05-27-2014 10:36 AM
Hi Guys,
Just encountered a failure on 4000 in an HA setup.
First error is tasks: DP packet descriptor leak detected on slot 1 dp0
HA Group 1: Dataplane is down: packet descriptor leak detected on slot 1 dp0
HA Group 1: Moved from Active to state Non-Functional.
Running recently upgraded to 5.0.12.
Has anyone seen something this or something similar? It seems even after a restart of the firewalls that the problem is still there.
LAN is connected to H3C switches and the Untrust is connected to HP Procurve switches.
No arp entry for the firewall on H3C for LAN IP of the firewall
Had to reboot Internet switch to get everything back up and running.
Opened a case with PAN support as well but wanted to ask here in case someone's seen it.
Thanks so much
Chris
07-15-2014 11:28 AM
Hi Numan,
Support finally figured out that the issue is due to an inter-vr routing loop. The problem is that the network processor kept processing the packet and eventually ran out of resources which causes dp restarts and other odd behaviour in the firewall. I was told that in version 6.04 slated to be released at the end of the month, the processing will be offloaded to the data plane and then it will be stopped. A very interesting problem that took about a month to resolve but I'm glad that we've made progress. For now, we use static routes with higher admin distance as a workaround. Thanks
05-29-2014 08:31 AM
Hi Chris,
As i recall similar issue has been seen and are fixed in 6.0.x code.
Here is the bug detail from the release notes of 6.0.x
56107—Addressed dataplane restarts that occurred intermittently on the PA-3000 Series devices deployed in an HA configuration.
Thank you
Numan
07-15-2014 11:28 AM
Hi Numan,
Support finally figured out that the issue is due to an inter-vr routing loop. The problem is that the network processor kept processing the packet and eventually ran out of resources which causes dp restarts and other odd behaviour in the firewall. I was told that in version 6.04 slated to be released at the end of the month, the processing will be offloaded to the data plane and then it will be stopped. A very interesting problem that took about a month to resolve but I'm glad that we've made progress. For now, we use static routes with higher admin distance as a workaround. Thanks
07-15-2014 02:01 PM
Thanks for sharing the final answer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
