SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.

Article:TECH54934  |  Created: 2007-01-24  |  Updated: 2007-01-24  |  Article URL http://www.symantec.com/docs/TECH54934
Article Type
Technical Solution

Product(s)

Environment

Issue



SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.

Solution




Sun Alert Notification
  • Sun Alert ID: 103023
  • Synopsis: Certain Solaris 8 and Solaris 9 Security Patches May Cause Lost Connectivity Over UDP or Poor Network Performance
  • Category: Availability
  • Product: Solaris 9 Operating System, Solaris 8 Operating System
  • BugIDs: 6561086
  • Avoidance: Patch
  • State: Resolved
  • Date Released: 02-Aug-2007, 24-Sep-2007
  • Date Closed: 24-Sep-2007
  • Date Modified: 07-Aug-2007, 18-Sep-2007, 24-Sep-2007

1. Impact
Certain Solaris 8 and Solaris 9 patches (116965-26, 114344-25, 116966-25 and 119435-15) on systems using IPv4 may cause reassembly of IP fragments to fail. This will result in poor network performance and may make systems unreachable over UDP.
Patches 116965-26, 114344-25, 116966-25 and 119435-15 have been WITHDRAWN and are no longer available on SunSolve.

2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
  • Solaris 8 with patch 116965-26 (or later) and without patch 116965-29
  • Solaris 9 with patch 114344-25 (or later) and without patch 114344-29
x86 Platform:
  • Solaris 8 with patch 116966-25 (or later) and without patch 116966-28
  • Solaris 9 with patch 119435-15 (or later) and without patch 119435-18
Notes:
  • Solaris 10 is not affected by this issue.
  • Communication over IPv6 is not impacted by this issue.
  • This issue only affects a system when a remote host communicates with the Solaris system with a fragmented datagram. To determine if the Solaris system has received any fragmented datagrams, check if the counter 'ipReasmReqds' has a non-zero value by running the following command:
     % /usr/bin/netstat -s | /usr/bin/egrep ipReasmReqds
  • This issue is more likely to occur when the network is under load.
  • Some operating systems are known to send the fragments in reverse order which also triggers the issue and causes a loss of connectivity for those connections.

3. Symptoms
Should the described issue occur, the counters 'icmpOutTimeExcds' and 'ipReasmFails' will have non-zero values, usually in two digits or more. To check these counters, the following command can be run:
   % /usr/bin/netstat  -s | /usr/bin/egrep 'icmpOutTimeExcds|ipReasmFails'


4. Relief/Workaround
There is no workaround for this issue. Please see the Resolution section below.

5. Resolution
This issue is addressed in the following releases:
SPARC Platform
  • Solaris 8 with patch 116965-29 or later
  • Solaris 9 with patch 114344-29 or later
x86 Platform
  • Solaris 8 with patch 116966-28 or later
  • Solaris 9 with patch 119435-18 or later



Legacy ID



293313


Article URL http://www.symantec.com/docs/TECH54934


Terms of use for this information are found in Legal Notices