Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
S_K_S
Contributor

Check Point MIB OIDs delayed response

On one of our R80.30 appliances we have an intermittent issue with the monitoring which we have traced down to certain OIDs from the .2620 tree which fail to respond in time. Interestingly enough, the issue does not appear to be with SNMP as such but rather with CPD as it fails a call to some libraries. Specifically, the cpd.elg file is filled with messages like the below:

[CPD 11415]@FW[8 Apr 16:45:20] Warning:cp_timed_blocker_handler: A handler [0xf67cd980] blocked for 10 seconds.
[CPD 11415]@FW[8 Apr 16:45:20] Warning:cp_timed_blocker_handler: Handler info: Library [/opt/CPshrd-R80.30/lib/libcpstatext.so], Function offset [0x13980].
[CPD 11415]@FW[8 Apr 16:45:35] Warning:cp_timed_blocker_handler: A handler [0xf12c2e90] blocked for 6 seconds.
[CPD 11415]@FW[8 Apr 16:45:35] Warning:cp_timed_blocker_handler: Handler info: Library [/opt/CPsuite-R80.30/fw1/lib/libfwstatagent.so], Function offset [0x7e90].
[8 Apr 16:45:35] CPStatGet: function excessive time. oid is: 1.3.6.1.4.1.2620.1.1.25.6

I have noticed that whenever such logs pop in the file, CPD hits 100% utilization on its CPU core. Some 95% of the logs are for issues with OIDs from 1.3.6.1.4.1.2620.1.1.25. subtree. Any ideas about the possible cause would be appreciated. 🙂

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

Probably best to open a TAC case.
0 Kudos
S_K_S
Contributor

That I did, but the silence so far has been deafening...

0 Kudos
PhoneBoy
Admin
Admin

Please send me a PM with the SR number, I'll investigate.
0 Kudos
Dan_McLeod
Explorer

Just curious if there was ever a resolution found for this? We just upgraded to R80.30 from R80.10 and are running into the exact same issue.

0 Kudos
bartlettj
Explorer

I am seeing the same issue. I am curious what was the outcome of your TAC case?

0 Kudos
Martin_Valenta
Advisor

how many cores you have?
0 Kudos
S_K_S
Contributor

Very late response but the issue appeared to be some sort of a bug or bad coding. We installed 4 or 5 different hotfixes provided by TAC until the final one seemingly resolved the issue (it has not re-appeared for nearly 3 months now). 

 

If it's of any good to anyone - the affected firewall has quite a lot of VLAN interfaces (more than 150).

0 Kudos