Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PA HA - "ping timeout & "No buffer space issue"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA HA - "ping timeout & "No buffer space issue"

L2 Linker

Hi,

 

There are some error logs showing on output of "less mp-log ha_agent.log" in PA cli. Just want to understand what can be the root cause of the error logs.

 

Presently was are not using mgmt interface as HA1 backup, not sure why below error log is coming:

"2021-05-17 23:10:11.338 +0400 Error:  ha_ping_peer_miss(src/ha_ping.c:756): Missed 1 ping timeouts out of 3 (mgmt)"

"2021-05-17 23:10:15.339 +0400 Error:  ha_ping_peer_miss(src/ha_ping.c:756): Missed 1 ping timeouts out of 3 (mgmt)"

 

Need to know what can be cause of this error logs:

"2021-05-23 10:20:26.833 +0400 Error: ha_ping_send(src/ha_ping.c:598): Unable to send icmp packet:(errno: 105) No buffer space available"
2021-05-23 10:20:27.834 +0400 Error: ha_ping_send(src/ha_ping.c:598): Unable to send icmp packet:(errno: 105) No buffer space available"

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello

 

For the ping command, it appears that HA1 is not completing all of its pings.

For the no-bufffer, it seems like the FW is out of resources.

 

My suggestion is to be a reboot of the FW to see if this resolves one or both issues.

 

Let us know.

Help the community: Like helpful comments and mark solutions

Thanks for the response.

 

One query, just for clarification - 

 

We are presently not using Mgmt interface on HA1 backup, not sure why below error message is showing "mgmt". Is it like, HA ping is getting initiated over mgmt interface.

 

"2021-05-17 23:10:11.338 +0400 Error:  ha_ping_peer_miss(src/ha_ping.c:756): Missed 1 ping timeouts out of 3 (mgmt)"

"2021-05-17 23:10:15.339 +0400 Error:  ha_ping_peer_miss(src/ha_ping.c:756): Missed 1 ping timeouts out of 3 (mgmt)"

 

@preetpk 

 

HA1 uses there dedicated link to make sure both peers are up.

Which firewall model you have?

Are you using HA1 backup link also?

 

I will check the HA1 connection on both firewalls for any physical issues first?

Do you have high DP CPU?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

L6 Presenter

I have had similar issues with the heartbeat backup and on the higher end devices with dedicated HA ports it is not needed. This why MP18 ask what is your platform.

 

 

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-links-and...

 

https://live.paloaltonetworks.com/t5/best-practice-assessment-device/high-availability-ha-heartbeat-...

 

 

 

 

This is my article where I asked similar questions like you. You may review it (expecially the info for bug PAN-114648😞

 

 

https://live.paloaltonetworks.com/t5/general-topics/palo-alto-7000-heartbeat-backup-icmp-fail/m-p/38...

 

  • 3556 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!