fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Brocade ADX - Debugging CSW

The Brocade ADX offers a range of options for troubleshooting CSW (Content Switching) policies.
Within this article we will look the main troubleshooting feature URL Debug and also provide the various show commands available when troubleshooting CSW.

URL Debug

The URL debug option allows you to debug the CSW policy flows based on a given IP.

Start Debug

Within the following example we use the IP of 8.8.8.8 as the clients IP address.

The command 'rconsole virtual' allows us to console into the Virtual BP (Barrel Processor).
Note : The Virtual BP is a virtualized instance of all Barrel Processors.

ADX#  rconsole virtual
ADX-vbp# url debug 3 8.8.8.8

C 24864: WAIT_REQ, data = 593, re: 8.8.8.8:24864, lo: 10.1.1.200:80, id=3927, S/A=4011969065/2685694
        10. c.iss=1592526782,s.irs=24864; c.irs=3232261070,s.iss=80
        c.recv.eis=4011969065; c.send.nss=2685694
        No CSW rule hit, take default action 1
        server found by sticky: 399113_192.168.100.5
        Rewrite msg (0x00000008).
        Set CSW FW RW 128: seq:0xef21ca51, del:0, insert:<NULL>(len:0)
        Insert header (Client-IP: 8.8.8.8) at 40(4011969105)!
        Rew(0x00000008)         NULL len:0 in         NULL len0 at seq:-282998231, parsed offset:0
        New rev 8.8.8.8:24864<192.168.100.5:80,S/H/P/D:WAIT_REQ/0/1/0
        send SYN to S: lo: 8.8.8.8:24864, re: 192.168.100.5:80

Disable Debug / Exit

To stop the debug and exit from the rconsole the following commands are issued.

ADX-vbp# url debug 0
ADX-vbp# rcon-exit

Note : version 12.4 uses the syntax 'url debug 1 <ip-address>' instead of 'url debug 3 <ip-address>'.

Show Commands

There are a number of show commands available. However the most useful is the command 'show csw-policy <csw policy>'

Below provides a output sample of the command :

ADX# show csw-policy remote_addr_insert

Policy Name         :remote_addr_insert

Policy Type         :Content Switching
Policy index        :11
Reference Count     :17
total received packe:0
created session     :0                  total scanned packet:0
no session drop     :0                  no session frag drop:0
send mirror ip packe:0                  send mirror packet  :0
send redirect packet:0                  case-insensitive    :FALSE

Action code description:
fwd: forward    rst: reset-client       per: persist
rdr: redirect   err: reply-error        got: goto
rwt: rewrite    mir: mirror             log: log
con: count      drp: drop       rec: vir-reset
red: cont-red   mip: mirror-ip  unk: unknown

Flag description:
A: insert-cookie        B: delete-cookie        C: destroy-cookie
D: req-ins-hdr          E: req-ins-client-ip    F: resp-ins-hdr
G: delete-content       H: insert-content       I: modify-content
L: log

Rule Name   |Act|Data1     |Data2     |Data3     |Flags     |Hit Cnt
---------------------------------------------------------------
default     |     |      |               |     |7754       |
default     |fwd|1         |<NULL>    |N/A       |___DE____ |7754
default     |rwt  |N/A   |N/A            |N/A  |___DE____  |15508
---------------------------------------------------------------

Other Commands

  • show csw-automaton            
  • show csw-dns-policy
  • show csw-hdr-info             
  • show csw-parse
  • show csw-policy
  • show csw-rule

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001