Question & Answer
Question
Why does the SPAN traffic give NETWORK UNKNOWN error exceptions from MSSQL and Oracle databases? Our database servers use jumbo packets. It looks like the number network error exceptions in Guardium reports is related to jumbo packets. Also it looks like we're missing to log most of the SQLs. Very little SQL is logged even though lots of packages are coming into Guardium.
Answer
This is about SPAN traffic. TAKE NOTE! this don't affect traffic from Guardium staps. If you're using Guardium staps only then this article is not for you.
By default Guardium appliances on span traffic do segmentation off loading and large-receive offloading. To change the default you need to call into Guardium support and ask them to turn it off.
This is what need to be done on ethX. Where ethX is eth1, or eth2 etc, whichever ethX you put in the cable to receive SPAN traffic.
ethtool -K ethX tso off gro off
So to be clear if SPAN cable is put into eth1 this would be the exact command:
ethtool -K eth1 tso off gro off
This will be fixed in coming GPU p750 for Guardium v9 and also in v10. This is correct as of January 2017. Within months GPUs (fix packs) with fixes will be available.
If any questions please feel free to ask here, or log a pmr with support. Take Note! If you're affected by this you need to log a pmr for us to help you.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21998574