Validation Checks

NetQ collects data that validates the health of your network fabric, devices, and interfaces. You can create and run validations with either the NetQ UI or the NetQ CLI. The number of checks and the type of checks are tailored to the particular protocol or element being validated.

Use the value in the Test Number column in the tables below with the NetQ CLI when you want to include or exclude specific tests with the netq check command. You can get the test numbers by running the netq show unit-tests command.

NetQ Agent Validation Tests

NetQ Agent validation looks for an agent status of Rotten for each node in the network. A Fresh status indicates the Agent is running as expected. The Agent sends a heartbeat every 30 seconds, and if it does not send three consecutive heartbeats, its status changes to Rotten.

Test NumberTest NameDescription
0Agent HealthChecks for nodes that have failed or lost communication

Addresses Validation Tests

The duplicate address detection validation tests look for duplicate IPv4 and IPv6 addresses assigned to interfaces across devices in the inventory, and check for duplicate /32 host routes in each VRF.

Test NumberTest NameDescription
0IPv4 Duplicate AddressesChecks for duplicate IPv4 addresses
1IPv6 Duplicate AddressesChecks for duplicate IPv6 addresses

BGP Validation Tests

The BGP validation tests look for indications of the session sanity (status and configuration).

Test NumberTest NameDescription
0Session EstablishmentChecks that BGP sessions are in an established state
1Address FamiliesChecks if transmit and receive address family advertisement is consistent between peers of a BGP session
2Router IDChecks for BGP router ID conflict in the network
3Hold TimeChecks for mismatch of hold time between peers of a BGP session
4Keep Alive IntervalChecks for mismatch of keep alive interval between peers of a BGP session
5Ipv4 Stale Path TimeChecks for mismatch of IPv4 stale path timer between peers of a BGP session
6IPv6 Stale Path TimeChecks for mismatch of IPv6 stale path timer between peers of a BGP session
7Interface MTUChecks for consistency of interface MTU for BGP peers

Cumulus Linux Version Tests

The Cumulus Linux version tests looks for version consistency.

Test NumberTest NameDescription
0Cumulus Linux Image VersionChecks the following:
  • No version specified, checks that all switches in the network have consistent version
  • match-version specified, checks that a switch’s OS version is equals the specified version
  • min-version specified, checks that a switch’s OS version is equal to or greater than the specified version

EVPN Validation Tests

The EVPN validation tests look for indications of the session sanity and configuration consistency.

Test NumberTest NameDescription
0EVPN BGP SessionChecks if:
  • BGP EVPN sessions are established
  • The EVPN address family advertisement is consistent
1EVPN VNI Type ConsistencyBecause a VNI can be of type L2 or L3, checks that for a given VNI, its type is consistent across the network
2EVPN Type 2Checks for consistency of IP-MAC binding and the location of a given IP-MAC across all VTEPs
3EVPN Type 3Checks for consistency of replication group across all VTEPs
4EVPN SessionFor each EVPN session, checks if:
  • adv_all_vni is enabled
  • FDB learning is disabled on tunnel interface
5VLAN ConsistencyChecks for consistency of VLAN to VNI mapping across the network
6VRF ConsistencyChecks for consistency of VRF to L3 VNI mapping across the network
7L3 VNI RMACChecks L3 VNI router MAC and SVI

Interface Validation Tests

The interface validation tests look for consistent configuration between two nodes.

Test NumberTest NameDescription
0Admin StateChecks for consistency of administrative state on two sides of a physical interface
1Oper StateChecks for consistency of operational state on two sides of a physical interface
2SpeedChecks for consistency of the speed setting on two sides of a physical interface
3AutonegChecks for consistency of the auto-negotiation setting on two sides of a physical interface

The link MTU validation tests look for consistency across an interface and appropriate size MTU for VLAN and bridge interfaces.

Test NumberTest NameDescription
0Link MTU ConsistencyChecks for consistency of MTU setting on two sides of a physical interface
1VLAN interfaceChecks if the MTU of an SVI is no smaller than the parent interface, subtracting the VLAN tag size
2Bridge interfaceChecks if the MTU on a bridge is not arbitrarily smaller than the smallest MTU among its members

MLAG Validation Tests

The MLAG validation tests look for misconfigurations, peering status, and bond error states.

