IBM Support

Why does the SPAN traffic give NETWORK UNKNOWN error exceptions from MSSQL, and Oracle databases?

Question & Answer


Question

Why does the SPAN traffic give NETWORK UNKNOWN error exceptions from MSSQL and Oracle databases? Our database servers use jumbo packets. It looks like the number network error exceptions in Guardium reports is related to jumbo packets. Also it looks like we're missing to log most of the SQLs. Very little SQL is logged even though lots of packages are coming into Guardium.

Answer

This is about SPAN traffic. TAKE NOTE! this don't affect traffic from Guardium staps. If you're using Guardium staps only then this article is not for you.

By default Guardium appliances on span traffic do segmentation off loading and large-receive offloading. To change the default you need to call into Guardium support and ask them to turn it off.

This is what need to be done on ethX. Where ethX is eth1, or eth2 etc, whichever ethX you put in the cable to receive SPAN traffic.


ethtool -K ethX tso off gro off

So to be clear if SPAN cable is put into eth1 this would be the exact command:
ethtool -K eth1 tso off gro off

This will be fixed in coming GPU p750 for Guardium v9 and also in v10. This is correct as of January 2017. Within months GPUs (fix packs) with fixes will be available.

If any questions please feel free to ask here, or log a pmr with support. Take Note! If you're affected by this you need to log a pmr for us to help you.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium S-TAP","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"10.0;10.0.1;10.1;10.1.2;9.0;9.1;9.5","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21998574

Page Feedback