Guest

Preview Tool

Cisco Bug: CSCvt99137 - With huge FTP traffic in cluster, the SEC_FLOW messages are in a retransmit loop

Last Modified

Oct 23, 2020

Products (1)

  • Cisco Adaptive Security Appliance (ASA) Software

Known Affected Releases

99.14(1.141)

Description (partial)

The issue only happens when the system is under heavy interface overruns, and cluster control link and control plane processing are oversubscribed.   When the issue occurs, reliable message transfer may halt.

Symptom:
For pinhole related traffics such as FTP, SIP, etc., the unit which hosts the control flow will broadcast a pinhole message for each session to all the other units. If the rate for pinhole related traffic is high, the system control plane and cluster control link may be oversubscribed. Due to this, it may lead to significant message  re-transmission over cluster control link when the system is busy and suffers heavy interface overrun. In an extreme case, the sender and receiver may become out-of-sync, which leads to continuous message re-transmission, but reliable message transfer will not be able to move on.

Conditions:
System is busy and under heavy interface overrun.  The traffic rate for FTP, SIP or some other pinhole related features are too high.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.