This document describes how to identify issues with Network Flow Engine (NFE) cards. An NFE card is a component in Cisco Sourcefire FirePOWER 7000 and 8000 Series Appliances. It is highly programmed and designed to improve network performance. An NFE card has the ability to switch and route traffic, classify packets, and perform load balances and deep packet inspections.
There are no specific requirements for this document.
The information in this document is based on these hardware and software versions:
Cisco Sourcefire FirePOWER 7000 and 8000 Series Appliances
Sourcefire Software Version 5.2 or later
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command, and follow the steps below during maintenance window.
Enter this command in order to elevate your privilege to the root user mode:
If the output returns a zero (0) value, perform a cold boot. In order to perform a cold boot, power down the sensor and remove the power cable from the Power Supply Units for at least 30 seconds. Then, power on the device and enter this command again.
Check the contents of this file:
root@FirePOWER:~# cat /var/sf/run/bb-me-health
Ensure this file is empty. If there is an error message in the file, provide a copy of the file to Cisco Technical Assistance Center (TAC) for further review. Do not deploy this sensor without further instructions from Cisco TAC.
In order to find an error that pertains to an NFE card, view the /var/log directory and enter this command:
Enter this command to review the contents of the nfmtest_sysinfo.txt file:
root@FirePOWER:~# less /var/tmp/nfmtest_sysinfo.txt
Verify the status of the daemons. These statuses are good:
Note: Green text indicates the script did not encounter any issues. Red text indicates that the script encountered an issue. Scroll through the nfmtest_sysinfo.txt file in order to ensure there are no red failures.
Checking status of host kernel modules: * NFE messaging driver loaded
Checking status of host daemons: Daemons for device 0 * Rules daemon running * IP fragment daemon running
Checking status of NFE ports: Link State: A value of U is link up, D is down. Force State: an F is link forced, A is autonegotiate. NFE port link status: port 0 1 state U U forced A A * NFE port status operational
Checking status of NFD message and buffer pools: NFE 0 buffer pool 0 is 18% consumed by NPU, 0% consumed by userspace. NFE 0 buffer pool 1 is 15% consumed by NPU, 0% consumed by userspace. NFE 0 buffer pool 2 is 16% consumed by NPU, 0% consumed by userspace. NFE 0 buffer pool 3 is 16% consumed by NPU, 0% consumed by userspace.
Checking TCAM version: * TCAM version: 0x10050
Checking status of microengines: * Microengines running
Checking status of Network Processor daemons: * NFM message daemon running * TCAM message daemon running Device 0 is fully operational.
In the less output, enter this command in order to skip to the portsats –l section of the output:
Ensure that the NFE ports do not have RXReceiveErrors or BADCRC counters above 0.
On Sourcefire FirePOWER 8000 Series Appliances, enter this command and verify if there is any error:
After the previous instructions have been completed and if an error is identified, send the diagnostic data to Cisco TAC in order to determine if the issue can be fixed or if a hardware replacement is necessary.