Applies To:Show Versions
- 15.0.0, 14.1.0
Troubleshooting the SFC Manager
Troubleshooting the SFC Manager
If you need to troubleshoot an issue with the SFC chain operation, you can:
- Check the status of service chain components
- Check the state of the chain as a whole (enabled or disabled)
- View statistics about the traffic traversing the chain
- View a table of tips for troubleshooting service function chaining issues
About status of service chain components
The SFC Manager shows the status of service chain components as colored shapes. This table shows each colored shape and explains its meaning.
- Green circle
- The device is available and active.
- Gray square - Ingress
- The associated interface is for ingress traffic.
- Gray square - Egress
- The associated interface is for egress traffic.
- Blue square
- The device status is either unavailable or has not yet been collected by the SFC Manager.
- Blue square - IP
- The SF is of type IP. Can also show type Pool or Virtual.
- Blue circle
- The device is available but is part of a Sync-Failover device group, and is in Standby mode
- Red diamond
- The device is offline.
View statistics for a service function or service chain
You can view statistics about the packets flowing through the service chain (SF). Using either a plain numerical display or a graphical display, you can view:
- The number of packets/bytes going in a forward direction (both in and out)
- The number of packets/bytes going in a reverse direction (both in and out)
You can view statistics per SF, per chain, or per hop for a chain.
- From the SFC Manager menu on the left side of the screen, select Statistics.
Click either Service Functions or Service Function Chains.
The screen for service functions or service function chains opens.
Modify the collection interval
By default, the SFC Manager collects statistics from classifiers and SFFs every 30 seconds. The default interval is 30 seconds. You can change this value to any number from 0 through 86400. Specifying a value of 0 suspends statistics collection altogether.
From the SFC Manager menu on the left side of
the screen, select Statistics.
The Settings screen opens.
- In the Collection Interval field, change the interval value.
- Click Reset Statistics.
Several actions are available for users to take to troubleshoot SFC Manager deployment issues.
|The configuration deployment fails.||
|The iAppLX instance does not appear after uploading the RPM.||
Note: Do not try to create the iAppLX instance by doing an iAppLX Create action from the template option. This operation does not work reliably.
|The iAppLX instance is in an error state (indicated by a red square next to the instance on the user interface screen).||Re-deploy the SFC Manager by clicking the
Undeploy and Deploy
buttons. If this succeeds, you have recovered from the failure
situation. If the iAppLX instance is not back to a green state:
Note: The previous steps do not delete the mcpd configuration that the SFC Manager created.
After doing the previous steps, use this REST API to clear the old configuration: https://mgmt_ip/mgmt/shared/sfc/manager/settings/cleanup.
|The SFC Manager displays an OUT_OF_SYNC message.||
These answers to frequently-asked questions might help you when configuring the BIG-IP system to function as a lightweight SFC Manager.
- Which BIG-IP platforms support the lightweight SFC Manager feature?
- The lightweight SFC Manager feature is available on any BIG-IP device (physical or virtual) running BIG-IP version 14.1 or later.
- What kinds of interfaces do I need for communication between a service function forwarder (SFF) and an associated service function (SF)?
- In a service chain configuration, any service function (SF) that is NSH-aware requires a minimum of single prerequisite VXLAN-GPE tunnel for ingress and egress communication with its associated SFF. A non-NSH-aware SF requires two prerequisite VLANs, one for ingress and one for egress communication.
- Do I need to create a VXLAN-GPE tunnel and a virtual server for communication between SFFs in the service chain?
- No. When you use the SFC Manager to create a service chain configuration, the BIG-IP system automatically creates the tunnel that the SFFs need to forward traffic to one another. As an option, you can tell the system to create a default Performance (Layer4) virtual server as well.
- What does a REST trust group contain?
- A REST trust group contains any BIG-IP devices that you designate as service nodes from within the SFC Manager.
- Where do service functions “live”?
- Any SF of type IP or Pool must reside on a device that’s separate from its associated SFF. Any SF of type Virtual must reside on its associated SFF.
- Can SFs reside on non-BIG-IP devices?
- Yes. You can configure SFs on any appropriate network device, not just BIG-IP devices.
- What if the BIG-IP SFC Manager is a member of a Sync-Failover device group for high availability?
- If the BIG-IP device that’s configured as an SFC Manager is a member of a high-availability Sync-Failover device group, only the configuration data that defines the SFC Manager itself is synced to all devices in the device group.
- What about data synchronization from the SFC Manager to other service nodes in the chain?
- Configuration data for classifiers and SFFs is propagated from the SFC Manager to the relevant service node only, at the time that the classifier or SFF is created. Unlike classifier and SFF data, any configuration data for service functions (SFs), such as an SF-to-SFF association, is not propagated to the SF, but is propagated only to the associated SFF.
- Can I configure a single service node in a service chain configuration to serve different functions?
- Yes. A single BIG-IP device can function as a classifier, an SFC Manager, and an SFF simultaneously. However, the configuration described in this document uses a separate BIG-IP device for the SFC Manager function.
- Can the SFC Manager configure network devices that will function as SFs?
- No. SFs in the service chain must already be configured with prerequisite network objects, such as tunnels or VLANs, before you use the SFC Manager to add the device as an SF to the service chain. For more information, see the list of prerequisite tasks in this document.
- Can I modify a service chain object after I’ve created it?
- No. In general, you cannot modify a service chain object after it’s created.
- Can a classifier include more than one PEM classifier policy?
- Yes, a classifier in a service chain can include multiple policies, each with a set of rules.