After triggering an upgrade to SSP 5.1.1, some Bare Metal Servers (BMS) may stop collecting statistics for Distributed Firewall (DFW) rule hits. This prevents traffic visibility and reporting for the affected nodes.

vDefend SSP 5.1.1

Bare Metal Server installed on any supported Linux distribution.

The issue is caused by a race condition between the metrics-client and ovs-vswitchd processes:

1. The metrics-client pulls statistics from ovs-vswitchd, which processes data from the OVS kernel module.

2. If the metrics-client is actively fetching data when the connection breaks (due to processes being killed and restarted during the upgrade), it may enter a "stuck" state while waiting for a response.

3. Since ovs-vswitchd has restarted, the previous request is never fulfilled. The metrics-client remains in this state and fails to initiate new cycles.

Log Evidence: You will see the following repetitive log entry (approximately every 60 seconds) in the metrics-client logs: "Last stats cycle with OVS not done."

This issue is scheduled to be resolved in a future release of vDefend SSP.

Workaround: To restore statistics collection, manually restart the vdefend-metrics service on the affected Bare Metal Server by running the following command:

systemctl restart vdefend-metrics.service