Unbalanced flows after Check Point policy push
Article ID: 167959
Updated On:
Products
XOS
Issue/Introduction
In rare cases after a Check Point policy push, new flow distribution is unbalanced between VAP group members.Symptoms:
Example:
CBS# swatch
(option 9 - flowsched.swc)
Note the difference in the number of flows between fw_1/2 and fw_3/4/5.
- Chassis Resource Protection is enabled
- Flow distribution becomes unbalanced after Check Point policy installation
- The amount of processed flows is high
- Uneven flow distribution persists over time
Example:
CBS# swatch
(option 9 - flowsched.swc)
AP Slot VAP Name NP1 Flows NP2 Flows Tot Flows
---------- ---------- --------- --------- ---------
5 fw_1 115096 119097 234193
6 fw_2 112226 116137 228363
7 fw_3 186797 214955 401752
8 fw_4 185602 211963 397565
9 fw_5 186012 211493 397505
Total 785733 873645 1659378
Note the difference in the number of flows between fw_1/2 and fw_3/4/5.
Cause
Problem:
Uneven new flow distribution which can lead to increased CPU and memory utilization on some vap-group members.
Uneven new flow distribution which can lead to increased CPU and memory utilization on some vap-group members.
Resolution
This problem is a known issue and is addressed in the following XOS versions:
- 9.0.4
- 9.5.6
- 9.6.1
Workaround
Reloading all NPMs (even one by one) will resolve the issue.Feedback
Yes
No
Powered by
