Wireless Access

Reply
Aruba
Posts: 1,287
Registered: ‎08-29-2007

How to debug dpi

Any tips for best way to debug dpi ?

I am seeing strange issues and want to gather some decent logs for when I raise a TAC case.

7005 controller and 6.4.2.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: How to debug dpi

Michael_Clarke,

 

What specifically?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: How to debug dpi

Controller is dropping DNS packets from clients.  Comparing a capture on the client and one on the egress interface on the controller, I can see frequently that for periods of 4-5 seconds, the DNS packets don't leave the controller.

 

When the user launches their VPN client (no split tunneling, so everything goes into vpn)  the issues disappear and everything is fine, which leads me to think it may be something to do with dpi.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: How to debug dpi

Michael_Clarke,

 

You should do a decrypted packet capture on the controller for that client and compare it to the egress on the controller.  It is quite possible that the wifi traffic is not getting through.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: How to debug dpi

Have done that now.  Interesting results.  Between a capture on the client and the datapath-wifi-client, there is not much difference.  On the egress port for that vlan, I am only seeing ~20% of DNS requests leaving the controller.

 

DNS Reqs

laptop     = 644

datapath = 644

egress    = 138

 

The controller just seems to be chomping up DNS requests.  Can't comment on other protocols yet.

 

We upgraded to 6.4.2.12 the other day and that made no difference.  Raising a case now.

 

Will report back once we get to the bottom of it.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: How to debug dpi

There was a max-sessions set in the user role that seems to have been causing this.

Testing at home and opening only 3 busy websites with lots of content was causing 800+ sessions at times.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: