H3C VCF Controller Troubleshooting Guide-5W505

HomeSupportResource CenterSDNH3C VCF ControllerH3C VCF ControllerTechnical DocumentsDiagnose & MaintainTroubleshootingH3C VCF Controller Troubleshooting Guide-5W505
Download Book

Contents

Introduction· 1

General guidelines· 1

Collecting diagnostic log messages· 1

Contacting technical support 2

Troubleshooting VCF controller installation· 1

Dependencies check failure· 1

Symptom·· 1

Solution· 1

Failure to install the VCF controller because the console is disconnected from the server 1

Symptom·· 1

Solution· 1

Failure to access the GUI after the server where the VCF controller is installed is power cycled· 2

Symptom·· 2

Solution· 2

Troubleshooting product licensing· 3

License file error 3

Symptom·· 3

Solution· 3

DID file error 3

Symptom·· 3

Solution· 3

Cannot get licensing data from the license server after a controller or controller team reboot 3

Symptom·· 3

Solution· 4

Troubleshooting teams· 5

Troubleshooting team creation failures· 5

Failure to create a team because of incorrect NICs· 5

Failure to create a team because of inconsistent team tokens· 6

Team setup failure caused by controller role error 6

Failure to clear team configuration on member controllers· 7

Symptom·· 7

Solution· 7

Failure to add a member controller to a team·· 7

Symptom·· 7

Solution· 7

Team IP address unreachable· 8

Symptom·· 8

Solution· 8

Member controller down· 9

Symptom·· 9

Solution· 9

Troubleshooting regions· 10

Region information display failure· 10

Symptom·· 10

Solution· 10

Inconsistent master controller role on the OpenFlow instance and a controller 10

Symptom·· 10

Solution· 10

Controller configuration failure in region creation or modification· 11

Symptom·· 11

Solution· 11

Troubleshooting diagnostic information· 12

Diagnostic information exporting failure on the active leader 12

Symptom·· 12

Solution· 12

Troubleshooting OpenFlow·· 13

OpenFlow connection failure· 13

Symptom·· 13

Solution· 13

Unstable OpenFlow connection· 14

Symptom·· 14

Solution· 14

Network device information display failure· 14

Symptom·· 14

Solution· 14

Flow entry deployment failure· 16

Symptom·· 16

Solution· 16

Troubleshooting NETCONF· 17

NETCONF communication failure· 17

Symptom·· 17

Solution· 17

Troubleshooting carrier networks· 18

Physical network element activation failure· 18

Symptom·· 18

Solution· 18

VNF network element activation failure· 18

Symptom·· 18

Solution· 18

Automatic region configuration failure· 19

Symptom·· 19

Solution· 19

Failure to obtain VNF resources from the VNF manager 20

Symptom·· 20

Solution· 20

Troubleshooting tenants· 21

Failure to import tenants from OpenStack· 21

Symptom·· 21

Solution· 21

Troubleshooting ARP·· 22

MAC address learning failure on the host connected to an access device· 22

Symptom·· 22

Solution· 22

Failure to learn information about the host connected to an access device· 22

Symptom·· 22

Solution· 22

Troubleshooting virtual networks· 23

Failure to connect to hosts· 23

Symptom·· 23

Solution· 23

Failure to find regions accepting vSwitches· 23

Symptom·· 23

Solution· 23

Invalid overlay license· 23

Symptom·· 23

Solution· 24

Invalid host configuration· 24

Symptom·· 24

Solution· 24

Automatic host deployment failure· 24

Symptom·· 24

Solution· 24

Failure to delete hosts on the controller 25

Symptom·· 25

Solution· 25

Communication failure between VMs· 26

Symptom·· 26

Solution· 26

KVM host is not in the specified domain· 26

Symptom·· 26

Solution· 26

Controller failed to obtain VXLAN tunnel interface information for online KVM hosts· 27

Symptom·· 27

Solution· 27

Controller failed to obtain uplink interface information for online KVM hosts· 27

Symptom·· 27

Solution· 27

Communication failure between host and VSR gateway in underlay network· 27

Symptom·· 27

Solution· 27

Communication failure between host and TOR gateway in underlay network· 28

Symptom·· 28

Solution· 28

Troubleshooting firewalls· 29

A gateway firewall is not in Active status· 29

Symptom·· 29

Solution· 29

A gateway firewall in Active status does not take effect 29

Symptom·· 29

Solution· 29

A service chain firewall is not in Active status· 30

Symptom·· 30

Solution· 30

A service chain firewall in Active status does not take effect 30

Symptom·· 30

Solution· 30

A policy or rule does not take effect 31

Symptom·· 31

Solution· 31

An effective firewall does not generate sessions or statistics· 31

Symptom·· 31

Solution· 31

Troubleshooting load balancing· 33

Gateway-type load balancer state is not active· 33

Symptom·· 33

Solution· 33

Server pool state is not active· 33

Symptom·· 33

Solution· 33

Virtual server state is not active· 34

Symptom·· 34

Solution· 34

Empty member list 34

Symptom·· 34

Solution· 34

Member state is not active· 35

Symptom·· 35

Solution· 35

Health monitoring method state is not active· 35

Symptom·· 35

Solution· 35

Gateway-type load balancer is active but does not take effect 35

Symptom·· 35

Solution· 35

Troubleshooting service chains· 37

Service chain state is not active· 37

Symptom·· 37

Solution· 37

A service chain is active but does not take effect 37

Symptom·· 37

Solution· 37

Troubleshooting security policies· 38

OpenFlow entry deployment failure for a host 38

Symptom·· 38

Solution· 38

OpenFlow entry deployment failure for a network interface· 38

Symptom·· 38

Solution· 38

Troubleshooting ZTP·· 40

A network device cannot obtain an IP address from the DHCP server 40

Symptom·· 40

Solution· 40

A network device cannot download the configuration file· 40

Symptom·· 40

Solution· 40

 


Introduction

This document provides information about troubleshooting common software and hardware problems with H3C VCF controllers.

General guidelines

To help identify the cause of the problem, collect system and configuration information, including:

·     Controller version and Linux operation system version.

·     Symptom, time of failure, and configuration.

·     Network topology information, including the network diagram, port connections, and points of failure.

·     Log messages and diagnostic information. For more information, see "Collecting diagnostic log messages."

·     Steps you have taken and their effects.

Collecting diagnostic log messages

1.     Enter the URL of the controller in the address bar of a browser (for example, Chrome) to enter the controller login page.

The URL is in the format of https://controller_ip_address:8443/sdn/ui/. If HTTPS is not available due to policy limitations, you can enter the URL in the format of http://controller_ip_address/sdn/ui/ or http://controller_ip_address:8080/sdn/ui/ to log in to the controller through HTTP.

2.     On the login page, enter the username and password, and click Login.

3.     Select Controller > System > Diagnosis Info to enter the diagnosis information page.

Figure 1 Diagnosis information page

 

4.     Click Export in the top right corner of the diagnosis information page.

The Export Diagnosis Log dialog box appears.

5.     Select one or more controllers and click Export.

The exported diagnosis information for the controllers is saved to a local file. To export a controller's diagnosis information for the second time, close the dialog box, and then click Export on the diagnosis information page again.

Figure 2 Export Diagnosis Log dialog box

 

 

NOTE:

In a team, the active leader can export diagnosis information for all controllers in active state, and a member can only export its own diagnosis information.

 

Contacting technical support

If you cannot resolve a problem after using the troubleshooting procedures in this document, contact H3C Support.

The following is the contact information for H3C Support:

·     Telephone number400-810-0504.

·     E-mailservice@h3c.com.


Troubleshooting VCF controller installation

This section provides troubleshooting information for common problems with VCF controller installation.

Before you install a VCF controller, determine an IP address for it. Make sure the IP address does not conflict with that of another device.

Dependencies check failure

Symptom

The system displays the error message "pre-dependency problem - not installing vcf-controller" during VCF installation, as shown in Figure 3.

Figure 3 Dependencies check failure

 

Solution

To resolve the problem:

1.     Access the Internet and reinstall the software dependencies. For information about installing the software dependencies, see H3C VCF Controller Installation Guide.

2.     If the problem persists, contact H3C Support.

Failure to install the VCF controller because the console is disconnected from the server

Symptom

You establish an SSH connection to a server and begin to install the VCF controller on the server. The installation fails because the SSH connection breaks during the installation procedure.

Solution

To resolve the problem:

1.     Terminate the VCF controller processes after you recover the SSH connection.

[root@localhost ~]# systemctl stop sdnc

[root@localhost ~]# systemctl stop sdna

[root@localhost ~]# systemctl stop handshake

If your system does not support the systemctl commands, use the following commands.

[root@localhost ~]# service sdnc stop

[root@localhost ~]# service sdna stop

[root@localhost ~]# service handshake stop

2.     Use one of the following methods to uninstall the VCF controller:

?     Uninstall the VCF controller without retaining the configuration data.

[root@localhost ~]# rpm -e vcf-controller

Do you want to purge the package? [Y/N]:Y

?     Uninstall the VCF controller with the configuration data retained.

[root@localhost ~]# rpm -e --nopreun vcf-controller

Do you want to purge the package? [Y/N]:N

3.     Install the VCF controller again. For more information about the installation procedure, see H3C VCF Controller Installation Guide.

4.     If the problem persists, contact H3C Support.

Failure to access the GUI after the server where the VCF controller is installed is power cycled

Symptom

After the server where the VCF controller is installed is power cycled, you cannot access the GUI of the controller.

Solution

To resolve the problem:

1.     Log in to the operating system of the server where the controller is installed.

2.     Verify that the controller startup file ext.index in directory /opt/sdn/virgo/work is not damaged during the power cycle. If the size of the file is 0, the startup file is damaged. Delete the file and reboot the server.

3.     If the problem persists, contact H3C Support.

 


Troubleshooting product licensing

This section provides troubleshooting information for common product licensing problems.

License file error

Symptom

The system displays the error message "License File Error." when you upload the local license file.

Solution

To resolve the problem:

1.     Verify that a license file is registered for this VCF controller. If no license file is registered for this VCF controller, re-register a license to obtain a new license file for the VCF controller.

2.     Verify that hardware replacement has not occurred on the server or virtual machine that houses the VCF controller. If hardware replacement has occurred, re-register a license to obtain a new license file for the VCF controller.

Examples of hardware replacement include CPU or NIC replacement.

3.     If the problem persists, contact H3C Support.

DID file error

Symptom

When you generate a DID file, a DID file named Error.txt is generated. The file content is Dependent software libvirt is required.

Solution

To resolve the problem:

1.     Correctly install the Libvirt software package.

For information about the installation, see VCF Controller Installation Guide.

2.     Regenerate the device's DID file.

3.     If the problem persists, contact H3C Support.

Cannot get licensing data from the license server after a controller or controller team reboot

Symptom

A controller or a controller team restarts and has established a connection with the license server. The license for the controller or controller team has been installed at the license server. However, the controller or the controller team cannot get the licensing data from the license server.

Solution

This symptom might occur if the controller or controller team reconnects to the license server before the license server aging timer for the last connection expires. The license server does not reclaim the licensing data from an unexpectedly disconnected license client (the controller or controller team) until the aging timer expires.

To resolve the problem:

1.     Log in to the license server, and perform the following tasks:

a.     From the left navigation tree, select License Clients > Connections.

The connection management page appears.

b.     In the Operation column, kick off the license clients that were disconnected from the license server unexpectedly.

2.     Log in to a VCF controller, and perform the following tasks:

a.     From the left navigation tree, select Controller > License Manager.

b.     On the page that appears, disconnect the controller from the license server, and reconnect to the license sever.

3.     If the problem persists, contact H3C Support.


Troubleshooting teams

This section provides troubleshooting information for common team problems.

Troubleshooting team creation failures

Failure to create a team because of incorrect NICs

Symptom

The system displays the error message "Failed to create the team. Please correct the NIC configuration" when you create a team.

Solution

1.     Check the associated NIC of the server or VM for each leader controller:

?     If the NIC for a leader controller is disabled, use the ifconfig command to enable the NIC.

?     If the NIC for a leader controller has hardware problems, replace the NIC.

?     If a leader controller is assigned an incorrect NIC, remove the controller from the controller list on the Add Controller page. Then, add the controller again and select a correct NIC for the controller.

2.     If the NIC list of remote leader controllers is not available for a leader controller, check the network connectivity.

3.     Verify that the leader controllers use the same team token.

To view the team token of a controller:

a.     Log in to the controller.

b.     From the top navigation bar, select Controller > Configuration.

c.     Click Standalone config.

The Team token config field displays the team token.

4.     If the team tokens are different, use one of the following methods to modify the tokens to the same one:

Method 1:

a.     From the top navigation bar, select Controller > Configuration.

b.     Click Standalone config.

c.     Configure the Team token config field:

-     If the token is not created, enter a value in the field and click Create. Then, click OK in the confirmation dialog box.

-     If the token has been created, delete the token and re-create a new one. To delete a token, click Delete next to the Team token config field and click OK in the confirmation dialog box. Then, enter a value in this field, click Create, and then click OK in the confirmation dialog box.

Method 2:

a.     Uninstall the leader controllers whose team tokens need to be modified, and then reinstall the controllers. For information about controller uninstallation and installation, see H3C VCF Controller Installation Guide.

b.     Enter the same team token for the leader controllers.

5.     Use the controllers to create a team.

6.     If the problem persists, contact H3C Support.

Failure to create a team because of inconsistent team tokens

Symptom

The system displays the error message "Operation failed. The team tokens of all controllers in the team must be the same" when you create a team.

Solution

To resolve the problem:

1.     Check the team token of each leader controller:

a.     Log in to a controller.

b.     From the top navigation bar, select Controller > Configuration.

c.     Click Standalone config.

The Team token config field displays the team token.

2.     Use one of the following methods to modify the team token of a controller to a value the same as the token of other controllers in the team:

Method 1:

a.     From the top navigation bar, select Controller > Configuration, and click Standalone config.

b.     Configure the Team token config field:

-     If the team token is not created, enter a value in the field and click Create. Then, click OK in the confirmation dialog box.

-     If the team token has been created, delete the token and re-create a new one. To delete a token, click Delete next to the Team token config field and click OK in the confirmation dialog box. Then, enter a value in this field, click Create, and then click OK in the confirmation dialog box.

Method 2:

a.     Uninstall the controller, and then reinstall the controller.

For information about controller uninstallation and installation, see H3C VCF Controller Installation Guide.

b.     Enter a team token the same as the team token of other controllers in the team.

