09-10-2013 05:04 AM
Hi
I'm having problems with upgrading software images on swithces when using tftp for image transfer. (SCP is not availiable in current image)
The job reports as failed in "Jobs Dashboard"
Validating device distribution context Distributing image c3560-ipservicesk9-mz.150-2.SE4.bin using protocol SCP | SUCCESS FAILURE |
..and when looking into the logfile
/opt/CSCOlumos/conf/ifm/swim/jobs/X.X.X.X_tftp_telnet.log
it contains this output:
HOSTNAME#copy tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin flash:c3560-ipservicesk9-mz.150-2.SE4.bin
Destination filename [c3560-ipservicesk9-mz.150-2.SE4.bin]? c3560-ipservicesk9-mz.150-2.SE4.bin
Accessing tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin...
Loading c3560-ipservicesk9-mz.150-2.SE4.bin from X.X.X.X (via VlanY): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!... [timed out]
%Error reading tftp://X.X.X.X/c3560-ipservicesk9-mz.150-2.SE4.bin (Timed out)
(I removed a bunch of "!" in the output )
I guess that the tftp server on the PI server shuts down or closes the connection after a period of time
Is there a way to configure the tftp server settings on the Prime Infrastructure server or keep the tftp service always running?
Running virtual appiance
prime/admin# sh ver
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.6.003-px-build
ADE-OS System Architecture: x86_64
Copyright (c) 2005-2010 by Cisco Systems, Inc.
All rights reserved.
Hostname: prime
Version information of installed applications
---------------------------------------------
Cisco Prime Infrastructure
------------------------------------------
Version : 2.0.0.0.294
Regards
Roger Saugestad
Solved! Go to Solution.
03-05-2014 12:51 AM
Hi,
after a full day of troubleshouting I could narrow down the problem to the firewall reacting "stupid" to the lots of small UDP packets.
I was only able to solve it by disabling the firewall completely "service firewall stop" .
Before nothing worked in terms of IOS image distribution - after that - everything works.
Regards
Matthias
09-30-2013 02:40 AM
We have the same problems with upgrading IOSes via TFTP.
Other TFTP tasks, like gathering vlan.dat files in Configuration Archive Job, is also failed.
Netstat -an command in root shell shows that java process listening 69 udp.
udp 0 0 :::69 :::* 9183/java
/opt/CSCOlumos/jre32/bin/java -Djava.system.class.loader=com.cisco.xmp.classLoader.XMPSystemClassLoader -Dcom.cisco.xmp.XMPHome=/opt/CSCOlumos -Dinstall.dir=/opt/CSCOlumos -server -Xms32m -Xmx256m -XX:MaxPermSize=128m -Djava.awt.headless=true -Daes.dir=/opt/CSCOlumos -Dmibs.root=/opt/CSCOlumos/resources/wirless/mibs -cp /opt/CSCOlumos/classloader-conf:/opt/CSCOlumos/./lib/xmp/XMPClassLoader-8.0.24.jar com.cisco.remoting.packaging.RemotingServiceMain Tftp
Wireshark shows that Prime tried to do "copy flash:vlan.dat tftp:" but server says "%Error opening tftp://address/xxxx.cfg"
Strange thing that in directory /localdisk/tftp I see some collected vlan.dat files (about 10, regardless that we have >1000 switches). But I cannot copy them to device manually..
Summary, TFTP service is started but not works correctly.
10-17-2013 03:41 AM
I've created case in Cisco TAC via our intergator. And they solved this issue.
Cisco BUG ID is CSCud90974 (Prime Infrastructure TFTP and FTP may fail in OVA deployment)
Main cause of this problem is in VMWare side as described here:
When using the VMXNET3 adapter in a Linux guest OS on an ESXi 5.0 host, you see:
•Small UDP Packets (less than 40 bytes in size) are dropped from Linux virtual machines using the VMXNET3 Network Adapter.
•Applications that utilize small UDP packets may be unable to connect to the virtual machine.
Solution:
Change the Virtual Machine network adapter type to E1000.
11-27-2013 11:01 AM
Hi
Thank you for your comments and findings, but I don't thing we have the same root cause, as we already use E1000 adaptors in vmware and a later release where this bug in vmware should be fixed.
Regards
Roger
03-05-2014 12:51 AM
Hi,
after a full day of troubleshouting I could narrow down the problem to the firewall reacting "stupid" to the lots of small UDP packets.
I was only able to solve it by disabling the firewall completely "service firewall stop" .
Before nothing worked in terms of IOS image distribution - after that - everything works.
Regards
Matthias
03-11-2014 07:37 AM
Hi
Shutting down iptables on the server worked for me.
Thank you for sharing your solution!
Regards
Roger
04-24-2014 12:41 AM
Hi,
I shutdown iptables service, and it does works well.
But how to disable iptables service permanent also. I wonder that the iptables service will started again after I reboot PI.
Thanks
04-25-2014 12:46 AM
Hi
If you enter this command ad root, iptables will not run on next boot.
chkconfig iptables off
Note:This is only a workaround, if you want the security, the best is to modify the firewall rules to accept this traffic.
Roger
04-25-2014 09:49 PM
Hi,
I think the iptables already allow this kind of traffic. The problem is that it doesn't accept small UDP packets in sequence as Matthias said.
Thanks
07-03-2014 03:20 AM
Hi ,
I am having the same problem but with the physical Appliance ??
what can i do ??
11-06-2014 06:43 AM
Guys , where and how do i read those logs ?
/opt/CSCOlumos/conf/ifm/swim/jobs/x.x.x.x_telnet.log
PI 2.1
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide