recovery on non-active leader controllers· 60
End of user configuration recovery on non-active leader controllers· 60
Operation failure due to user role privilege limit 61
Start of DHCP configuration recovery on non-active leader controllers· 62
End of DHCP configuration recovery on non-active leader controllers· 62
Failure of IP allocation to VM·· 63
Connection establishment between the F5 device and controller 64
Disconnection between the F5 device and controller 64
Failure to delete a floating IP· 65
Start of firewall configuration recovery on non-active leader controllers· 66
End of firewall configuration recovery on non-active leader controllers· 66
Inconsistent DPI application profile information· 67
Inconsistent IPS policy information· 67
Inconsistent antivirus policy information· 68
Controller failed to synchronize bridge MAC and serial number information from device· 69
Start of load balancing configuration recovery on non-active leader controllers· 70
End of load balancing configuration recovery on non-active leader controllers· 70
Different VRF information than the network device· 71
Different VSI information than the network device· 72
Different tunnel information than the network device· 73
Different ACL information than the network device· 74
Different PBR information than the network device· 74
Different routing information than the network device· 75
Different VLAN information than the network device· 76
Different NAT information than the network device· 77
Different floating IP information than the network device· 78
Different DNS information than the network device· 79
Different host flow information than the network device· 80
Different subinterface information than the network device· 81
Different VLAN interface information than the network device· 82
Network device connection to another region· 82
VXLAN tunnel interface in up state· 83
VXLAN tunnel interface in down state· 84
Used up VLAN IDs in the VLAN pools· 85
Used up VXLAN IDs in the VXLAN pools· 86
Used up IP addresses in general address pool 87
Used up IP addresses in address pool bound to service gateway group· 87
Used up IP addresses in security external network address pool 88
Used up IP addresses in default address pool 88
Address pool bound to service gateway group not exist 89
Failed to assign security external network IP address to resource node· 89
Default address pool not exist 90
Used up loopback interfaces on the firewall bound to the vRouters· 90
Start of NEM configuration recovery on non-active leader controllers· 91
End of NEM configuration recovery on non-active leader controllers· 91
Data synchronization status changed to Not Synchronized· 92
Data synchronization status changed to Synchronized· 92
Configuration initialization failure during NE activation· 93
Maximum number of Ethernet service instances reached on interface· 94
Controller failed to deploy settings to network device· 95
VLAN and PVID inconsistency between member ports and aggregate interface· 96
Mapping is unbound from port when port is added to aggregate interface· 96
Startup configuration file backup success· 97
Startup configuration file backup failure· 97
VTEP IP assignment failure· 98
Software upgrading or patching failure· 98
Software upgrading or patching success· 99
Used up IP addresses in the underlay address pool 99
Device failed to come online automatically· 100
Used up VLAN IDs of downlink port on leaf device· 100
IRF member device was not powered off during replacement 101
Starting data synchronization or auditing· 102
Finishing data synchronization or auditing· 102
NGFW resource creation failure· 103
NGFW resource modification failure· 103
NGFW resource deletion failure· 104
NGFW resource creation with NETCONF failure· 104
NGFW resource creation with NETCONF success· 105
NGFW resource modification with NETCONF success· 105
NGFW resource modification with NETCONF failure· 106
Start of NGFWM configuration recovery on non-active leader controllers· 106
End of NGFWM configuration recovery on non-active leader controllers· 107
Changed NETCONF password successfully· 107
Failed to change the NETCONF password· 108
Start of service chain configuration recovery on non-active leader controllers· 109
End of service chain configuration recovery on non-active leader controllers· 109
Configuration deployment failure· 110
Start of tenant configuration recovery on non-active leader controllers· 111
End of tenant configuration recovery on non-active leader controllers· 111
Start of IPsec VPN configuration recovery on non-active leader controllers· 112
End of IPsec VPN configuration recovery on non-active leader controllers· 112
Failure to add host because of invalid license· 113
vPort number reaching threshold· 113
vPort number falling below threshold· 114
Start of VSM configuration recovery on non-active leader controllers· 114
End of VSM configuration recovery on non-active leader controllers· 115
Compute node neighbor aging after a specific time period· 115
LLDP neighbor relationship restoration between compute node host and device· 116
LLDP neighbor relationship establishment between compute node host and device· 116
LLDP neighbor relationship interruption between compute node host and device· 117
Network node neighbor aging after a specific time period· 118
LLDP neighbor relationship restoration between network node host and device· 118
LLDP neighbor relationship establishment between network node host and device· 119
LLDP neighbor relationship interruption between network node host and device· 120
Failure to issue ACL rule because of insufficient hardware resources· 122
Failure to issue default ACL rule because of insufficient hardware resources· 123
Controller failed to communicate with host through OVSDB· 123
vPort UUID prefix conflict 124
Flow table synchronization or auditing started· 125
Flow table synchronization or auditing finished· 125
Host flow table issuing failure· 126
Host group table issuing failure· 127
Introduction
System logs record internal events that occur on the controller. System log messages include field description, message explanation, and recommended action, and provide reference for system analysis and maintenance.
This document assumes that the readers are familiar with data communications technologies and SeerEngine-DC controller products.
Viewing system log messages
To view system log messages:
1. On the top navigation bar, click Assurance.
2. From the navigation pane, select Logs.
The page displays the System Logs tab by default. The generated system log messages are displayed on pages as shown in Figure 1.
Table 1 System log message elements
Element | Description |
Severity | Severity level of the message. For more information about severity levels, see Table 5. |
Date/Time | Date and time when the log message was generated. |
IP | IP address of the controller or device. |
Origin | Name of the service module that produced the message. For more information about service modules, see Table 3. |
Topic | Topic for the log message. |
Description | Text string that contains detailed information about the event or error. |
Syslog message format
SeerEngine-DC controllers can send system logs to syslog servers through the syslog protocol. To set the IP address and port number of a syslog server:
1. On the top navigation bar, click System.
2. From the navigation pane, select Parameters.
3. Click System Logs.
4. Set the IP address and port number of a syslog server.
By default, controllers send system logs in the following format:
<PRI>TIMESTAMP Hostname Origin/severity/Keywords CONTENT
Table 2 Syslog message elements
Element | Description |
<PRI> | Priority identifier. It is calculated by using the following formula: Priority identifier=facilityx8+severity Where: · Facility represents the programming module defined by syslog. In the current software version, the facility is user-level and its value is 1. · Severity represents the syslog message severity level. For more information, see Table 4. |
TIMESTAMP | Date and time when the event occurred. |
Hostname | Name or IP address of the server or virtual machine where the controller that produced the message resides. |
Origin | Name of the service module that produced the message. For more information about service modules, see Table 3. |
severity | Severity level of the message. For more information, see Table 5. For more information about the mappings between system log message severity levels and syslog message severity levels, see Table 6. |
Keywords | Keywords of the message that facilitate searching or memorizing. |
CONTENT | Text string that contains detailed information about the event or error. |
Table 3 lists the service modules that might produce system log messages.
Service module name | Description |
ARP | ARP module. |
BGPM | BGPM module. |
CON_LICENSE | License management module. |
CON_MONITOR | Operating information module. |
CON_NETCONF | NETCONF module. |
CON_NetworkMonitor | Network health monitor module. |
CON_OAM | OAM module. |
CON_OPENFLOW | OpenFlow module. |
CON_PortMonitor | Port statistics module. |
CON_REGION | Region module. |
CON_SNMP | SNMP module. |
CON_SYSTEM | System management module. |
CON_TEAM | Team module. |
CON_USER | User management module. |
DHCP | DHCP module. |
F5aaS | F5 service module. |
FWaaS | Firewall service module. |
LBaaS | Load balancing service module. |
NEM | Carrier network module. |
NGFWM | NGFW manager module. |
ServiceChain | Service chain module. |
Tenant | Tenant management module. |
VPNaaS | IPsec VPN service module. |
VSM | Virtual network module. |
Syslog messages are classified into eight severity levels from 0 to 7. The lower the number, the higher the severity, as shown in Table 4.
Table 4 Syslog message severity levels
Level | Severity | Description |
0 | Emergency | The system is unusable. |
1 | Alert | Action must be taken immediately. |
2 | Critical | Critical condition. |
3 | Error | Error condition. |
4 | Warning | Warning condition. |
5 | Notice | Normal but significant condition. |
6 | Informational | Informational message. |
7 | Debug | Debugging message. |
System log messages are classified into five severity levels from 0 to 4. The higher the number, the higher the severity, as shown in Table 5.
Table 5 System log message severity levels
Level | Icon | Severity | Description |
0 |
| Info | Information message. |
1 |
| Warning | Warning condition. |
2 |
| Error | Error condition. |
3 |
| Serious | Serious condition. |
4 |
| Critical | Critical condition. |
Table 6 shows the mappings between system log message severity levels and syslog message severity levels.
Table 6 Severity level mappings
System log message severity level | Syslog message severity level |
0 | 6 |
1 | 4 |
2 | 3 |
3 | 2 |
4 | 0 |
Using this document
This document categories system log messages by service module. This document explains messages in tables. Table 7 describes information provided in these tables.
Table 7 Message explanation table contents
Item | Content | Example |
Keyword | Summary of the message that facilitates searching or memorizing. | OPENFLOW_SESSION_UP |
Message text | Presents the message description. | An OpenFlow device with datapath ID $1 OpenFlow IP $2 descriptor $3 was connected to the controller $4. |
Variable fields | Briefly describes the variable fields in the order that they appear in the message text. The variable fields are numbered in the "$Number" form to help you identify their location in the message text. | $1: Datapath ID of the OpenFlow device. $2: Management IP address of the OpenFlow device. $3: Description information about the OpenFlow device. $4: IP address of the controller. |
Severity level | Provides the severity level of the message. |
|
Example | Provides a real message example. | An OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f OpenFlow IP 192.168.100.1 descriptor 192.168.200.1 was connected to the controller 10.10.10.1. |
Explanation | Explains the message, including the event or error cause. | An OpenFlow device was connected to the controller. |
Recommended action | Provides recommended actions. For informational messages, no action is required. | No action is required. |
ARP
This section contains ARP messages.
Failure to synchronize ARP bus messages
Keyword | ARP_SYNC_FAILED |
Message text | Failed to synchronize arp bus message. |
Variable fields | N/A |
Severity level | Warning |
Example | Failed to synchronize arp bus message. |
Explanation | The controllers in a team failed to synchronize ARP bus messages. |
Recommended action | Verify that the network connections are correct among the controllers. |
Start of ARP configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_ARP_CONFIG |
Message text | All non-active leader controllers started recovering the ARP configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the ARP configuration. |
Explanation | All non-active leader controllers in the team started recovering the ARP configuration,. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of ARP configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_ARP_CONFIG |
Message text | All non-active leader controllers completed recovering the ARP configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the ARP configuration. |
Explanation | All non-active leader controllers in the team completed recovering the ARP configuration. |
Recommended action | No action is required. |
Migration times of the VM reached the maximum within the migration time period
Keyword | ARP_MIGRATE_OVERFLOW |
Message text | The VM (IP $1, MAC $2) failed to migrate to interface $3 of access device $4. The migration times of the VM have already reached the maximum within the migration time period. |
Variable fields | $1: IP address of the VM. $2: MAC address of the VM. $3: Access interface number. $4: Management IP address of the access device. |
Severity level | Warning |
Example | The VM (IP 1.1.1.1, MAC 12:00:00:00:1b:87) failed to migrate to interface Ten-GigabitEthernet 1/0/1 of access device 172.16.68.1. The migration times of the VM have already reached the maximum within the migration time period. |
Explanation | The migration times of the VM have reached the maximum within the migration time period. |
Recommended action | 1. Verify that migration operations for the VM have not reached the upper limit. 2. Verify that none of the following IP address conflicts occurs. If one of the IP conflicts occurs, ARP packets are generated and frequently delivered to the controller. As a result, the controller will move the VM frequently. ¡ VMs with different MAC address are assigned the same IP address. ¡ VMs in different VLANs are assigned the same IP address. ¡ VMs connected to different access interfaces are assigned the same IP address. ¡ VMs connected to different access devices are assigned the same IP address. |
Conflict between the VM MAC address and the gateway MAC address or reserved gateway MAC address
Keyword | ARP_MAC_CONFLICT |
Message text | The MAC address of VM (IP: $1, MAC: $2) that connects to interface $3 of access device $4 conflicts with the gateway MAC address or reserved gateway MAC address. |
Variable fields | $1: IP address of the VM. $2: MAC address of the VM. $3: Access port number. $4: Management IP address of the access device. |
Severity level | Warning |
Example | The MAC address of VM (IP: 2.2.2.1, MAC: 3c:8c:40:4e:dd:46) that connects to interface BAGG2 of access device 172.16.68.4 conflicts with the gateway MAC address or reserved gateway MAC address. |
Explanation | The VM MAC address conflicted with the gateway MAC address or the reserved gateway MAC address. |
Recommended action | Modify the VM MAC address. |
BGPM
This section contains BGPM messages.
NETCONF configuration deployment failure
Keyword | VBGP_NETCONF_CONFIG_FAILED |
Message text | Failed to deploy NETCONF configuration of BGP node $1. ErrorReason: $2. The NETCONF configuration item is $3. |
Variable fields | $1: IP address of the BGP node. $2: NETCONF configuration deployment failure reason. $3: NETCONF configuration item failed to be deployed. |
Severity level | Warning |
Example | Failed to deploy NETCONF configuration of BGP node192.168.10.11. ErrorReason: The specified address family doesn't exist. The NETCONF configuration item is <top xmlns="http://www.h3c.com/netconf/config:1.0"> <BGP> <Neighbors> <Neighbor> <Name>bgpins</Name> <VRF></VRF> <Family>9</Family> <SessAF>1</SessAF> <IpAddress>68.0.0.11</IpAddress> <Mask>255</Mask> </Neighbor> </Neighbors> </BGP> </top>. |
Explanation | Failed to deploy NETCONF configuration to a vBGP node. |
Recommended action | 3. Verify that the controller and the NETCONF server are correct connected. 4. Verify that the configuration is correct. |
Two master nodes exist in a vBGP cluster
Keyword | VBGP_DOUBLE_MASTER |
Message text | vBGP cluster $1 has two master nodes: $2 and $3. |
Variable fields | $1: vBGP cluster ID. $2: IP address of the first master node. $3: IP address of the second master node. |
Severity level | Warning |
Example | vBGP cluster 1 has two master nodes:192.168.10.11 and 192.168.10.22. |
Explanation | Two master nodes exist in a vBGP cluster. |
Recommended action | 5. Verify that the vBGP nodes can communicate correctly. 6. Verify that the vBGP cluster and BGP instance configuration is correct. |
vBGP cluster restores master/backup mode
Keyword | VBGP_MASTER_BACKUP |
Message text | vBGP cluster $1 has restored to master/backup mode. Master node is $2 and backup node is $3. |
Variable fields | $1: vBGP cluster ID. $2: IP address of the master node. $3: IP address of the backup node. |
Severity level | Info |
Example | vBGP cluster 1 has restored to master/backup mode. Master node is 192.168.10.11 and backup node is 192.168.10.33. |
Explanation | The vBGP cluster restored the master/backup mode. |
Recommended action | No action is required. |
vBGP session being established
Keyword | VBGP_PEER_SESSION_STATE |
Message text | The state of the session between vBGP node $1 and peer $2 in instance $3 is $4. |
Variable fields | $1: Management IP address of the vBGP node. $2: Peer IP address. $3: Instance name. $4: Session state. Options include Idle, Connect, Active, Openset, and Openconfirm. |
Severity level | Info |
Example | The state of the session between vBGP node 192.168.10.11 and peer 192.168.10.22 in instance A is Active. |
Explanation | A vBGP session is being established. |
Recommended action | If the vBGP session has not been established within a long period of time, verify the BGP configuration and IP connectivity between the BGP peers. |
vBGP session successfully established
Keyword | VBGP_PEER_SESSION_STATE_ESTABLISHED |
Message text | The state of the session between vBGP node $1 and peer $2 in instance $3 is Established. |
Variable fields | $1: Management IP address of the vBGP node. $2: Peer IP address. $3: Instance name. |
Severity level | Info |
Example | The state of the session between vBGP node 192.168.10.11 and peer 192.168.10.22 in instance A is Established. |
Explanation | A vBGP session was successfully established. |
Recommended action | No action is required. |
CON_LICENSE
This section contains CON_LICENSE messages.