3.     Use the controllers to create a team.

4.     If the problem persists, contact H3C Support.

Team setup failure caused by controller role error

Symptom

The system displays the error message "You can't create a team on a member controller" when you create a team on a controller.

Solution

To resolve the problem:

1.     Change the role of the controller to leader, or log in to a leader controller to create the team.

2.     If the problem persists, contact H3C Support.

Failure to clear team configuration on member controllers

Symptom

When you delete a team, the team configuration cannot be cleared from some member controllers. The reasons including:

·     The active leader controller cannot communicate with the member controllers due to network connectivity problems.

·     The member controllers are offline when the team is deleted. The team configuration on the member controllers is not cleared synchronously.

Solution

To resolve the problem:

1.     If the team is not deleted, repair the links and make sure the active leader controller can reach the member controllers, and then delete the team.

2.     If the team has been deleted, clear the team configuration by removing the member controllers from the team:

a.     Log in to a member controller.

b.     From the top navigation bar, select Controller > Configuration.

c.     Click Modify team.

d.     Click the Quit icon  for the member controller.

e.     Click OK in the confirmation dialog box.

f.     Repeat steps a to e to remove all the member controllers from the team.

3.     If the problem persists, contact H3C Support.

Failure to add a member controller to a team

Symptom

A member controller cannot dynamically join a team.

Solution

To resolve the problem:

1.     Check the HTTPS connection between the member controller and the active leader controller. Verify that the team IP address can be pinged from the member controller. If the ping operation fails, use the methods described in "Team IP address unreachable" to resolve the problem.

2.     Check the configuration on the member controller for any mistakes, and modify the incorrect settings. For example, conflict IP address or name.

3.     Verify that the number of controllers does not exceed the upper limit in the team.

If the upper limit has been reached, you must first remove another controller from the team before you add the controller to the team.

4.     Verify that the team token of the controller is the same as the team token of the active leader controller in the team. To modify the team token:

Method 1:

a.     Log in to the controller, select Controller > Configuration from the navigation bar, and click Standalone config.

b.     If the team token is not created, enter the team token of the active leader controller in the Team token config field and click Create.

c.     If the team token has been created, click Delete next to the Team token config field and re-create a new team token.

Method 2:

a.     Uninstall the controller, and then reinstall it.

For information about controller uninstallation and installation, see H3C VCF Controller Installation Guide.

b.     Enter the team token of the active leader controller during the installation.

5.     Add the controller to the team.

6.     If the problem persists, contact H3C Support.

Team IP address unreachable

Symptom

A user cannot log in to the team through the team IP address, or cannot ping the team IP address.

Solution

To resolve the problem:

1.     Ping the IP address of the active leader controller from a PC. If the ping operation fails, check the network connectivity between the PC and the leader controller.

2.     Verify that the active leader controller has a team IP address:

a.     From the top navigation bar, select Controller > Controller Info or select Monitor > Controller Info.

b.     If no team IP address exists, select Controller > Configuration and click Modify team.

c.     Click Modify Team.

d.     On the dialog box, enter the team IP address and the network mask.

e.     Click Apply.

3.     Log in to the server or VM where the active leader controller software is installed. Use the ifconfig command to view whether the team IP address exists on the associated NIC. If no team IP address is available, verify that the NIC is not disabled. If the NIC is disabled, use the ifconfig command to enable the NIC.

4.     Verify that no team IP address conflicts exist on the network. If conflicts exist, log in to the active leader controller and change the team IP address to be unique.

5.     On the host from where you log in to the controller, view the ARP entry of the team IP address. Verify that the MAC address in the entry is the MAC address of the NIC that has the team IP address. If the MAC addresses are different, the ARP entry is incorrect. You must delete the ARP entry, and then ping the team IP address again.

6.     If the problem persists, contact H3C Support.

Member controller down

Symptom

The state of a member controller is down.

Solution

To resolve the problem:

1.     In the Controller info area, check the Remarks field.

2.     If the field displays The controller IP is unreachable or Connection timed out, verify that the controller is down or the network is disconnected. To remove the issue, power cycle the controller or reinstall the controller software, or repair the failed links to ensure network connectivity.

3.     If the field displays The controller already assigned to a team, remove the controller from the new team or the previous team.

4.     If the field displays Team token authentication failed, perform the following tasks to resolve the problem:

a.     Log in to the member controller.

b.     From the top navigation bar, select Controller > Configuration.

c.     Click Standalone config.

The Team token config field displays the team token.

d.     If the team token is different from the team token of other controllers in the team, use one of the following methods to configure the team token:

-     Enter a value in the Team token config field and click Create. If a team token has been created, delete the token and create a new token.

-     Uninstall the controller, and then reinstall the controller. Enter the team token of other controllers in the team during the installation. For information about controller uninstallation and installation, see H3C VCF Controller Installation Guide.

e.     Re-create the team or add the controller to the original team.

5.     If the problem persists, contact H3C Support.


Troubleshooting regions

This section provides troubleshooting information for common region problems.

Region information display failure

Symptom

No region information is displayed for the OpenFlow device that belongs to a region on the Monitor > Device Information page of the controller's GUI.

Solution

To resolve the problem:

1.     Verify that the datapath ID of the OpenFlow device does not conflict with that of any other OpenFlow device:

a.     On the controller's GUI, select Monitor > Device Information. Enter the IP address of the OpenFlow device in the search field to get the datapath ID of the device. Then disconnect the connection for the datapath ID on the OpenFlow device.

b.     Enter the device information page again to identify whether the datapath ID still exists. If the datapath ID still exists, go to step c. If the datapath ID does not exist, go to step 2.

c.     Get the IP address of another OpenFlow device with the same datapath ID, and then modify the datapath ID on the device.

2.     Reconnect the OpenFlow instance to the controller on the OpenFlow device.

3.     If the problem persists, contact H3C Support.

Inconsistent master controller role on the OpenFlow instance and a controller

Symptom

When an OpenFlow instance is connected to multiple controllers in different regions, the master controller role is inconsistent on the OpenFlow instance and a controller.

Solution

To resolve the problem:

1.     Verify that an OpenFlow instance is connected to only two controllers in a region.

When the OpenFlow instance is connected to a controller in a region, the controller issues its configured role (master or subordinate) to the OpenFlow instance. If the OpenFlow instance is then connected to the controllers in another region, the original master controller on the OpenFlow instance will be overwritten. For example, an OpenFlow instance is connected to controller A (master) and controller B (subordinate) in Region A. Then the OpenFlow instance is connected controller C (master) and Controller D (subordinate) in Region B. On the OpenFlow instance, controller C is the master and the other three are subordinates. However, controller A still determines that it is the master for the OpenFlow instance.

If the OpenFlow instance is connected to multiple controllers, delete unnecessary controllers specified on the OpenFlow instance. If the remaining two controllers are in different regions, you can modify the region configuration to assign the two controllers to the same region.

2.     If the problem persists, contact H3C Support.

Controller configuration failure in region creation or modification

Symptom

The system prompts a controller configuration failure during region creation or modification.

Solution

To resolve the problem:

1.     Verify that the controller is up and the network is connected.

a.     Examine the Remarks field on the controller information page.

-     If the field displays The controller IP is unreachable, the controller is down or the network is disconnected. Then go to step b.

