Guest

Preview Tool

Cisco Bug: CSCuj99176 - Make ASA-SSM cplane keepalives more tolerable to communication delays

Last Modified

Nov 09, 2020

Products (2)

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

8.2(5.41) 9.0 9.1

Description (partial)

Symptom:
This is a request to make protocol that is used between ASA and SSM/SSP IPS modules more tolerable to communication delays caused by increased CPU load and other such factors. This will prevent unexpected failover from happening. Holdtime for control plane keepalives should be configurable, similar to failover unit polling holdtime and interface monitoring holdtime.

Conditions:
All ASA versions do not allow to configure holdtime for ASA - SSM/SSP control plane keepalives. Also, it is not possible to exclude SSM/SSP modules from failover checks (CSCsm81086).

The following errors can be seen in IPS main.log file when ASA closes control plane connection if it cannot receive keepalives from IPS module:

mainApp[1843] cplane/E Error during socket read: errno 104 return -1

ASA produces the following syslog in this case:

%ASA-3-323001: Module in slot 1 experienced a control channel communications failure.

Related Community Discussions

ASA 5515-x + Active/Active + CX Module
Somewhere in upgrading to ASA code 9.1.4 and CX code 9.2.1.2 (52) we've run into a known and as yet still open bug (CSCud54665).  The symptom that we experienced was frequent failover back and forth due to 'Service card in other unit has failed'.  This continued for a couple of days until finally we had to bypass the CX modules altogether. While I wait for the bug to (hopefully) be resolved, has anyone come across this?  Is there a better workaround than turning off the CX modules (ie we're not logging ...
Latest activity: Jul 06, 2019
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.