Bond Operating Without Sufficient Slave Interfaces-checkpoint-gaia,secureplatform
Vendor: checkpoint
OS: gaia,secureplatform
Description:
indeni will trigger an issue if a bond interface is operating without sufficient slave interfaces.
Remediation Steps:
Determine why the slave interfaces are down and resolve the issue.
How does this work?
Use the built-in “cphaconf show_bond” command to retreive the detailed bond state.
Why is this important?
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-os-cphaconf_show_bond
name: chkp-os-cphaconf_show_bond
description: Run "cphaconf show_bond" to determine bond health versions before R80.20
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: checkpoint
high-availability: true
or:
- os.name: gaia
- os.name: secureplatform
asg:
neq: 'true'
os.version.num:
compare-type: version-compare
op: "<"
value: "80.20"
comments:
bond-state:
why: |
An interface in a bond could be down, and the device would still deem the link as up.
This is because the default setting is often to consider one link failure as non-critical if there is
another link in the bond. This does however mean a loss of redundancy and capacity which might not be noticed.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slaves-in-use:
why: |
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slaves-required:
why: |
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slave-state:
why: |
To check the state of slave interfaces on the bond interface. The slave interfaces status is very important
to bond features like bandwidth or redundancy over the bond interface
how: |
By using the Check point command "cphaprob show_bond" command to retreive the number of bond slaves
interfaces in each bond.
can-with-snmp: false
can-with-syslog: false
configured-slaves:
why: |
Tracking the number of bond slaves interfaces
how: |
Use the built-in "cphaprob show_bond" command to retreive the number of bond slaves interfaces in each bond.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: cphaconf-show_bond.remote.1.bash
parse:
type: AWK
file: cphaconf-show_bond.parser.1.awk
chkp-os-cphaconf_show_bond
name: chkp-os-cphaconf_show_bond
description: Run "cphaconf show_bond" to determine bond health versions before R80.20
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: checkpoint
high-availability: true
or:
- os.name: gaia
- os.name: secureplatform
asg:
neq: 'true'
os.version.num:
compare-type: version-compare
op: "<"
value: "80.20"
comments:
bond-state:
why: |
An interface in a bond could be down, and the device would still deem the link as up.
This is because the default setting is often to consider one link failure as non-critical if there is
another link in the bond. This does however mean a loss of redundancy and capacity which might not be noticed.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slaves-in-use:
why: |
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slaves-required:
why: |
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
how: |
Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
can-with-snmp: false
can-with-syslog: false
bond-slave-state:
why: |
To check the state of slave interfaces on the bond interface. The slave interfaces status is very important
to bond features like bandwidth or redundancy over the bond interface
how: |
By using the Check point command "cphaprob show_bond" command to retreive the number of bond slaves
interfaces in each bond.
can-with-snmp: false
can-with-syslog: false
configured-slaves:
why: |
Tracking the number of bond slaves interfaces
how: |
Use the built-in "cphaprob show_bond" command to retreive the number of bond slaves interfaces in each bond.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: cphaconf-show_bond.remote.1.bash
parse:
type: AWK
file: cphaconf-show_bond.parser.1.awk
cross_vendor_bond_slave_in_use_insufficient
package com.indeni.server.rules.library.core
import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core.{ConstantExpression, StatusTreeExpression}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.BondSlavesInUseInsufficientRule.NAME
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
case class BondSlavesInUseInsufficientRule() extends PerDeviceRule with RuleHelper {
override val metadata: RuleMetadata = RuleMetadata.builder(NAME, "Bond Operating Without Sufficient Slave Interfaces",
"indeni will trigger an issue if a bond interface is operating without sufficient slave interfaces.", AlertSeverity.ERROR,
categories = Set(RuleCategory.HighAvailability), deviceCategory = DeviceCategory.AllDevices).build()
override def expressionTree(context: RuleContext): StatusTreeExpression = {
val inUseValue = TimeSeriesExpression[Double]("bond-slaves-in-use").last
val requiredValue = TimeSeriesExpression[Double]("bond-slaves-required").last
StatusTreeExpression(
// Which objects to pull (normally, devices)
SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
// What constitutes an issue
StatusTreeExpression(
// The additional tags we care about (we'll be including this in alert data)
SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("bond-slaves-in-use", "bond-slaves-required")),
StatusTreeExpression(
// The time-series we check the test condition against:
SelectTimeSeriesExpression[Double](context.tsDao, Set("bond-slaves-in-use", "bond-slaves-required"), denseOnly = false),
// The condition which, if true, we have an issue. Checked against the time-series we've collected
GreaterThan(
requiredValue,
inUseValue)
// The Alert Item to add for this specific item
).withSecondaryInfo(
scopableStringFormatExpression("${scope(\"name\")}"),
scopableStringFormatExpression("%.0f slave interfaces are required, while only %.0f are up", requiredValue, inUseValue),
title = "Bond Interfaces Affected"
).asCondition()
).withoutInfo().asCondition()
).withRootInfo(
ConstantExpression("Insufficient slave interfaces up for bond interface"),
ConstantExpression("Bond interfaces may require a certain number of slave interfaces to be up and running. If a bond interface has insufficient slave interfaces an issue may ensue."),
ConditionalRemediationSteps("Determine why the slave interfaces are down and resolve the issue.",
RemediationStepCondition.VENDOR_CP -> "Consider reading sk69180.")
)
}
}
object BondSlavesInUseInsufficientRule {
/* --- Constants --- */
private[library] val NAME = "cross_vendor_bond_slave_in_use_insufficient"
}