Gordon State College Information Technology Help Desk Knowledgebase
PaloAlto Dataplane issue
Suggested knowledgebase articles:

PaloAlto Dataplane issue

Problem Description : 

Network latency and seeing lost packets 

 

 

 Resolution : 

 

If users report network issues and you are not seeing network saturation (speedtests on admin network averaging 3 to 5 MB) then it could be the PaloAlto dataplane that is causing the issue.

 

 

To Test run the following from your PC...

 

ping -t 168.26.252.2  (interface on the PA for the admin network)

ping -t 168.26.192.198 (interface on the PA for the untrusted (external) network)

ping -t 168.26.192.193 (gateway/next hop for the Peachnet router)

 

If you are seeing a high number of 'Request not found' then the traffic is likely getting dropped at the PaloAlo. 

 

Send in a ticket to ITS to verify there are no issues at Peachnet. If ITS verifies that there is no drops from their end and they are seeing packet loss for the interface coming into the PaloAlto 168.26.192.198 then it likely is an issue with the PaloAlto.

 

You can also ping vlan interfaces on the core to see if the core switch could be the issue. (i.e. 168.26.240.1, 168.26.244.1, 168.26.249.1, etc.)

 

If the PaloAlto is dropping packets then try restarting the dataplane. This will bring down internet services for approximately 1 to 2 minutes.

 

SSH into PA-3020 via CLI (i.e. putty, mobaxterm) at 168.26.240.221

 

++Restart the dataplane services by the following command --->

 

> request restart dataplane

 

Once services come back up you should start seeing traffic again. Ping the interfaces on the PA again to see if packet loss has stopped.

 

 

 

 

 

 

 Revision Date : 12/3/2019

 

Was this article helpful? Yes | No

Article Details

Article ID:
131
Category:
Knowledgebase
Rating :

Related articles