Performance Manager Inquiry - SNMP polling of PaloAlto devices

book

Article ID: 197047

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

The PaloAlto vendor has reported that a bug has been discovered on the PaloAlto platform that is triggered when SNMP requests are sent with a request-id value of '0'.  This can result in high memory utilization on the target device.  Are any known scenarios where Performance Manager would send an SNMP request to a managed PaloAlto device where the request-id will have a value '0'. Bug details are below:

Issue ID Platform Affected Version Target Version Verified In Jira Issue Summary TAC Analysis Trigger Impact Workarounds
PAN-130357 All 8.1+     PA-200 Multiple processes (devsrvr,dnsproxyd,useridd,appweb3 etc) invoking OOM, SNMPD memory leak 11MB/day SNMPD may experience a memory leak if the incoming query has the request-id field set to 0. Memory pressure may cause OOM condition on PA-200 or low end PA-VM, but leak impacts all platforms. SNMP request with request-id field set to 0. SNMPD memory leak. Potential OOM condition on lower end platforms. If possible, avoid having request-id set to 0 in SNMP queries.
 

Environment

NetOps Performance Management 19.3

 

Resolution

There is no storing/generating of request-id in our code, so the request-id is inside SNMP4j.  SNMP4j is the third party java lib we use for all SNMP communication to devices.  Performance Management only provide the OIDs and get back the data from the responses.