Security Gateway on Gaia OS with configured Dynamic Routing and ECMP might freeze when an interface is added/removed

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk107418
Technical Level
Product	Quantum Security Gateways, ClusterXL, Cluster - 3rd party, VSX
Version	R75.40 (EOL), R75.40VS (EOL), R75.45 (EOL), R75.46 (EOL), R75.47 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL)
OS	Gaia
Platform / Model	All
Date Created	23-Aug-2015
Last Modified	21-May-2017

Symptoms

Security Gateway / Cluster member might freeze in the following scenarios:
- After adding a new VPN Tunnel Interface "vpnt"
- After disconnecting all cables from Bond interface on the VSX Virtual Router (reconnecting the cables does not help)
- After administratively bringing the VSX cluster member "down" with "clusterXL_admin down" command
Output of "top" command shows that after the above operations, RouteD daemon starts consuming the CPU at 100%, and several seconds later, Security Gateway / Cluster member freezes.

/var/log/messages file shows for the time of the freeze:

kernel: BUG: soft lockup - CPU#0 stuck for 10s! [routed:<PID>] 
kernel:
kernel: Pid: <PID>, comm: routed
kernel: EIP: ... 
kernel: EIP is at fib_create_info+...

Cause

Issue might occur when performing an operation on an unnumbered interface (such as wrp, vpnt, etc), or if an unnumbered interface (such as wrp, vpnt, etc) is affected, in an environment with configured Dynamic Routing and ECMP (equal cost multipath).

Issue occurs after an operation that makes a dynamic routing protocol running in the Security Gateway to recalculate its routes and consider a route with more than one next hop - such as when an unnumbered interface is added/removed.

Solution

Note: To view this solution you need to Sign In .