SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.
| Article:TECH54934 | | | Created: 2007-01-24 | | | Updated: 2007-01-24 | | | Article URL http://www.symantec.com/docs/TECH54934 |
Problem
SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.
Solution
Sun Alert
Notification
- Sun Alert ID: 103023
- Synopsis: Certain Solaris 8 and Solaris 9 Security Patches May Cause Lost Connectivity Over UDP or Poor Network Performance
- Category: Availability
- Product: Solaris 9 Operating System, Solaris 8 Operating System
- BugIDs: 6561086
- Avoidance: Patch
- State: Resolved
- Date Released: 02-Aug-2007, 24-Sep-2007
- Date Closed: 24-Sep-2007
- Date Modified: 07-Aug-2007, 18-Sep-2007, 24-Sep-2007
1.
Impact
Certain Solaris
8 and Solaris 9 patches (116965-26, 114344-25, 116966-25
and 119435-15) on systems using IPv4 may cause reassembly of IP fragments
to fail. This will result in poor network performance and may make systems
unreachable over UDP.
Patches
116965-26, 114344-25, 116966-25 and 119435-15 have
been WITHDRAWN and are no longer available on SunSolve.
2.
Contributing Factors
This issue can
occur in the following releases:
SPARC
Platform:
- Solaris 8 with patch 116965-26 (or later) and without patch 116965-29
- Solaris 9 with patch 114344-25 (or later) and without patch 114344-29
x86
Platform:
- Solaris 8 with patch 116966-25 (or later) and without patch 116966-28
- Solaris 9 with patch 119435-15 (or later) and without patch 119435-18
Notes:
- Solaris 10 is not affected by this issue.
- Communication over IPv6 is not impacted by this issue.
- This issue only affects a system when a remote host communicates with the Solaris system with a fragmented datagram. To determine if the Solaris system has received any fragmented datagrams, check if the counter 'ipReasmReqds' has a non-zero value by running the following command:
%
/usr/bin/netstat -s | /usr/bin/egrep ipReasmReqds
- This issue is more likely to occur when the network is under load.
- Some operating systems are known to send the fragments in reverse order which also triggers the issue and causes a loss of connectivity for those connections.
3.
Symptoms
Should the
described issue occur, the counters 'icmpOutTimeExcds' and 'ipReasmFails' will
have non-zero values, usually in two digits or more. To check these counters,
the following command can be run:
% /usr/bin/netstat -s |
/usr/bin/egrep 'icmpOutTimeExcds|ipReasmFails'
4.
Relief/Workaround
There is no
workaround for this issue. Please see the Resolution section below.
5.
Resolution
This issue is
addressed in the following releases:
SPARC
Platform
- Solaris 8 with patch 116965-29 or later
- Solaris 9 with patch 114344-29 or later
x86
Platform
- Solaris 8 with patch 116966-28 or later
- Solaris 9 with patch 119435-18 or later
|
|
Legacy ID
293313
Article URL http://www.symantec.com/docs/TECH54934
Terms of use for this information are found in Legal Notices
Thank you.