License acquisition success
Keyword | LICENSE_INSTALL |
Message text | $1 license successfully obtained. |
Variable fields | $1: License name. |
Severity level | Info |
Example | Base license successfully obtained. |
Explanation | The specified license was successfully obtained. |
Recommended action | No action is required. |
License acquisition failure
Keyword | LICENSE_INSTALL_FAILED |
Message text | Failed to obtain the $1 license. |
Variable fields | $1: License name. |
Severity level | Info |
Example | Failed to obtain the base license. |
Explanation | Failed to obtain the specified license. |
Recommended action | Identify whether the license server has enough licenses. |
Single license reclaimed
Keyword | LICENSE_RECLAIM |
Message text | License for feature $1 (count: $2) has been reclaimed. |
Variable fields | $1: Feature name. $2: Capacity of the reclaimed license. This field is displayed only when a quantity-based license is reclaimed. |
Severity level | Warning |
Example | License for feature VirtualServiceNode (count: 100) has been reclaimed. |
Explanation | The license for the specified feature was reclaimed. |
Recommended action | No action is required. |
License server connection
Keyword | LICENSE_SERVER_CONNECT |
Message text | The controller established a connection to the license server. |
Variable fields | N/A |
Severity level | Info |
Example | The controller established a connection to the license server. |
Explanation | The controller established a connection to the license server. |
Recommended action | No action is required. |
Disconnection from the license server
Keyword | LICENSE_SERVER_DISCONNECT |
Message text | The controller was disconnected from the license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller was disconnected from the license server. |
Explanation | The controller was disconnected from the license server. |
Recommended action | If you disconnect the controller from the license server, no action is required. If the disconnection is unexpected, follow these steps: 7. Verify the connectivity between the controller and the license server. 8. Verify that the license server settings on the controller are correct. 9. Verify that the license server is operating correctly and providing services. |
Failure of connection to the license server
Keyword | LICENSE_SERVER_CONNECT_FAILED |
Message text | Failed to connect to the license server. |
Variable fields | N/A |
Severity level | Warning |
Example | Failed to connect to the license server. |
Explanation | The controller failed to connect to the license server. |
Recommended action | 10. Verify that the license server settings on the controller are correct. 11. Verify that the license server is operating correctly. |
Controller forced offline by license server
Keyword | LICENSE_SERVER_FORCE_CLIENT_OFFLINE |
Message text | The controller was forced offline by license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller was forced offline by license server. |
Explanation | The license server forced the controller to go offline. |
Recommended action | Reconnect the controller to the license server if you want to authorize the controller again. |
Reconnection to the license server
Keyword | LICENSE_SERVER_AGED_RECONNECT |
Message text | The controller started to reconnect to the license server because the token of the controller aged out. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller started to reconnect to the license server because the token of the controller aged out. |
Explanation | The token of the controller aged out and the controller started to reconnect to the license server. |
Recommended action | Verify the network connectivity between the license server and the controller. |
Entered fail-safe state due to authorization failure
Keyword | ENTER_FAILSAFE_NO_LICENSE |
Message text | The controller entered into fail-safe mode because it failed to obtain licenses from the remote license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller entered into fail-safe mode because it failed to obtain licenses from the remote license server. |
Explanation | After the controller connected to the license server, the controller failed to obtain a license and entered fail-safe state. |
Recommended action | Log in to the license server and verify that a license is available for the controller. |
Entered fail-safe state due to connection failure
Keyword | ENTER_FAILSAFE_CONNECT_FAILED |
Message text | The controller entered into fail-safe mode because a connection error occurred between the controller and the license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller entered into fail-safe mode because a connection error occurred between the controller and the license server. |
Explanation | The controller lost its connection to the license server and entered fail-safe state. |
Recommended action | Verify the network connectivity between the license server and the controller. |
Exited fail-safe state after the fail-safe period
Keyword | EXIT_FAILSAFE_EXPIRED |
Message text | The controller exited from fail-safe mode because the 30-day fail-safe period expired. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller exited from fail-safe mode because the 30-day fail-safe period expired. |
Explanation | The 30-day fail-safe period expired and the controller exited fail-safe state. |
Recommended action | 12. On the license management page, verify that the controller is connected to the license server. 13. Verify that the license server can assign a license to the controller. |
Exited fail-safe state after authorization
Keyword | EXIT_FAILSAFE_OBTAINED |
Message text | The controller exited from fail-safe mode because it had obtained licenses from the license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller exited from fail-safe mode because it had obtained licenses from the license server. |
Explanation | The controller obtained a license and exited fail-safe state. |
Recommended action | No action is required. |
Exited fail-safe state after disconnection
Keyword | EXIT_FAILSAFE_DISCONNECTED |
Message text | The controller exited from fail-safe mode because it disconnected from the license server. |
Variable fields | N/A |
Severity level | Warning |
Example | The controller exited from fail-safe mode because it disconnected from the license server. |
Explanation | The controller closed its connection to the license server and exited fail-safe state. |
Recommended action | No action is required. |
Remote license expiration pre-warning
Keyword | LICENSE_EXPIRED |
Message text | $1 license is about to expire in 10 days. |
Variable fields | $1: Remote license name. |
Severity level | Warning |
Example | Base license is about to expire in 10 days. |
Explanation | The specified remote license is about to expire in 10 days. |
Recommended action | 14. Log in to the license server to verify that the remote license is authorized. 15. If the remote license is not authorized, purchase the license. |
Insufficient quantity-based licenses
Keyword | LICENSE_INSUFFICIENT |
Message text | Insufficient $1 licenses. Please purchase more licenses. |
Variable fields | $1: Name of the quantity-based licenses. |
Severity level | Critical |
Example | Insufficient MaxNodeNum licenses. Please purchase more licenses. |
Explanation | The number of quantity-based licenses is insufficient. |
Recommended action | Purchase more licenses. |
CON_MONITOR
This section contains CON_MONITOR messages.
CPU usage exceeded threshold
Keyword | CPU_USAGE_EXCEED_THRESHOLD |
Message text | CPU usage $1 exceeded the threshold $2. |
Variable fields | $1: Current CPU usage. $2: CPU usage threshold. |
Severity level | Warning |
Example | CPU usage 91% exceeded the threshold 90%. |
Explanation | The CPU usage of the system exceeded the threshold. |
Recommended action | · Verify that the CPU usage threshold is appropriate. · Verify that the controller does not load too many services. If too many services are loaded, you can transfer some services to other controllers in the team or increase the CPU resources of the physical server. |
CPU usage dropped below threshold
Keyword | CPU_USAGE_UNDER_THRESHOLD |
Message text | CPU usage $1 dropped below the threshold $2. |
Variable fields | $1: Current CPU usage. $2: CPU usage threshold. |
Severity level | Info |
Example | CPU usage 80% dropped below the threshold 90%. |
Explanation | The CPU usage of the system dropped below the threshold. |
Recommended action | No action is required. |
Memory usage exceeded threshold
Keyword | MEMORY_USAGE_EXCEED_THRESHOLD |
Message text | Memory usage $1 exceeded the threshold $2. |
Variable fields | $1: Current memory usage. $2: Memory usage threshold. |
Severity level | Warning |
Example | Memory usage 91% exceeded the threshold 90%. |
Explanation | The memory usage of the system exceeded the threshold. |
Recommended action | · Verify that the memory usage threshold is appropriate. · Verify that the controller does not load too many services. If too many services are loaded, you can transfer some services to other controllers in the team or increase the memory resources of the physical server. |
Memory usage dropped below threshold
Keyword | MEMORY_USAGE_UNDER_THRESHOLD |
Message text | Memory usage $1 dropped below the threshold $2. |
Variable fields | $1: Current memory usage. $2: Memory usage threshold. |
Severity level | Info |
Example | Memory usage 80% dropped below the threshold 90%. |
Explanation | The memory usage of the system dropped below the threshold. |
Recommended action | No action is required. |
Disk usage exceeded threshold
Keyword | DISK_USAGE_EXCEED_THRESHOLD |
Message text | Disk usage $1 exceeded the threshold $2. |
Variable fields | $1: Current disk usage. $2: Disk usage threshold. |
Severity level | Warning |
Example | Disk usage 91% exceeded the threshold 90%. |
Explanation | The disk usage of the system exceeded the threshold. |
Recommended action | · Verify that the disk usage threshold is appropriate. · Delete unneeded files, export service-irrelevant files to other devices, or increase the disk space of the physical server. |
Disk usage dropped below threshold
Keyword | DISK_USAGE_UNDER_THRESHOLD |
Message text | Disk usage $1 dropped below the threshold $2. |
Variable fields | $1: Current disk usage. $2: Disk usage threshold. |
Severity level | Info |
Example | Disk usage 80% dropped below the threshold 90%. |
Explanation | The disk usage of the system dropped below the threshold. |
Recommended action | No action is required. |
CON_NETCONF
This section contains CON_NETCONF messages.
NETCONF session in up state
Keyword | NETCONF_SESSION_UP |
Message text | · The NETCONF session between the controller and NETCONF server $1 $2 was up. · The https NETCONF session between the controller and NETCONF server $1 was up. |
Variable fields | $1: IP address of the NETCONF server. $2: Application name. |
Severity level | Warning |
Example | · The NETCONF session between the controller and NETCONF server 98.0.50.10 sdn.fabric.monitor was up. · The https NETCONF session between the controller and NETCONF server 98.0.50.10 was up. |
Explanation | The NETCONF session between the controller and the NETCONF server was up. |
Recommended action | No action is required. |
NETCONF session in down state
Keyword | NETCONF_SESSION_DOWN |
Message text | · The NETCONF session between the controller and NETCONF server $1 $2 was down. · The https NETCONF session between the controller and NETCONF server $1 was down. |
Variable fields | $1: IP address of the NETCONF server. $2: Application name. |
Severity level | Warning |
Example | · The NETCONF session between the controller and NETCONF server 98.0.50.10 sdn.fabric.monitor was down. · The https NETCONF session between the controller and NETCONF server 98.0.50.10 was down. |
Explanation | The NETCONF session between the controller and the NETCONF server was down. |
Recommended action | To resolve the problem: 16. Verify the connectivity between the controller and the NETCONF server. 17. Examine whether the controller and the NETCONF server have the same NETCONF settings. If the controller and the NETCONF server have different NETCONF settings, modify the NETCONF settings on the controller or the NETCONF server. 18. Examine whether the maximum number of NETCONF sessions on the NETCONF server is reached. If the maximum number of NETCONF sessions is reached, delete unnecessary sessions or modify the upper limit of NETCONF sessions on the NETCONF server. |
Start of NETCONF configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_NETCONF_CONFIG |
Message text | All non-active leader controllers started recovering the NETCONF configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the NETCONF configuration. |
Explanation | All non-active leader controllers started recovering the NETCONF configuration, such as the NETCONF username and password. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of NETCONF configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_NETCONF_CONFIG |
Message text | All non-active leader controllers completed recovering the NETCONF configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the NETCONF configuration. |
Explanation | All non-active leader controllers completed recovering the NETCONF configuration, such as the NETCONF username and password. |
Recommended action | No action is required. |
NETCONF configuration deployment failure
Keyword | NETCONF_FAILED |
Message text | $1 |
Variable fields | $1: Error packet sent from the NETCONF server. |
Severity level | Warning |
Example | <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope"> <env:Body> <env:Fault> <env:Code> <env:Value>env:Sender</env:Value> </env:Code> <env:Reason> <env:Text lang=\"en\">Failed to log in.</env:Text> </env:Reason> </env:Fault> </env:Body> |
Explanation | When the controller fails to deploy the NETCONF configuration to the NETCONF server, the NETCONF server returns an error packet to the controller. Only part of the content in the error packet is displayed in the log because the error packet is too large. |
Recommended action | In this example, the configuration deployment failure is caused by controller login failure. To resolve this problem, verify that the controller uses the same NETCONF username and password as the NETCONF server. In other situations, take actions based on the content of the error packet or contact H3C Support. |
NETCONF SSH session authentication failure
Keyword | NETCONF_SSH_AUTH_FAILED |
Message text | Failed to create the NETCONF over SSH session between the controller and NETCONF server $1 $2. $3 |
Variable fields | $1: NETCONF server IP address. $2: Application name. $3: Session creation failure reason. |
Severity level | Warning |
Example | Failed to create the NETCONF over SSH session between the controller and NETCONF server 98.0.50.10 sdn.fabric.monitor. Reason: Authentication failed. |
Explanation | Failed to create a NETCONF SSH session between the controller and the NETCONF server. |
Recommended action | · Verify that the NETCONF username and password are correctly configured. · Verify that the network is operating correctly. |
CON_NetworkMonitor
This section contains CON_NetworkMonitor messages.
Unhealthy device operating status
Keyword | MONITOR_DEVICE_ABNORMAL |
Message text | Device operating status changed to unhealthy: IP address: $1 Device health level: $2 |
Variable fields | $1: IP address of the device. $2: Health level of the device. |
Severity level | Warning |
Example | Device operating status changed to unhealthy: IP address: 192.168.67.200 Device health level: 23 |
Explanation | This message is generated when the device health level is equal to or lower than 25. |
Recommended action | Determine whether to handle the issue as required. |
Device operating status changes from unhealthy to healthy
Keyword | MONITOR_DEVICE_NORMAL |
Message text | Device operating status changed to healthy: IP address: $1 Device health level: $2 |
Variable fields | $1: IP address of the device. $2: Health level of the device. |
Severity level | Info |
Example | Device operating status changed to healthy: IP address: 192.168.67.200 Device health level: 30 |
Explanation | This message is generated when the device health level increases above 25. |
Recommended action | No action is required. |
CON_OAM
This section contains CON_OAM messages.
Periodic radar detection task failure
Keyword | PERIODIC_DETECTION_FAILED |
Message text | Periodic radar detection task failed: $1 |
Variable fields | $1: Periodic radar detection task parameters. |
Severity level | Warning |
Example | Periodic radar detection task failed: Path type: single Network type: vxlan Segment ID: 2 Source IP: 172.71.1.5 Start device IP: 192.168.106.3 Start device ingress port: --- Destination IP: 172.172.1.2 End device IP: --- |
Explanation | A periodic radar detection task might contain one or more scanning tasks. This message is generated when a scanning task fails. |
Recommended action | If the failure is caused by active leader switchover, perform the periodic radar detection task again after the switchover. If the failure is caused by other reasons, perform the following operations: · Verify that the start device is not faulty and the start device ingress port operates correctly. · Verify that the sending of LLDP packets to the controller is enabled. If the feature is disabled, enable it in the Link component by navigating to System > Parameters. |
Periodic radar detection task result changes from failure to success
Keyword | PERIODIC_DETECTION_CHANGE__SUCCEEDED |
Message text | Periodic radar detection task result changed from failure to success: $1 |
Variable fields | $1: Periodic radar detection task parameters. |
Severity level | Info |
Example | Periodic radar detection task result changed from failure to success: Path type: single Network type: vxlan Segment ID: 2 Source IP: 172.71.1.5 Start device IP: 192.168.106.3 Start device ingress port: XGE2/0/1 Destination IP: 172.172.1.2 End device IP: 192.168.70.68 |
Explanation | A periodic radar detection task might contain one or more scanning tasks. This message is generated when the previous scanning task fails but the current task succeeds. |
Recommended action | No action is required. |
CON_OPENFLOW
This section contains CON_OPENFLOW messages.
Abnormal OpenFlow connection
Keyword | OPENFLOW_CONNECT_ERROR |
Message text | $1 |
Variable fields | $1: Abnormal connection information. |
Severity level | Critical |
Example | N/A |
Explanation | An OpenFlow connection was abnormal. |
Recommended action | Take actions according to the prompted abnormal connection information. |
Successful OpenFlow connection
Keyword | OPENFLOW_SESSION_UP |
Message text | An OpenFlow device with datapath ID $1 openflow ip $2 descriptor $3 was connected to the controller $4. |
Variable fields | $1: Datapath ID of the OpenFlow device. $2: Management IP address of the OpenFlow device. $3: Description information about the OpenFlow device. $4: IP address of the controller. |
Severity level | Info |
Example | An OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f openflow ip 192.168.100.1 descriptor 192.168.200.1 was connected to the controller 10.10.10.1. |
Explanation | An OpenFlow device was connected to the controller. |
Recommended action | No action is required. |
Disconnected OpenFlow connection
Keyword | OPENFLOW_SESSION_DOWN |
Message text | An OpenFlow device with datapath ID $1 openflow ip $2 descriptor $3 was disconnected from the controller $4. |
Variable fields | $1: Datapath ID of the OpenFlow device. $2: Management IP address of the OpenFlow device. $3: Description information about the OpenFlow device. $4: IP address of the controller. |
Severity level | Info |
Example | An OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f openflow ip 192.168.100.1 descriptor 192.168.200.1 was disconnected from the controller 10.10.10.1. |
Explanation | An OpenFlow device was disconnected from the controller. |
Recommended action | Log in to the operating system where the controller is installed, and use the ping command to test the connectivity between the controller and OpenFlow device. · Specify the IP address used by the controller to join the team as the source IP. · Specify the management IP address of the OpenFlow device as the destination IP. Log in to the OpenFlow device to verify that the OpenFlow configuration is correct. |
OpenFlow port in up state
Keyword | OPENFLOW_DEVPORT_UP |
Message text | Port $1 of an OpenFlow device with datapath ID $2 management IP $3 was up. |
Variable fields | $1: Name of a physical port. $2: Datapath ID of an OpenFlow device. $3: Management IP address of the OpenFlow device. |
Severity level | Info |
Example | Port FGE1/0/1 of an OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f management IP 192.168.1.1 was up. |
Explanation | A port on an OpenFlow device came up. |
Recommended action | No action is required. |
OpenFlow port in down state
Keyword | OPENFLOW_DEVPORT_DOWN |
Message text | Port $1 of an OpenFlow device with datapath ID $2 management IP $3 was down. |
Variable fields | $1: Name of a physical port. $2: Datapath ID of an OpenFlow device. $3: Management IP address of the OpenFlow device. |
Severity level | Info |
Example | Port FGE1/0/1 of an OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f management IP 192.168.1.1 was down. |
Explanation | A port on an OpenFlow device went down. |
Recommended action | If the message appears when the OpenFlow device reports its port information to the controller upon connecting to the controller, no action is required. If the message appears in other situations, verify that the physical port operates correctly and the link where the port resides is up. |
OpenFlow port removed
Keyword | OPENFLOW_DEVPORT_REMOVED |
Message text | Port $1 of an OpenFlow device with datapath ID $2 management IP $3 was removed. |
Variable fields | $1: Name of a port. $2: Datapath ID of an OpenFlow device. $3: Management IP address of the OpenFlow device. |
Severity level | Info |
Example | Port FGE1/0/1 of an OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f management IP 192.168.1.1 was removed. |
Explanation | A port on an OpenFlow device was removed. |
Recommended action | If the message appears when you delete or move a VM, no action is required. If the message appears in other situations, verify that the physical port operates correctly. |
Failure to deploy flow entries
Keyword | OPENFLOW_ADD_FLOWTABLE_FAILED |
Message text | $1. The OpenFlow device with datapath ID $2 manager ip $3 failed to add the flow table $4. |
Variable fields | $1: Error information returned by the OpenFlow device. $2: Datapath ID of the OpenFlow device. $3: Management IP address of the OpenFlow device. $4: Flow table information. |
Severity level | Warning |
Example | BAD_FIELD. The OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f manager ip 192.168.10.10 failed to add the flow table [tableId:1,Priority:29999,cookie0x2555364126,Matches:{“vxlan_reserved”:”0xFE”}]. |
Explanation | The controller failed to deploy flow entries to the specified OpenFlow device. |
Recommended action | The controller deploys several flow entries to the OpenFlow device by default. If the OpenFlow device does not support such flow entries, update the OpenFlow device as required. If the flow entries are deployed through REST API, modify the flow entries according to the error information returned and then deploy the flow entries again. |
Packet-in message rate reaches threshold on controller
Keyword | OPENFLOW_CON_PACKETIN_EXCEED |
Message text | The Packet-in message rate has reached the threshold on the controller. The current rate is $1 pps. |
Variable fields | $1: Current packet-in message rate on the controller, in pps. |
Severity level | Warning |
Example | The Packet-in message rate has reached the threshold on the controller. The current rate is 8 pps. |
Explanation | The packet-in message rate reached the threshold on the controller. |
Recommended action | Modify the threshold for packet-in message rate on the controller. |
Packet-in message rate reaches threshold on OpenFlow device
Keyword | OPENFLOW_DEV_PACKETIN_EXCEED |
Message text | The Packet-in message rate has reached the threshold on OpenFlow device with DPID $1 and management IP $2. The current rate is $3 pps. |
Variable fields | $1: Datapath ID of the OpenFlow device. $2: Management IP address of the OpenFlow device. $3: Current packet-in message rate on the OpenFlow device, in pps. |
Severity level | Warning |
Example | The Packet-in message rate has reached the threshold on OpenFlow device with DPID 00:00:00:00:00:01 and management IP 192.168.109.10. The current rate is 10 pps. |
Explanation | The packet-in message rate reached the threshold on the OpenFlow device. |
Recommended action | Modify the threshold for packet-in message rate on the OpenFlow device. |
Packet-in message rate reaches threshold on OpenFlow device port
Keyword | OPENFLOW_PORT_PACKETIN_EXCEED |
Message text | The Packet-in message rate has reached the threshold on port $1 of OpenFlow device with DPID $2 and management IP $3. The current rate is $4 pps. |
Variable fields | $1: Number of the port on the OpenFlow device. $2: Datapath ID of the OpenFlow device. $3: Management IP address of the OpenFlow device. $4: Current packet-in message rate on the OpenFlow device's port, in pps. |
Severity level | Warning |
Example | The Packet-in message rate has reached the threshold on port 68 of OpenFlow device with DPID 00:00:00:00:00:01 and management IP 192.168.109.11. The current rate is 15 pps. |
Explanation | The packet-in message rate reached the threshold on the OpenFlow device's port. |
Recommended action | Modify the threshold for packet-in message rate on the OpenFlow device's ports. |
Keystore certificate expiration early warning
Keyword | KEYSTORE_WILL_EXPIRE |
Message text | The controller certificate for southbound communication with subject "$1" will expire in $2 days. |
Variable fields | $1: Certificate subject. $2: Remaining lifetime of the certificate. |
Severity level | Warning |
Example | The controller certificate for southbound communication with subject " C=CN, ST=ZheJiang, L=Hangzhou, O=Hangzhou H3C Technologies Co., Ltd., CN=*.h3c.com" will expire in 20 days. |
Explanation | The remaining lifetime of the Keystore certificate decreased below the expiration early warning threshold. |
Recommended action | Update the KeyStore in time. |
Keystore certificate expired
Keyword | KEYSTORE_EXPIRED |
Message text | The controller certificate for southbound communication with subject "$1" expired. |
Variable fields | $1: Certificate subject. |
Severity level | Warning |
Example | The controller certificate for southbound communication with subject " C=CN, ST=ZheJiang, L=Hangzhou, O=Hangzhou H3C Technologies Co., Ltd., CN=*.h3c.com" expired. |
Explanation | The Keystore certificate expired. |
Recommended action | Update the KeyStore in time. |
CON_PortMonitor
This section contains CON_PortMonitor messages.
Change of port operating status from healthy to unhealthy
Keyword | MONITOR_PORT_ABNORMAL |
Message text | Port operating status changed to unhealthy: Device IP address: $1 Port name: $2 Inbound bandwidth usage: $3 Outbound bandwidth usage: $4 Inbound error packet rate: $5 Outbound error packet rate: $6 Inbound packet loss rate: $7 Outbound packet loss rate: $8 |
Variable fields | $1: IP address of the device. $2: Port name. $3: Inbound bandwidth usage. $4: Outbound bandwidth usage. $5: Inbound error packet rate. $6: Outbound error packet rate. $7: Inbound packet loss rate. $8: Outbound packet loss rate. |
Severity level | Warning |
Example | Port operating status changed to unhealthy: Device IP address: 172.16.100.222 Port name: G1/0/1 Inbound bandwidth usage: 10% Outbound bandwidth usage: 10% Inbound error packet rate: 10% Outbound error packet rate: 10% Inbound packet loss rate: 10% Outbound packet loss rate: 10% |
Explanation | This message is generated when the port operating status changes to unhealthy. The status change can be caused by the following threshold exceeding events: · The bandwidth usage exceeds the threshold. · The error packet rate exceeds the threshold. · The packet loss rate exceeds the threshold. |
Recommended action | Take actions based on the causes |
Change of port operating status from unhealthy to healthy
Keyword | MONITOR_PORT_NORMAL |
Message text | Port operating status changed from unhealthy to healthy: Device IP address: $1 Port name: $2 Inbound bandwidth usage: $3 Outbound bandwidth usage: $4 Inbound error packet rate: $5 Outbound error packet rate: $6 Inbound packet loss rate: $7 Outbound packet loss rate: $8 |
Variable fields | $1: IP address of the device. $2: Port name. $3: Inbound bandwidth usage. $4: Outbound bandwidth usage. $5: Inbound error packet rate. $6: Outbound error packet rate. $7: Inbound packet loss rate. $8: Outbound packet loss rate. |
Severity level | Info |
Example | Port operating status changed from unhealthy to healthy: Device IP address: 192.168.70.68 Port name: XGE1/0/5 Inbound bandwidth usage: 10% Outbound bandwidth usage: 20% Inbound error packet rate: 1% Outbound error packet rate: 1% Inbound packet loss rate: 0% Outbound packet loss rate: 0% |
Explanation | This message is generated when the port operating status changes from unhealthy to healthy. |
Recommended action | No action is required. |
CON_REGION
This section contains CON_REGION messages.
Region creation
Keyword | REGION_ADD |
Message text | REGION_ADDED : ID: $1 |
Variable fields | $1: Region ID. |
Severity level | Info |
Example | REGION_ADDED:ID:Id[value=8aeffbea-7fce-457b-a753-8c228d72c24f] |
Explanation | A region was created. |
Recommended action | No action is required. |
Region activation
Keyword | REGION_ACTIVE |
Message text | REGION_ACTIVE : ID: $1 |
Variable fields | $1: Region ID. |
Severity level | Info |
Example | REGION_ACTIVE:ID:Id[value=8aeffbea-7fce-457b-a753-8c228d72c24f] |
Explanation | A minimum of one member in the region was activated. |
Recommended action | No action is required. |
Region update
Keyword | REGION_UPDATE |
Message text | REGION_UPDATED : ID: $1 |
Variable fields | $1: Region ID. |
Severity level | Info |
Example | REGION_UPDATED:ID:Id[value=8aeffbea-7fce-457b-a753-8c228d72c24f] |
Explanation | A region was updated. |
Recommended action | No action is required. |
Region down
Keyword | REGION_DOWN |
Message text | REGION_DOWN : ID: $1 |
Variable fields | $1: Region ID. |
Severity level | Info |
Example | REGION_DOWN:ID:Id[value=8aeffbea-7fce-457b-a753-8c228d72c24f] |
Explanation | The region was down because all controllers left the region or the region was deleted. |
Recommended action | No action is required. |
Region deletion
Keyword | REGION_DELETE |
Message text | REGION_DELETED: ID: $1 |
Variable fields | $1: Region ID. |
Severity level | Info |
Example | REGION_DELETED:ID:Id[value=8aeffbea-7fce-457b-a753-8c228d72c24f] |
Explanation | A region was deleted. |
Recommended action | No action is required. |
Failure to restore region settings
Keyword | REGION_RECOVER_FAILED |
Message text | Failed to restore all region settings because of inconsistent data format. All regions were automatically deleted. |
Variable fields | N/A |
Severity level | Error |
Example | Failed to restore all region settings because of inconsistent data format. All regions were automatically deleted. |
Explanation | All region settings failed to be restored because of inconsistent data format and all regions were automatically deleted. The message might appear when software upgrade is done on a controller and the current software version is incompatible with the previous software version. |
Recommended action | Log in to the active leader and create regions again. |
Network device connection to a master
Keyword | REGION_SELECT_MASTER |
Message text | The network devices with datapath ID collection $1 were connected to master $2/$3. |
Variable fields | $1: Datapath IDs of the network devices. $2: Name of the master controller. $3: IP address of the master controller. |
Severity level | Info |
Example | The network devices with datapath ID collection 00:01:28:ec:6e:4a:02:00 were connected to master 3/F001:0:0:0:1000:1000:1000:1004. |
Explanation | The network devices with the specified datapath IDs were connected to a master. |
Recommended action | No action is required. |
Master change for network devices
Keyword | REGION_MASTER_CHANGE |
Message text | The master of the network devices with datapath ID collection $1 was changed from $2/$3 to $4/$5. |
Variable fields | $1: Datapath IDs of the network devices. $2: Name of the original master to which the network devices are connected. $3: IP address of the original master to which the network devices are connected. $4: Name of the new master to which the network devices are connected. $5: IP address of the new master to which the network devices are connected. |
Severity level | Warning |
Example | The master of the network devices with datapath ID collection 00:01:28:ec:6e:4a:02:00 was changed from 3/F001:0:0:0:1000:1000:1000:1004 to 2/F001:0:0:0:1000:1000:1000:1003. |
Explanation | The master for the network devices with the specified datapath IDs was changed. |
Recommended action | No action is required. |
Network device disconnection from a master
Keyword | DEVICE_DISCONNECT_MASTER |
Message text | The network devices with datapath ID collection $1 were disconnected from the master $2. |
Variable fields | $1: Datapath IDs of the network devices. $2: IP address of the master controller. |
Severity level | Warning |
Example | The network devices with datapath ID collection 00:01:a6:81:13:28:01:00 00:05:a6:81:13:28:01:00 were disconnected from the master 192.168.105.21. |
Explanation | The network devices with the specified datapath IDs were disconnected from a master. |
Recommended action | Examine whether the disconnection is abnormal. If the disconnection is abnormal, perform the following steps: 19. Verify that the network is connected. 20. Configure the controller to issue the region configuration again. |
OpenFlow device connection with multiple regions
Keyword | DEVICE_CONNECT_MULTIREGION |
Message text | The network device with datapath ID $1 has joined region $2 and region $3 |
Variable fields | $1: Datapath ID of the network device. $2: Name of one region to which the network device connects. $3: Name of the other region to which the network device connects. |
Severity level | Emergency |
Example | The network device with datapath ID 0c:6f:74:25:8a:c4:e3:a1 has joined region A and region B |
Explanation | The OpenFlow device was connected to multiple controllers in different regions. |
Recommended action | Disconnect the OpenFlow device from all controllers and then connect the OpenFlow device to controllers in the same region. |
Abnormal status of the other controller in the region
Keyword | REGION_CONTROLLER_STATUS_DOWN |
Message text | The connection between the current controller and controller $1 in the region is abnormal. |
Variable fields | $1: IP address of the other controller in the current region. |
Severity level | Emergency |
Example | The connection between the current controller and controller 192.168.105.33 in the region is abnormal. |
Explanation | The status of the other controller in the current region is abnormal. |
Recommended action | 21. Verify that the other controller in the region started up correctly. If the controller started up correctly, go to the next step. 22. Verify that the controller does not quit the team. If the controller quits the team, add the controller to the team. If the controller is in the team, go to the next step. 23. Reboot the controller or contact H3C Support because the handshake module of the controller might be abnormal. |
Normal status of the other controller in the region
Keyword | REGION_CONTROLLER_STATUS_UP |
Message text | The connection between the current controller and controller $1 in the region is normal. |
Variable fields | $1: IP address of the other controller in the region. |
Severity level | Info |
Example | The connection between the current controller and controller 192.168.105.33 in the region is normal. |
Explanation | The status of the other controller in the current region is normal. |
Recommended action | No action is required. |
CON_SNMP
This section contains CON_SNMP messages.
Traditional NE created SNMP connection with controller
Keyword | SNMP_SESSION_UP |
Message text | An SNMP session was created between the traditional NE at $1 and the controller at $2. |
Variable fields | $1: IP address of the traditional NE. $2: IP address of the controller. |
Severity level | Info |
Example | An SNMP session was created between the traditional NE at 192.168.70.72 and the controller at 192.168.89.155. |
Explanation | The traditional NE established an SNMP connection to the controller. |
Recommended action | No action is required. |
Traditional NE broke SNMP connection to controller
Keyword | SNMP_SESSION_DOWN |
Message text | The SNMP session between the traditional NE at $1 and the controller at $2 was disconnected. |
Variable fields | $1: IP address of the traditional NE. $2: IP address of the controller. |
Severity level | Warning |
Example | The SNMP session between the traditional NE at 192.168.70.72 and the controller at 192.168.89.155 was disconnected. |
Explanation | The traditional NE broke the SNMP connection to the controller. |
Recommended action | Verify that the disconnection is normal. If the disconnection is abnormal, check the connectivity of the network. |
Traditional NE port up
Keyword | TRADITIONAL_NE_PORT_UP |
Message text | Port $1 of traditional NE at $2 was up. |
Variable fields | $1: Name of the traditional NE port. $2: IP address of the traditional NE. |
Severity level | Info |
Example | Port FGE1/0/46 of traditional NE at 192.168.89.155 was up. |
Explanation | This message is sent when the port of the traditional NE comes up. |
Recommended action | No action is required. |
Traditional NE port down
Keyword | TRADITIONAL_NE_PORT_DOWN |
Message text | Port $1 of traditional NE at $2 was down. |
Variable fields | $1: Name of the traditional NE port. $2: IP address of the traditional NE. |
Severity level | Warning |
Example | Port FGE1/0/46 of traditional NE at 192.168.89.155 was down. |
Explanation | This message is sent when the port of the traditional NE goes down. |
Recommended action | Verify that the physical status of the traditional NE port is correct. |
CON_SYSTEM
This section contains CON_SYSTEM messages.
Database operation failure because of a nonexistent user
Keyword | DATABASE_NO_USER |
Message text | Database operation failed because the user did not exist. |
Variable fields | N/A |
Severity level | Emergency |
Example | Database operation failed because the user did not exist. |
Explanation | The database operation failed because the user did not exist. |
Recommended action | Verify that the user is configured in the database. |
Database operation failure because of refused connections
Keyword | DATABASE_CONNECTION_FAILED |
Message text | Database operation failed because the database sdndb rejected the connection request from the controller $1. |
Variable fields | $1: IP address of the controller. |
Severity level | Emergency |
Example | Database operation failed because the database sdndb rejected the connection request from the controller 10.10.10.10. |
Explanation | The database operation failed because the connection to the database was refused as a result of abnormal database shutdown and so on. |
Recommended action | Use the service postgresql status command to verify that the database is in active (running) status. Use the netstat -antp | grep 5432 command to verify that the port of the database is not occupied by other processes. |
End of controller configuration recovery
Keyword | FINISH_RECOVER_CONFIGURATIONS |
Message text | Controller configuration recovery completed. |
Variable fields | N/A |
Severity level | Info |
Example | Controller configuration recovery completed. |
Explanation | Controller configuration recovery completed. |
Recommended action | No action is required. |
Controller configuration backup not performed when backup file exists
Keyword | BACKUP_CONFIGURATIONS_EXIST |
Message text | The configuration file already exists. |
Variable fields | N/A |
Severity level | Info |
Example | The configuration file already exists. |
Explanation | Configuration backup is not performed when both of the following conditions exist: · The non-active leader controllers in the team are consecutively rebooted at least twice before the configuration recovery is completed. · A backup configuration file already exists on each non-active leader controller. |
Recommended action | Do not consecutively reboot the non-active leader controllers in the team before the configuration recovery is completed. |
Failed to send the backup file to the remote server
Keyword | BACKUP_FILE_SEND_FAILED |
Message text | Failed to send the backup file to the remote server. |
Variable fields | N/A |
Severity level | Warning |
Example | Failed to send the backup file to the remote server. |
Explanation | Failed to send the backup file to the remote file server. |
Recommended action | · Verify that the remote server IP address, username, and password in the remote backup settings are correct. · Verify that the connection between the controller and remote server is normal. · Verify that the username in the remote backup settings has read and write permission to the specified FTP path. |
Up to six backup files created by using the same backup method at a time
Keyword | BACKUP_REACH_SIX_SAMETIME |
Message text | The system stopped backing up the configuration because up to six backup files have been created by using the same method at a time. |
Variable fields | N/A |
Severity level | Warning |
Example | The system stopped backing up the configuration because up to six backup files have been created by using the same method at a time. |
Explanation | Typically, backup files are named in the format of backup time_controller version_backup method, for example, #20161121204142_D2011P07_M. When multiple backup files are created by using the same method at a time, the system names the backup files in another format to prevent duplicate file names. All backup files except the first one are named in the format of backup time_controller version_backup method_n. When n is greater than 5, the system generates this log and stops the current backup operation. |
Recommended action | Do not perform multiple backup operations at a time on a controller. |
CON_TEAM
This section contains CON_TEAM messages.
Failure to delete team IP
Keyword | DELETE_TEAMIP_FAILED |
Message text | Failed to delete team IP $1. |
Variable fields | $1: Team IP address. |
Severity level | Warning |
Example | Failed to delete team IP 192.168.56.211. |
Explanation | The system failed to delete the team IP address from the original active leader. The message appears in any of the following situations: · The team is deleted. · An active leader switchover occurs. |
Recommended action | Delete the team IP address on the original active leader by using the sudo ifconfig <NIC>:<subinterface number> <controller_ip> netmask <network_mask> down command. |
Controller suspended
Keyword | BECOME_SUSPENDED |
Message text | BECOME_SUSPENDED, ID: $1, IP: $2, Name: $3, Team name: $4, Team IP: $5. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. $3: Member controller name. $4: Name of the team. $5: Team IP address. |
Severity level | Warning |
Example | BECOME_SUSPENDED, ID:98394757-7760-4262-b71b-7b2dde8af5cd,IP:192.168.37.105, Name: controller1, Team name: ZOK, Team IP: 192.168.37.36. |
Explanation | The controller was suspended. It was disconnected from other controllers in the team and stopped receiving new services. |
Recommended action | No action is required. |
Member joined team
Keyword | MEMBER_JOIN |
Message text | MEMBER_JOIN, ID: $1, IP: $2, Name: $3, Team name: $4, Team IP: $5. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. $3: Member controller name. $4: Name of the team. $5: Team IP address. |
Severity level | Info |
Example | MEMBER_JOIN, ID:98394757-7760-4262-b71b-7b2dde8af5cd, IP:192.168.37.105, Name: controller1, Team name: ZOK, Team IP: 192.168.37.36. |
Explanation | The controller joined the team. This event was recorded on the active leader. |
Recommended action | No action is required. |
Active leader changed
Keyword | MEMBER_TO_LEADER |
Message text | MEMBER_TO_LEADER, ID: $1, IP: $2, Name: $3, Team name: $4, Team IP: $5. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. $3: Member controller name. $4: Name of the team. $5: Team IP address. |
Severity level | Warning |
Example | MEMBER_TO_LEADER, ID: 98394757-7760-4262-b71b-7b2dde8af5cd, IP: 192.168.37.105, Name: controller1, Team name: ZOK, Team IP: 192.168.37.36. |
Explanation | A team event occurred: The controller was elected as the active leader. |
Recommended action | No action is required. |
Controller became active leader
Keyword | BECOME_LEADER |
Message text | BECOME_LEADER, ID: $1, IP: $2, Name: $3, Team name: $4, Team IP: $5. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. (This field displays 127.0.0.1 in standalone mode.) $3: Member controller name. (This field displays Local in standalone mode.) $4: Name of the team. (This field displays Standalone in standalone mode.) $5: Team IP address. (This field displays 127.0.0.1 in standalone mode.) |
Severity level | Info |
Example | BECOME_LEADER, ID: 98394757-7760-4262-b71b-7b2dde8af5cd, IP: 192.168.37.105, Name: controller1, Team name: ZOK, Team IP: 192.168.37.36. |
Explanation | A team event occurred: The controller was elected as the active leader. |
Recommended action | No action is required. |
Controller became member
Keyword | BECOME_MEMBER |
Message text | BECOME_MEMBER,, ID: $1, IP: $2, Name: $3, Team name: $4, Team IP: $5. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. $3: Member controller name. $4: Name of the team. $5: Team IP address. |
Severity level | Info |
Example | BECOME_MEMBER, ID: 98394757-7760-4262-b71b-7b2dde8af5cd, IP: 192.168.37.105, Name: controller1, Team name: ZOK, Team IP: 192.168.37.36. |
Explanation | A team event occurred: The controller joined the team. |
Recommended action | No action is required. |
Member left team unexpectedly
Keyword | MEMBER_LEAVE |
Message text | MEMBER_LEAVE, ID $1, IP $2 from team $3 team IP $4. |
Variable fields | $1: Member controller ID. $2: Member controller IP address. $3: Team name. $4: Team IP address. |
Severity level | Warning |
Example | MEMBER_LEAVE, ID 98394757-7760-4262-b71b-7b2dde8af5cd, IP 192.168.37.105 from team sdn team IP 192.168.10.1. |
Explanation | The member controller left the team unexpectedly. This event was recorded on the active leader. |
Recommended action | Log in to the operating system where the active leader is installed, and use the ping command to test the connectivity between the active leader and member controller. · Specify the IP address used by the active controller to join the team as the source IP. · Specify the IP address used by the member controller to join the team as the destination IP. Log in to the operating system, and verify that the sdnc and zookeeper processes are operating correctly. · Use the ps -aux | grep virgo command to verify that the sdnc process is operating correctly. · Use the ps -aux | grep zoo command to verify that the zookeeper process is operating correctly. · Use the following commands to verify that all TCP connections to the zookeeper ports are in Established status. ¡ netstat -anut | grep 2181 ¡ netstat -anut | grep 2888 ¡ netstat -anut | grep 3888 |
Member left team expectedly
Keyword | MEMBER_LEAVE |
Message text | MEMBER_LEAVE, ID $1 from team $2 team IP $3. |
Variable fields | $1: Member controller ID. $2: Team name. $3: Team IP address. |
Severity level | Info |
Example | MEMBER_LEAVE, ID 98394757-7760-4262-b71b-7b2dde8af5cd from team sdn team IP 192.168.10.1. |
Explanation | The member controller left the team expectedly. This event was recorded on the active leader. |
Recommended action | No action is required. |
Different team token than the active leader
Keyword | TEAMTOKEN_DIFF |
Message text | The team token of the member $1 was different than the active leader. |
Variable fields | $1: IP address of the member controller. |
Severity level | Warning |
Example | The team token of the member 192.168.56.147 was different than the active leader. |
Explanation | The team token of the member was different than the active leader when the member was added to the team or the active leader issued configuration to the member. |
Recommended action | Modify the team token of the member to be the same as that of the active leader. |
Reboot for completing team merge
Keyword | LEADER_CONFILICT |
Message text | Leader conflict was detected in stateful failover mode on the controller $1. The controller automatically rebooted to complete the team merge. |
Variable fields | $1: IP address of the controller. |
Severity level | Emergency |
Example | Leader conflict was detected in stateful failover mode on the controller 192.168.56.147. The controller automatically rebooted to complete the team merge. |
Explanation | A leader conflict was detected in stateful failover mode on the controller. The controller rebooted automatically to complete the team merge. |
Recommended action | No action is required. |
Reboot to act as the leader
Keyword | ILLEGAL_ROLE_CHANGE |
Message text | Controller $1 will reboot because it is selected as the active leader during configuration recovery. |
Variable fields | $1: IP address of the controller. |
Severity level | Emergency |
Example | Controller 192.168.217.230 will reboot because it is selected as the active leader during configuration recovery. |
Explanation | The controller was selected as the active leader during configuration recovery. To avoid configuration loss, the controller automatically reboots. |
Recommended action | No action is required. |
CON_USER
This section contains CON_USER messages.
Login success
Keyword | LOGGED_IN_SUCCEED |
Message text | User $1 successfully logged in by using the role $2 and the IP address $3. |
Variable fields | $1: Username. $2: User role, including: ¡ sdn-admin. ¡ sdn-user. $3: IP address of the user. |
Severity level | Info |
Example | User sdn successfully logged in by using the role sdn-admin and the IP address 192.168.1.1. |
Explanation | A user logged into the device. |
Recommended action | No action is required. |
Login failure
Keyword | LOGGED_IN_FAILED |
Message text | User $1 failed to log in by using the IP address $2. |
Variable fields | $1: Username. $2: IP address of the user. |
Severity level | Info |
Example | User sdn failed to log in by using the IP address 192.168.1.1. |
Explanation | A user failed to log into the device. The message appears in any of the following situations: · The username is incorrect. · The password is incorrect. |
Recommended action | Check the entered username and password. |
User lock
Keyword | USER_LOCKED |
Message text | The user $1 failed to log in because the login failures has reached five times, and the user is locked. |
Variable fields | $1: Username. |
Severity level | Info |
Example | The user sdn failed to log in because the login failures has reached five times, and the user is locked. |
Explanation | The user account was locked because the user failed to log in to the controller for five consecutive times. |
Recommended action | Verify that the username and password are correct. The user account will be unlocked in 15 minutes or after a controller reboot. |
Logout success
Keyword | LOGGED_OUT_SUCCEED |
Message text | User $1 successfully logged out by using the role $2 and the IP address $3. |
Variable fields | $1: Username. $2: User role, including: ¡ sdn-admin. ¡ sdn-user. $3: IP address of the user. |
Severity level | Info |
Example | User sdn successfully logged out by using the role sdn-admin and the IP address 192.168.1.1. |
Explanation | A user logged out of the device. |
Recommended action | No action is required. |
RADIUS authentication success
Keyword | RADIUS_AUTHENTICATION_PASS |
Message text | User $1 passed the RADIUS authentication. |
Variable fields | $1: Username. |
Severity level | Info |
Example | User User1 passed the RADIUS authentication. |
Explanation | A user passed RADIUS authentication. |
Recommended action | No action is required. |
RADIUS authentication rejection
Keyword | RADIUS_AUTHENTICATION_REJECT |
Message text | The RADIUS authentication request from user $1 was rejected. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | The RADIUS authentication request from user User1 was rejected. |
Explanation | A user was rejected for RADIUS authentication. The message appears in any of the following situations: · The user does not exist. · The password is incorrect. |
Recommended action | Check the entered username and password. |
RADIUS authentication failure
Keyword | RADIUS_AUTHENTICATION_FAILED |
Message text | User $1 failed to pass the RADIUS authentication. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | User User1 failed to pass the RADIUS authentication. |
Explanation | A user failed to pass RADIUS authentication. |
Recommended action | Resolve the issue in the following steps: 24. Check for any incorrect authentication settings, for example, the server IP address and the authentication shared key. 25. Verify that the controller has been added to the AAA server as an AAA client. 26. Verify that the controller can communicate with the AAA server correctly. |
RADIUS attribute check failure
Keyword | RADIUS_ATTRIBUTE_CHECK_FAILED |
Message text | User $1 failed to pass the RADIUS authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | User User1 failed to pass the RADIUS authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
Explanation | The RADIUS authentication failed because the H3C proprietary attribute was not configured. |
Recommended action | Verify that the H3C_EXEC_PRIVILEGE attribute is configured on the AAA server. |
TACACS+ authentication success
Keyword | TACACS+_AUTHENTICATION_PASS |
Message text | User $1 passed the TACACS+ authentication. |
Variable fields | $1: Username. |
Severity level | Info |
Example | User User1 passed the TACACS+ authentication. |
Explanation | A user passed TACACS+ authentication. |
Recommended action | No action is required. |
TACACS+ authentication rejection
Keyword | TACACS+_AUTHENTICATION_REJECT |
Message text | The TACACS+ authentication request from user $1 was rejected. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | The TACACS+ authentication request from user User1 was rejected. |
Explanation | A user was rejected for TACACS+ authentication. The message appears in any of the following situations: · The user does not exist. · The password is incorrect. |
Recommended action | Check the entered username and password. |
TACACS+ authentication failure
Keyword | TACACS+_AUTHENTICATION_FAILED |
Message text | User $1 failed to pass the TACACS+ authentication. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | User User1 failed to pass the TACACS+ authentication. |
Explanation | A user failed to pass TACACS+ authentication. |
Recommended action | Resolve the issue in the following steps: 27. Check for any incorrect authentication settings, for example, the server IP address and the authentication shared key. 28. Verify that the controller has been added to the AAA server as an AAA client. 29. Verify that the controller can communicate with the AAA server correctly. |
TACACS+ attribute check failure
Keyword | TACACS+_ATTRIBUTE_CHECK_FAILED |
Message text | User $1 failed to pass the TACACS+ authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
Variable fields | $1: Username. |
Severity level | Warning |
Example | User User1 failed to pass the TACACS+ authentication because attribute H3C_EXEC_PRIVILEGE was not configured. |
Explanation | The TACACS+ authentication failed because the H3C proprietary attribute was not configured. |
Recommended action | Verify that the H3C_EXEC_PRIVILEGE attribute is configured on the AAA server. |
Start of user configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_USER_CONFIG |
Message text | All non-active leader controllers started recovering the user configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the user configuration. |
Explanation | All non-active leader controllers started recovering the user configuration, including the username, password, and role. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of user configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_USER_CONFIG |
Message text | All non-active leader controllers completed recovering the user configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the user configuration. |
Explanation | All non-active leader controllers completed recovering the user configuration, including the username, password, and role. |
Recommended action | No action is required. |
Operation failure due to user role privilege limit
Keyword | ROLE_PERMISSION_CHECK_FAILED |
Message text | Failed to $1 $2. The user role doesn’t have the permission. |
Variable fields | $1: Request type: · post—Creates a resource. · put—Updates or creates a resource. · delete—Deletes a resource. · get—Gets resource information. $2: Requested resource path. |
Severity level | Error |
Example | Failed to put /sdn/v2.0/systems/4ff280bd-51c6-4768-9be4-4f9f72b51b77. The user role doesn’t have the permission. |
Explanation | The user role does not have the permission to send the request. |
Recommended action | Modify the privilege for the user role or use another user role that has the permission to send the request. |
User password expiration
Keyword | USER_EXPIRED_CHECK |
Message text | Password for user $1 expired. Please change the password immediately. |
Variable fields | $1: User name. |
Severity level | Error |
Example | Password for user admin expired. Please change the password immediately. |
Explanation | The password of a user expired. |
Recommended action | Set a new password for the user. |
DHCP
This section contains DHCP messages.
