search cancel

NCM slow capture for devices with extremely large configurations

book

Article ID: 229894

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

We have noticed, on our firewall devices that have over 300,000 lines of config that it can take up to 20 minutes for Spectrum to capture the configuration.

Likewise, we have noticed that if we use the same PERL script from a command line outside of Spectrum, that the capture itself only takes about 2 minutes.

Why is there such a delay in Spectrum for the capture and what can we do to fix this

Environment

Release : 10.4.x 

Component : Spectrum Applications

Cause

Prior to Spectrum 10.4.2, SRAdmin is the bottleneck between NCMService and OneClick.

The delay was caused by SRAdmin slowing down the information transfer between NCMService and OneClick.

Resolution

As the device has SSH and SCP capability we used NCM Self Certification to capture the config and we noticed that the entire process took 6 minutes instead of 20 minutes.

The extra time is because OneClick must do a diff between the information collected during the capture and the previous stored config against its diff mask.

We also had to increase the JSCH multiplier to 70 (due to the large, 300,000 lines config) which will not cause any ill side effects.

Additional Information

Further information on NCM Self Certification

 

NCM Self Certification Docs