Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
When a cluster unit joins the cluster after reboot, these symptoms are observed: 1. Data interfaces are bundled into port-channels before the clustering is enabled or when the cluster is in the DATA_NODE_APP_SYNC state. As shown below, the switch ports G3/38-39 connected to the joining cluster unit are bundled at 08:04:52, while the cluster is enabled at 08:08:17. Switch logs: ``` Jan 30 08:04:52.898: idbman_add_port_to_agport: Gi3/38 --> 14/23 Po39 index 1 count 4 <=== Jan 30 08:04:52.774: idbman_set_agport_bandwidth: bandwidth 3000000 for Agport 14/23 Jan 30 08:04:52.898: idbman_add_port_to_agport: Gi3/38 --> 14/23 Po39 index 2 count 4 <=== Jan 30 08:04:52.898: idbman_set_agport_bandwidth: bandwidth 4000000 for Agport 14/23 ``` Cluster history output: > show cluster history ========================================================================== From State To State Reason ========================================================================== 08:05:11 UTC Jan 30 2023 DISABLED DISABLED Disabled at startup 08:08:17 UTC Jan 30 2023 DISABLED ELECTION Enabled from CLI <=== 08:08:17 UTC Jan 30 2023 ELECTION ONCALL Event: Cluster unit FPR3100-8 state is CONTROL_NODE 08:08:17 UTC Jan 30 2023 ONCALL DATA_NODE_COLD Received cluster control message 08:08:17 UTC Jan 30 2023 DATA_NODE_COLD DATA_NODE_APP_SYNC Client progression done 08:09:16 UTC Jan 30 2023 DATA_NODE_APP_SYNC DATA_NODE_CONFIG Data node application configuration sync done 08:09:27 UTC Jan 30 2023 DATA_NODE_CONFIG DATA_NODE_FILESYS Configuration replication finished 08:09:28 UTC Jan 30 2023 DATA_NODE_FILESYS DATA_NODE_BULK_SYNC Client progression done 08:09:52 UTC Jan 30 2023 DATA_NODE_BULK_SYNC DATA_NODE Client progression done Port-channel interface status in the Secure Firewall eXtensible Operating System (FXOS) local-mgmt command shell: > connect fxos ... 3K-2# connect local-mgmt 3K-2(local-mgmt)# show portchannel summary ... 48 Po48(U) Eth LACP Eth1/3(P) Eth1/4(P) 1 Po1(U) Eth LACP Eth1/1(P) Eth1/2(P) <======= interfaces are bundled 2. On average 4-5 minute outage in traffic, however, the duration may vary. Specifically, the connections (packets) hashed to the data port-channel interfaces of the joining unit are impacted. The impact is caused by the premature bundling of data interfaces into the port-channel while the clustering is disabled.
First seen when all of the conditions are in place: 1. The Secure Firewall 3100 running the Secure Firewall Threat Defense (FTD) in inter-chassis cluster configuration. 2. Existing control unit reboots and joins the cluster as the data unit. The symptoms may also be observed on the Secure Firewall 3100 running the Adaptive Security Appliance software (ASA) in inter-chassis cluster configuration.
None.