Start of DHCP configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_DHCP_CONFIG |
Message text | All non-active leader controllers started recovering the DHCP configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the DHCP configuration. |
Explanation | All non-active leader controllers started recovering the DHCP configuration. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of DHCP configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_DHCP_CONFIG |
Message text | All non-active leader controllers completed recovering the DHCP configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the DHCP configuration. |
Explanation | All non-active leader controllers completed recovering the DHCP configuration. |
Recommended action | No action is required. |
Failure of IP allocation to VM
Keyword | RECEIVE_DECLINE_PACKET |
Message text | IP allocation failed. IP address “$1” in network “$2” has been used. |
Variable fields | $1: IP address assigned by the VM by the controller. $2: Name of the virtual link network where the IP address resides. |
Severity level | Error |
Example | IP allocation failed. IP address “192.168.100.101” in network “network1” has been used. |
Explanation | The VM cannot use the assigned IP address because another VM is using it. |
Recommended action | Please locate the VM that is using this IP address, and change the IP address without affecting the services. |
F5aaS
This section contains F5aaS messages.
Connection establishment between the F5 device and controller
Keyword | F5_SESSION_ESTABLISH |
Message text | F5 device at $1 has connected to controller at $2. |
Variable fields | $1: IP address of the F5 device. $2: IP address of the controller. |
Severity level | Info |
Example | F5 device at 192.168.100.1 has connected to controller at 10.10.10.1. |
Explanation | An F5 device established a connection to the controller. |
Recommended action | No action is required. |
Disconnection between the F5 device and controller
Keyword | F5_SESSION_INTERRUPT |
Message text | F5 device at $1 has disconnected from controller at $2. |
Variable fields | $1: IP address of the F5 device. $2: IP address of the controller. |
Severity level | Info |
Example | F5 device at 192.168.100.1 has disconnected from controller at 10.10.10.1. |
Explanation | An F5 device was disconnected from the controller. |
Recommended action | · If you manually disconnect the F5 device from the controller, no action is required. · If an unexpected disconnection occurred, perform the following tasks: a. Log in to the operating system where the controller is installed. Use the IP address of the controller in the team to ping the IP address of the F5 device. b. Log in to the F5 device and verify the connection settings. |
Failure to delete a floating IP
Keyword | F5_STANDBY_DELETE_FLOATIP_FAILED |
Message text | Standby F5 device at $1 failed to delete floating IP $2. |
Variable fields | $1: IP address of the F5 device. $2: Floating IP address. |
Severity level | Warning |
Example | Standby F5 device at 192.168.100.1 failed to delete floating IP 10.10.10.2. |
Explanation | An F5 device deleted a floating IP address and notified the standby F5 device of the deletion, but the standby F5 device failed to delete the floating IP address. |
Recommended action | The failure might cause leftovers of the floating IP address associated settings, such as Self IP, VLAN, and Route Domain. If the failure occurs, perform the following tasks: · Log in to the standby F5 device and then delete the floating IP address. · Clear the Self IP, VLAN, and Route Domain configuration leftovers. |
FWaaS
This section contains firewall messages.
Start of firewall configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_FW_CONFIG |
Message text | All non-active leader controllers started recovering the firewall configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the firewall configuration. |
Explanation | All non-active leader controllers started recovering the firewall configuration. The configuration to be recovered includes firewalls, firewall policies, and firewall rules. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of firewall configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_FW_CONFIG |
Message text | All non-active leader controllers completed recovering the firewall configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the firewall configuration. |
Explanation | All non-active leader controllers completed recovering the firewall configuration. The recovered configuration includes firewalls, firewall policies, and firewall rules. |
Recommended action | No action is required. |
Inconsistent DPI application profile information
Keyword | FW_PROFILEINFO_INCONSISTENT |
Message text | The application profile information of the controller was different than the network device: Application profile name: $1 Management IP: $2 |
Variable fields | $1: DPI application profile name. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The application profile information of the controller was different than the network device: Application profile name: Profile_VGW7ZJGNOFHVFT4YMQNVNPKEQM Management IP: 99.0.10.121 |
Explanation | The DPI application profile information on the firewall module of the controller was inconsistent with that on the network device. |
Recommended action | Terminate the existing connection between the network device and the controller, and then establish a new OpenFlow connection between them. |
Inconsistent IPS policy information
Keyword | FW_IPSINFO_INCONSISTENT |
Message text | The IPS policy information of the controller was different than the network device: IPS policy name: $1 Management IP: $2 |
Variable fields | $1: IPS policy name. $7: Management IP address of the network device. |
Severity level | Warning |
Example | The IPS policy information of the controller was different than the network device: IPS policy name: ips_sksvwlb2z6zypw3ki3ogrncnt4 Management IP: 99.0.10.121 |
Explanation | The IPS policy information on the firewall module of the controller was inconsistent with that on the network device. |
Recommended action | Terminate the existing connection between the network device and the controller, and then establish a new OpenFlow connection between them. |
Inconsistent antivirus policy information
Keyword | FW_AVINFO_INCONSISTENT |
Message text | The antivirus policy information of the controller was different than the network device: Antivirus policy name: $1 Management IP: $2 |
Variable fields | $1: Antivirus policy name. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The antivirus policy information of the controller was different than the network device: Antivirus policy name: AV_WJJ2DVJLPDN7RJTZ24B2CYKH5A Management IP: 99.0.10.121 |
Explanation | The antivirus policy information on the antivirus module of the controller was inconsistent with that on the network device. |
Recommended action | Terminate the existing connection between the network device and the controller, and then establish a new OpenFlow connection between them. |
DPI engine disabled
Keyword | FW_DPI_DOWN |
Message text | The DPI function is not enabled on the firewall: Management IP: $1 |
Variable fields | $1: Management IP address of the firewall. |
Severity level | Warning |
Example | The DPI function is not enabled on the firewall: Management IP: 192.168.0.10 |
Explanation | The DPI engine is disabled on the firewall. |
Recommended action | Log in to the firewall device, and then execute the inspect activate command to enable the DPI engine. |
IDM
This section contains IDM messages.
Controller failed to synchronize bridge MAC and serial number information from device
Keyword | DEVICE_INFOR_SYNCHRONIZATION_FAIL |
Message text | Controller $1 failed to synchronize bridge MAC and serial number information from the device. |
Variable fields | $1: IP address of the controller. |
Severity level | Warning |
Example | Controller 98.0.45.4 failed to synchronize bridge MAC and serial number information from the device. |
Explanation | The controller failed to synchronize bridge MAC and serial number information from the device. |
Recommended action | Please try again after this synchronization task completes. |
LBaaS
This section contains load balancing messages.
Start of load balancing configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_LB_CONFIG |
Message text | All non-active leader controllers started recovering the load balancing configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the load balancing configuration. |
Explanation | All non-active leader controllers started recovering the load balancing configuration, including load balancer, server farm, virtual server, and health monitoring information. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of load balancing configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_LB_CONFIG |
Message text | All non-active leader controllers completed recovering the load balancing configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the load balancing configuration. |
Explanation | All non-active leader controllers completed recovering the load balancing configuration, including load balancer, server farm, virtual server, and health monitoring information. |
Recommended action | No action is required. |
NEM
This section contains carrier network messages.
Different VRF information than the network device
Keyword | NEM_VRFINFO_INCONSISTENT |
Message text | The VRF information of the NEM was different than the network device: VRF name: $1 Management IP: $2 |
Variable fields | $1: VRF name. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The VRF information of the NEM was different than the network device: VRF name: SDN_VRF_1234 Management IP: 192.168.10.5 |
Explanation | The VRF information of the NEM was different than the network device. |
Recommended action | See the VRF information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different VSI information than the network device
Keyword | NEM_VSIINFO_INCONSISTENT |
Message text | The VSI information of the NEM was different than the network device: VSI name: $1 VSI interface name: $3 VRF name: $4 MAC address: $5 Subnet address: $6 Management IP: $7 |
Variable fields | $1: VSI name. $3: VSI interface name. $4: VRF name. $5: MAC address of the VSI interface. $6: Subnet address and mask. $7: Management IP address of the network device. |
Severity level | Warning |
Example | The VSI information of the NEM was different than the network device: VSI name: SDN_VSI_1 VSI interface name: SDN_VSI_Interface_1234 VRF name: 3ji5uj3uan90dq3r3upa4h1484 MAC address: 3c8c-404e-dd46 Subnet address: 100.1.1.254255.255.255.0 Management IP: 192.168.10.5 |
Explanation | The VSI information of the NEM was different than the network device. |
Recommended action | See the VSI information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different tunnel information than the network device
Keyword | NEM_TUNNELINFO_INCONSISTENT |
Message text | The tunnel information of the NEM was different than the network device: Tunnel interface ID: $1 Tunnel source IP: $2 Tunnel destination IP: $3 Management IP: $4 |
Variable fields | $1: Tunnel interface number. $2: Tunnel source IP address. $3: Tunnel destination IP address. $4: Management IP address of the network device. |
Severity level | Warning |
Example | The tunnel information of the NEM was different than the network device: Tunnel interface ID: 10 Tunnel source IP: 100.1.1.10 Tunnel destination IP: 100.1.1.20 Management IP: 192.168.10.5 |
Explanation | The tunnel information of the NEM was different than the network device. |
Recommended action | See the tunnel information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different ACL information than the network device
Keyword | NEM_ACLINFO_INCONSISTENT |
Message text | The ACL information of the NEM was different than the network device: ACL name: $1 ACL number: $2 Management IP: $3 |
Variable fields | $1: ACL name. $2: ACL number. $3: Management IP address of the network device. |
Severity level | Warning |
Example | The ACL information of the NEM was different than the network device: ACL name: SDN_ACL_1234 ACL number: 12 Management IP: 192.168.10.5 |
Explanation | The ACL information of the NEM was different than the network device. |
Recommended action | See the ACL information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different PBR information than the network device
Keyword | NEM_PBRINFO_INCONSISTENT |
Message text | The PBR information of the NEM was different than the network device: PBR name: $1 Management IP: $2 |
Variable fields | $1: PBR name. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The PBR information of the NEM was different than the network device: PBR name: SDN_1234 Management IP: 192.168.10.5 |
Explanation | The PBR information of the NEM was different than the network device. |
Recommended action | See the PBR information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different routing information than the network device
Keyword | NEM_ROUTEINFO_INCONSISTENT |
Message text | The routing information of the NEM was different than the network device: Destination VRF name: $1 Destination VRF index: $2 Next hop VRF name: $3 Next hop VRF index: $4 Destination topology index: $5 IPv4 address: $6 Next hop IPv4 address: $7 Description: $8 IPv4 prefix length: $9 Interface index: $10 Management IP: $11 |
Variable fields | $1: Destination VRF name. $2: Destination VRF index. $3: Next-hop VRF name. $4: Next-hop VRF index. $5: Destination topology index. $6: IP address. $7: Next-hop IP address. $8: Description. $9: IP prefix length. $10: Interface index. $11: Management IP address of the network device. |
Severity level | Warning |
Example | The routing information of the NEM was different than the network device: Destination VRF name: SDN_1234 Destination VRF index: 1234 Next hop VRF name: SDN_1235 Next hop VRF index: 1235 Destination topology index: 2345 IPv4 address: 1.1.1.1 Next hop IPv4 address: 1.1.1.2 Description: 123 IPv4 prefix length: 24 Interface index: 1236 Management IP: 192.168.10.5 |
Explanation | The routing information of the NEM was different than the network device. |
Recommended action | See the routing information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different VLAN information than the network device
Keyword | NEM_VLANINFO_INCONSISTENT |
Message text | The VLAN information of the NEM was different than the network device: VLAN ID: $1 Management IP: $2 |
Variable fields | $1: VLAN ID. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The VLAN information of the NEM was different than the network device: VLAN ID: 123 Management IP: 192.168.10.5 |
Explanation | The VLAN information of the NEM was different than the network device. |
Recommended action | See the VLAN information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different NAT information than the network device
Keyword | NEM_NATINFO_INCONSISTENT |
Message text | The NAT information of the NEM was different than the network device: Interface index: $1 Management IP: $2 |
Variable fields | $1: Interface index. $2: Management IP address of the network device. |
Severity level | Warning |
Example | The NAT information of the NEM was different than the network device: Interface index: 123 Management IP: 192.168.10.5 |
Explanation | The NAT information of the NEM was different than the network device. |
Recommended action | See the NAT information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different floating IP information than the network device
Keyword | NEM_FLOATINGIPINFO_INCONSISTENT |
Message text | The floating IP information of the NEM was different than the network device: Local VRF: $1 Local IP: $2 Global VRF: $3 Global IP: $4 Management IP: $5 |
Variable fields | $1: Local VRF information. $2: Local IP address. $3: External VRF. $4: Floating IP address. $5: Management IP address of the network device. |
Severity level | Warning |
Example | The floating IP information of the NEM was different than the network device: Local VRF: 123 Local IP: 1.1.1.2 Global VRF: 234 Global IP: 1.1.1.3 Management IP: 192.168.10.5 |
Explanation | The floating IP information of the NEM was different than the network device. |
Recommended action | See the floating IP information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different DNS information than the network device
Keyword | NEM_DNSINFO_INCONSISTENT |
Message text | The DNS information of the NEM was different than the network device: DNS server IP: $1 VRF name: $2 Management IP: $3 |
Variable fields | $1: DNS server IP address. $2: VRF name. $3: Management IP address of the network device. |
Severity level | Warning |
Example | The DNS information of the NEM was different than the network device: DNS server IP: 1.1.1.1 VRF name: 123 Management IP: 192.168.10.5 |
Explanation | The DNS information of the NEM was different than the network device. |
Recommended action | See the DNS information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different host flow information than the network device
Keyword | NEM_HOSTFLOWINFO_INCONSISTENT |
Message text | The host flow information of the NEM was different than the network device: Matching source IP: $1 Subnet mask: $2 Matching source MAC: $3 VRF number: $4 VRF name: $5 Destination VTEP IP: $6 Destination MAC: $7 VNI number: $8 Management IP: $9 |
Variable fields | $1: Source IP address in the match fields of the flow entry. $2: Subnet mask. $3: Source MAC address in the match fields of the flow entry. $4: VRF number. $5: VRF name. $6: Destination VTEP IP address. $7: Destination MAC address. $8: VNI number. $9: Management IP address of the network device. |
Severity level | Warning |
Example | The host flow information of the NEM was different than the network device: Matching source IP: 1.1.1.1 Subnet mask: 255.255.255.0 Matching source MAC: 40:a8:f0:29:0a:7b VRF number: 1234 VRF name: abc Destination VTEP IP: 100.1.1.2 Destination MAC: 40:a8:f0:29:0a:7c VNI number: 10 Management IP: 192.168.10.5 |
Explanation | The host flow information of the NEM was different than the network device. A host flow table entry is used to match packets sent by the virtual machine. |
