Wireless Access

Any tips for best way to debug dpi ?

I am seeing strange issues and want to gather some decent logs for when I raise a TAC case.

7005 controller and 6.4.2.

Michael_Clarke,

What specifically?

Controller is dropping DNS packets from clients.  Comparing a capture on the client and one on the egress interface on the controller, I can see frequently that for periods of 4-5 seconds, the DNS packets don't leave the controller.

When the user launches their VPN client (no split tunneling, so everything goes into vpn)  the issues disappear and everything is fine, which leads me to think it may be something to do with dpi.

Michael_Clarke,

You should do a decrypted packet capture on the controller for that client and compare it to the egress on the controller.  It is quite possible that the wifi traffic is not getting through.

Have done that now.  Interesting results.  Between a capture on the client and the datapath-wifi-client, there is not much difference.  On the egress port for that vlan, I am only seeing ~20% of DNS requests leaving the controller.

DNS Reqs

laptop     = 644

datapath = 644

egress    = 138

The controller just seems to be chomping up DNS requests.  Can't comment on other protocols yet.

We upgraded to 6.4.2.12 the other day and that made no difference.  Raising a case now.

Will report back once we get to the bottom of it.

There was a max-sessions set in the user role that seems to have been causing this.

Testing at home and opening only 3 busy websites with lots of content was causing 800+ sessions at times.