Support Center > Search Results > SecureKnowledge Details
Security Gateway on Gaia OS with configured Dynamic Routing and ECMP might freeze when an interface is added/removed
Symptoms

  • Security Gateway / Cluster member might freeze in the following scenarios:

    • After adding a new VPN Tunnel Interface "vpnt"
    • After disconnecting all cables from Bond interface on the VSX Virtual Router (reconnecting the cables does not help)
    • After administratively bringing the VSX cluster member "down" with "clusterXL_admin down" command

  • Output of "top" command shows that after the above operations, RouteD daemon starts consuming the CPU at 100%, and several seconds later, Security Gateway / Cluster member freezes.

  • /var/log/messages file shows for the time of the freeze: 
    kernel: BUG: soft lockup - CPU#0 stuck for 10s! [routed:<PID>] 
kernel:
kernel: Pid: <PID>, comm: routed
kernel: EIP: ... 
kernel: EIP is at fib_create_info+...
Cause

Issue might occur when performing an operation on an unnumbered interface (such as wrp, vpnt, etc), or if an unnumbered interface (such as wrp, vpnt, etc) is affected, in an environment with configured Dynamic Routing and ECMP (equal cost multipath).

Issue occurs after an operation that makes a dynamic routing protocol running in the Security Gateway to recalculate its routes and consider a route with more than one next hop - such as when an unnumbered interface is added/removed.


Solution
 Note: To view this solution you need to Sign In .