Manual Chapter : Troubleshooting the SFC Manager

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 15.0.1, 15.0.0, 14.1.2, 14.1.0
Manual Chapter

Troubleshooting the SFC Manager

Troubleshooting the SFC Manager

If you need to troubleshoot an issue with the SFC chain operation, you can:

  • Check the status of service chain components
  • Check the state of the chain as a whole (enabled or disabled)
  • View statistics about the traffic traversing the chain
  • View a table of tips for troubleshooting service function chaining issues

About status of service chain components

The SFC Manager shows the status of service chain components as colored shapes. This table shows each colored shape and explains its meaning.

Green circle
The device is available and active.
Gray square - Ingress
The associated interface is for ingress traffic.
Gray square - Egress
The associated interface is for egress traffic.
Blue square
The device status is either unavailable or has not yet been collected by the SFC Manager.
Blue square - IP
The SF is of type IP. Can also show type Pool or Virtual.
Blue circle
The device is available but is part of a Sync-Failover device group, and is in Standby mode
Red diamond
The device is offline.

View statistics for a service function or service chain

You can view statistics about the packets flowing through the service chain (SF). Using either a plain numerical display or a graphical display, you can view:

  • The number of packets/bytes going in a forward direction (both in and out)
  • The number of packets/bytes going in a reverse direction (both in and out)

You can view statistics per SF, per chain, or per hop for a chain.

  1. From the SFC Manager menu on the left side of the screen, select Statistics.
  2. Click either Service Functions or Service Function Chains.
    The screen for service functions or service function chains opens.

Modify the collection interval

By default, the SFC Manager collects statistics from classifiers and SFFs every 30 seconds. The default interval is 30 seconds. You can change this value to any number from 0 through 86400. Specifying a value of 0 suspends statistics collection altogether.

  1. From the SFC Manager menu on the left side of the screen, select Statistics.
    The Settings screen opens.
  2. In the Collection Interval field, change the interval value.
  3. Click Reset Statistics.
After you reset the interval, the SFC Manager begins collecting statistics at the new interval.

Troubleshooting tips

Several actions are available for users to take to troubleshoot SFC Manager deployment issues.

Issue Actions
The configuration deployment fails.
  1. View the error message displayed in the user interface.
  2. Review the log files /var/log/restnoded/restnoded.log and /var/log/restjavad.0.log
  3. If the above steps fail, try these recovery steps:
    • If the problem is a timeout issue, retry the same operation.
    • If the problem is due to the existence of the object you are creating, delete the MCP object from TMSH and retry.
    • If the problem is an iAppLX block state issue, the timeout might have occurred before the block reached its default (BOUND) state.
    • If the configuration is not already created, retry the operation.
The iAppLX instance does not appear after uploading the RPM.
  1. Wait 2 to 3 minutes.
  2. If the instance is still not visible, delete the RPM and upload it again. The SFC Manager iAppLX instance is created automatically during RPM upload.
Note: Do not try to create the iAppLX instance by doing an iAppLX Create action from the template option. This operation does not work reliably.
The iAppLX instance is in an error state (indicated by a red square next to the instance on the user interface screen). Re-deploy the SFC Manager by clicking the Undeploy and Deploy buttons. If this succeeds, you have recovered from the failure situation. If the iAppLX instance is not back to a green state:
  1. Run the command bigstart restart restjavad restnoded at a BIG-IP system prompt.
  2. Try re-deploying the iAppLX instance if it is not already back to a green state. If this succeeds, you have recovered from the failure situation. If a re-deploy or undeploy action fails, take these actions:
    • Select the deployed iAppLX instance from the list and delete the application.
      Note: Deleting the iAppLX instance deletes its REST data.
    • Delete the RPM and re-upload the RPM.
    • If these recovery steps do not work, you might need to clean up the REST storage by running the command clear-rest-storage using the BIG-IP command-line interface. This clears the REST data of any other iAppLX instance that might exist on the device.
Note: The previous steps do not delete the mcpd configuration that the SFC Manager created.

After doing the previous steps, use this REST API to clear the old configuration: https://mgmt_ip/mgmt/shared/sfc/manager/settings/cleanup.

The SFC Manager displays an OUT_OF_SYNC message.
  1. Compare the oldConfig data and the newConfig data to find the differences. oldConfig represents the data held by the SFC Manager, and newConfig represents the mcpd configuration. To access oldConfig and newConfig data, visit the site https://mgmt_ip/mgmt/shared/sfc/manager/settings/config-status.
  2. Use the appropriate TMSH commands or the graphical user interface to modify/re-create the mcpd configuration that matches the SFC Manager data.
  3. Wait x seconds, where x = the audit interval set by the user. The SFC Manager should then recover and no longer display the OUT_OF_SYNC error message.

Frequently-asked Questions

These answers to frequently-asked questions might help you when configuring the BIG-IP system to function as a lightweight SFC Manager.

Which BIG-IP platforms support the lightweight SFC Manager feature?
The lightweight SFC Manager feature is available on any BIG-IP device (physical or virtual) running BIG-IP version 14.1 or later.
What kinds of interfaces do I need for communication between a service function forwarder (SFF) and an associated service function (SF)?
In a service chain configuration, any service function (SF) that is NSH-aware requires a minimum of single prerequisite VXLAN-GPE tunnel for ingress and egress communication with its associated SFF. A non-NSH-aware SF requires two prerequisite VLANs, one for ingress and one for egress communication.
Do I need to create a VXLAN-GPE tunnel and a virtual server for communication between SFFs in the service chain?
No. When you use the SFC Manager to create a service chain configuration, the BIG-IP system automatically creates the tunnel that the SFFs need to forward traffic to one another. As an option, you can tell the system to create a default Performance (Layer4) virtual server as well.
What does a REST trust group contain?
A REST trust group contains any BIG-IP devices that you designate as service nodes from within the SFC Manager.
Where do service functions “live”?
Any SF of type IP or Pool must reside on a device that’s separate from its associated SFF. Any SF of type Virtual must reside on its associated SFF.
Can SFs reside on non-BIG-IP devices?
Yes. You can configure SFs on any appropriate network device, not just BIG-IP devices.
What if the BIG-IP SFC Manager is a member of a Sync-Failover device group for high availability?
If the BIG-IP device that’s configured as an SFC Manager is a member of a high-availability Sync-Failover device group, only the configuration data that defines the SFC Manager itself is synced to all devices in the device group.
What about data synchronization from the SFC Manager to other service nodes in the chain?
Configuration data for classifiers and SFFs is propagated from the SFC Manager to the relevant service node only, at the time that the classifier or SFF is created. Unlike classifier and SFF data, any configuration data for service functions (SFs), such as an SF-to-SFF association, is not propagated to the SF, but is propagated only to the associated SFF.
Can I configure a single service node in a service chain configuration to serve different functions?
Yes. A single BIG-IP device can function as a classifier, an SFC Manager, and an SFF simultaneously. However, the configuration described in this document uses a separate BIG-IP device for the SFC Manager function.
Can the SFC Manager configure network devices that will function as SFs?
No. SFs in the service chain must already be configured with prerequisite network objects, such as tunnels or VLANs, before you use the SFC Manager to add the device as an SF to the service chain. For more information, see the list of prerequisite tasks in this document.
Can I modify a service chain object after I’ve created it?
No. In general, you cannot modify a service chain object after it’s created.
Can a classifier include more than one PEM classifier policy?
Yes, a classifier in a service chain can include multiple policies, each with a set of rules.