CAVEAT CSCeb77354 for signature release IDSK9-sp-3.1-4-S50
CAVEAT for signature release IDSK9-sp-3.1-4-S50
- CSCeb77354: Daemons not running after approx 20 hours
Symptom: Some daemons, e.g. filexferd, loggerd, sapd, packetd, may not be
running on a 3.1(4) sensor.
The 3.1(4) sensor is in an oversubscribed condition for an extended period of time. During this oversubscribed environment, packetd uses more and more resources (CPU and RAM) until essentially allavailable resources are being utilized. As a result, postofficed may be unable (due to all available resources being used by packetd) to communicate with other daemons. A watchdog process attempts to restart those daemons. But, the inability to communicate (due to all available resources being used by packetd with those daemons prevents them from being restarted.
Reduce the amount of traffic being directed to the sensor. execute nrstop followed by nrstart.
What would you describle as an oversubscribed environment?
At what point has this bug been reproduced (events/sec) ?
Re: CAVEAT CSCeb77354 for signature release IDSK9-sp-3.1-4-S50
As far as I'm aware, this symptom has only been observed during development testing of the 3.1(4)S50 service pack on the 4250-TX platform. This symptom was observed on a 4250-TX after approximately 20 consecutive hours of monitoring steady 300 Mbps and 3000 connections per second of "background", i.e. contained no attacks, web traffic.
The symptom observed was that not all the daemons were reported after executing the nrstatus command on the sensor appliance. Additionally, the nrvers command reported problems communicating with some daemons. See below for an example of this symptom:
***** nrstatus and nrvers output when daemons running:
If you're seeing this symptom and the rate of monitored traffic cannot be reduced, you can disable the daemon restart, i.e. watchdog, process. This will prevent the watchdog process from attempting to stop/re-start daemons that aren't responding to the watchdog queries.
To disable the watchdog process, you'll need to set the number of process restarts to zero. To do this, edit the file /usr/nr/etc/postofficed.conf on your sensor. Change the value for the WatchDogNumProcessRestarts from 3 to 0. For example, change as follows:
Note: Setting the number of daemon restarts to zero is not recommended unless you're seeing the symptom, because it will prevent daemon restarts regardless of why the daemon stopped running. For example, if a daemon stops running for any reason, that daemon would not be restarted automatically; someone would need to manually do a restart on that sensor.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...