Brocade MLX

$ ssh [email protected]
Unable to negotiate with 1.2.3.4 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

… in the ~/.ssh/config file:

Host br1.wikirouters.com
KexAlgorithms +diffie-hellman-group1-sha1
[email protected](config-lag-Switch)#deploy
Telnet Session 3 in secondary port (14/4) of this LAG: Deploy Failed

 [email protected](config)#sh telnet
 Console connections:
 established, monitor enabled, privilege read-only
 165 days 41 minutes 57 seconds in idle
 Telnet server status: Enabled
 Telnet connections (inbound):
 1 established, client ip address 1.2.3.4, user is username, privilege super-user, in config mode
 using vrf default-vrf.
 you are connecting to this session
 1 seconds in idle
 2 closed
 3 closed
 4 closed
 5 closed
 Telnet connections (outbound):
 6 closed
 7 closed
 8 closed
 9 closed
 10 closed

crazy a bunch of router cards were crashing

“#show save” shows task: LP-IKE is responsible

BEGIN: show save
CONTEXT: MP
TIME-STAMP: 2155905152 milli sec since device started
============================================================
Active MP crash dump area clean
Standby MP crash dump area clean
========================================================================
NetIron XMR Crash Dump Version 1.1
Retrieved from Line Card on Slot 1

Module Type    : LP
Boot           : 05.09.00T175 xmlprm05900 built on Mar 19 2015 at 03:17:00
Monitor        : 06.00.00T175 xmlb06000 built on Jun  7 2016 at 16:09:50
System         : 06.00.00aT177 xmlp06000a built on Aug  6 2016 at 00:18:20
Current Task   : LP-IKE

Created on     : 22:41:45 Pacific Sun Sep 18 2016

System had been up for 3 minutes

EXCEPTION 1200, Data TLB error

Task	:	LP-IKE

GP Registers
r0      : 21225980 3d592cd0 2166ccf0 65652035
r4      : 65652035 00000000 00000020 00000000
r8      : 3d592e5c 3d592e5f 04962000 00000000
r12     : 0000009f 21ced470 00000000 00000000
r16     : 00000000 00000000 00000000 00000000
r20     : 00000001 ffffffff 04a25200 00000000
r24     : 21cc49dc 04960000 00000000 00000000
r28     : 65652035 00000000 00000000 00000000

here is a quick fix.

 

Fixes in image will be released tomorrow 2016-09-20

 

NOTE: If customer has active IPSec traffic in the network, DO NOT USE this ACL. We don’t have 100% proof but they may not be hitting this defect.

 

ip access-list extended BLOCK_IKE

deny udp any any eq isakmp

deny udp any any eq 4500

permit ip any any

!

ip access-list extended PERMIT_ANY

permit ip any any

 

ip receive access-list BLOCK_IKE sequence 5

ip receive access-list PERMIT_ANY sequence 99

ip receive access-list enable-deny-logging

 

  • If the customer is already using receive ACLs they might want to skip seq 99 and also “permit ip any any” line in BLOCK_IKE ACLs
  • To verify the packets blocked:

sh access-list receive accounting name BLOCK_IKE

  • The ACL was successfully tested in TAC lab for about an hour against the IKE capture from **** that otherwise causes LP1 crash.

bit_err_bitmap: 0
is_clocking_err: 0
is_dqs_con_err[0]: 0
is_dqs_con_err[1]: 0
is_dqs_con_err[2]: 0
is_dqs_con_err[3]: 0
is_phy_ready_err: 0
is_rtt_avg_min_err: 1
is_rtt_avg_max_err: 0

**>’error in petra_mgmt_hw_adjust_ddr()’ –
Err code: 0x14C5E59E (fail):
Name: PETRA_MGMT_DRAM_INIT_FAILS_ERR
Desc: The DPI-ready indication did not rise upon DRAM initialization
For a detailed diagnostics to be printed, if printing is allowed,
SAND_DEBUG must be set to SAND_DBG_LVL2
Note: verify that TRST signal is low (possible error cause)
Procedure id: 0x005E (Mod: PETRA module, Proc: PETRA_MGMT_HW_ADJUST_DDR)
exit place: 182, params: 0 0 0