-     If the field does not display The controller IP is unreachable, go to step 2.

b.     Power on or reinstall the controller, or troubleshoot the network failure.

2.     Verify that the team token authentication for the controller is successful.

a.     Examine the Remarks field on the controller information page.

-     If the field displays Team token authentication failed, go to step b.

-     If the field does not display Team token authentication failed, go to step 3.

b.     Verify that the controller's team token is the same as the token of other controllers in the team.

You can modify the controller's team token by using one of the following methods:

(Method 1) Log in to the controller's GUI, select Controller > Configuration, and click Standalone config.

-     If the team token is not created, enter the correct value in the Team token config field and click Create.

-     If the team token has already been created, click Delete to delete the team token. Then enter the correct value in the Team token config field and click Create.

(Method 2) Remove the controller and reinstall it. Enter the same team token as that of the leader controllers during the installation. For information about installing and removing a controller, see H3C VCF controller installation guide.

c.     Re-create the team or add the controller to the team again.

3.     If the problem persists, contact H3C Support.


Troubleshooting diagnostic information

This section provides troubleshooting information for common diagnostic information problems.

Diagnostic information exporting failure on the active leader

Symptom

Diagnostic information for some active controllers fails to be exported, or the exported file cannot be decompressed.

Solution

To resolve the problem, try to export diagnostic information for the target controllers by using the following methods:

·     Export diagnostic information for the controllers a second time on the active leader:

a.     On the diagnostic information page of the active leader, click Export.

b.     On the dialog box that appears, select the target controllers and click Export.

·     Export diagnostic information for a target controller on the controller itself:

a.     Log in to the Web interface of a target controller.

b.     Export diagnostic information for the current controller.

·     Obtain the diagnostic information of a controller from the host server or VM of the controller:

a.     Log in to the host server or VM of the controller through SSH.

b.     Use a file transfer application (such as FTP) to download the diagnostic log file from the /opt/sdn/virgo/serviceability/logs directory.


Troubleshooting OpenFlow

This section provides troubleshooting information for common OpenFlow problems.

OpenFlow connection failure

Symptom

No device information is displayed for a correctly configured OpenFlow device after you select Monitor > Device Information on the controller's GUI.

Solution

To resolve the problem:

1.     Log in to the OpenFlow device and verify that the controller IP address specified for the OpenFlow device is correct. If the controller IP address is incorrect, specify the correct controller IP address on the OpenFlow device as shown in Figure 4.

Figure 4 Specifying the controller IP address

gw-------.JPG

 

2.     Verify that the controller IP address is reachable. If the controller IP address is reachable, troubleshoot the network.

3.     Verify that the OpenFlow device has established a connection to the controller by using the display openflow summary command.

Figure 5 Displaying OpenFlow connection channel state.

捕获.PNG

 

If channel status is not Connected, verify that the total number of OpenFlow connections established by the controller is not larger than the total number of nodes supported by the remote and local licenses. If the total number of OpenFlow connections established by the controller is larger than the total number of nodes supported by the remote and local licenses, update the remote or local license.

To view the total number of OpenFlow connections established by the controller, select Controller > Controller Info on the controller's GUI.

To view the maximum number of nodes supported by the remote or local license, select Controller > License Manager on the controller's GUI.

4.     If the problem persists, contact H3C Support.

Unstable OpenFlow connection

Symptom

The OpenFlow connection established between the controller and the OpenFlow device is unstable.

Solution

To resolve the problem:

1.     Verify that the network is connected. If the network is disconnected, troubleshoot the network.

2.     Verify that traffic congestion does not occur in the region.

If traffic congestion occurs in the region, OpenFlow echo messages cannot be exchanged correctly. Execute the netstat -anp | grep 6633 command as a root user to identify whether the TCP channel for the OpenFlow connection is occupied. As shown in Figure 6, if the values for the first and the second columns are in the range of 200000 to 250000, the traffic in the region is heavy. You can disconnect OpenFlow connections for some OpenFlow devices and then connect these devices to controllers in other regions.

Figure 6 TCP channel status

 

3.     If the problem persists, contact H3C Support.

Network device information display failure

Symptom

When device information can be obtained through selecting Monitor > Device Information on the controller's GUI, the following information cannot be displayed:

·     Summary information.

·     Port information.

·     Flow table information.

·     Group table information.

Solution

To resolve the problem:

1.     Log in to the OpenFlow device, and execute the display openflow instance instance-id controller command to verify that the controller role is correctly assigned to the OpenFlow device.

This example uses OpenFlow instance 1. If the controller role is Equal, create a region on the controller or connect the OpenFlow device to a controller in a region.

Figure 7 Controller role assigned to the OpenFlow device

捕获.PNG

 

2.     Verify that the region to which the OpenFlow device is connected is configured correctly.

Select Monitor > Device Information on the controller's GUI to identify whether region information is displayed for the OpenFlow device. If the region information is not displayed, export the diagnostic information for the controller:

a.     Select Controller > System > Diagnosis Info, and click Export.

b.     Select the controllers for which the diagnostic information is exported.

c.     Click Export.

Then identify whether the MAC address of the OpenFlow device exists in the Global Master Cache field in the RegionInfo log file exported. If the MAC address of the OpenFlow device does exist in the Global Master Cache field, disconnect the OpenFlow device from the controller and reconnect the device to the controller.

As a best practice, do not disconnect and reconnect the OpenFlow device if the service traffic can be processed correctly when the symptom appears.

Figure 8 Device information on the controller

 

3.     If the problem persists, contact H3C Support.

Flow entry deployment failure

Symptom

OpenFlow entries cannot be displayed on the OpenFlow device after the controller deploys flow entries to the OpenFlow device through REST API or the triggering of service packets.

Solution

To resolve the problem:

1.     Verify that the capability set of the OpenFlow device supports the flow entries deployed by the controller. If the OpenFlow device does not support the flow entries, update the device or change a device.

You can view the capability set of the OpenFlow device through getting /sdn/v2.0/of/datapaths/{dpid}/features/match on REST API.

2.     Verify that the OpenFlow device supports identifying Experimenter extensions if the flow entries contain Experimenter extensions. If the OpenFlow device cannot identify Experimenter extensions, update the device or change a device.

3.     Enable OpenFlow debugging by using the debugging openflow all command to verify that the OpenFlow device can receive FlowMod messages.

?     If the device cannot receive FlowMod messages from the controller, verify that the connection between the OpenFlow device and the controller is Connected. For more information, see "Unstable OpenFlow connection."

?     If the device can receive FlowMod messages from the controller, go to step 4.

4.     If the problem persists, contact H3C Support.


Troubleshooting NETCONF

This section provides troubleshooting information for common NETCONF problems.

NETCONF communication failure

Symptom

The controller fails to use SOAP to issue NETCONF configuration. For example, after a network element is added, its state is inactive and the system displays either of the following error messages:

·     OpenFlow connection is down.

·     NETCONF connection fails due to network congestion.

Solution

To resolve the problem:

1.     Verify that the network device and the controller are physically connected:

a.     Log in to the controller, and examine the cable connection status and link status.

b.     Log in to the network device, and examine the cable connection status and link status.

2.     Verify that the NETCONF settings are consistent on the network device and the controller:

a.     Make sure NETCONF over SOAP over HTTPS is enabled on the network device.

b.     Make sure the network device and the controller are configured with the same username and password.

