Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] What is the cause for IDP status error: "idpinfo_get_status: Failed to retrieve status from data plane"?

0

0

Article ID: KB27228 KB Last Updated: 22 Apr 2013Version: 1.0
Summary:

This article explains why certain error messages are reported when we check the IDP services status in MX routers with MS-DPC cards.
Also, the article explains configurations required to avoid such errors conditions.

Error: "idpinfo_get_status: Failed to retrieve status from data plane"


Symptoms:

After configuring the IDP services in MX routers, the complete configuration can be committed without any error. However, when the IDP services status is checked, these error messages are reported:

admin1@RTR1-re0> show security idp status
error: "idpinfo_get_status: Failed to retrieve status from data plane"


admin1@RTR1-re0> show security idp policy-commit-status
re0:
--------------------------------------------------------------------------
Reading prereq sensor config...

re1:
--------------------------------------------------------------------------
Reading prereq sensor config...


IDP Traceoptions outputs
===============================================
Feb 28 12:47:41 Returning from commit mode, status = 0
Feb 28 12:53:45 idpd_config_read: called: check: 0
Feb 28 12:53:45 idpd commit in progres ...
Feb 28 12:53:45 idpd_sync_service_set : Service set name : test_sset
Feb 28 12:53:45 idpd_sync_service_set : Service set id : 1
Feb 28 12:53:45 idpd_sync_service_set : FPC slot 2, PIC slot 0
Feb 28 12:53:45 idpd_sync_service_set: Updating configuration
Feb 28 12:53:45 [prepare_serviceset]service-set ID(s) are not resolved yet(resolved=0/totalcount=2
Feb 28 12:53:45 Reading service-set ID(s) is not completed yet.Waiting for ID event from kernel... <<<<(1)
(Until all service-set ID(s) are obtained, policy push will be deferred!)
Feb 28 12:53:45 Returning from commit mode, status = 0
Feb 28 12:59:45 idpd_gencfg_async_handler: Updating current configuration
Feb 28 12:59:45 idpd_gencfg_async_handler: Updating current configuration
Feb 28 13:00:26 idpd_config_read: called: check: 0
Feb 28 13:00:26 idpd commit in progres ...
Feb 28 13:00:26 idpd_sync_service_set : Service set name : test_sset
Feb 28 13:00:26 idpd_sync_service_set : Service set id : 1
Feb 28 13:00:26 idpd_sync_service_set : FPC slot 2, PIC slot 0
Feb 28 13:00:26 idpd_sync_service_set: Updating configuration
Feb 28 13:00:26 [prepare_serviceset]service-set ID(s) are not resolved yet(resolved=0/totalcount=2
Feb 28 13:00:26 Reading service-set ID(s) is not completed yet.Waiting for ID event from kernel...
(Until all service-set ID(s) are obtained, policy push will be deferred!)
Feb 28 13:00:26 Returning from commit mode, status = 0
Feb 28 14:57:36 idpd_gencfg_async_handler: Updating current configuration
Feb 28 15:01:22 idpd_config_read: called: check: 0
Feb 28 15:01:22 idpd commit in progres ...
Feb 28 15:01:22 [prepare_serviceset]service-set ID(s) are not resolved yet(resolved=0/totalcount=2
Feb 28 15:01:22 Reading service-set ID(s) is not completed yet.Waiting for ID event from kernel... <<<<(2)
(Until all service-set ID(s) are obtained, policy push will be deferred!)
Feb 28 15:01:22 Returning from commit mode, status = 0
Feb 28 15:01:26 idpd_gencfg_async_handler: Updating current configuration
================================================

Note:  The above was captured on Junos 11.4R1.14.

Cause:

This error message and output points to the fact that, when the IDP policy is compiled, it is not getting pushed into the PFE.

Solution:

Make sure the configuration under chassis, is not missing any of the highlighted lines below:

chassis {
    fpc 0 {
        pic 0 {
            adaptive-services {
                service-package {
                    extension-provider {
                        control-cores 1;
                        data-cores 7;
                        object-cache-size 1280;
                        policy-db-size 200;
                        package jservices-appid;
                        package jservices-idp;

                    }
                }
            }
        }
    }
}


When this configuration is complete, the IDP status can be checked:

[edit] lab# run show security idp status   
State of IDP: Default,  Up since: 2013-04-02 09:07:21 UTC (22:08:09 ago)

Packets/second: 0               Peak: 0 @ 2013-04-02 09:07:21 UTC
KBits/second  : 0               Peak: 0 @ 2013-04-02 09:07:21 UTC
Latency (microseconds): [min: 0] [max: 0] [avg: 0]

Packet Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]

Flow Statistics:
  ICMP: [Current: 0] [Max: 0 @ 2013-04-02 09:07:21 UTC]
  TCP: [Current: 0] [Max: 0 @ 2013-04-02 09:07:21 UTC]
  UDP: [Current: 0] [Max: 0 @ 2013-04-02 09:07:21 UTC]
  Other: [Current: 0] [Max: 0 @ 2013-04-02 09:07:21 UTC]

Session Statistics:
[ICMP: 0] [TCP: 0] [UDP: 0] [Other: 0]
  Policy Name : idp-policy-combined
  Running Detector Version : 12.6.150121210

[edit]
lab#

[edit]
lab# run show security idp policy-commit-status
re0:
--------------------------------------------------------------------------
IDP policy[/var/db/idpd/bins/idp-policy-combined.bin.gz.v] and detector[/var/db/idpd/sec-repository/installed-detector/libidp-detector.so.tgz.v] loaded successfully.
The loaded policy size is:366554 Bytes


Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search