**>’error in petra_mgmt_hw_interfaces_set_unsafe()’ –
Err code: 0x1402A59E (fail):
Name: PETRA_MGMT_DRAM_INIT_FAILS_ERR
Desc: The DPI-ready indication did not rise upon DRAM initialization
For a detailed diagnostics to be printed, if printing is allowed,
SAND_DEBUG must be set to SAND_DBG_LVL2
Note: verify that TRST signal is low (possible error cause)
Procedure id: 0x002A (Mod: PETRA module, Proc: PETRA_MGMT_HW_INTERFACES_SET_UNSAFE)
exit place: 10, params: 0 0 0

**>’error in petra_mgmt_init_sequence_phase1_unsafe()’ –
Err code: 0x14AC059E (fail):
Name: PETRA_MGMT_DRAM_INIT_FAILS_ERR
Desc: The DPI-ready indication did not rise upon DRAM initialization
For a detailed diagnostics to be printed, if printing is allowed,
SAND_DEBUG must be set to SAND_DBG_LVL2
Note: verify that TRST signal is low (possible error cause)
Procedure id: 0x00C0 (Mod: PETRA module, Proc: PETRA_MGMT_INIT_SEQUENCE_PHASE1_UNSAFE)
exit place: 60, params: 0 0 0

**>’error in petra_mgmt_init_sequence_phase1()’ –
Err code: 0x1401659E (fail):
Name: PETRA_MGMT_DRAM_INIT_FAILS_ERR
Desc: The DPI-ready indication did not rise upon DRAM initialization
For a detailed diagnostics to be printed, if printing is allowed,
SAND_DEBUG must be set to SAND_DBG_LVL2
Note: verify that TRST signal is low (possible error cause)
Procedure id: 0x0016 (Mod: PETRA module, Proc: PETRA_MGMT_INIT_SEQUENCE_PHASE1)
exit place: 110, params: 0 0 0

Init Petra dev = 0 – ERROR = 1.

++++++++++ The mesh topology retry history dev: 0 count 0:
++++++++++ Mesh 0x3445:[000, 000, 000, 000, 000, 000, 000, 000, 000, 000, ]
++++++++++ Mesh 0x3445:[000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, ]
+ fdry_tm_init: ERROR 7.
Module is down. reason CARD_DOWN_REASON_TM_INIT_FAIL, Err Code = 5.
Setting hitless base 18a00140 size 3dffec0
CPU Protection Initialization failed due LP init failure

May 19 00:31:37:N:System: Module 1 powered off
May 19 00:31:37:I:System: Interface L2-SW04-e2/3/1 1/8, state down – card down
May 19 00:31:37:I:System: Interface L2-TSW-E24 1/7, state down – card down
May 19 00:31:37:I:System: Interface L2-VDX-TE1/0/54 1/6, state down – card down
May 19 00:31:37:N:System: Module down in slot 1, reason CARD_DOWN_REASON_POWERED_OFF_SYS_MONITOR. Error Code 0
May 19 00:31:37:D:System: TM Health Monitoring detects an issue in slot 1 ppcr 0 Reg Offset 00000800 Value 00000005
May 19 00:31:37:D:System: Module reset in slot 1, triggered by TM Health Monitoring
May 19 00:31:36:A:System: LP1/TM0: All ports down due to dram crc
May 19 00:31:36:I:System: Interface L2-SW03-e1/3/1 1/3, state down – ingress dram crc
May 19 00:31:36:I:System: Interface L2-TSW-E24 1/2, state down – ingress dram crc
May 19 00:31:36:I:System: Interface L2-VDX-TE1/0/54 1/1, state down – ingress dram crc