Recommended action | See the host flow information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different subinterface information than the network device
Keyword | NEM_SUBIFINFO_INCONSISTENT |
Message text | The sub interface information of the NEM was different than the network device: Interface index: $1 Interface name: $2 Management IP: $3 |
Variable fields | $1: Subinterface index. $2: Subinterface name. $3: Management IP address of the network device. |
Severity level | Warning |
Example | The sub interface information of the NEM was different than the network device: Interface index: 1236 Interface name: subif_a Management IP: 192.168.10.5 |
Explanation | The subinterface information of the NEM was different than the network device. |
Recommended action | See the subinterface information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Different VLAN interface information than the network device
Keyword | NEM_VLANIFINFO_INCONSISTENT |
Message text | The VLAN interface information of the NEM was different than the network device: VLAN interface index: $1 VLAN interface description: $2 VLAN interface IP: $3 Management IP: $4 |
Variable fields | $1: VLAN interface index. $2: VLAN interface description. $3: IP address of the VLAN interface. $4: Management IP address of the network device. |
Severity level | Warning |
Example | The VLAN interface information of the NEM was different than the network device: VLAN interface index: 123 VLAN interface description: SDN_VLAN_10 VLAN interface IP: 18.18.18.1 Management IP: 98.0.7.236 |
Explanation | The VLAN interface information for the NEM was different than the network device. |
Recommended action | See the VLAN interface information differences between the controller and the network device on the Data Synchronization Details page, and find the reason why the differences exist. |
Network device connection to another region
Keyword | DEVICE_CHANGE_REGION |
Message text | The region to which $1 was connected changed from $2 to $3. |
Variable fields | $1: Name of the network device. $2: Name of the original region to which the network device is connected. $3: Name of the new region to which the network device is connected. |
Severity level | Warning |
Example | The region to which device1 was connected changed from A to B. |
Explanation | The network device was disconnected from the original region and connected to another region. |
Recommended action | No action is required. |
VXLAN tunnel interface in up state
Keyword | OPENFLOW_TUNNEL_UP |
Message text | Port $1 of an OpenFlow device with datapath ID $2 OpenFlow IP $3 descriptor $4 was up, src VTEP IP $5, dst VTEP IP $6. |
Variable fields | $1: Name of the VXLAN tunnel interface. $2: Datapath ID of the OpenFlow device. $3: IP address used by the OpenFlow device to establish a connection with the controller. $4: Description of the OpenFlow device. $5: Source VTEP IP. $6: Destination VTEP IP. |
Severity level | Info |
Example | Port Tun257 of an OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f OpenFlow IP 97.0.45.116 descriptor management ip = 1.1.1.3 was up, src VTEP IP 21.0.5.20, dst VTEP IP 21.0.5.18. |
Explanation | The VXLAN tunnel interface on the OpenFlow device came up. |
Recommended action | No action is required. |
VXLAN tunnel interface in down state
Keyword | OPENFLOW_TUNNEL_DOWN |
Message text | Port $1 of an OpenFlow device with datapath ID $2 OpenFlow IP $3 descriptor $4 was down, src VTEP IP $5, dst VTEP IP $6. |
Variable fields | $1: Name of the VXLAN tunnel interface. $2: Datapath ID of the OpenFlow device. $3: IP address used by the OpenFlow device to establish a connection with the controller. $4: Description of the OpenFlow device. $5: Source VTEP IP. $6: Destination VTEP IP. |
Severity level | Info |
Example | Port Tun257 of an OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f OpenFlow IP 97.0.45.116 descriptor management ip = 1.1.1.3 was down, src VTEP IP 21.0.5.20, dst VTEP IP 21.0.5.18. |
Explanation | The VXLAN tunnel interface on the OpenFlow device went down. |
Recommended action | If the OpenFlow device has just established a connection with the controller, no action is required. In other cases, perform the following tasks: 30. Use the display interface tunnel command to verify the status of the tunnel interface. 31. If the tunnel interface is down, use the ping command on the device to verify the network connection between both ends of the tunnel. Specify the source VTEP IP address as the source IP address, and the destination VTEP IP address as the destination IP address in the ping command. 32. If the ping operation fails, verify that the VXLAN tunnel interface and the link connected to the interface are normal. |
Failed to add flow table
Keyword | OPENFLOW_ADD_FLOWTABLE_FAILED |
Message text | $1. The OpenFlow device with datapath ID $2 failed to add the flow table $3. |
Variable fields | $1: Error message sent by the OpenFlow device. $2: Datapath ID of the OpenFlow device. $3: Information about the flow table. |
Severity level | Warning |
Example | BAD_MATCH. The OpenFlow device with datapath ID 01:21:cc:3e:5f:09:04:7f failed to add the flow table [tableId:1,Priority:29999,cookie0x2555364126,Matches:{"eth_type":"ipv4"},{"ipv4_dst":"11.0.0.2","mask":"255.255.255.255"},{"vswitch_interface_id":9223372036854775807},Action: {"eth_dst":"11:11:11:11:11:11"}]. |
Explanation | The controller failed to deploy the flow table to the OpenFlow device. |
Recommended action | Verify that the OpenFlow device supports the deployed flow table. You can upgrade the OpenFlow device to support the flow table if necessary. |
Used up VLAN IDs in the VLAN pools
Keyword | VLAN_RANGE_USE_UP |
Message text | VLAN IDs in the VLAN pool $1 are used up. |
Variable fields | $1: Name of the VLAN pool. |
Severity level | Warning |
Example | VLAN IDs in the VLAN pool vlan001 are used up. |
VLAN IDs in the VLAN pools were used up. | |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add VLAN IDs to the VLAN pool. |
VLAN pool not exist
Keyword | VLAN_RANGE_NOTEXIST |
Message text | The tenant carrier network VLAN pool $1 does not exist. |
Variable fields | $1: UUID of the VLAN pool. |
Severity level | Warning |
Example | The tenant carrier network VLAN pool vlan001 does not exist. |
Explanation | The tenant carrier network VLAN pool does not exist. |
Recommended action | Determine whether to create a VLAN pool. |
Used up VXLAN IDs in the VXLAN pools
Keyword | VXLAN_POOL_USE_UP |
Message text | VXLAN IDs in the VXLAN pool $1 are used up. |
Variable fields | $1: Name of the VXLAN pool. |
Severity level | Warning |
Example | VXLAN IDs in the VXLAN pools vxlan001 are used up. |
Explanation | VXLAN IDs in the VXLAN pools were used up. |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add VXLAN IDs to the VXLAN pool. |
Used up IP addresses in general address pool
Keyword | GENERAL_ADDRESS_POOL_INSUFFICIENT |
Message text | IP addresses in the general address pool $1 are insufficient. |
Variable fields | $1: Name of the address pool. |
Severity level | Warning |
Example | IP addresses in the general address pool address001 are insufficient. |
Explanation | IP addresses in the general address pool were used up. |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add IP addresses to the address pool. |
Used up IP addresses in address pool bound to service gateway group
Keyword | BOUND_ADDRESS_POOL_INSUFFICIENT |
Message text | IP addresses in the $1 address pool for service gateway group $2 are insufficient. |
Variable fields | $1: Address pool type: · virtual device management. · tenant carrier network. · security internal network. · tenant carrier FW internal network. · tenant carrier LB internal network. · data center interconnection network. $2: Service gateway group name. |
Severity level | Warning |
Example | IP addresses in the tenant carrier network address pool for service gateway group gw are insufficient. |
Explanation | IP addresses in the specified type of address pool for the service gateway group were used up. |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add IP addresses to the address pool. |
Used up IP addresses in security external network address pool
Keyword | SECURITY_EXTERNAL_POOL_USE_UP |
Message text | Failed to assign an IP address to resource node $1 because IP addresses in the security external network address pool are used up. |
Variable fields | $1: Name of the resource node. |
Severity level | Warning |
Example | Failed to assign an IP address to resource node 1234 because IP addresses in the security external network address pool are used up. |
Explanation | Failed to assign a security external network IP address to the resource node because IP addresses in the security external network address pool were used up. |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add IP addresses to the IP address pool. |
Used up IP addresses in default address pool
Keyword | DEFAULT_ADDRESS_POOL_INSUFFICIENT |
Message text | IP addresses in the default $1 address pool are insufficient. |
Variable fields | $1: Address pool type: · virtual device management. · virtual router interconnection network. |
Severity level | Warning |
Example | IP addresses in the default virtual device management address pool are insufficient. |
Explanation | IP addresses in the default address pool were used up. |
Recommended action | Determine whether to perform the following tasks based on services: · Stop services. · Migrate services. · Add IP addresses to the IP address pool. |
Address pool bound to service gateway group not exist
Keyword | BINDEDADDRESS_POOL_NOTEXIST |
Message text | The $1 address pool for service gateway group $2 does not exist. |
Variable fields | $1: IP address pool type: · virtual device management. · tenant carrier network. · security internal network. · tenant carrier FW internal network. · tenant carrier LB internal network. · virtual router interconnection network. · data center interconnection network. $2: Name of the service gateway group. |
Severity level | Warning |
Example | The virtual device management address pool for service gateway group 123 does not exist. |
Explanation | The specified type of address pool configured for the service gateway group does not exist. |
Recommended action | Determine whether to create the address pool. |
Failed to assign security external network IP address to resource node
Keyword | SECURITY_EXTERNAL_POOL_NOTEXIST |
Message text | Failed to assign an IP address to resource node $1 because the security external network address pool does not exist. |
Variable fields | $1: Name of the resource node. |
Warning | |
Example | Failed to assign an IP address to resource node 1234 because the security external network address pool does not exist. |
Explanation | Failed to assign a security external network IP address to the resource node because the security external network address pool does not exist. |
Recommended action | Configure a security external network address pool for the NGFW template used by the service resource to which the resource node belongs. |
Default address pool not exist
Keyword | DEFAULT_ADDRESS_POOL_NOTEXIST |
Message text | The default $1 address pool does not exist. |
Variable fields | $1: Address pool type: · virtual device management. · virtual router interconnection network. |
Severity level | Warning |
Example | The default virtual device management network address pool does not exist. |
Explanation | The default address pool does not exist. |
Recommended action | Determine whether to create the default address pool. |
Used up loopback interfaces on the firewall bound to the vRouters
Keyword | LOOPBACK_NUMBER_USE_UP |
Message text | Failed to create the vRouter link because loopback interfaces on the firewall bound to the vRouters are used up. The management IP address of the firewall is $1. |
Variable fields | $1: Management IP of the firewall. |
Severity level | Warning |
Example | Failed to create the vRouter link because loopback interfaces on the firewall bound to the vRouters are used up. The management IP address of the firewall is 9.9.9.3. |
Explanation | Failed to create the vRouter link because loopback interfaces on the firewall bound to the vRouters were used up. |
Recommended action | Determine whether to delete existing vRouter links to release loopback interfaces. |
Start of NEM configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_NEM_CONFIG |
Message text | All non-active leader controllers started recovering the NEM configuration. |
Variable fields | None. |
Severity level | Info |
Example | All non-active leader controllers started recovering the NEM configuration. |
Explanation | All non-active leader controllers started recovering the NEM configuration, including physical NEs, gateway groups, VNF NEs, third-party NEs, and VLAN-VXLAN mappings. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of NEM configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_NEM_CONFIG |
Message text | All non-active leader controllers completed recovering the NEM configuration. |
Variable fields | None. |
Severity level | Info |
Example | All non-active leader controllers completed recovering the NEM configuration. |
Explanation | All non-active leader controllers completed recovering the NEM configuration, including physical NEs, gateway groups, VNF NEs, third-party NEs, and VLAN-VXLAN mappings. |
Recommended action | No action is required. |
Data synchronization status changed to Not Synchronized
Keyword | NEM_SMOOTHSTATUS_CHANGE_NOT_SYNCHRONIZED |
Message text | The smooth status of the network device with management IP $1 changed to Not Synchronized. |
Variable fields | $1: Management IP address of the network device. |
Severity level | Warning |
Example | The smooth status of the network device with management IP 98.0.27.6 changed to Not Synchronized. |
Explanation | When the data synchronization status was Synchronized, the network device was deactivated and then activated, and the data synchronization status changed to Not Synchronized. |
Recommended action | · No action is required if the network device can operate correctly. · Click Data synchronization on the Provision > Devices > Physical Devices page if the network device cannot operate correctly. |
Data synchronization status changed to Synchronized
Keyword | NEM_SMOOTHSTATUS_CHANGE_SYNCHRONIZED |
Message text | The smooth status of the network device with management IP $1 changed to Data Synchronized. |
Variable fields | $1: Management IP address of the network device. |
Severity level | Info |
Example | The smooth status of the network device with management IP 98.0.27.6 changed to Data Synchronized. |
Explanation | This message is generated in either of the following conditions: · When the data synchronization status was Not Synchronized, the network device was deactivated and then activated, and the data synchronization status changed to Synchronized. · When the data synchronization status was Not Synchronized, data synchronization was manually triggered, and the data synchronization status changed to Synchronized. |
Recommended action | No action is required. |
Configuration initialization failure during NE activation
Keyword | ACTIVE_DEVICE_FAILED |
Message text | Failed to initialize the network element. |
Variable fields | N/A |
Severity level | Warning |
Example | Failed to initialize the network element. |
Explanation | Failed to initialize the configuration of the NE during the NE activation. |
Recommended action | · Verify that the network connection is correct. · Verify that the device memory threshold is not reached. |
Maximum number of Ethernet service instances reached on interface
Keyword | NEM_IFSERVICEINSTANCE_EXCEED |
Message text | The number of Ethernet service instances on interface $1 of the network device with the management IP $2 has reached the limit. Failed to assign an ID to the Ethernet service instance: $3 |
Variable fields | $1: Interface name. $2: Management IP address of the network device. $3: Ethernet service instance information. |
Severity level | Warning |
Example | The number of Ethernet service instances on interface GigabitEthernet 1/0/1 of the network device with the management IP 12.2.2.2 has reached the limit. Failed to assign an ID to the Ethernet service instance: SVLAN range: 1-10 CVLAN range: 2-5 xconnect vsi: 3 |
Explanation | The number of Ethernet service instances on an interface of a device has reached the upper limit. As a result, the system fails to assign an Ethernet service instance ID to the interface. |
Recommended action | On network device interfaces, plan the usage of the following Ethernet service instances: · Ethernet service instances manually configured on the device. · Ethernet service instances generated through the mapping table on the device or device interfaces. |
Controller failed to deploy settings to network device
Keyword | NEM_CONFIG_SEND_FAILED |
Message text | Device IP: $1 Reason: $2 NETCONF content: $3 |
Variable fields | $1: Management IP address of the network device. $2: Failure reason. $3: Settings failed to be deployed. |
Severity level | Warning |
Example | Device:IP: 98.0.15.201 Reason: The configuration not supported on the specified target <VSI> <VsiName>SDN_VSI_2002</VsiName> <Statistics>true</Statistics> </VSI> |
Explanation | The controller failed to deploy the settings to the network device. |
Recommended action | Determine a solution based on the failure reason. |
VLAN and PVID inconsistency between member ports and aggregate interface
Keyword | LAGGMEMBER_PERMMIT_PVIDVLAN_DIFFERENT |
Message text | The permitted VLAN or PVID of member port $1 on device $2 is different from that of aggregate interface $3. The setting of the member port will be modified. |
Variable fields | $2: Management IP address of the device. $3: Name of the aggregate interface. |
Severity level | Warning |
Example | The permitted VLAN or PVID of member port Ten-GigabitEthernet1 1/0/1 on device 192.168.1.1 is different from that of aggregate interface bridge-aggregation 1. The setting of the member port will be modified. |