If any inconsistency occurs, modify the NETCONF settings on the network device or the controller.

3.     Verify that a NETCONF session can be established between the network device and the controller.

There is a limit on the number of NETCONF sessions that can be established on the network device. If the upper limit has been reached, the network device cannot establish a NETCONF session with the controller. In this case, delete the existing NETCONF sessions or increase the NETCONF session limit to ensure that a NETCONF session can be established between network device and the controller.

4.     If the problem persists, contact H3C Support.


Troubleshooting carrier networks

This section provides troubleshooting information for common carrier network problems.

Physical network element activation failure

Symptom

A physical network element remains in inactive state after it is created.

Solution

To resolve the problem:

1.     Verify the number of OpenFlow nodes and Overlay physical network elements. If the number exceeds the limit allowed by the licenses, purchase new licenses.

2.     Verify that the physical network element and the controller can ping each other by using the management IP of the physical network element. If the ping operation fails, troubleshoot the network connection problem.

3.     If the physical network element type is gateway, verify that the physical network element has joined a gateway group.

4.     Verify that NETCONF communication between the physical network element and the controller succeeds. If NETCONF communication fails, troubleshoot NETCONF. For more information, see "Troubleshooting NETCONF."

5.     Verify that a region is automatically selected for the physical network element if the controller operates in team mode:

a.     Select Carrier Network > Physical NEs on the top navigation bar.

b.     View the Selected region field. If --- is displayed, troubleshoot automatic region configuration failure. For more information, see "Automatic region configuration failure."

6.     Verify that an IP address is configured for the controller when the controller operates in standalone mode:

a.     Select Controller > Configuration on the top navigation bar, and click Standalone config.

b.     View the Controller IP field. If no IP address is configured, configure an IP address for the controller.

7.     If the problem persists, contact H3C Support.

VNF network element activation failure

Symptom

A VNF network element remains in inactive state after it is created.

Solution

To resolve the problem:

1.     Verify the number of OpenFlow nodes. If the number exceeds the limit allowed by the license, purchase a new license.

2.     Verify that the VNF network element and the controller can ping each other by using the management IP of the VNF network element. If the ping operation fails, troubleshoot the network connection problem.

3.     Verify that a region is automatically selected for the VNF network element if the controller operates in team mode:

a.     Select Carrier Network > VNF NEs on the top navigation bar.

b.     Click the link for the VNF network element in the Resource node list column.

c.     On the Resource node info page that appears, view the Region field. If --- is displayed, troubleshoot automatic region configuration failure. For more information, see "Automatic region configuration failure."

4.     Verify that an IP address is configured for the controller if the controller operates in standalone mode:

a.     Select Controller > Configuration on the top navigation bar, and click Standalone config.

b.     View the Controller IP field. If no IP address is configured, configure an IP address for the controller.

5.     If the problem persists, contact H3C Support.

Automatic region configuration failure

Symptom

A network element fails to automatically select a region when the controller operates in team mode.

Solution

To resolve the problem:

1.     Verify that a region is configured for the team:

a.     Select Home > Overview on the top navigation bar.

b.     View the Controllers area. If no region is configured, configure a region for the team.

2.     Verify that the management IP address of the network element belongs to the managed node subnets of the configured region:

a.     Select Home > Overview on the top navigation bar.

b.     Click the region in the Controllers area to view the region details.

c.     On the Region Details window, view the Managed node subnets field.

If the management IP address does not belong to the managed node subnets, create a new region without any managed node subnets, or perform the following tasks:

-     Select Controller > Configuration on the top navigation bar, and click Modify region.

-     In the Managed Node Subnets field, add the network segment of the management IP address.

3.     If the problem persists, contact H3C Support.

Failure to obtain VNF resources from the VNF manager

Symptom

The system displays Failed to get resources from the VNFM when the controller requests resources from the VNF manager.

Solution

To resolve the problem:

1.     Verify that no VNF resource with the same name as the requested resource exists on the VNF manager. If a VNF resource with the same name exists, obtain another VNF resource or delete the VNF resource with the same name.

A VNF resource can be deleted only when it is not used.

2.     Verify that the VNFM information in the VNFM info area is correct. If the VNFM information is incorrect, modify the configuration.

3.     Verify that the controller and the VNF manager can ping each other. If the ping operation fails, troubleshoot the network connection problem.

4.     Log in to the VNF manager to verify that the VNF manager has a template corresponding to the VNF resource that the controller requests. If the template does not exist, create a template for the VNF resource.

5.     On the VNF manager, verify that the number of VNF resources does not reach the upper limit, as shown in Figure 9. If the upper limit is reached, expand the capacity as required.

Figure 9 VNFM information

 

6.     If the problem persists, contact H3C Support.


Troubleshooting tenants

This section provides troubleshooting information for common tenant problems.

Failure to import tenants from OpenStack

Symptom

The controller failed to import tenants from OpenStack.

Solution

To resolve the problem:

1.     Verify that the Import tenants from OpenStack configuration on the controller is correct.

2.     Make sure the controller and OpenStack can ping the IP address of each other.

3.     If the problem persists, contact the H3C Support.


Troubleshooting ARP

This section provides troubleshooting information for common ARP problems.

MAC address learning failure on the host connected to an access device

Symptom

When you perform a ping operation from a host connected to an access device, the host cannot learn the MAC address of the ping destination.

Solution

To resolve the problem:

1.     Verify that the OpenFlow connections for the following pairs of devices have been successfully established:

?     The controller and the access device that is connected to the source host.

?     The controller and the access device that is connected to the ping destination.

2.     Verify that the vPort information for both the source host and the ping destination is correctly configured on the controller. The vPort information includes IP address, MAC address, and the VLAN or VXLAN to which the source host or the ping destination belongs.

3.     If the problem persists, contact H3C Support.

Failure to learn information about the host connected to an access device

Symptom

The host information cannot be obtained by the ARP module through REST API after the host that is connected to the access device starts.

Solution

To resolve the problem:

1.     Verify that the physical network element for the access device that is connected to the host is correctly configured on the controller.

2.     Verify that the physical network element is activated. If it is not activated, verify that the username and password for the physical network element are correctly configured.

3.     Verify that the physical network element has flow entries to forward ARP packets to the controller. If the flow entries exist, perform a ping operation from the host to make the controller learn the host information.

4.     If the problem persists, contact H3C Support.


Troubleshooting virtual networks

This section provides troubleshooting information for common virtual network problems.

Failure to connect to hosts

Symptom

After you log in to the controller and enter the host configuration page on the domain configuration page, the system displays the error message "Can't connect to the host" when you add a host.

Solution

To resolve the problem:

1.     Verify that the vSwitch is configured with a bridge. If the vSwitch is not configured with a bridge, configure a bridge for the vSwitch. Make sure the bridge name is the same as the bridge name in the VDS.

2.     Verify that the vSwitch is configured with a VXLAN tunnel interface. If the vSwitch is not configured with a VXLAN tunnel interface, configure a VXLAN tunnel interface for the vSwitch. Make sure the VXLAN tunnel interface name is the same as the VXLAN tunnel interface name in the VDS.

3.     Verify that the vSwitch is configured with a VTEP IP address. If the vSwitch is not configured with a VTEP IP address, configure a VTEP IP address for the vSwitch.

