Software packet buffer depletion

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Software packet buffer depletion

L2 Linker

We're currently observing something quite interesting:
On our highly oversized PA-5050 firewall, software packet buffer 0 is, for several hours a day exhausted.


This is the platform (pair that runs in High Avalailability A/P):
family: 5000
model: PA-5050
sw-version: 7.0.4


This is the anomaly:

> debug dataplane pool statistics

Software Pools
[ 0] software packet buffer 0 ( 512): 1/32768 0x8000000020c00680
[ 1] software packet buffer 1 ( 1024): 23178/32768 0x8000000021c20780
[ 2] software packet buffer 2 ( 2048): 31775/32768 0x8000000023c40880
[ 3] software packet buffer 3 (33280): 24528/24576 0x8000000027c60980
[ 4] software packet buffer 4 (66048): 304/304 0x8000000058878a80
[17] FPTCP segs ( 16): 6703/49152 0x80000000d8f68a80

The load on the firewall is minimal:

> show session info
Number of sessions supported: 2000000
Number of active sessions: 38996
Number of active TCP sessions: 29985
Number of active UDP sessions: 8434
Number of active ICMP sessions: 273
Number of active BCAST sessions: 0
Number of active MCAST sessions: 0
Number of active predict sessions: 774
Session table utilization: 1%
Number of sessions created since bootup: 355140861
Packet rate: 16892/s
Throughput: 54252 kbps
New connection establish rate: 760 cps

Anyone else seeing something similar ?

(and yes, case has been opened with PAN-support)


Nah... Don't like the hotfix solutions, still 7.0.4.

And since neither 7.0.5 or 7.0.5-h2 has any description of a fix for this particular...anomaly, we haven't bothered.

Hi Dulle,


If I may offer my opinion (IMHO): hotfix or not hotfix, this is regular update (it is called hotfix because it just patched up a thing or two on 7.0.5 that was already ready to go out). It does fix important issues that weren't described in much detail in release notes so that users that did not have a chance to update yet aren't fully exposed. Describing how you fixed the issue that isn't publicly known is particularly touchy subject, isn't it? If you are taking care of thousands and thousands of users as PAN - if this was academic discussion by all means I would like to see full details, but since we are dealing with real world and trying to protect people in real time - I can understand PAN reasons to disclose as little as possible at this time but publish patches. That being said, if vendor says something is critical, I patch (iPatch?), even my own phone 🙂


Best regards

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!