Unbalanced flows after Check Point policy push

Article Id: 167959
Status: Published
Updated On: 13-05-2017 11:04
Legacy Id: TECH244145
Products:
XOS
Issue/Introduction:

In rare cases after a Check Point policy push, new flow distribution is unbalanced between VAP group members.Symptoms:

  • Chassis Resource Protection is enabled
  • Flow distribution becomes unbalanced after Check Point policy installation
  • The amount of processed flows is high
  • Uneven flow distribution persists over time  

Example:

CBS# swatch
(option 9 - flowsched.swc)




	 AP Slot    VAP Name    NP1 Flows  NP2 Flows  Tot Flows



	---------- ----------   ---------  ---------  ---------



	   5       fw_1            115096     119097     234193



	   6       fw_2            112226     116137     228363



	   7       fw_3            186797     214955     401752



	   8       fw_4            185602     211963     397565



	   9       fw_5            186012     211493     397505



	 



	Total                      785733     873645    1659378



Note the difference in the number of flows between fw_1/2 and fw_3/4/5.

                    

                



                

                    

                        Cause:
                    

                    

                        Problem:

Uneven new flow distribution which can lead to increased CPU and memory utilization on some vap-group members.
                    

                




                

                    

                        Resolution:
                    

                    

                       This problem is a known issue and is addressed in the following XOS versions:

  • 
		9.0.4
  • 
		9.5.6
  • 
		9.6.1



Workaround
Reloading all NPMs (even one by one) will resolve the issue.