Table Of Contents
Troubleshooting Config-Sync Issues
Commit Failure
Command Parsing Failed
Verify failed
Commands that failed commit
Another session in progress
Import Failure
Failed to collect running-config
Command does not exist in global-db
Mutual exclusion check failed on peer
Merge Failure
First time merge failure
Merge after peers that were in sync previously
Merge after reload
Switch-profile Deletion Failure
Application failure
Failure from dependent commands
Application does not respond
Verify Failure
Mutual exclusion check under local information
Mutual exclusion check under peer information
Rollback/ISSU in progress
Global-db modification in progress
Peer unable to accept lock request
Troubleshooting Config-Sync Issues
This chapter describes how to identify and resolve problems that can occur with config-sync in the Cisco Nexus 5000 Series switch.
This chapter includes the following sections:
•Commit Failure
•Import Failure
•Merge Failure
•Switch-profile Deletion Failure
•Verify Failure
Commit Failure
Use the show switch-profile status commit command to view commit status.
Commit failure has many possible causes:
•Command Parsing Failed
•Verify failed
•Commands that failed commit
•Another session in progress
Note When a commit fails, commands that were entered under SP are still stored in the SP buffer. Do not configure these commands under SP again. After correcting the cause of the failure, only the commit needs to be executed.
Command Parsing Failed
Possible Cause
Appropriate conditional feature(s) are not enabled.
Solution
Ensure that appropriate conditional feature(s) are enabled.
This error message indicates that some feature commands have not been configured. Feature commands are not allowed to be configured within SP and have to be configured on BOTH peers from conf-t.
Verify failed
Possible Cause
The commands listed failed mutual-exclusion checks. These commands have already been configured under conf-t.
Solution
If you do not want these commands synchronized, remove the commands from conf-t.
Alternatively, delete these commands from the switch-profile buffer and reissue the commit.
To delete commands from the switch-profile buffer, perform the following:
•View commands in the SP buffer using the show switch-profile buffer command.
•Delete commands indicated by the sequence numbers with the buffer delete <range> command.
•Use the buffer-move <seq id> <seq id> command to rearrange commands in the buffer.
This is command is useful when commands in the buffer are not ordered correctly.
Commands that failed commit
Possible Cause
Commands failed during commit.
Solution
Correct the reason for the failure and re-issue the commit.
If the commit continues to fail, issue the same command from conf-t. If it succeeds from conf-t, check for any errors relating to the command using the show system internal csm info trace command.
For every command executed from config-sync, there is a csm_cmd_status[0x0] line in the trace log that indicates that the command was successful.
Another session in progress
Possible Cause
Conflict occurs if conf-t or config-sync has taken a lock.
Solution
Compare the vPC domain IDs of the two switches and ensure that they match.
Use the show system internal csm global info command to check whether conf-t or config-sync has taken a lock.
•If conf-t has taken a lock and not released it, command output, similar to the following example, is displayed.
Note The client type should be set to 2 as shown in the example.
Example:
No of sessions: 1 (Max: 32)
Total number of commands: 0 (Max: 102400)
Session Database Lock Info: Locked
Client: 2 (1: SSN, 2: CONF-T)
Ref count: zero-based ref-count
Lock acquired for cmd : some-command
–Identify the command that acquired the lock using the show accounting log command.
–After identifying the command, check for its SUCCESS/FAILURE status.
–If the command did not return a status, then config-sync would not release the lock on conf-t.
–Use the test csm ssn-db-lock reset conf-t command to reset the lock.
•If switch-profile has taken the lock, the client id is reported as 1 in the show system internal csm global info command.
–Use the show switch-profile status command to determine if a merge is in progress.
A merge is indicated by pending_merge:1 /rcvd_merge:1.
–If a merge/verify/commit session is already in progress, then sp ssn-db is locked.
Wait for the current session to complete and try again.
–If the lock is not released, use the show cfs lock command to determine if the CFS fabric is locked.
Identify the application that locked CFS. If the application is session-manager, then the CFS lock was taken by config-sync.
