OPERATIONAL DEFECT DATABASE
...
...
--- Authentications being dropped due to Context Limit Reached --- ContextN is growing and not getting decreased, we can see ContextN increasing over time (prrt-server.log with aaa-runtime in DEBUG) #show logging application prrt-server.log tail | include ContextCounter ContextCounter,2024-04-30 18:14:56,415,DEBUG,0x7f7d38d04700,ContextN incremented, number=14491,ContextCounter.cpp:77 ContextCounter,2024-04-30 18:14:58,548,DEBUG,0x7f7d38d04700,ContextN incremented, number=14492,ContextCounter.cpp:77 ContextCounter,2024-04-30 18:15:01,727,DEBUG,0x7f7d38d04700,ContextN incremented, number=14493,ContextCounter.cpp:77
Load on ISE, particularly on flows which run in ReactorThread (e.g Syslog, CoA, etc..) Delay (~0.5 sec) during the Syslog flow , the issue is reproduced once the Syslog Reactor thread queue reached to ~171 while ISE continues to receive auth requests. BTW, it is reproduced in 3.2 with no patch as well.
--- for context leak, Reload ISE (temporary workaround, till the sessions pile up again)
PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
