Identify Issues with Network Flow Engine Cards in Sourcefire FirePOWER 7000 and 8000 Series Appliances

Available Languages

Download Options

  • PDF     (74.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (73.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (76.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 3, 2017
Document ID:118972

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to identify issues with Network Flow Engine (NFE) cards. An NFE card is a component in Cisco Sourcefire FirePOWER 7000 and 8000 Series Appliances. It is highly programmed and designed to improve network performance. An NFE card has the ability to switch and route traffic, classify packets, and perform load balances and deep packet inspections.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these hardware and software versions:

  • Cisco Sourcefire FirePOWER 7000 and 8000 Series Appliances
  • Sourcefire Software Version 5.2 or later

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command, and follow the steps below during maintenance window.

Identify Issues

  1. Enter this command in order to elevate your privilege to the root user mode: 
    admin@FirePOWER~$ sudo su -
  2. Enter this command: 
    root@FirePOWER:~# grep "=> ‘0’,” /var/sf/run/bb-health

    If the output returns a zero (0) value, perform a cold boot. In order to perform a cold boot, power down the sensor and remove the power cable from the Power Supply Units for at least 30 seconds. Then, power on the device and enter this command again.

  3. Check the contents of this file: 
    root@FirePOWER:~# cat /var/sf/run/bb-me-health

    Ensure this file is empty. If there is an error message in the file, provide a copy of the file to Cisco Technical Assistance Center (TAC) for further review. Do not deploy this sensor without further instructions from Cisco TAC.

  4. In order to find an error that pertains to an NFE card, view the /var/log directory and enter this command: 
    root@FirePOWER:~# grep -i NFE /var/log/messages | grep -i error

    If you see error messages with the NFE card in this file, provide a copy of the file to Cisco TAC for further review.

  5. Enter the nfmtest_sysinfo.sh command and save the output in a text file: 
    /usr/local/sf/pegasus/bin/nfmtest_sysinfo.sh –X > /var/tmp/nfmtest_sysinfo.txt
  6. Enter this command and verify everything is listed as PASS: 
    root@FirePOWER:~# sudo /usr/local/sf/bin/nfm-burnin.sh
  7. Enter this command to review the contents of the nfmtest_sysinfo.txt file: 
     root@FirePOWER:~# less /var/tmp/nfmtest_sysinfo.txt

    Verify the status of the daemons. These statuses are good:

    • loaded
    • found
    • running
    • operational

    Note: Green text indicates the script did not encounter any issues. Red text indicates that the script encountered an issue. Scroll through the nfmtest_sysinfo.txt file in order to ensure there are no red failures.

    Checking status of host kernel modules:
    	* NFE messaging driver     loaded

    		Checking status of host daemons:
    	  Daemons for device 0
    	* Rules daemon             running
    	* IP fragment daemon       running

    		NFD version 2.6.0-2189

    		Testing NFE device 0
    	------------------------------------------------------------------------

    		Checking status of NFE ports:
    	  Link State: A value of U is link up, D is down.
    	  Force State: an F is link forced, A is autonegotiate.
    	  NFE port link status:
    	    port          0 1
    	    state         U U
    	    forced        A A
    	* NFE port status          operational

    		Checking status of NFD message and buffer pools:
    	NFE 0 buffer pool 0 is 18% consumed by NPU, 0% consumed by userspace.
    	NFE 0 buffer pool 1 is 15% consumed by NPU, 0% consumed by userspace.
    	NFE 0 buffer pool 2 is 16% consumed by NPU, 0% consumed by userspace.
    	NFE 0 buffer pool 3 is 16% consumed by NPU, 0% consumed by userspace.
    	
    	Checking TCAM version:
    	* TCAM version:            0x10050
    	
    	Checking status of microengines:
    	* Microengines             running

    		Checking status of Network Processor daemons:
    	* NFM message daemon       running
    	* TCAM message daemon      running
    	Device 0 is fully operational.
  8. In the less output, enter this command in order to skip to the portsats –l section of the output: 
    /portstats\ -l

    Ensure that the NFE ports do not have RXReceiveErrors or BADCRC counters above 0.

  9. On Sourcefire FirePOWER 8000 Series Appliances, enter this command and verify if there is any error: 
    root@FirePOWER:~# nmsbportstats -l | egrep '^(Bad|RxError).*[1-9]'

After the previous instructions have been completed and if an error is identified, send the diagnostic data to Cisco TAC in order to determine if the issue can be fixed or if a hardware replacement is necessary.

TAC Authored

Contributed by Cisco Engineers

  • Nazmul Rajib
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products