Analyze the output from the show system internal csm info trace, show cfs internal notification log name session-mgr, and show cfs commands.
•Use the show system internal csm info trace command to view the events, trace, or error debug traces.
Import Failure
Use the show switch-profile status command to view import status.
Import failure has many possible causes:
•Failed to collect running-config
•Command does not exist in global-db
•Mutual exclusion check failed on peer
The following describes import options and best practices.
Table 1-1 Import Options
Type
|
Description
|
import
|
Enables import mode. Manually enter configuration and then commit to move the configuration into SP.
|
import running-config
|
Imports all SP-aware configurations from the running-config into SP. Use the buffer-move and buffer-delete commands to remove commands not to be synced and then commit the configurations.
|
import interface <interface-range>
|
Imports running configurations for specified interfaces. Used to only import configurations of interfaces and not global configurations.
|
import running-config exclude-phy-interface
|
Imports only global and logical interfaces, not physical interface configurations.
|
Import best practices
•The import option is used when the system is already configured and you want to bring in an existing configuration within the switch-profile and sync it with the peer.
•When VPC peer switches are already configured, the import operation is performed on both switches independently. The user must verify that the configurations are the same under SP on peer switches and then add the sync-peer command to the configuration.
If the configurations are different within the SP when the sync-peer command is added, a merge failure occurs. Use the show switch-profile status command and determine which configurations failed to merge.
•If one of a pair of VPC switches was previously configured and the other switch was RMA'ed , then the switch-profile is created on both switches using the sync-peer command.
This means that the configuration from the previously configured switch is imported and committed on the other switch. Also the configurations from the previously configured switch are moved from the global-db to the database of the switch-profile.
Failed to collect running-config
Possible Cause
Failure occurs if the system is too busy and the show running command did not complete.
Solution
Determine if a system resource utilization problem exists. Correct the problem and retry the operation.
Command does not exist in global-db
Possible Cause
Command is missing from the global-db.
Solution
Use the show system internal csm info global-db cmd-tbl command to determine if the command exists in the global_db.
•If the command exists in the global_db, it is possible that there is not enough space in the show run for the command. Ensure that there are no trailing space/tabs in show running config generation.
•If the command does not exist in the global_db, use the show accounting log command to determine if the command was configured and to display the status of the command.
–If the command status was a failure, then the command should not be displayed in show running.
–If the command is displayed, then the application should correct it.
•If the command was configured before reload/issu, add the command back. If the accounting log shows the command's retval as success, determine if the command is getting added to the global-db.
–If the command was added correctly, copy r s, check global-db reload, and check if the command exists in the global-db.
–If the command does not exist in the global-db, then the issue might be that the command is not showing up in show running on boot up.
–If the command does not exist in the global_db, investigate the csm_save_global_command function. The csm_save_global_command function is where the command gets added to the global_db
Mutual exclusion check failed on peer
Possible Cause
The imported configuration is sent to the peer. However, if the configuration is already configured on the peer outside of SP, then the import fails the mutual exclusion check on the peer.
Solution
Remove the failed commands from conf-t on the peer and then retry import verify/commit.
Use the show system internal csm info trace command for further investigation to look at events, trace, or error messages.
Merge Failure
A merge between peers happens when a peer becomes reachable.
A merge is initiated when CFS sends a peer add for the peer or if the peer is already reachable. Configuring the sync-peer command starts the merge session.
Note For a merge to succeed, the configuration in the switch-profile on both peers must match exactly.
Merge failure has many possible causes:
•First time merge failure
•Merge after peers that were in sync previously
•Merge after reload
Note Use the show system internal csm info trace command to view events, trace, and error messages.
First time merge failure
Possible Cause
When peer switches are trying to synchronize configurations, the merge might fail when validating received configurations.
Solution
Use the show switch-profile status command to view which commands failed validation.
This implies that the commands on both the switches are configured differently.
Perform the following to correct the configurations:
•Remove the sync-peers destination command from the switch-profile.
