Newb question, but I can't seem to find the answer I'm looking for so I'll just ask..
The command 'request restart software' is *JUST* the management software itself, like logging, ssh, snmp, etc, but does *NOT* affect any time of forwarding happening through the box (dataplane), correct?
There is the command 'request restart dataplane' which is obviously just that, but software doesn't specifically say 'management plane' nor are any of the reference manuals helpful with this..
Yes, I know it seems right, but hey, we've all been bitten by commands we thought did X but actually did Y before, right? :smileyhappy:
The reason I'm asking is that our main 5050 wasn't logging, so I restarted that process, but various things in the GUI aren't working right so I wanted to just restart that as well without user impact...
Like I said, NEWB...
To my knowledge that is correct.
The design of a PA box is the following:
Management-plane (running some sort of Linux on x86 cpu cores): This take care of GUI, Logging, program the data-plane chips when you choose to commit, communication with UserID/PanAgent (for AD, LDAP etc stuff) and also generating the fake certs for ssl-termination (on 200, 500 and 20xx boxes if im not mistaken) etc.
In short (and very simplified): Everything related to the mgmt-interface.
Data-plane (running on asic and/or fpga depending on hardwaremodel): This take care of the actual processing of the packets.
In short (and very simplified): Everything related to all the other interfaces (except mgmt-interface).
So if you just restart mgmt-plane you will lose the GUI and Logging etc during the restart time but the clients (who goes through data-plane) will not notice anything (except for the ssl-termination on some models etc).
Then you can also be more granular on what do restart on the mgmt-plane. You can for example just restart the panagent stuff if that got some bug or changed settings in a case where you cannot restart the whole box. Also just choosing what you wish to restart in the mgmt-plane is good since you then wont lose any logs (which you otherwise would in case you restart the whole mgmt-plane).
Thanks for the detailed explanation, and one thing to remember is that when you do a software restart since mangement/heatbeats are killed it'll flip to the other box!
Kinda forgot about that, thankfully HA works well! :smileyhappy:
So is it confirmed that all routing, firewalling, and forwarding functionality works if you restart software? Including OSPF routing.
The management web interface stopped responding. CLI still works. Just cant get to the web interface. If I restart software, traffic will still pass through, right?
I would guess that the routing process (that is exchanging routes with peers and load the routing table into the dataplane) is taken care of by the mgmtplane.
So I assume that a restart of mgmtplane wouldnt stop routing of packets - however, when mgmtplane has completed its reboot the routing process starts from scratch and here you might have a hickup when the process starts and loads the routing table into dataplane with an empty table before exchanging routes with its peers and then fill up the routing table again.
Perhaps someone from PA with internal knowledge could explain the flow of the routing process as above?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!