Introduction to Cisco Firepower eXtensible Operating System Faults

This chapter provides an overview of Cisco Firepower eXtensible Operating System faults. This chapter contains the following sections:

Overview of Faults

This section includes the following topics:

About Faults in FXOS

A fault is a mutable object that is managed by the Cisco Firepower eXtensible Operating System. Each fault represents a failure or an alarm threshold that has been raised. During the lifecycle of a fault, it can change from one state or severity to another.

Each fault includes information about the operational state of the affected object at the time the fault was raised. If the fault is transitional and the failure is resolved, then the object transitions to a functional state.

A fault remains in FXOS until the fault is cleared and deleted according to the settings in the fault collection policy.

You can view all faults from either the FXOS CLI or the Firepower Chassis Manager. You can also configure the fault collection policy to determine how a FXOS instance collects and retains faults.


Note All Cisco Firepower eXtensible Operating System faults can be trapped by SNMP.


Fault Severities

A fault can transition through more than one severity during its lifecycle. Table 1-1 describes the possible fault severities in alphabetical order.

 

Table 1-1 Fault Severities in FXOS

Severity
Description

Cleared

A notification that the condition that caused the fault has been resolved, and the fault has been cleared.

Condition

An informational message about a condition, possibly independently insignificant.

Critical

A service-affecting condition that requires immediate corrective action. For example, this severity could indicate that the managed object is out of service and its capability must be restored.

Info

A basic notification or informational message, possibly independently insignificant.

Major

A service-affecting condition that requires urgent corrective action. For example, this severity could indicate a severe degradation in the capability of the managed object and that its full capability must be restored.

Minor

A non-service-affecting fault condition that requires corrective action to prevent a more serious fault from occurring. For example, this severity could indicate that the detected alarm condition is not currently degrading the capacity of the managed object.

Warning

A potential or impending service-affecting fault that currently has no significant effects in the system. Action should be taken to further diagnose, if necessary, and correct the problem to prevent it from becoming a more serious service-affecting fault.

Fault Types

A fault can be one of the types described in Table 1-2 .

 

Table 1-2 Types of Faults in FXOS

Type
Description

fsm

An FSM task has failed to complete successfully, or the FXOS is retrying one of the stages of the FSM.

equipment

FXOS has detected that a physical component is inoperable or has another functional issue.

server

FXOS is unable to complete a server task, such as associating a service profile with a server.

configuration

FXOS is unable to successfully configure a component.

environment

FXOS has detected a power problem, thermal problem, voltage problem, or a loss of CMOS settings.

management

FXOS has detected a serious management issue, such as one of the following:

  • Critical services could not be started.
  • The primary switch could not be identified.
  • Components in the instance include incompatible firmware versions.

connectivity

FXOS has detected a connectivity problem, such as an unreachable adapter.

network

FXOS has detected a network issue, such as a link down.

operational

FXOS has detected an operational problem, such as a log capacity issue or a failed server discovery.

Properties of Faults

FXOS provides detailed information about each fault raised on the security appliance. Table 1-3 describes the fault properties that can be viewed in the FXOS CLI or the Firepower Chassis Manager.

 

Table 1-3 Fault Properties

Property Name
Description

Severity

The current severity level of the fault. This can be any of the severities described in Table 1-1.

Last Transition

The day and time on which the severity for the fault last changed. If the severity has not changed since the fault was raised, this property displays the original creation date.

Affected Object

The component that is affected by the condition that raised the fault.

Description

The description of the fault.

ID

The unique identifier assigned to the fault.

Status

Additional information about the fault state. This can be any of the states described in Table 1-4.

Type

The type of fault that has been raised. This can be any of the types described in Table 1-2.

Cause

The unique identifier associated with the condition that caused the fault.

Created at

The day and time when the fault occurred.

Code

The unique identifier assigned to the fault.

Number of Occurrences

The number of times the event that raised the fault occurred.

Original Severity

The severity assigned to the fault on the first time that it occurred.

Previous Severity

If the severity has changed, this is the previous severity.

Highest Severity

The highest severity encountered for this issue.

Lifecycle of Faults

FXOS faults are stateful, and a fault transitions through more than one state during its lifecycle. In addition, only one instance of a given fault can exist on each object. If the same fault occurs a second time, FXOS increases the number of occurrences by one.

A fault has the following lifecycle:

1. A condition occurs in the system and FXOS raises a fault in the active state.

2. If the fault is alleviated within a short period of time know as the flap interval, the fault severity remains at its original active value but the fault enters the soaking state. The soaking state indicates that the condition that raised the fault has cleared, but the system is waiting to see whether the fault condition reoccurs.

3. If the condition reoccurs during the flap interval, the fault enters the flapping state. Flapping occurs when a fault is raised and cleared several times in rapid succession. If the condition does not reoccur during the flap interval, the fault is cleared.

4. Once cleared, the fault enters the retention interval. This interval ensures that the fault reaches the attention of an administrator even if the condition that caused the fault has been alleviated, and that the fault is not deleted prematurely. The retention interval retains the cleared fault for the length of time specified in the fault collection policy.

5. If the condition reoccurs during the retention interval, the fault returns to the active state. If the condition does not reoccur, the fault is deleted.

