33_N‐W Issue: Application_Down_Complain - Nirvan-Pandey/OCI_DOC GitHub Wiki

When an application team reports that an application is down, it is essential to methodically troubleshoot and resolve the issue. This guide provides a structured approach, with clear steps, to help diagnose and fix the issue

Step 1: Questionnaire to the Application Team

Start by gathering critical information from the application team to help narrow down the issue. The responses will guide the next steps in the troubleshooting process.

Questions to Ask:

  • Source IP Address: "Can you provide the source IP address or range from where you are trying to access the application?"

  • Target Server IP and Port:"What is the IP address of the target server and the port you are trying to reach?"

  • Error Message: Are you seeing any specific error messages when attempting to access the application?"

  • Application Availability: "Is the application accessible from other sources or is it down for everyone?"

  • Recent Changes: "Were there any recent changes made to the application, server, or network that could have affected access?"

Step 2: Validate Security Ingress Rules

The next step is to check the ingress security rules to ensure the required ports are open for traffic.

Actions:

  • Check if the necessary ports are allowed in the security list:

  • Ensure that the required port (e.g., port 22 for SSH, port 80 for HTTP) is open in the Security List.

  • Validate that the source IP or CIDR range from which the application team is trying to access the server is allowed in the Security List ingress rules.

  • Check Subnet CIDR Range:

Verify that the source IP’s subnet CIDR range is included in the security list’s ingress rules. For example, ensure the source IP is within the range allowed for the subnet.

Step 3: Validate Egress Rules

Once the ingress rules are verified, check the egress rules to ensure outgoing traffic is not restricted.

Actions:

  • Check Egress Rules for the Security List:

    Verify whether the security list allows outgoing traffic to the destination IP.

    If the destination is specific, ensure that the egress rules permit traffic to the specific IP.

  • Check Egress Rules for the Subnet:

    Ensure that outgoing traffic to the specific IP or the entire range is allowed.

Step 4: Check Server Firewall Settings (firewalld or Server-Level Firewall)

After confirming that the network-level rules are correct, move to the server-level firewall to verify that traffic is not being blocked.

Actions:

  • Check if the server firewall (firewalld) is active
systemctl status firewalld
  • If it is active, check the firewall configuration to ensure that the necessary ports are open.
 firewall-cmd --list-all
  • Check whether the port the application uses is open. If not, allow it using:
firewall-cmd --permanent --zone=public --add-port=<port_number>/tcp

Step 5: Check If the Application is Listening

If the firewall configuration is correct and no issues were found in the network or firewall rules, the next step is to check whether the application is listening on the required port.

Actions:

  • Check if the application is listening on the network:
netstat -plan| grep -i <port_number>

If you see the application listening on the port, this confirms that the application is accepting connections.

  • If the application is not listening:

If the application is not listening on the required port, the issue is not related to networking, and it should be escalated to the application team for further investigation.

Step 6: Final Diagnosis and Resolution

Once all checks are completed, provide a summary of the findings.

Actions:

  • Report Findings: If all network, security, and server configurations are correct and the application is not listening, conclude that the issue is with the application itself and not the network.

  • Escalate to Application Team: If the application is not listening on the required port, notify the application team with detailed information about the findings.

Conclusion

By following this systematic approach, you can efficiently identify and resolve application connectivity issues. Always start by verifying network configurations and firewall rules, then check server settings, and finally, confirm whether the application is listening for incoming connections. If the issue persists, escalate it to the application team for resolution.