Guest

Preview Tool

Cisco Bug: CSCuw32937 - NBAR: memory leak in NBAR CP when AVC is active

Last Modified

Feb 19, 2018

Products (92)

  • Cisco IOS
  • Cisco 888W Integrated Services Router
  • Cisco 892W Integrated Services Router
  • Cisco 886VA-CUBE Integrated Services Router
  • Cisco 861W Integrated Services Router
  • Cisco VG204XM Analog Voice Gateway
  • Cisco 819 Hardened Integrated Services Router
  • Cisco C897VA Integrated Services Router
  • Cisco C892FSP Integrated Services Router
  • Cisco 2951 Integrated Services Router
View all products in Bug Search Tool Login Required

Known Affected Releases

15.5(3)M

Description (partial)

Symptom:
Memory leak of ~1MB per day in NBAR control-plane.

Conditions:
1) NBAR is enabled. To check this 
   #show ip nbar control-plane | inc NBAR state
If you see this line, NBAR is enabled:
   NBAR state is ACTIVATED

2) NBAR auto-custom is enabled. The check this do:
   #show running-config all | inc auto-custom
if you see either line, it is enabled.
   ip nbar auto-custom top-hosts
   ip nbar auto-custom top-ports

3) AVC monitor is attached to an interface, example below:

flow record per-tr-monitor-record
 match connection id
 collect ipv4 source address
 collect ipv4 destination address
 collect transport source-port
 collect transport destination-port
 collect counter bytes long
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
 collect application name
 collect flow end-reason
 collect connection initiator
 collect application http uri statistics
 collect application smtp server
 collect application smtp sender
 collect application http url
 collect application http host
 collect application http user-agent
 collect application http referer
 collect application pop3 server
 collect application nntp group-name
 collect application rtsp host
 collect application sip destination
 collect application sip source
 collect application ssl common-name
 collect ipv4 protocol
!
!
flow monitor per-tr-monitor
 cache timeout event transaction-end
 record per-tr-monitor-record
!


interface GigabitEthernet1/2/1
 ip nbar protocol-discovery
 ip flow monitor per-tr-monitor input
 ip flow monitor per-tr-monitor output
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.