Troubleshooting the Local Broker

Troubleshooting the Local Broker

  1. Initiate the Local Broker wizard.
    sudo ./npa_localbroker_wizard
    • The Wizard provides an overview of Local Broker status.
    • The Wizard also allows admins to upgrade, collect troubleshooting files, and set log levels.
  2. Check Network Events to review traffic details.
  3. Check if the services are running.
    sudo microk8s kubectl get svc -n npa-dp-localbroker
  4. Check if the pods are running.
    sudo microk8s kubectl get pods -n npa-dp-localbroker
    
  5. Verify if registered successfully message is seen during registration.
  6. Check the version of the Local Broker.
    Command Line:
    sudo microk8s kubectl -n npa-dp-localbroker describe pods | grep -i image
        Image:         netskopeprivateaccess/npa-stproxy-lbr:116.0.0-18047
        Image ID:      docker.io/netskopeprivateaccess/npa-stproxy-lbr@sha256:4b49d6a9b86e08167e5380d130f722161e5e87c97b2341ff5769ef36558b9b2c
        Image:         netskopeprivateaccess/npagw-lbr:116.0.0-18047
        Image ID:      docker.io/netskopeprivateaccess/npagw-lbr@sha256:d9c1ba92f1b51292df77af945f94fc4fe1e4a2a6c9bda696bcbc64605845ee4f
        Image:         netskopeprivateaccess/npastitcher-lbr:116.0.0-18047
        Image ID:      docker.io/netskopeprivateaccess/npagw-lbr@sha256:d9c1ba92f1b51292df77af945f94fc4fe1e4a2a6c9bda696bcbc64605845ee4f
    ~$
    

    UI:

Client is not connected to Local Broker NPA Gateway
  1. Ensure client side resolution to Local Broker hostname works.
  2. Ensure tcp 443 is allowed to Local Broker.
  3. Ensure there is no SSL decryption of traffic to Local Broker.
  4. Validate connectivity logs within npadebuglog.log
  5. Check by running outer pcap on the Client, and running tcpdump on Local Broker for the Client IP.
Publisher is not connected to the Local Broker NPA Publisher Gateway (Stitcher)
  1. Ensure the Publisher-side resolution to the Local Broker hostname works.
  2. Ensure TCP 1443 is allowed to the Local Broker.
  3. Ensure there is no SSL decryption of traffic to the Local Broker.
  4. Validate connectivity logs within the agent.txt logs
  5. Check by running tcpdump on the Publisher, and also tcpdump on the Local Broker for the Publisher’s IP.
Check utilization of the Local Broker

Some useful commands such as top, htop, free -m, df -kh would be helpful to assess the health of the Local Broker.
Check logs on the Local Broker.

<hostname>:~$ sudo microk8s kubectl get pods -n npa-dp-localbroker
NAME                                 READY   STATUS    RESTARTS   AGE
local-npaproxy-7b9c4956f6-nkxrl      1/1     Running   0          3d21h
local-npagw-c787785bf-zrxfd          1/1     Running   0          3d21h
local-npastitcher-78dc8869db-p47mg   1/1     Running   0          3d21h
<hostname>:~$

To access NPA Gateway (Client Gateway) and Stitcher (Publisher Gateway) Pods: (review server.txt and stitcher.txt logs)
Option 1:

cd /opt/ns/local/logs/
ls

Option 2: (log in to NPA Gateway/Stitcher pods)

#NPA Gateway:
sudo microk8s kubectl exec -it local-npagw-c787785bf-zrxfd -n npa-dp-localbroker -- /bin/bash
cd logs
ls

#NPA Stitcher
sudo microk8s kubectl exec -it local-npastitcher-78dc8869db-p47mg -n npa-dp-localbroker -- /bin/bash
cd logs
ls
Share this Doc

Troubleshooting the Local Broker

Or copy link

In this topic ...