Cisco Bug: CSCvt99137 - With huge FTP traffic in cluster, the SEC_FLOW messages are in a retransmit loop
Oct 23, 2020
- Cisco Adaptive Security Appliance (ASA) Software
Known Affected Releases
The issue only happens when the system is under heavy interface overruns, and cluster control link and control plane processing are oversubscribed. When the issue occurs, reliable message transfer may halt. Symptom: For pinhole related traffics such as FTP, SIP, etc., the unit which hosts the control flow will broadcast a pinhole message for each session to all the other units. If the rate for pinhole related traffic is high, the system control plane and cluster control link may be oversubscribed. Due to this, it may lead to significant message re-transmission over cluster control link when the system is busy and suffers heavy interface overrun. In an extreme case, the sender and receiver may become out-of-sync, which leads to continuous message re-transmission, but reliable message transfer will not be able to move on. Conditions: System is busy and under heavy interface overrun. The traffic rate for FTP, SIP or some other pinhole related features are too high.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases