SPECTRUM SDM/SDC managed devices are not polled anymore (Legacy KB ID CNC TS33514 )

Document ID : KB000051866
Last Modified Date : 14/02/2018
Show Technical Document Details
This is a network lower layer configuration issue for fragmentation errors caused by MTU size set to high values. Reduce IP MTU size configuration for the SpectroSERVER- and the SDC-machine reconfigured to 1400 bytes. The default for Ethernet is 1500 bytes which is maybe causing trouble in case of using VPN/IPsec tunnels with additional encapsulation.

Related Issues/Questions:
SPECTRUM SDM / SDC managed devices are not polled - intermittent condition appearing the SDM/SDC communication hangs

Problem Environment:
Spectrum 09.00.00
spectrum 09.01.00
Secure Domain Manager model and also SDConnector models are not showing Events with that exception
all directly managed SPECTRUM devices are polled
creating a sniffer trace for the SDC instance does not show any ICMP and/or SNMP traffic to poll the network devices
In case lowering MTU to 1400 byte fixes the SDM/SDC hang condition. This is the proof that this is not a CA Spectrum product issue but related to native IP service configuration.
"netstat -s" command shows fragmentation error for the SDC-machine

Causes of this problem:
Enabling trace/debug via "sdm.config" from $SPECROOT/SDM - adding option "debug" shows in sdmLog.log:

Wed Sep 23 10:38:45 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:38:50 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:38:55 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99
Wed Sep 23 10:39:00 2009 : WARNING: SdmEtpkiConnectEndpoint run() ssock_handshake error. IP=172.16.2.102, Port=6844, Thread=99

and/also:
Wed Oct  7 15:37:39 2009 : WARNING: Endpoint 172.16.2.102 is shutting down after keepalive timeout
Wed Oct  7 15:37:39 2009 : WARNING: SdmEtpkiEndpoint::shutdownSocket() starting. IP=172.16.2.102, Thread=211
Wed Oct  7 15:37:40 2009 : WARNING:  socket closed. IP=172.16.2.102, Thread=211
Wed Oct  7 15:37:40 2009 : WARNING:  socket is invalid. IP=172.16.2.102, Thread=211
Checking the SpectroSERVER machine "netstat -s" IP statistics is fine at all showing no IP fragmentation and/or re-assembly or fragmentation lost data.
Checking the remote SDC machine "netstat -s" IP statistics shows huge number for IP counters for the fragmentation statistics.

Additional Information:
Checking the SDM/SDC valid configuration will finally - when the SDM is started and the SDC is available - show a successful established TCP session to port 6844 for the SDM/SDC service port. Seeing a successful TCP session establishment is NOT a proof for full operational TCP communication.
Solaris "netstat -s" shows fragmentation parameter as follows:



IPv4    ipForwarding        =     2     ipDefaultTTL        =   255
        ipInReceives        =7236012    ipInHdrErrors       =     0
        ipReasmOKs          =     0     ipReasmFails        =     0
        ipReasmDuplicates   =     0     ipReasmPartDups     =     0

        ipFragOKs           =     0     ipFragFails         =     0
        ipFragCreates       =     0     ipRoutingDiscards   =     0


Windows "netstat -s" shows fragmentation parameter as follows:

IPv4 Statistics

  Received Header Errors             = 0
  Received Address Errors            = 11392
  Received Packets Discarded         = 46
  Received Packets Delivered         = 1375099
  Routing Discards                   = 0
  Reassembly Required                = 50
  Reassembly Successful              = 25
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 14
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 28




(Legacy KB ID CNC TS33514 )