Not Seeing Traffic. Is the issue on the MTP or TIM side?

Document ID : KB000030050
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This is a re-look at several information sources into a useful framework

 

Issue:

Not seeing Traffic. Is the issue on the APM CE or MTP side?

 

Solution:

This is covered in several documents:

 

Overall:

https://communities.ca.com/message/101176523#101176523  -- Tuesday Tip on this topic.

For TIM :

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec618283.aspx  -- Seven Mysteries of TIM Communications

For MTP:

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec606476.aspx  -- Why is MTP not seeing traffic

 

You need to decide which approach to use:

 

Approach #1:  Start from the TIM and work backwards.

Key steps are:

- Are the web servers filtering out the traffic?

- Are there issues with SSL private keys decoding?

- Are connections and HTTP requests/responses showing up for the monitored servers in the TIM log?

 

Approach #2 : Start from the MTP and work forwards

Key steps are:

- Review the Analysis Tab and see if there are greater than zero packets from the specified server, and a graph.

 

Notes:

- Network traffic quality will cause various issues in TIM/MTP Processing

- Both MTP and TIM expect two way traffic. If this is not the case, there is no analysis graph on the MTP side and nothing in the TIM log on the TIM side.

- Look at the /opt/NetQoS/logs/nqnapacapd_YYYYMMDD.log files to see if MTP hardware filter or TIM web server is filtering traffic:

 

  

08:42:52  TIM Feed=0 Packets: Captured=63103, Filtered-Color=59772, Filtered-WS=0,Forwarded=3331, Dropped-Card=0, Dropped-Disk=0, Dropped-Truncated=0, NoExtHdr=0

 

where

 

Captured:  number of packets received on that logical port.

 

 Filtered-Color: number of packets filtered out (dropped) because they did not pass a full-packets hardware filter.

 

 Filtered-WS:  number of packets filtered out (dropped) because they did not pass TIM Web Server filter.

 

 Forwarded:  number of packets forwarded to TIM (written out to /nqtmp/tim).

 

Dropped-Card:  number of packets dropped by Napatech card (hardware counter)

 

Dropped-Disk:  number of packets dropped because /nqtmp/tim is full.

 

Dropped-Truncated:  number of packets dropped because less then full packet transmitted.

 

NoExtHdr – number of packets with no Napatech extension header; should always be zero.

 

- Nqmetricd logs counters every 5 minutes tracking some overall totals for Packets, Sessions and Transactions every 5 minutes. In some cases, these totals can indicate if there are issues with the traffic being processed that is impacting performance:

 

00:00:02  Debug Counters Feed  1 Thread  8
        Sessions: 1,719,994,642 Transactions: 67,148,410,927 Packets: 130,856,524,894 OOO Packets: 15,027
        Closed sessions - Regular: 1,719,902,523 Timed out: 91,885 Cleanups: Trans=0, SeqBlock=0
        Active sessions: 28,473 (Max 250,000)
        Ignored for quota: 0 Exported packets: 0

 

The first line indicates the total number of TCP Sessions, Transactions, Packets and Out-of-Order Packets that have been seen since on the Logical Port since Daemon startup. If the number of Transactions is low with respect to the Session count, or there is a high rate of OOO Packets, this could indicate there are issues with the incoming traffic that are affecting proper calculation of Transaction Metrics.