cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6352
Views
5
Helpful
10
Replies

Prime Infrastructure 2.0 tftp service

Roger Saugestad
Level 1
Level 1

Hi

I'm having problems with upgrading software images on swithces when using tftp for image transfer. (SCP is not availiable in current image)

The job reports as failed in "Jobs Dashboard"

Validating device distribution context

Distributing image c3560-ipservicesk9-mz.150-2.SE4.bin using protocol SCP
Distributing image c3560-ipservicesk9-mz.150-2.SE4.bin using protocol TFTP

SUCCESS

FAILURE
FAILURE

..and when looking into the logfile

        /opt/CSCOlumos/conf/ifm/swim/jobs/X.X.X.X_tftp_telnet.log

it contains this output:

HOSTNAME#copy tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin flash:c3560-ipservicesk9-mz.150-2.SE4.bin

Destination filename [c3560-ipservicesk9-mz.150-2.SE4.bin]? c3560-ipservicesk9-mz.150-2.SE4.bin

Accessing tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin...

Loading c3560-ipservicesk9-mz.150-2.SE4.bin from X.X.X.X (via VlanY): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!... [timed out]

%Error reading tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin (Timed out)

(I removed a bunch of "!" in the output )

I guess that the tftp server on the PI server shuts down or closes the connection after a period of time

Is there a way to configure the tftp server settings on the Prime Infrastructure server or keep the tftp service always running?

Running virtual appiance

prime/admin# sh ver

Cisco Application Deployment Engine OS Release: 2.0

ADE-OS Build Version: 2.0.6.003-px-build

ADE-OS System Architecture: x86_64

Copyright (c) 2005-2010 by Cisco Systems, Inc.

All rights reserved.

Hostname: prime

Version information of installed applications

---------------------------------------------

Cisco Prime Infrastructure

------------------------------------------

Version : 2.0.0.0.294

Regards

Roger Saugestad

1 Accepted Solution

Accepted Solutions

Hi,

after a full day of troubleshouting I could narrow down the problem to the firewall reacting "stupid" to the lots of small UDP packets.

I was only able to solve it by disabling the firewall completely "service firewall stop" .

Before nothing worked in terms of IOS image distribution - after that - everything works.

Regards

Matthias

View solution in original post

10 Replies 10

Evgeny Bakurov
Level 1
Level 1

We have the same problems with upgrading IOSes via TFTP.

Other TFTP tasks, like gathering vlan.dat files in Configuration Archive  Job, is also failed.

Netstat -an command in root shell shows that java process listening 69 udp.

udp        0      0 :::69                       :::*                                    9183/java

/opt/CSCOlumos/jre32/bin/java -Djava.system.class.loader=com.cisco.xmp.classLoader.XMPSystemClassLoader -Dcom.cisco.xmp.XMPHome=/opt/CSCOlumos -Dinstall.dir=/opt/CSCOlumos -server -Xms32m -Xmx256m -XX:MaxPermSize=128m -Djava.awt.headless=true -Daes.dir=/opt/CSCOlumos -Dmibs.root=/opt/CSCOlumos/resources/wirless/mibs -cp /opt/CSCOlumos/classloader-conf:/opt/CSCOlumos/./lib/xmp/XMPClassLoader-8.0.24.jar com.cisco.remoting.packaging.RemotingServiceMain Tftp

Wireshark shows that Prime tried to do "copy flash:vlan.dat tftp:" but server says "%Error opening tftp://address/xxxx.cfg"

Strange thing that in directory /localdisk/tftp I see some collected vlan.dat files (about 10, regardless that we have >1000 switches). But I cannot copy them to device manually..

Summary, TFTP service is started but not works correctly.

I've created case in Cisco TAC via our intergator. And they solved this issue.

Cisco BUG ID is CSCud90974 (Prime Infrastructure TFTP and FTP may fail in OVA deployment)

Main cause of this problem is in VMWare side as described here:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2019944:

When using the VMXNET3 adapter in a Linux guest OS on an ESXi 5.0 host, you see:

•Small UDP Packets (less than 40 bytes in size) are dropped from Linux virtual machines using the VMXNET3 Network Adapter.

•Applications that utilize small UDP packets may be unable to connect to the virtual machine.

Solution:

Change the Virtual Machine network adapter type to E1000.

Hi

Thank you for your comments and findings, but I don't thing we have the same root cause, as we already use E1000 adaptors in vmware and a later release where this bug in vmware should be fixed.

Regards

Roger

Hi,

after a full day of troubleshouting I could narrow down the problem to the firewall reacting "stupid" to the lots of small UDP packets.

I was only able to solve it by disabling the firewall completely "service firewall stop" .

Before nothing worked in terms of IOS image distribution - after that - everything works.

Regards

Matthias

Hi

Shutting down iptables on the server worked for me.

Thank you for sharing your solution!

 

Regards

 

Roger

Hi,

I shutdown iptables service, and it does works well.

But how to disable iptables service permanent also. I wonder that the iptables service will started again after I reboot PI.

Thanks

Hi

If you enter this command ad root, iptables will not run on next boot.

chkconfig iptables off

 

Note:This is only a workaround, if you want the security, the best is to modify the firewall rules to accept this traffic.

 

Roger

 

Hi,

I think the iptables already allow this kind of traffic. The problem is that it doesn't accept small UDP packets in sequence as Matthias said.

Thanks

LNWHCCO01
Level 1
Level 1

Hi ,

 

 I am having the same problem but with the physical Appliance ??

 

what can i do ??

FilipOlsen
Level 1
Level 1

Guys , where and how do i read those logs ?

 

/opt/CSCOlumos/conf/ifm/swim/jobs/x.x.x.x_telnet.log

 

PI 2.1

Thanks in advance

Review Cisco Networking for a $25 gift card