Explanation | The permitted VLAN or PVID of a port is different from that of the aggregate interface to which the port will be added. The settings of the port will be modified after the port is added to the aggregate interface, and a log entry will be generated. |
Recommended action | No action is required. |
Mapping is unbound from port when port is added to aggregate interface
Keyword | LAGGMEMBER_HAS_BIND_VLANDOMAINMAP |
Message text | Member port $1 of device $2 has been bound to a mapping. The setting might be deleted. |
Variable fields | $1: Name of the member port. $2: Management IP address of the device. |
Severity level | Warning |
Example | Member port $1 of device $2 has been bound to a mapping. The setting might be deleted. |
Explanation | The specified port on the specified device has been bound to a mapping. The mapping will be unbound from the port when the port is added to the aggregate interface. |
Recommended action | No action is required. |
Startup configuration file backup success
Keyword | BACKUP_DEVICE_STARTUP_CONF_SUCCESS |
Message text | Backed up the startup configuration files at $1 successfully. |
Variable fields | $1: Management IP address of the target device. |
Severity level | Info |
Example | Backed up the startup configuration files at 98.0.19.91 successfully. |
Explanation | The controller backed up the most recent startup configuration file for the device with the specified management IP address successfully. |
Recommended action | No action is required. |
Startup configuration file backup failure
Keyword | BACKUP_DEVICE_STARTUP_CONF_FAILED |
Message text | Failed to back up the startup configuration files at $1. |
Variable fields | $1: Management IP address of the target device. |
Severity level | Warning |
Example | Failed to back up the startup configuration files at 98.0.19.90. |
Explanation | The controller failed to back up the most recent startup configuration file for the device with the specified management IP address. |
Recommended action | Verify that the controller can reach the device through NETCONF and FTP. |
VTEP IP assignment failure
Keyword | PHY_VTEP_POOL_USE_UP |
Message text | Failed to assign a VTEP IP address to the NE because all addresses in the management network VTEP address pool $1 have been allocated to NEs and whitelists. |
Variable fields | $1: Name of the management network VTEP address pool. |
Severity level | Warning |
Example | Failed to assign a VTEP IP address to the NE because all addresses in the management network VTEP address pool pool27 have been allocated to NEs and whitelists. |
Explanation | Failed to assign a VTEP IP address to the NE because addresses in the management network VTEP address pool were used up by NEs and whitelists. |
Recommended action | A VTEP address pool cannot be scaled up if addresses in the VTEP address pool have been allocated. Therefore, make sure a VTEP address pool has sufficient addresses before using the VTEP address pool. |
Software upgrading or patching failure
Keyword | FAILED_UPGRADE_DEVICE |
Message text | Software upgrade or patching failed on device $1 with IP $2. Reason: $3. |
Variable fields | $1: Device name. $2: Device IP. $3: Reason why software upgrading or patching failed. Options include the following: · The FTP settings are invalid. · The remaining storage space is insufficient. · Failed to send the software package to the device. · The device and the software do not match. · The software does not exist. |
Severity level | Warning |
Example | Failed to upgrade the software or patch on device device01 with IP 192.168.1.1. Reason: The FTP settings are invalid. |
Explanation | The controller failed to upgrade the remote device. |
Recommended action | Take actions as prompted. |
Software upgrading or patching success
Keyword | SUCCESS_UPGRADE_DEVICE |
Message text | Software upgrade or patching succeeded on device $1 with IP $2. |
Variable fields | $1: Device name. $2: Device IP. |
Severity level | Info |
Example | Software upgrade or patching succeeded on device01 with IP 192.168.1.1. |
Explanation | Software upgrading or patching succeeded. |
Recommended action | No action is required. |
Used up IP addresses in the underlay address pool
Keyword | UNDERLAY_NETWORK_POOL_USE_UP |
Message text | Failed to assign an underlay IP address to the NE because all addresses in the underlay address pool $1 have been allocated to NEs and whitelists. |
Variable fields | $1: Name of the underlay address pool. |
Severity level | Warning |
Example | Failed to assign an underlay IP address to the NE because all addresses in the underlay address pool pool1 have been allocated to NEs and whitelists. |
Explanation | Failed to assign an underlay IP address to the NE because addresses in the underlay address pool were used up by NEs and whitelists. |
Recommended action | An underlay address pool cannot be scaled up if addresses in the address pool have been allocated. Therefore, make sure an underlay address pool has sufficient addresses before using the address pool. |
Device failed to come online automatically
Keyword | DEVICE_AUTO_ONLINE_FAILED |
Message text | Failed to add the device to the NE list after the device comes online automatically. Reason: $1 |
Variable fields | $1: Reason why the device failed to come online automatically. Options include the following: · The VTEP IP has been allocated. · Failed to allocate a VTEP IP. · Failed to allocate an underlay IP from the underlay address pool. · The VTEP IP is null when the underlay protocol is ISIS. · The VTEP IP cannot be in the underlay address pool. · The system failed to issue the IP address provided by the VTEP IP pool, management IP pool, or underlay IP pool to the device and failed to manage the device consequently. · Please first configure an IP pool for auto deployment. |
Severity level | Warning |
Example | Failed to add the device to the NE list after the device comes online automatically. Reason: The VTEP IP has been allocated. |
Explanation | The device failed to come online automatically. |
Recommended action | Take actions as prompted. |
Used up VLAN IDs of downlink port on leaf device
Keyword | LEAF_VLAN_RANGE_USE_UP |
Message text | VLAN IDs of leaf $1 port $2 for access $3 are used up. |
Variable fields | $1: IP address of the leaf device. $2: Downlink port on the leaf device. $3: IP address of the access device. |
Severity level | Warning |
Example | VLAN IDs of leaf192.168.133.201 port Bridge-Aggregation123 for access 192.168.133.202 are used up. |
Explanation | VLAN IDs that the downlink port on the leaf device can allocate to access devices have been used up. |
Recommended action | Identify whether the port has allocated VLAN IDs to inactive access devices or migrate the target access device to another port of the leaf device. |
IRF member device was not powered off during replacement
Keyword | DEVICE_NOT_POWERED_OFF |
Message text | IRF member device $1 is not powered off while being replaced. |
Variable fields | $1: Management IP address of the failed device. |
Severity level | Warning |
Example | IRF member device 10.100.0.1 is not powered off while being replaced. |
Explanation | After the failed device in an IRF fabric was replaced, the IRF fabric split because the failed device was not powered off during replacement. |
Recommended action | 33. Power off the failed device in the IRF fabric. 34. If the problem persists, log in to the replacement device to set its member ID to that of the failed device. |
CID editing failure
Keyword | DEVICE_CID_MODIFY_FAIL |
Message text | Failed to modify the CID-IP binding relationship. Failed device management IP: $1, replacement device management IP: $2, replacement device VLAN4094 CID: $3, replacement device VLAN1 IP: $4, replacement device VLAN1 CID: $5. |
Variable fields | $1: Management IP address of the failed device. $2: Management IP address of the replacement device. $3: VLAN4094 CID of the replacement device. $4: VLAN1 IP of the replacement device. $5: VLAN1 CID of the replacement device. |
Severity level | Error |
Example | Failed to modify the CID-IP binding relationship. Failed device management IP: 16.100.65.11, replacement device management IP: 16.100.65.12, replacement device VLAN4094 CID: 0037-3832-6332-3965-3661-3833-302d-564c-414e-3030-3031, replacement device VLAN1 IP: 16.100.55.66, replacement device VLAN1 CID: 0037-3832-6332-3965-3661-3833-302d-564c-414e-3030-3031. |
Explanation | The controller failed to edit the CID-IP binding relationship on the DHCP server. |
Recommended action | Manually edit the CID-IP binding relationship on the DHCP server. |
Starting data synchronization or auditing
Keyword | DEVICE_START_SYNC |
Message text | Device $1 started to synchronize or audit data. |
Variable fields | $1: IP address of the device. |
Severity level | Info |
Example | Device 192.168.100.101 started to synchronize or audit data. |
Explanation | Data synchronization or auditing was started on the device. |
Recommended action | No action is required. |
Finishing data synchronization or auditing
Keyword | DEVICE_END_SYNC |
Message text | Device $1 finished to synchronize or audit data. |
Variable fields | $1: IP address of the device. |
Severity level | Info |
Example | Device 192.168.100.101 finished to synchronize or audit data. |
Explanation | Data synchronization or auditing was finished on the device. |
Recommended action | No action is required. |
NGFWM messages
This section contains NGFW manager messages.
NGFW resource creation failure
Keyword | CREATE_NGFW_RESOURCE_FAILED |
Message text | Failed to create NGFW resource $1. |
Variable fields | $1: NGFW resource name. |
Severity level | Error |
Example | Failed to create NGFW resource resource1. |
Explanation | Failed to create an NGFW resource. |
Recommended action | To resolve the problem: 35. Verify that the network connection between the NGFW manager and device is correct. 36. Verify that a NETCONF session has been established between the NGFW manager and device. 37. Verify that the template or NGFW resource configuration is consistent with the device configuration. For example, the device interface bound to the template or NGFW resource is not used by other services. If inconsistency exists, change the template or NGFW resource configuration. |
NGFW resource modification failure
Keyword | UPDATE_NGFW_RESOURCE_FAILED |
Message text | Failed to update NGFW resource $1. |
Variable fields | $1: NGFW resource name. |
Severity level | Error |
Example | Failed to update NGFW resource resource1. |
Explanation | Failed to modify an NGFW resource. |
Recommended action | To resolve the problem: 38. Verify that the network connection between the NGFW manager and device is correct. 39. Verify that a NETCONF session has been established between the NGFW manager and device. |
NGFW resource deletion failure
Keyword | DELETE_NGFW_RESOURCE_FAILED |
Message text | Failed to delete NGFW resource $1. |
Variable fields | $1: NGFW resource name. |
Severity level | Error |
Example | Failed to delete NGFW resource resource1. |
Explanation | Failed to delete an NGFW resource. |
Recommended action | To resolve the problem: 40. Verify that the network connection between the NGFW manager and device is correct. 41. Verify that a NETCONF session has been established between the NGFW manager and device. |
NGFW resource creation with NETCONF failure
Keyword | NETCONF_CREATE_NGFW_RESOURCE_FAILED |
Message text | Failed to use NETCONF to create an NGFW resource for security engine group $1 on device at $2. |
Variable fields | $1: Security engine group ID. If the parameter value is null, the device does not have a security engine group. $2: IP address of the device. |
Severity level | Error |
Example | Failed to use NETCONF to create an NGFW resource for security engine group 10 on device at 192.168.110.10. |
Explanation | Failed to use NETCONF to create an NGFW resource. |
Recommended action | To resolve the problem: 42. Verify that the network connection between the NGFW manager and device is correct. 43. Verify that a NETCONF session has been established between the NGFW manager and device. |
NGFW resource creation with NETCONF success
Keyword | NETCONF_CREATE_NGFW_RESOURCE_SUCCESS |
Message text | Used NETCONF to create an NGFW resource at $1: ID $2; Name $3. |
Variable fields | $1: Device IP address. $2: NGFW resource ID. $3: NGFW resource name. |
Severity level | Info |
Example | Used NETCONF to create an NGFW resource at 192.168.110.10: ID 10; Name resource1. |
Explanation | Used NETCONF to create an NGFW resource successfully. |
Recommended action | No action is required. |
NGFW resource modification with NETCONF success
Keyword | NETCONF_UPDATE_NGFW_RESOURCE_SUCCESS |
Message text | Used NETCONF to update an NGFW resource at $1: ID $2; Name $3. |
Variable fields | $1: Device IP address. $2: NGFW resource ID. $3: NGFW resource name. |
Severity level | Info |
Example | Used NETCONF to update an NGFW resource at 192.168.110.10: ID 10; Name resource1. |
Explanation | Used NETCONF to modify an NGFW resource successfully. |
Recommended action | No action is required. |
NGFW resource modification with NETCONF failure
Keyword | NETCONF_UPDATE_NGFW_RESOURCE_FAILED |
Message text | Failed to use NETCONF to update an NGFW resource at $1: ID $2; Name $3. |
Variable fields | $1: Device IP address. $2: NGFW resource ID. $3: NGFW resource name. |
Severity level | Error |
Example | Failed to use NETCONF to update an NGFW resource at 192.168.110.10: ID 10; Name resource1. |
Explanation | Failed to use NETCONF to modify an NGFW resource. |
Recommended action | To resolve the problem: 44. Verify that the network connection between the NGFW manager and device is correct. 45. Verify that a NETCONF session has been established between the NGFW manager and device. |
Start of NGFWM configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_NGFWM_CONFIG |
Message text | All non-active leader controllers started recovering the NGFWM configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the NGFWM configuration. |
Explanation | All non-active leader controllers started recovering the NGFWM configuration, including devices, resource pools, and NGFW resources. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of NGFWM configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_NGFWM_CONFIG |
Message text | All non-active leader controllers completed recovering the NGFWM configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the NGFWM configuration. |
Explanation | All non-active leader controllers completed recovering the NGFWM configuration, including devices, resource pools, and NGFW resources. |
Recommended action | No action is required. |
Changed NETCONF password successfully
Keyword | UPDATE_DEVICE_PASSWORD_SUCCESS |
Message text | Successfully updated the NETCONF password for the device. |
Variable fields | N/A |
Severity level | Info |
Example | Successfully updated the NETCONF password for the device. |
Explanation | Changed the NETCONF password successfully. |
Recommended action | No action is required. |
Failed to change the NETCONF password
Keyword | UPDATE_DEVICE_PASSWORD_FAILED |
Message text | Failed to update the NETCONF password for the device. |
Variable fields | N/A |
Severity level | Error |
Example | Failed to update the NETCONF password for the device. |
Explanation | Failed to change the NETCONF password. |
Recommended action | Verify that the NETCONF connection is in normal state. |
ServiceChain
This section contains service chain messages.
Start of service chain configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_SC_CONFIG |
Message text | All non-active leader controllers started recovering the service chain configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the service chain configuration. |
Explanation | All non-active leader controllers started recovering the service chain configuration, such as settings for service chains and contexts. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of service chain configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_SC_CONFIG |
Message text | All non-active leader controllers completed recovering the service chain configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the service chain configuration. |
Explanation | All non-active leader controllers completed recovering the service chain configuration, such as settings for service chains and contexts. |
Recommended action | No action is required. |
TELEMETRY
This section contains telemetry messages.
Configuration deployment failure
Keyword | SP_NETCONF_FAILED |
Message text | Seerengine management IP: $1 Reason: $2 NETCONF content: $3 |
Variable fields | $1: Management IP address of the network device. $2: Failure reason. $3: Configuration that the controller failed to deploy to the network device. |
Severity level | Warning |
Example | Seerengine management IP: 17.100.100.3 Reason: The configuration not supported on the specified target NETCONF content: <SAMPLE> <SAMPLER> <Sampler> <SamplerEntry> <SamplerName>ifa_TCQ7JUPWZAOQ3UIPAZK4AOCPME</SamplerName> <Mode>2</Mode> <PacketInterval>10</PacketInterval> </SamplerEntry> </Sampler> </SAMPLER> |
Explanation | The controller failed to deploy configuration to a network device. |
Recommended action | Read the failure reason and take actions accordingly. |
Tenant
This section contains tenant messages.
Start of tenant configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_TENANT_CONFIG |
Message text | All non-active leader controllers started recovering the tenant configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the tenant configuration. |
Explanation | Except the active leader, all controllers in the team started recovering the tenant configuration. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of tenant configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_TENANT_CONFIG |
Message text | All non-active leader controllers completed recovering the tenant configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the tenant configuration. |
Explanation | Except the active leader, all controllers in the team completed recovering the tenant configuration. |
Recommended action | No action is required. |
VPNaaS
This section contains IPsec VPN messages.
