This is a network lower layer configuration issue for fragmentation errors caused by MTU size set to high values. Reduce IP MTU size configuration for the SpectroSERVER- and the SDC-machine reconfigured to 1400 bytes. The default for Ethernet is 1500 bytes which is maybe causing trouble in case of using VPN/IPsec tunnels with additional encapsulation.
SPECTRUM SDM / SDC managed devices are not polled - intermittent condition appearing the SDM/SDC communication hangs
Secure Domain Manager model and also SDConnector models are not showing Events with that exception
all directly managed SPECTRUM devices are polled
creating a sniffer trace for the SDC instance does not show any ICMP and/or SNMP traffic to poll the network devices
In case lowering MTU to 1400 byte fixes the SDM/SDC hang condition. This is the proof that this is not a CA Spectrum product issue but related to native IP service configuration.
"netstat -s" command shows fragmentation error for the SDC-machine
Causes of this problem:
Enabling trace/debug via "sdm.config" from $SPECROOT/SDM - adding option "debug" shows in sdmLog.log:
Wed Sep 23 10:38:45 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:38:50 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:38:55 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:39:00 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Oct 7 15:37:39 2009 : WARNING: Endpoint 172.16.2.102 is shutting down after keepalive timeout
Wed Oct 7 15:37:39 2009 : WARNING: SdmEtpkiEndpoint::shutdownSocket() starting. IP=172.16.2.102, Thread=211
Wed Oct 7 15:37:40 2009 : WARNING: socket closed. IP=172.16.2.102, Thread=211
Wed Oct 7 15:37:40 2009 : WARNING: socket is invalid. IP=172.16.2.102, Thread=211
Checking the SpectroSERVER machine "netstat -s" IP statistics is fine at all showing no IP fragmentation and/or re-assembly or fragmentation lost data.
Checking the remote SDC machine "netstat -s" IP statistics shows huge number for IP counters for the fragmentation statistics.
Checking the SDM/SDC valid configuration will finally - when the SDM is started and the SDC is available - show a successful established TCP session to port 6844 for the SDM/SDC service port. Seeing a successful TCP session establishment is NOT a proof for full operational TCP communication.
Solaris "netstat -s" shows fragmentation parameter as follows:
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives =7236012 ipInHdrErrors = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
Windows "netstat -s" shows fragmentation parameter as follows:
Received Header Errors = 0
Received Address Errors = 11392
Received Packets Discarded = 46
Received Packets Delivered = 1375099
Routing Discards = 0
Reassembly Required = 50
Reassembly Successful = 25
Reassembly Failures = 0
Datagrams Successfully Fragmented = 14
Datagrams Failing Fragmentation = 0
Fragments Created = 28
(Legacy KB ID CNC TS33514 )