Flows dropped due to Load Balance Failure

book

Article ID: 167843

calendar_today

Updated On:

Products

XOS

Issue/Introduction

In a rare condition flows may be dropped by NPM even though the APM is in "Active" state.This article covers a rare condition, where the new flows may be dropped by NPM with "Load-balance failed" reason. Following has to be met in order to qualify for the Solution in this KB Article:
  • the issue is more likely to happen on vap-groups consisting of a single APM only
  • APM is in the "Active" state
  • "ps aux | grep cbsflowagentd" on the affected APM shows that there is no daemon with this name running there
  • new flows to the affected vap-group are dropped and the output of the active flow table is similar to the following:
CBS# show flow active
Module                     Source                Destination       Prot   Dom    TTI/MAX
np2                   10.0.0.1:1227             192.168.1.1:53       17     1  00:12/00:15
Drop(Load-balance failed)
rx circuit 1032 Master np1 Fast Path Y TCP state No validation rx packets 0 

np2                   10.0.0.1:1228             192.168.1.2:53       17     1  00:12/00:15
Drop(Load-balance failed)
rx circuit 1032 Master np2 Fast Path Y TCP state No validation rx packets 0 


 

Cause

The cbsflowagentd daemon (normally running on all VAPs) is responsible for reporting the utilization of the APM to the CPM. If this daemon isn't running, balancing new flows to the VAP will fail.

Resolution

The issue has been addressed in XOS V10.0, V9.6.8 and V9.7.3:

ID 102325 Corrected an issue in which the daemon (cbsflowagentd) responsible for IP flow updates between APM and CPM could restart after receiving an error.

If you're running an older XOS release, please either upgrade XOS or contact Blue Coat Technical Support to obtain a patch.

Workaround

Run the following command on the affected VAP to restart the daemon:

fw_1 (CBS): ~# service cbsflowagentd restart