Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
All traffic may begin to fail to/through the FTDv due to an exhaustion of DPDK pool sizes and counts with rx_q0_rx_buf_alloc_failure counters incrementing. firepower# debug menu dpdk 7 DPDK_POOL_0 TOTAL 22528 AVAIL [0] IN_USE [22528] DPDK_POOL_0 IS NOT FULL DPDK_POOL_0 EMPTY FTD# show controller | i Eth|failure GigabitEthernet0/0: rx_q0_rx_buf_alloc_failure : 14776801965 rx_q1_rx_buf_alloc_failure : 14773142642 rx_q2_rx_buf_alloc_failure : 0 rx_q3_rx_buf_alloc_failure : 0 GigabitEthernet0/1: rx_q0_rx_buf_alloc_failure : 0 rx_q1_rx_buf_alloc_failure : 0 rx_q2_rx_buf_alloc_failure : 0 rx_q3_rx_buf_alloc_failure : 0 GigabitEthernet0/2: rx_q0_rx_buf_alloc_failure : 14770959558 rx_q1_rx_buf_alloc_failure : 14763873224 rx_q2_rx_buf_alloc_failure : 14785285538 rx_q3_rx_buf_alloc_failure : 14793056993 GigabitEthernet0/3: rx_q0_rx_buf_alloc_failure : 14762128509 rx_q1_rx_buf_alloc_failure : 14755155345 rx_q2_rx_buf_alloc_failure : 14763462151 rx_q3_rx_buf_alloc_failure : 14759743390 GigabitEthernet0/4: rx_q0_rx_buf_alloc_failure : 0 rx_q1_rx_buf_alloc_failure : 0 rx_q2_rx_buf_alloc_failure : 0 rx_q3_rx_buf_alloc_failure : 0 GigabitEthernet0/5: rx_q0_rx_buf_alloc_failure : 0 rx_q1_rx_buf_alloc_failure : 0 rx_q2_rx_buf_alloc_failure : 0 rx_q3_rx_buf_alloc_failure : 0 GigabitEthernet0/6: rx_q0_rx_buf_alloc_failure : 0 rx_q1_rx_buf_alloc_failure : 0 rx_q2_rx_buf_alloc_failure : 0 rx_q3_rx_buf_alloc_failure : 0 GigabitEthernet0/7: rx_q0_rx_buf_alloc_failure : 14760513363 rx_q1_rx_buf_alloc_failure : 0 rx_q2_rx_buf_alloc_failure : 4757860627 rx_q3_rx_buf_alloc_failure : 14779559768 rx_q0_rx_buf_alloc_failure : 14498430278 rx_q1_rx_buf_alloc_failure : 14402845294 rx_q2_rx_buf_alloc_failure : 14401649447 rx_q3_rx_buf_alloc_failure : 14400773189
FTDv with VMware Hypervisior and Jumbo-frame reservation disabled: # show jumbo-frame reservation jumbo-frame support is not currently enabled
Enable Jumbo-frame reservation on the FTDv (only applicible to 7.2.1+, 7.3.0+) Jumbo frame reservation is enabled whenever you increase the MTU for any interface over 1500. It is automatically disabled when you return all MTUs to 1500 or lower. https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_6.html#wp9493783270
Alternatively, jumbo-frame reservation can be enabled without raising interface MTU. If raising MTU on any interface is not an option, contact TAC for alternative workaround flexconfig would be simply adding a flexconfig object of "jumbo-frame reservation", add that object to a flexconfig policy targetted to the device in question, then policy deploy. that will put the config in place, but a reload is required for it to take effect. following the flexconfig deploy you will see the following until the device is rebooted: > show jumbo-frame reservation jumbo-frame support is not currently enabled Note: jumbo-frame support will be enabled after the running-config is saved and the system has been rebooted Following reboot, it will be enabled: > show jumbo-frame reservation jumbo-frame support is currently enabled