•Use the show running switch-profile command on both peers to ensure that the configuration is exactly the same under switch-profile.
•Add back the sync-peers destination command to the switch-profile.
•Reissue the commit.
Merge after peers that were in sync previously
Possible Cause
If peers were in sync and connectivity was lost, and conflicting configuration changes were made on the switches, then the merge would fail.
Solution
Use the show switch-profile status command to view which commands failed the merge.
Correct the configurations and reissue the commit from the peer with the corrected configuration.
Merge after reload
Possible Cause
After a switch is reloaded, it sends its switch-profile configuration to the peer. If there was a configuration change done under SP for the peer that was not reloaded, then the merge fails.
Solution
Use the show switch-profile status command to view which commands failed the merge.
Correct the configurations and reissue the commit.
Switch-profile Deletion Failure
A rollback is used to delete the configurations during a switch-profile deletion.
Note To check for commands that failed deletion, use the show switch-profile status commit command to view the status. Alternatively, use the show switch-profile session-history command by matching the session based on the timestamp/session type.
Switch-profile deletion failure has many possible causes:
•Application failure
•Failure from dependent commands
•Application does not respond
Other known switch-profile deletion issues:
•Rollback fails with "Deletion of switch profile failed" message (CSCti97003)
•Port-channel interface not deleted on switch-profile delete (CSCtf17697)
Application failure
Possible Cause
Switch-profile deletion failure might be that the application failed the command. It is possible that the configuration is deleted out of order.
The switch-profile does not order configurations as displayed in the show run output. There might be out of sequence issues that occur during the deletion of the switch-profile.
Solution
Use the resequence-database command in the conf-sync mode to resequence the commands in SP in the order that the commands appear in show running. After resequencing the commands, reissue the delete.
Failure from dependent commands
Possible Cause
Switch-profile deletion failure results from dependent commands in conf-t mode.
If a command inside SP is referenced by another command outside of SP and the first command inside SP is deleted, then failure occurs because the command outside of SP still references it.
Solution
Correct the commands, references, and reissue the delete.
Application does not respond
Possible Cause
The deletion fails because the application does not respond due to the application owning the command.
Solution
Correct the commands and reissue the delete.
Verify Failure
Verify failure has many possible causes:
•Mutual exclusion check under local information
•Mutual exclusion check under peer information
•Rollback/ISSU in progress
•Global-db modification in progress
•Peer unable to accept lock request
Note Use the show switch-profile status command to view messages about the failure.
Note Determine if the failure is on local/peer side by looking at whether the error is listed under local error(s)/ peer error(s) or both.
Note Use the show system internal csm info trace command to view events, trace, and error messages.
Mutual exclusion check under local information
Possible Cause
Command failed mutual-exclusion check under local information because the command has already been configured from conf-t.
Solution
Delete the command from conf-t mode and run verify from config-sync mode.
Mutual exclusion check under peer information
Possible Cause
Command failed mutual-exclusion check under peer information because the command has already been configured from conf-t on the peer.
Solution
Delete the command from conf-t mode on the peer and run verify from config-sync mode.
Rollback/ISSU in progress
Possible Cause
Verify cannot be performed when rollback/ISSU is in progress.
Solution
Stop rollback or wait for it to complete and run verify.
Global-db modification in progress
Possible Cause
Verify cannot be performed when global-db is being updated on the local/peer side.
Solution
Wait for the update to complete and run verify.
Peer unable to accept lock request
Possible Cause
Verify cannot be performed when the peer is unable to accept the lock request.
Solution
The peer is handling a transaction and cannot accept a lock request. Run verify at a later time.
Use the show switch-profile status command to determine if there is an ongoing transaction.
If the peer remains in the same state for a long time, use the show cfs lock command to determine if the CFS fabric has been locked.
Also check the application that has taken the CFS lock. If the application is ssnmgr, use the show cfs internal session-history name session-mgr command and the show cfs internal notification log name session-mgr command to view information about when a lock was acquired or released. It can also show the mapping to the csm transactions displayed with the show switch-profile session-history command.