Virtual services are scaling out and in at a rapid pace
Article ID: 373716
Updated On:
Products
Issue/Introduction
Service Engines continuously being marked down (SE_DOWN) with reason "Avi Service Engine Failed, " leading to constant virtual service scale in and scale out operations. This service engine crashing occurred after enabling async_ssl on the Service Engine Group and having pools with TLS persistence profiles.
Environment
Affects versions 22.1.x, 30.1.x, 30.2.x
Cause
A conflict in the code was identified with two process threads accessing the same variables leading to memory corruption. The cause of this conflict is due to TLS session ID persistence and async_ssl enabled in the same system.
It was confirmed TLS persistence and async_ssl is not supported at this time.
Resolution
Configuration must-checks will be added to prevent such configuration in the next GA releases. At this time there are no plans to support TLS persistence and async_ssl on any version.
The workaround is to remove any TLS persistence profiles from pool configurations before enabling async_ssl on the SE Group.
Steps: Navigate to Applications > Pools > Edit the Pool (pencil) > Under Profiles/Policies and Persistence Profile Remove "System-Persistence-TLS" > Save
Additional Information
Documentation will be updated to mention async_ssl is not supported with TLS persistence.
Feedback