When a fault is active, the additional lifecycle state information listed in Table 1-4 may be provided in the Status field of the fault notification.

 

Table 1-4 Fault Lifecycle States

State
Description

Soaking

A fault was raised and then cleared within a short time known as the flap interval. Since this may be a flapping condition, the fault severity remains at its original active value, but this state indicates that the condition that raised the fault has cleared.

If the fault does not reoccur, the fault moves into the cleared state. Otherwise, the fault moves into the flapping state.

Flapping

A fault was raised, cleared, and then raised again within a short time known as the flap interval.

Fault Collection Policy

The fault collection policy controls the lifecycle of a fault, including the length of time that each fault remains in the flapping and retention intervals.

Faults in Cisco Firepower eXtensible Operating System

This section includes the following topics:

Faults in Firepower Chassis Manager

To view the faults for all objects in the system, navigate to the Overview page in the Firepower Chassis Manager. Each fault severity is represented by a different icon. Above the fault listing you can see how many critical and major faults have occurred in the system. When you double-click a specific fault, Firepower Chassis Manager opens the Faults Properties dialog box and displays details for that fault.

Faults in FXOS CLI

If you want to view the faults for all objects in the system, at the top-level scope, enter the show fault command. If you want to view faults for a specific object, scope to that object and then enter the show fault command.

If you want to view all of the available details about a fault, enter the show fault detail command.

Overview of the Finite State Machine

This section includes the following topics:

About the Finite State Machine in Cisco Firepower eXtensible Operating System

A finite state machine (FSM) is a workflow model, similar to a flow chart, that is composed of the following:

  • Finite number of stages (states)
  • Transitions between those stages
  • Operations

The current stage in the FSM is determined by past stages and the operations performed to transition between the stages. A transition from one stage to another stage is dependent on the success or failure of an operation.

FXOS uses FSM tasks that run in the Data Management Engine (DME) to manage end points in the Firepower object model, including the following:

  • Physical components (chassis, I/O module, servers)
  • Logical components (LAN cloud, policies)
  • Workflows (server discovery, service profile management, downloads, upgrades, backups)

The DME manages the FSM stages and transition, and instructs the Application Gateway (AG) to perform operations on the managed end points. Therefore, each stage can be considered to be an interaction between the DME, the AG, and the managed end point. The AGs do the real work of interacting with managed end points.

When all of the FSM stages have run successfully, the FXOS considers that the FSM operation is successful.

If the FSM encounters an error or a timeout at a stage, the FSM retries that stage at scheduled intervals. When the retry count has been reached for that stage, the FSM stops and the FXOS declares that the change has failed. If an FSM task fails, the FXOS raises the appropriate faults and alarms.

Multiple FSM tasks can be associated to an end point. However, only one FSM task at a time can run. Additional FSM tasks for the same end point are placed in a queue and are scheduled to be run when the previous FSM task is either successfully completed or the task fails.

You can view the FSM details for a particular end point to determine if a task succeeded or failed. You can also use the FSM to troubleshoot any failures.

FSM Stage Names

The FSM stage names are constructed using the following notation

Fsm ObjectWorkflowOperationWhere-is-it-executed

where:

  • Object is the object that the FSM is running, such as the Blade or Chassis.
  • Workflow is the overall task being performed by the FSM, such as Discover or Association.
  • Operation is the task being performed at a particular stage, such as Pnuos-Config.
  • Where-is-it-executed is generally “”, or “A” or “B” or “Local” or “Peer”. If this is not specified, it is executed on the managingInst node.

Each FSM stage name has a prefix that identifies the FSM and a suffix that identifies a stage within the FSM. The prefix notation is Fsm ObjectWorkflow and the suffix notation is OperationWhere-is-it-executed. For example, if the FSM name is FsmComputeBladeDiscoverBmcInventory :

  • The prefix is FsmComputeBladeDiscover
  • The suffix is BmcInventory

FSM in Cisco Firepower eXtensible Operating System

The FXOS CLI can display the FSM information for an end point when you are in the command mode for that end point.

Enter the show fsm status command in the appropriate mode to view the current FSM task for an end point. The information displayed about a current FSM task in the CLI is static. You must re-enter the command to see the progress updates. The following example displays the information about the current FSM task for the server in chassis 1, slot 6:

Firepower# scope server 1/1
Firepower /chassis/server # show fsm status
Slot: 1
Server: sys/chassis-1/blade-1
FSM 1:
Remote Result: Not Applicable
Remote Error Code: None
Remote Error Description:
Status: Discover Blade Boot Wait
Previous Status: Discover Blade Boot Wait
Timestamp: 2006-01-26T23:31:36
Try: 0
Flags: 0
Progress (%): 33
Current Task: Waiting for system reset on server 1/1 (FSM-STAGE:sam:dme:ComputeBladeDiscover:BladeBootWait)
 

Enter the show fsm task command in the appropriate mode to view all of the pending tasks in the FSM queue. The following example displays the FSM task queue for chassis 1, slot 1:

Firepower# scope server 1/1
Firepower /chassis/server # show fsm task
 
FSM Task:
Item ID Completion FSM Flags
---------------- -------- ------------ ---------
Powercycle 1154858 Scheduled
BiosRecovery 1154860 Scheduled