Start of IPsec VPN configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_VPNaaS_CONFIG |
Message text | All non-active leader controllers started recovering the VPNaaS configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the VPNaaS configuration. |
Explanation | All non-active leader controllers started recovering the IPsec configuration. The IPsec configuration to be recovered includes IKE policies, IPsec policies, VPN services, and IPsec connection information. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of IPsec VPN configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_VPNaaS_CONFIG |
Message text | All non-active leader controllers completed recovering the VPNaaS configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the VPNaaS configuration. |
Explanation | All non-active leader controllers completed recovering the IPsec configuration. The recovered IPsec configuration includes IKE policies, IPsec policies, VPN services, and IPsec connection information. |
Recommended action | No action is required. |
VSM
This section contains virtual network messages.
Failure to add host because of invalid license
Keyword | LICENSE_INVALID_DECS |
Message text | License is invalid, failed to add host. |
Variable fields | N/A |
Severity level | Warning |
Example | License is invalid, failed to add host. |
Explanation | Failed to add the host because the license is invalid. |
Recommended action | Determine whether the overlay license is available. If it is unavailable, apply for a new overlay license. |
vPort number reaching threshold
Keyword | VPORTS_REACH_THRESHOLD |
Message text | The number of vPorts [$1] has reached the threshold [$2]. |
Variable fields | $1: Number of vPorts. $2: Threshold for the number of vPorts. |
Severity level | Warning |
Example | The number of vPorts [120] has reached the threshold [100]. |
Explanation | The number of vPorts has reached the threshold. |
Recommended action | Increase the vPort number threshold or reduce the number of vPorts. |
vPort number falling below threshold
Keyword | VPORTS_BELOW_THRESHOLD |
Message text | The number of vPorts [$1] has fallen below the threshold [$2]. |
Variable fields | $1: Number of vPorts. $2: Threshold for the number of vPorts. |
Severity level | Warning |
Example | The number of vPorts [90] has fallen below the threshold [100]. |
Explanation | The number of vPorts has fallen below the threshold. |
Recommended action | No action is required. |
Start of VSM configuration recovery on non-active leader controllers
Keyword | BEGIN_RECOVER_VSM_CONFIG |
Message text | All non-active leader controllers started recovering the VSM configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers started recovering the VSM configuration. |
Explanation | All non-active leader controllers started recovering the VSM configuration. |
Recommended action | As a best practice, do not perform any operations on the controllers during the configuration recovery process. |
End of VSM configuration recovery on non-active leader controllers
Keyword | FINISH_RECOVER_VSM_CONFIG |
Message text | All non-active leader controllers completed recovering the VSM configuration. |
Variable fields | N/A |
Severity level | Info |
Example | All non-active leader controllers completed recovering the VSM configuration. |
Explanation | All non-active leader controllers completed recovering the VSM configuration. |
Recommended action | No action is required. |
Compute node neighbor aging after a specific time period
Keyword | LLDP_COMPUTE_NODE_NEIGHBOR_AGING |
Message text | Compute node neighbor (host name: $1) on port $2 of device $3 will age out in $4 hours. |
Variable fields | $1: Host name. $2: Access interface. $3: IP address of the access device. $4: Aging time. |
Severity level | Info |
Example | Compute node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com) on port XGE1/0/21 of device 172.16.68.3 will age out in 24 hours. |
Explanation | The compute node host that the device accesses will age after a specific time period. |
Recommended action | · Verify that the link between the device and the host is correct. · Verify that the link between the device and the controller is correct. |
LLDP neighbor relationship restoration between compute node host and device
Keyword | LLDP_COMPUTE_NODE_NEIGHBOR_RESTORE |
Message text | Compute node neighbor (host name: $1) on port $2 of device $3 has restored. |
Variable fields | $1: Host name. $2: Access interface. $3: IP address of the access device. |
Severity level | Info |
Example | Compute node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com) on port XGE1/0/21 of device 172.16.68.3 has restored. |
Explanation | The LLDP neighbor relationship between the compute node host and the device was restored. |
Recommended action | No action is required. |
LLDP neighbor relationship establishment between compute node host and device
Keyword | LLDP_COMPUTE_NODE_NEIGHBOR_SETUP |
Message text | Compute node neighbor (host name: $1) on port $2 of device $3 has been set up. |
Variable fields | $1: Host name. $2: Access interface. $3: IP address of the access device. |
Severity level | Info |
Example | Compute node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com) on port XGE1/0/21 of device 172.16.68.3 has been set up. |
Explanation | The compute node host and the device established an LLDP neighbor relationship. |
Recommended action | No action is required. |
LLDP neighbor relationship interruption between compute node host and device
Keyword | LLDP_COMPUTE_NODE_NEIGHBOR_RELEASED |
Message text | · Compute node neighbor (host name: $1) on port $2 of device $3 has been released because the neighbor has aged out. · Compute node neighbor (host name: $1) on port $2 of device $3 has been released because the neighbor has been deleted. |
Variable fields | $1: Host name. $2: Access interface. $3: IP address of the access device. |
Severity level | Info |
Example | · Compute node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com) on port XGE1/0/21 of device 172.16.68.3 has been released because the neighbor has aged out. · Compute node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com) on port XGE1/0/21 of device 172.16.68.3 has been released because the neighbor has been deleted. |
Explanation | The LLDP neighbor relationship between the compute node host and the device was interrupted. Possible reasons include: · The host has aged. · The host has been deleted. |
Recommended action | · Verify that the link between the device and the host is correct. · Verify that the link between the device and the controller is correct. · Verify that the host is not deleted. |
Network node neighbor aging after a specific time period
Keyword | LLDP_NETWORK_NODE_NEIGHBOR_AGING |
Message text | Network node neighbor (host name: $1, VTEP IP: $2) on port $3 of device $4 will age out in $5 hours. |
Variable fields | $1: Host name. $2: VTEP IP of the host. $3: Access interface. $4: IP address of the access device. $5: Aging time. |
Severity level | Info |
Example | Network node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com, VTEP IP: 101.1.1.10) on port XGE1/0/21 of device 172.16.68.3 will age out in 24 hours. |
Explanation | The network node host that the device accesses will age after a specific time period. |
Recommended action | · Verify that the link between the device and the host is correct. · Verify that the link between the device and the controller is correct. |
LLDP neighbor relationship restoration between network node host and device
Keyword | LLDP_NETWORK_NODE_NEIGHBOR_RESTORE |
Message text | Network node neighbor (host name: $1, VTEP IP: $2) on port $3 of device $4 has restored. |
Variable fields | $1: Host name. $2: VTEP IP of the host. $3: Access interface. $4: IP address of the access device. |
Severity level | Info |
Example | Network node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com, VTEP IP: 101.1.1.10) on port XGE1/0/21 of device 172.16.68.3 has restored. |
Explanation | The LLDP neighbor relationship between the network node host and the device was restored. |
Recommended action | No action is required. |
LLDP neighbor relationship establishment between network node host and device
Keyword | LLDP_NETWORK_NODE_NEIGHBOR_SETUP |
Message text | Network node neighbor (host name: $1, VTEP IP: $2) on port $3 of device $4 has been set up. |
Variable fields | $1: Host name. $2: VTEP IP of the host. $3: Access interface. $4: IP address of the access device. |
Severity level | Info |
Example | Network node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com, VTEP IP: 101.1.1.10) on port XGE1/0/21 of device 172.16.68.3 has been set up. |
Explanation | The network node host and the device established an LLDP neighbor relationship. |
Recommended action | No action is required. |
LLDP neighbor relationship interruption between network node host and device
Keyword | LLDP_NETWORK_NODE_NEIGHBOR_RELEASED |
Message text | · Network node neighbor (host name: $1, VTEP IP: $2) on port $3 of device $4 has been released because the neighbor has aged out. · Network node neighbor (host name: $1, VTEP IP: $2) on port $3 of device $4 has been released because the neighbor has been deleted. |
Variable fields | $1: Host name. $2: VTEP IP of the host. $3: Access interface. $4: IP address of the access device. |
Severity level | Info |
Example | · Network node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com, VTEP IP: 101.1.1.10) on port XGE1/0/21 of device 172.16.68.3 has been released because the neighbor has aged out. · Network node neighbor (host name: exsi-hypervisor.h3croot.huawei-3com.com, VTEP IP: 101.1.1.10) on port XGE1/0/21 of device 172.16.68.3 has been released because the neighbor has been deleted. |
Explanation | The LLDP neighbor relationship between the network node host and the device was interrupted. Possible reasons include: · The host has aged. · The host has been deleted. |
Recommended action | · Verify that the link between the device and the host is correct. · Verify that the link between the device and the controller is correct. · Verify that the host is not deleted. |
Successful VM migration
Keyword | ARP_MIGRATE |
Message text | The VM (IP $1, old MAC: $2, new MAC: $3) migrate from the source port $4 of access device $5 to the destination port $6 of access device $7 successfully. |
Variable fields | $1: IP address of the VM. $2: Old MAC address of the VM. $3: New MAC address of the VM. $4: Old access interface. $5: Management IP address of the old access device. $6: New access interface. $7: Management IP address of the new access device. |
Severity level | Warning |
Example | The VM (IP 1.1.1.2, old MAC: 00:50:56:95:01:d1, new MAC: 00:50:56:95:60:1e) migrate from the source port XGE1/0/5:3 of access device 172.16.68.2 to the destination port XGE1/0/5:3 of access device 172.16.68.2 successfully. |
Explanation | A VM successfully migrated. |
Recommended action | No action is required. |
Failure to issue ACL rule because of insufficient hardware resources
Keyword | VPORT_SECURITY_RULE_FAILED |
Message text | The ACL rule [ID: $1, Security policy: $2, Direction: $3, IPv4 prefix: $4, Protocol: $5 ] failed to take effect on vPort [IP: $6, MAC: $7, Tenant ID: $8] because of insufficient hardware resources on device [IP: $9]. |
Variable fields | $1: UUID of the rule. $2: Name of the security policy to which the rule belongs. $3: Packet direction that the rule matches. $4: IPv4 prefix that the rule matches. $5: Protocol type that the rule matches. $6: IP address of the vPort. $7: MAC address of the vPort. $8: UUID of the tenant to which the vPort belongs. $9: Management IP address of the device. |
Severity level | Warning |
Example | The ACL rule [ID: 608da4b7-64ba-49d3-9fc3-96a7fd5c67f7, Security policy: Policy1, Direction: ingress, IPv4 prefix: 1.1.1.1/32, Protocol: TCP ] failed to take effect on vPort [IP: 4.4.4.4,MAC: 00:50:56:95:09:8d, Tenant ID: ffffffff-0000-0000-0000-000000000001] because of insufficient hardware resources on device [IP: 172.16.68.1]. |
Explanation | Failed to issue the ACL rule bound to the vPort to the access switch because the access switch does not have sufficient hardware resources. |
Recommended action | Verify that the access switch has sufficient hardware resources. |
Failure to issue default ACL rule because of insufficient hardware resources
Keyword | VPORT_DEFAULT_SECURITY_RULE_FAILED |
Message text | The default ACL rule failed to take effect on vPort [IP: $1,MAC: $2,Tenant ID: $3] because of insufficient hardware resources on device [IP: $4]. |
Variable fields | $1: IP address of the vPort. $2: MAC address of the vPort. $3: UUID of the tenant to which the vPort belongs. $4: Management IP address of the device. |
Severity level | Warning |
Example | The default ACL rule failed to take effect on vPort [IP:4.4.4.4,MAC:00:50:56:95:09:8d,Tenant ID:ffffffff-0000-0000-0000-000000000001] because of insufficient hardware resources on device [IP: 172.16.68.1]. |
Explanation | Failed to issue the default ACL rule bound to the vPort to the access switch because the access switch does not have sufficient hardware resources. |
Recommended action | Verify that the access switch has sufficient hardware resources. |
Controller failed to communicate with host through OVSDB
Keyword | OVSDB_COMMUNICATE_FAILED |
Message text | Failed to communicate with host $1 through OVSDB. The commands are $2. |
Variable fields | $1: IP address of the host. $2: Commands that the controller attempted to deploy to the host through OVSDB. |
Severity level | Warning |
Example | Failed to communicate with host 172.16.38.60 through OVSDB. The commands are --columns=name find Bridge datapath_id=00000050569a0223. |
Explanation | The controller failed to communicate with a host through OVSDB. |
Recommended action | Verify that the virtual switch bridge of the host is running correctly. |
Host IP change
Keyword | HOST_IP_CHANGED |
Message text | Host IP changed from $1 to $2. |
Variable fields | $1: Original IP address of the host. $2: New IP address of the host. |
Severity level | Warning |
Example | Host IP changed from 1.1.1.1 to 1.1.1.2. |
Explanation | The IP address recorded on the controller is different from the actual IP address because the IP address of the host changed. |
Recommended action | Make sure the IP address specified on the controller for the host is the same as the actual IP address of the host. |
vPort UUID prefix conflict
Keyword | VPORT_UUID_PREFIX_CONFLICT |
Message text | Conflict of the UUID's first segment exist on vPorts “$1”, “$2”. |
Variable fields | $1: Information about vPort 1. $2: Information about vPort 2. |
Severity level | Warning |
Example | Conflict of the UUID's first segment exist on vPorts “Name: port1, ID: 5329dda9-353e-4408-a275-c13d99bfc445”, “Name: port2, ID: 5329dda9-353e-4408-a275-c13d99bfc446”. |
Explanation | Multiple vPorts have the same UUID prefix. |
Recommended action | Delete either vPort. |
Flow table synchronization or auditing started
Keyword | HOST_FLOW_SYNC_START |
Message text | Host $1 started smoothing or auditing flow tables. |
Variable fields | $1: IP address of the host. |
Severity level | Info |
Example | Host 192.168.10.11 started smoothing or auditing flow tables. |
Explanation | Flow table synchronization or auditing for the host started. |
Recommended action | No action is required. |
Flow table synchronization or auditing finished
Keyword | HOST_FLOW_SYNC_END |
Message text | Host $1 finished smoothing or auditing flow tables. |
Variable fields | $1: IP address of the host. |
Severity level | Info |
Example | Host 192.168.101.11 finished smoothing or auditing flow tables. |
Explanation | Flow table synchronization or auditing for the host finished. |
Recommended action | No action is required. |
Host flow table issuing failure
Keyword | HOST_FLOW_MOD_FAILED |
Message text | Failed to deploy a flow table to host $1. ErrorCode: $2. The flow table is $3. |
Variable fields | $1: IP address of the host. $2: Error code that OpenFlow returned to the controller. $3: Information about the flow table failed to be issued. |
Severity level | Warning |
Example | Failed to deploy a flow table to host 192.168.10.11. ErrorCode: BAD_TIMEOUT. The flow table is { "version":"1.3.0", "flow": { "table_id":0, "priority":100, "idle_timeout":0, "hard_timeout":0, "flow_mod_cmd":"add", "cookie":"0x4234", "cookie_mask":"0xffff", "buffer_id":4294967295, "out_port":265, "out_group":4294967295, "flow_mod_flags":["check_overlap"], "match":[{"eth_type":"ipv4"},{"ipv4_src":"1.1.1.1"}],"instructions":[] } }. |
Explanation | Failed to issue the flow table to the host. |
Recommended action | · Verify that the network is operating correctly. · Log in to the host and verify that the OpenFlow settings are correct. |
Host group table issuing failure
Keyword | HOST_GROUP_MOD_FAILED |
Message text | Failed to deploy a group table to host $1. ErrorCode: $2. The group table is $3. |
Variable fields | $1: IP address of the host. $2: Error code that OpenFlow returned to the controller. $3: Information about the group table failed to be issued. |
Severity level | Warning |
Example | Failed to deploy a group table to host 192.168.10.11. ErrorCode: BAD_TIMEOUT. The group table is { "version" : "1.3.0", "group" : { "id" : 3, "type" : "all", "command" : "add", "buckets" : [{ "weight" : 0, "watch_group" : 4294967295, "watch_port" : 4294967295, "actions" : [{ "output" : 5 }] }] } }. |
Explanation | Failed to issue the group table to the host. |
Recommended action | · Verify that the network is operating correctly. · Log in to the host and verify that the OpenFlow settings are correct. |
