HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0

L1 Bithead

Hi Guys,

Just encountered a failure on 4000 in an HA setup.

First error is tasks: DP packet descriptor leak detected on slot 1 dp0

HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0

HA Group 1: Moved from Active to state Non-Functional.

Running  recently upgraded to 5.0.12.

Has anyone seen something this or something similar? It seems even after a restart of the firewalls that the problem is still there.

LAN is connected to H3C switches and the Untrust is connected to HP Procurve switches.

No arp entry for the firewall on H3C for LAN IP of the firewall

Had to reboot Internet switch to get everything back up and running.

Opened a case with PAN support as well but wanted to ask here in case someone's seen it.

Thanks so much

Chris

1 accepted solution

Accepted Solutions

Hi Numan,

Support finally figured out that the issue is due to an inter-vr routing loop. The problem is that the network processor kept processing the packet and eventually ran out of resources which causes dp restarts and other odd behaviour in the firewall. I was told that in version 6.04 slated to be released at the end of the month, the processing will be offloaded to the data plane and then it will be stopped. A very interesting problem that took about a month to resolve but I'm glad that we've made progress. For now, we use static routes with higher admin distance as a workaround. Thanks

View solution in original post

3 REPLIES 3

L5 Sessionator

Hi Chris,


As i recall similar issue has been seen and are fixed in 6.0.x code.

Here is the bug detail from the release notes of 6.0.x

56107—Addressed dataplane restarts that occurred intermittently on the PA-3000 Series devices deployed in an HA configuration.

Thank you

Numan

Hi Numan,

Support finally figured out that the issue is due to an inter-vr routing loop. The problem is that the network processor kept processing the packet and eventually ran out of resources which causes dp restarts and other odd behaviour in the firewall. I was told that in version 6.04 slated to be released at the end of the month, the processing will be offloaded to the data plane and then it will be stopped. A very interesting problem that took about a month to resolve but I'm glad that we've made progress. For now, we use static routes with higher admin distance as a workaround. Thanks

L7 Applicator

Thanks for sharing the final answer.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1 accepted solution
  • 9849 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!