4.     If the problem persists, contact H3C Support.

Failure to find regions accepting vSwitches

Symptom

The system displays the error message "Can't add the host. No regions exist." when you add a host.

Solution

To resolve the problem:

1.     Log in to the controller and select Controller > Controller Info from the top navigation bar.

2.     Click the region name in the Region column for the target controller.

3.     Verify that the Deny vSwitches field in the Region Details window displays No. If the Deny vSwitches field does not display No, delete the region and reconfigure it. Make sure the region does not deny vSwitches.

4.     If the problem persists, contact H3C Support.

Invalid overlay license

Symptom

The system displays the error message "Invalid overlay license" when you add a host.

Solution

To resolve the problem:

1.     Verify that the controller is installed with an authorized overlay license. If the controller is not installed with an authorized overlay license, install an authorized overlay license for the controller. For more information, see H3C VCF Controller Installation Guide.

2.     If the problem persists, contact H3C Support.

Invalid host configuration

Symptom

The Controller connection status field displays Invalid configuration. when you view the vSwitch bridge information on the controller.

Solution

To resolve the problem:

1.     Enter the vSwitch bridge information page to verify that the host is configured with a VTEP IP address and a gateway IP address:

a.     Log in to the controller and select vNetwork > Domain from the top navigation bar.

b.     Click the Host tab.

c.     Click the Details icon  in the vSwitch bridge column for the target host.

If no VTEP IP address or gateway IP address is configured, perform either task:

?     For a vCenter domain, configure a VTEP IP address and a gateway IP address for the VMkernel interface of the host on the vCenter.

?     For a KVM domain, configure a VTEP IP address on the compute node.

2.     Click the Details icon  in the Port details column on the vSwitch bridge information page to enter the bridge port information page.

3.     Verify that the bridge port information page contains information for an uplink interface, a VMkernel interface, and a tunnel interface, and all the three interfaces are in up state. If the bridge port information page does not contain all the three interfaces in up state, configure the bridge ports on the vCenter or compute node.

4.     If the problem persists, contact H3C Support.

Automatic host deployment failure

Symptom

After you configure the IP address of the controller for a host as the IP address of the controller team and then refresh the host configuration page, the page does not display the host information.

Solution

To resolve the problem:

1.     Verify that the host can reach the IP address of the controller team. If the host cannot reach the IP address of the controller team, check the network connectivity.

2.     Verify that the controller is installed with an authorized overlay license. If the controller is not installed with an authorized overlay license, install an authorized overlay license for the controller. For more information, see H3C VCF Controller Installation Guide.

3.     Verify that the host is not added through the GUI of the controller.

If the host is added through the GUI of the controller, the controller and the VM management platform assign different UUIDs to the host, and the host cannot be automatically deployed. To resolve the problem, delete the host on the controller, and then automatically deploy the host on the VM management platform.

4.     Verify that the host is configured with a vSwitch bridge. If the host is not configured with a vSwitch bridge, configure a vSwitch bridge for the host. Make sure the vSwitch bridge name is the same as the bridge name in the VDS.

5.     Verify that the vSwitch is configured with a VXLAN tunnel interface. If the vSwitch is not configured with a VXLAN tunnel interface, configure a VXLAN tunnel interface for the vSwitch. Make sure the VXLAN tunnel interface name is the same as the VXLAN tunnel interface name in the VDS.

6.     Verify that the vSwitch is configured with a VTEP IP address. If the vSwitch is not configured with a VTEP IP address, configure a VTEP IP address for the vSwitch.

7.     Log in to the controller and select Controller > Controller Info from the top navigation bar.

8.     Click the region name in the Region column for the target controller.

9.     Verify that the Deny vSwitches field in the Region Details window displays No. If the Deny vSwitches field does not display No, delete the region and reconfigure it. Make sure the region does not deny vSwitches.

10.     Verify that the northbound interface of the controller and the host management interface belong to the same network. If they do not belong to the same network, assign the northbound interface of the controller and the host management interface to the same network.

11.     If the problem persists, contact H3C Support.

Failure to delete hosts on the controller

Symptom

Hosts on the controller cannot be deleted through the VM management platform.

Solution

To resolve the problem:

1.     Verify that the IP address of the REST resource is the IP address of the controller team and the IP address of the team is reachable.

2.     Verify that the host is not added through the GUI of the controller.

If the host is added through the GUI of the controller, the controller and the VM management platform assign different UUIDs to the host, and the host cannot be deleted. To resolve the problem, delete the host on the controller, and then automatically deploy the host on the VM management platform.

3.     If the problem persists, contact H3C Support.

Communication failure between VMs

Symptom

Two VMs cannot communicate with each other.

Solution

To resolve the problem:

1.     Verify that the vPorts and the uplink interfaces of both VMs are in up state, and the networks to which the two VMs belong are of the same type.

2.     Verify that the subnets to which the two VMs belong are bound to the same vRouter.

3.     Verify that the VMs have relevant ARP entries. If the VMs do not have relevant ARP entries, verify that the hosts of the VMs have connected to the controller.

4.     Verify that the ARP entries are correct. If the ARP entries are incorrect, delete the incorrect ARP entries.

5.     If the problem persists, perform either task:

?     If the two VMs belong to the same host, contact H3C Support.

?     If the two VMs belong to different hosts, go to step 6.

6.     Verify that the hosts of the two VMs can ping the VTEP IP address of each other. If the hosts of the two VMs cannot ping the VTEP IP address of each other, delete the host and then add the host on the controller.

7.     If the problem persists, contact H3C Support.

KVM host is not in the specified domain

Symptom

A KVM host comes online in the default domain rather than the specified domain.

Solution

To resolve the problem:

1.     Determine whether the host is manually added.

?     If the host is manually added, contact H3C Support.

?     If the host is not manually added, go to step 2.

2.     Log in to the controller and select vNetwork > Domain from the top navigation bar.

3.     Verify that the domain is a KVM domain. If the domain type is not KVM, change the domain type to KVM.

4.     Verify that the domain UUID of the host is the specified domain UUID. If the domain UUID of the host is not the specified domain UUID, delete the host on the controller, configure the domain UUID for the host, and then add the host to the controller.

5.     If the problem persists, contact H3C Support.

Controller failed to obtain VXLAN tunnel interface information for online KVM hosts

Symptom

After a KVM host comes online, you cannot view the VXLAN tunnel interface information for the host.

Solution

To resolve the problem:

1.     Verify that the VXLAN tunnel interface on the compute node is of the VXLAN type. If the VXLAN tunnel interface type is not VXLAN, change the VXLAN tunnel interface type to VXLAN.

2.     If the problem persists, contact H3C Support.

Controller failed to obtain uplink interface information for online KVM hosts

Symptom

After a KVM host comes online, you cannot view the uplink interface information for the host.

Solution

To resolve the problem:

1.     Verify that the uplink interface is of the eth, em, p, bond, eno, or ens type.

By default, the controller can identify uplink interfaces only of the eth, em, p, bond, eno, or ens type.

If the uplink interface type is not one of the six types, add the prefix of the interface type to the controller by using the REST API.

2.     If the problem persists, contact H3C Support.

Communication failure between host and VSR gateway in underlay network

Symptom

The host cannot use the VTEP IP address to communicate with the VSR gateway in the underlay network.

