DX Unified Infrastructure Management

In NFA 9.1 and NFA 9.1.1, there is a defect where Devices with a large ifindex (Layer 3 switch), will show up in enable interfaces, but will not license. After working with the DEV team they opened a Defect 88969.

I have attached the patch and directions to apply it.



This patch is to fix issues with high persistent ids. It will drop and replace the previous trigger that was written, changing the behavior when new persistent Ids are generated. It needs to be loaded on all deployed harvesters.

This will have no impact on currently discovered devices. Any devices that were previously having issues will need to be completely cleaned from the system and rediscovered again. Some example queries to do this are below.


To load this patch, navigate to:
INSTALLROOT\Netflow\sql\9.1.0\procedures

Rename "trigger_insert_persistent_map.sql" (to retain it for history)
Copy the new sql file into this directory

Open a command prompt, navigate to the directory above and load the file into the poller database (as shown below):
mysql poller < trigger_insert_persistent_map.sql



ROUTER CLEANUP
Replace "192.168.1.1" with the address of your router

-- Open mysql on the harvester
mysql
-- Cleanup Harvester
delete from harvester.routers where router=inet_aton('192.168.1.1');
delete from harvester.interfaces where router=inet_aton('192.168.1.1');

-- Cleanup Poller
delete from poller.interfaces_snmp where routerid in (select id from routers where address = '192.168.1.1');
delete from poller.persistent_map where routerid in (select id from routers where address='192.168.1.1');
delete from poller.routers_snmp where routerid in (select id from routers where address='192.168.1.1');
delete from poller.routers where address='192.168.1.1';


On the GUI in Enable Interfaces:

Delete the Routers/Switches that will not enable out of Enable interfaces.

mysql
-- Finalize Harvester
truncate table routers;
truncate table interfaces;


Final Steps:

Recycle MySql services on Harvester then Reporter Console.
Refresh Enable Interfaces Page, find the problem router/switch and enable the interfaces.
Wait 15 minutes max to hit the polling cycle and it will licenese.

What is CA Support's view on running non read-only commands (i.e. other than SELECT queries) in NFA? Seems we want to do certain things that takes ages using the GUI - like enabling interfaces for flows - but we get some cases where they don't support us doing UPDATES and/or DELETEs. I can totally understand if you trash your system it's not CA's fault but if the interface is so clunky (at least flash will be gone soon!) then what are our options? I know that there is a lot of API functionality that is being added to address this (not always documented or advertised!) but in some cases mySQL queries are still the only options.

Frank,

Do NOT run delete or truncate commands like this on the NFA 9.3.5 and up Harvester database. Due to the way the database has changed, using MySQL queries to delete routers and interfaces will corrupt the database.

As far as NFA 9.3.3 and earlier, deleting routers and interfaces like this from the Harvester database shouldn't be a problem. The router/interface information should repopulate when you receive netflow without affecting any of the existing data. We don't like to encourage this because of the danger in general of making a mistake, so if you choose to manually delete routers in NFA 9.3.3 and earlier make sure you have good backups of ALL your MySQL databases. 

For example, I've seen customer's attempt to truncate the 9.3.3 harvester.routers table (OK), but accidentally truncate the reporter.routers table (Not OK).

Q- Can this referenced patch (defect 88969) built for 9.1.x also be used in 9.2.1?

I've got a customer has many interfaces enabled YES licensed NO, and when looking at this CARE logs, he has a huge RA_interface_mapping_invalid_highIfIndex.txt file.

Thanks, Shaun.