Test NumberTest NameDescription
0PeeringChecks if:
  • MLAG peerlink is up
  • MLAG peerlink bond slaves are down (not in full capacity and redundancy)
  • Peering is established between two nodes in a MLAG pair
1Backup IPChecks if:
  • MLAG backup IP configuration is missing on a MLAG node
  • MLAG backup IP is correctly pointing to the MLAG peer and its connectivity is available
2CLAG SysmacChecks if:
  • MLAG Sysmac is consistently configured on both nodes in a MLAG pair
  • Any duplication of a MLAG sysmac exists within a bridge domain
3VXLAN Anycast IPChecks if the VXLAN anycast IP address is consistently configured on both nodes in an MLAG pair
4Bridge MembershipChecks if the MLAG peerlink is part of bridge
5Spanning TreeChecks if:
  • STP is enabled and running on the MLAG nodes
  • MLAG peerlink role is correct from STP perspective
  • The bridge ID is consistent between two nodes of a MLAG pair
  • The VNI in the bridge has BPDU guard and BPDU filter enabled
6Dual HomeChecks for:
  • MLAG bonds that are not in dually connected state
  • Dually connected bonds have consistent VLAN and MTU configuration on both sides
  • STP has consistent view of bonds' dual connectedness
7Single HomeChecks for:
  • Singly connected bonds
  • STP has consistent view of bond’s single connectedness
8Conflicted BondsChecks for bonds in MLAG conflicted state and shows the reason
9ProtoDown BondsChecks for bonds in protodown state and shows the reason
10SVIChecks if:
  • Both sides of a MLAG pair have an SVI configured
  • SVI on both sides have consistent MTU setting

NTP Validation Tests

The NTP validation test looks for poor operational status of the NTP service.

Test NumberTest NameDescription
0NTP SyncChecks if the NTP service is running and in sync state

OSPF Validation Tests

The OSPF validation tests look for indications of the service health and configuration consistency.

Test NumberTest NameDescription
0Router IDChecks for OSPF router ID conflicts in the network
1AdjacencyChecks or OSPF adjacencies in a down or unknown state
2TimersChecks for consistency of OSPF timer values in an OSPF adjacency
3Network TypeChecks for consistency of network type configuration in an OSPF adjacency
4Area IDChecks for consistency of area ID configuration in an OSPF adjacency
5Interface MTUChecks for MTU consistency in an OSPF adjacency
6Service StatusChecks for OSPF service health in an OSPF adjacency

RoCE Validation Tests

The RoCE validation tests look for consistent RoCE and QoS configurations across nodes.

Test NumberTest NameDescription
0RoCE ModeChecks whether RoCE is configured for lossy or lossless mode
1ClassificationChecks for consistency of DSCP, service pool, port group, and traffic class settings
2Congestion ControlChecks for consistency of ECN and RED threshold settings
3Flow ControlChecks for consistency of PFC configuration for RoCE lossless mode
4ETSChecks for consistency of Enhanced Transmission Selection settings

Sensor Validation Tests

The sensor validation tests looks for chassis power supply, fan, and temperature sensors that are in a bad state.

Test NumberTest NameDescription
0PSU sensorsChecks for power supply unit sensors that are not in ok state
1Fan sensorsChecks for fan sensors that are not in ok state
2Temperature sensorsChecks for temperature sensors that are not in ok state

VLAN Validation Tests

The VLAN validation tests look for configuration consistency between two nodes.

Test NumberTest NameDescription
0Link Neighbor VLAN ConsistencyChecks for consistency of VLAN configuration on two sides of a port or a bond
1CLAG Bond VLAN ConsistencyChecks for consistent VLAN membership of a CLAG (MLAG) bond on each side of the CLAG (MLAG) pair

VXLAN Validation Tests

The VXLAN validation tests look for configuration consistency across all VTEPs.

Test NumberTest NameDescription
0VLAN ConsistencyChecks for consistent VLAN to VXLAN mapping across all VTEPs
1BUM replicationChecks for consistent replication group membership across all VTEPs

Disabling Validation Checks in the NetQ UI

You can disable validation checks to suppress known events from affecting the reported network health. To disable a validation check:

  1. Open the validation dashboard by selecting Validation and Show all scheduled validations.
  1. Select the icon on the card for the desired validation and select Disable validation. Validation checks can be enabled from the same menu.
validation card presenting option to disable validation