Solution

To resolve the problem:

1.     Verify that the VTEP IP address and the IP address of the VSR gateway belong to different networks.

If they belong to the same network, perform either task:

?     For a vCenter domain, configure the VTEP IP address on the VMkernel interface to make sure it does not belong to the same network as the IP address of the VSR gateway.

?     For a KVM domain, configure the VTEP IP address on the compute node to make sure it does not belong to the same network as the IP address of the VSR gateway.

2.     If the problem persists, contact H3C Support.

Communication failure between host and TOR gateway in underlay network

Symptom

The host cannot use the VTEP IP address to communicate with the TOR gateway in the underlay network.

Solution

To resolve the problem:

1.     Verify that the next hop of the default route is the IP address of the TOR gateway. If the next hop of the default route is not the IP address of the TOR gateway, configure the IP address of the TOR gateway as the next hop of the default route.

2.     If the problem persists, contact H3C Support.


Troubleshooting firewalls

This section provides troubleshooting information for common firewall problems.

A gateway firewall is not in Active status

Symptom

A gateway firewall is not in Active status after it is successfully created.

Solution

To resolve the problem:

1.     Verify that the firewall is bound to a vRouter.

Navigate to the Network Service/Firewall page. If the firewall is not bound to a vRouter, the vRouter/resource column for the firewall displays three hyphens (---). You must bind the firewall to a vRouter.

2.     If the problem persists, contact H3C Support.

A gateway firewall in Active status does not take effect

Symptom

A gateway firewall is in Active status but does not take effect after it is successfully created.

Solution

To resolve the problem:

1.     Verify that an external network is bound to the vRouter.

Navigate to the vNetwork/vRouter page. If no external network is bound to the vRouter, the External network column for the vRouter displays None. You must create an external network and bind it to the vRouter. The external network is created on the vNetwork/Link Layer Network page.

2.     Verify that the external network contains a subnet.

Navigate to the vNetwork/Link Layer Network page. Click the  icon in the Subnet column for the external network to view the subnet configuration. If no subnet exists, create a subnet.

3.     Verify that the vRouter is bound to a gateway.

Navigate to the vNetwork/vRouter page. If the vRouter is not bound to a gateway, the Bind to GW column for the vRouter displays false. You must bind the vRouter to a gateway and make sure the Bind to GW column displays true.

4.     Verify that an internal subnet is bound to the vRouter.

Navigate to the vNetwork/vRouter page. Click the  icon in the Interface column for the vRouter to view the interface configuration. If no internal network exists, add an internal network.

5.     Verify that an OpenFlow connection is established between the gateway and the controller.

a.     On the vNetwork/Tenant Manager page, click the  icon in the Gateway resources column to identify the gateway that the vRouter is bound to.

The gateway is represented by its management IP address.

b.     On the Monitor/Device Information page, verify that the gateway has established an OpenFlow connection with the controller. If no OpenFlow connection exists, see "OpenFlow connection failure."

6.     Verify that the gateway exists in a region.

Navigate to the Home/Overview page. Click the region icon in the Controllers area to view the region details and verify that the gateway belongs to a region. If the gateway does not belong to a region, verify that a region has been created. If no region is created, create a region first.

7.     If the problem persists, contact H3C support.

A service chain firewall is not in Active status

Symptom

A service chain firewall is not in Active status after it is successfully created.

Solution

To resolve the problem:

1.     Verify that the firewall is bound to a vFW resource.

Navigate to the Network Service/Firewall page. If the firewall is not bound to a resource, the vRouter/resource column for the firewall displays three hyphens (---). You must create a resource and bind the firewall to the resource.

2.     Verify that the firewall is being used by a service chain.

Navigate to the Network Service/Service Chain page. Click the  icon to identify the service chain that is using the firewall. If no service chain is using the firewall, bind the firewall to a service chain.

3.     If the problem persists, contact H3C Support.

A service chain firewall in Active status does not take effect

Symptom

A service chain firewall is in Active status but does not take effect after it is successfully created.

Solution

To resolve the problem:

1.     Verify that the context is correctly configured.

Navigate to the Network Service/Service Chain page and click the Context tab. Click the  icon for a context to view the context list. If the context list is empty, modify the context configuration.

2.     Verify that an OpenFlow connection is established between the vFW resource and the controller.

a.     On the vNetwork/Tenant Manager page, click the  icon in the Service resources column to identify the vFW resource that the firewall is bound to.

The vFW resource is represented by its management IP address.

b.     On the Monitor/Device Information page, verify that the vFW resource has established an OpenFlow connection with the controller. If no OpenFlow connection exists, see "OpenFlow connection failure."

3.     Verify that the vFW resource exists in a region.

Navigate to the Home/Overview page. Click the region icon in the Controllers area to view the region details and verify that the vFW resource belongs to a region. If the vFW resource does not belong to a region, verify that a region has been created. If no region is created, create a region first.

4.     If the problem persists, contact H3C support.

A policy or rule does not take effect

Symptom

A policy or rule is added or modified for a firewall. However, the policy or rule does not take effect.

Solution

To resolve the policy failure:

1.     Verify that the Audited option is selected.

Navigate to the Network Service/Firewall page and click the Policy tab. If the Audited column for the policy displays False, modify the policy and select the Audited option.

2.     If the problem persists, contact H3C Support.

To resolve the rule failure:

3.     Verify that the Enabled option is selected.

Navigate to the Network Service/Firewall page and click the Rule tab. If the Enable status column for the rule displays False, modify the rule and select the Enabled option.

4.     If the problem persists, contact H3C Support.

An effective firewall does not generate sessions or statistics

Symptom

A firewall takes effect and forwards traffic correctly, but no statistics or session is generated.

Solution

To resolve the problem:

1.     Verify that the source and destination IP addresses of the traffic are consistent with those defined in the rule that the firewall uses. If they are not consistent, modify the source and destination IP addresses in the rule.

2.     If the problem persists, contact H3C Support.

 


Troubleshooting load balancing

This section provides troubleshooting information for common load balancing problems.

Gateway-type load balancer state is not active

Symptom

A gateway-type load balancer remains in inactive state after it is created.

Solution

To resolve the problem:

1.     On the Network Service > Load Balancer page, verify that the load balancer has referenced a server pool. If no server pool is referenced, modify the load balancer configuration to specify a server pool for the load balancer.

2.     Verify that a vSubnet has been bound to the server pool referenced by the load balancer:

a.     On the Network Service > Load Balancer page, click the Pool tab.

b.     In the Operation column, click the  icon for the target server pool to view its details.

c.     If the server pool does not have any vSubnet bound to it, modify the server pool configuration to bind a vSubnet to the server pool.

3.     On the vNetwork > vRouter page, click the  icon in the Interface column for the target vSubnet to verify that the vSubnet bound to the server pool has been added to a vRouter. If the vSubnet is not added to a vRouter, add the vSubnet to a vRouter.

4.     If the problem persists, contact H3C Support.

Server pool state is not active

Symptom

A server pool remains in inactive state after it is created.

Solution

To resolve the problem:

1.     On the Network Service > Load Balancer page, verify that the server pool has been referenced by a load balancer. If the server pool is not referenced by a load balancer, specify a load balancer for the server pool.

2.     Verify that the load balancer that references the server pool is in active state. If the load balancer is not in active state, see "Gateway-type load balancer state is not active" to resolve the problem.

3.     If the problem persists, contact H3C Support.

Virtual server state is not active

Symptom

A virtual server remains in inactive state after it is created.

Solution

To resolve the problem:

1.     On the Network Service > Load Balancer page, click the VIP tab to verify that the virtual server has been associated with a server pool. If the virtual server is not associated with a server pool, modify the virtual server configuration to associate the virtual server with a server pool.

2.     Click the Pool tab to verify that the server pool associated with the virtual server is in active state. If the server pool is not active, see "Server pool state is not active" to resolve the problem.

3.     View server pool details to verify that the virtual server's IP address is within the vSubnet bound to the server pool. If the IP address is not within the vSubnet, modify the virtual server's IP address.

4.     On the vNetwork > vRouter page, click the  icon in the Interface column for the target vSubnet to verify that the vSubnet bound to the server pool has been added to a vRouter. If the vSubnet is not added to a vRouter, add the vSubnet to a vRouter.

5.     On the vNetwork > vRouter page, view the Bind to GW column to identify whether the vRouter has been bound to a gateway. If this column displays true, go to the next step. If this column displays false, bind a gateway to the vRouter.

6.     On the vNetwork > vRouter page, view the External network column to verify that the vRouter has been bound to any external network. If this column displays None, bind an external network to the vRouter.

7.     If the problem persists, contact H3C Support.

Empty member list

Symptom

The member list is empty when a member is added.

Solution

To resolve the problem:

1.     Verify that a vSubnet has been bound to the selected server pool:

a.     On the Network Service > Load Balancer page, click the Pool tab.

b.     In the Operation column, click the  icon for the target server pool to view its details.

c.     If the server pool does not have any vSubnet bound to it, modify the server pool configuration to bind a vSubnet to the server pool.

2.     On the vNetwork > vPort page, verify that a vSwitch-type vPort exists in the vSubnet. If no such a vPort exists, bring online a vSwitch-type vPort.

3.     If the problem persists, contact H3C Support.

Member state is not active

Symptom

A member remains in inactive state after it is created.

Solution

To resolve the problem:

1.     On the Network Service > Load Balancer page, click the Member tab to verify that the member has been associated with a server pool. If no server pool is associated, modify the member configuration to associate the member with a server pool.

2.     Click the Pool tab to verify that the server pool associated with the member is in active state. If the server pool is not active, see "Server pool state is not active" to resolve the problem.

3.     If the problem persists, contact H3C Support.

Health monitoring method state is not active

Symptom

A health monitoring method remains in inactive state after it is created.

Solution

To resolve the problem:

1.     On the Network Service > Load Balancer page, click the Pool tab to verify that the health monitoring method has been referenced by a server pool. If the health monitoring method is not referenced by a server pool, specify a server pool for the health monitoring method.

2.     Verify that the server pool that has referenced the health monitoring method is in active state. If the server pool is not active, see "Server pool state is not active" to resolve the problem.

3.     If the problem persists, contact H3C Support.

Gateway-type load balancer is active but does not take effect

Symptom

The gateway-type load balancer is active but does not take effect.

Solution

To resolve the problem:

1.     Verify that an OpenFlow connection has been established between the controller and the gateway resources:

a.     On the vNetwork > Tenant Manager page, locate gateway resources bound to the vRouter that corresponds to the load balancer.

b.     Select Monitor > Device Information.

c.     If the OpenFlow connection is not established, see "OpenFlow connection failure" to resolve the problem.

2.     On the Home > Overview page, click the region icon in the Controllers area to view the region details and verify that the gateway belongs to a region. If the gateway does not belong to a region, verify that a region has been created. If no region is created, create a region first.

3.     If the problem persists, contact H3C Support.


Troubleshooting service chains

This section provides troubleshooting information for common service chain problems.

Service chain state is not active

Symptom

After a service chain is created, its state is not Active.

Solution

To resolve the problem:

1.     Verify that all service instances for the service chain are bound to resources. If any service instance is not bound to a resource, modify the service instance configuration.

2.     If the problem persists, contact H3C Support.

A service chain is active but does not take effect

Symptom

A service chain is active but does not take effect.

Solution

To resolve the problem:

1.     Verify that the source and destination contexts of the service chain match the source and destination addresses of the traffic. If they do not match, modify the source and destination contexts of the service chain.

2.     Verify that the service instances of the service chain operate correctly. If they do not operate correctly, see the service instance troubleshooting guide.

3.     Verify that the flow tables of each device on the service chain path are correct. If any incorrect flow table is found, see "Flow entry deployment failure."

4.     If the problem persists, contact H3C Support.

 


Troubleshooting security policies

This section provides troubleshooting information for common security policy problems.

OpenFlow entry deployment failure for a host

Symptom

The controller cannot deploy a security policy OpenFlow entry for a host after the host comes online.

Solution

To resolve the problem:

1.     Verify that an OpenFlow connection is established between the OpenFlow device that the host is connected to and the controller. If no OpenFlow connection exists, see "OpenFlow connection failure."

2.     Verify that the ARP application is loaded. If the ARP application does not exist, load the ARP application.

3.     Verify that the Carrier Network application and the vNetwork application are unloaded. If the Carrier Network application and the vNetwork application exist, unload them.

4.     Verify that the user group and security policy are correctly configured. If the configuration is incorrect, modify the configuration.

5.     If the problem persists, contact the H3C Support.

OpenFlow entry deployment failure for a network interface

Symptom

The network interfaces between OpenFlow devices are in up state, but the controller cannot deploy network interface OpenFlow entries.

 

 

NOTE:

The network interface OpenFlow entries ensure that the packets that trigger host learning, such as ARP learning, are not forwarded to the controller.

 

Solution

To resolve the problem:

1.     Verify that an OpenFlow connection is established between the OpenFlow device that hosts are connected to and the controller. If no OpenFlow connection exists, see "OpenFlow connection failure."

2.     Verify that the OpenFlow device is correctly configured. If the configuration is incorrect, modify the configuration.

3.     Navigate to the Controller/System/Configurations page.

4.     On the Controller/System/Configurations page, verify that the learn.multihop.links key in the Link Manager area is set to true. If the key is set to false, change the value to true.

5.     On the Controller/System/Configurations page, verify that the timeout.links key in the Link Manager area is set to true. If the key is set to false, change the value to true.

6.     If the problem persists, contact the H3C Support.


Troubleshooting ZTP

This section provides troubleshooting information for common zero touch provisioning (ZTP) problems.

A network device cannot obtain an IP address from the DHCP server

Symptom

After a network device starts up, it fails to obtain an IP address from the DHCP server.

Solution

To resolve the problem:

1.     Verify that the network device and the controller can reach each other.

2.     Verify that the ZTP application is installed and the ZTP license is activated.

3.     Verify that you have configured the provisioning information for the network device.

4.     Verify that the provisioning is applied and takes effect.

5.     If the problem persists, contact H3C Support.

A network device cannot download the configuration file

Symptom

After the network device is assigned an IP address, it fails to download the configuration file.

Solution

To resolve the problem:

1.     Verify that the network device and the controller can reach each other.

2.     Verify that the configuration file exits on the file server.

?     If the local file server (the current controller) is used, verify that the configuration file is uploaded to the controller.

?     If a third-party file server is used, verify that the file server is enabled and the configuration file is uploaded to the server.

3.     If the problem persists, contact H3C Support.