ClusterXL under freeze by policy installation

R89_99 · ‎2018-04-06

A typical issue is ClusterXL under freeze by policy installation. ClusterXL administrator would like to suppress the messages printed by the Cluster Under Load (CUL) mechanism (see sk92723) in the /var/log/messages file and in the dmesg. I always enable this on the cluster to solve this "under freeze" issue.

1) Open vi and add the following settings

# vi $FWDIR/boot/modules/fwkern.conf

add the Line:

fwha_freeze_state_machine_timeout=0

2) Reboot all Gateways

Rolf_Kaschek · ‎2018-04-06

Is this setting permanet after a reboot?

R89_99 · ‎2018-04-06

If you add lines in fwkern.conf, it is permanent after a reboot.

Regards

Heiko

Srinivasan_N · ‎2018-04-07

Hi Heiko, Thanks for the great stuff. On doing some research , I did noticed below (sk106576). I'm confused about the statement : "Cluster members do not install policy at the same exact time, and are not aware when the peer members install policy."

Typically, policies are installed @ same time in Clusters. Does this happen under High Load or CPU utilization. Not sure, please assist

R89_99 · ‎2018-04-07

Hi Srinivasan,

over 80% cpu load and 30 sec.

Typical by policy installation.

Regards

Heiko

Alexander_Wilke · ‎2018-07-30

Hello everybody,

we are having a Cluster of 12600 appliances, having a policy with 800 rules and only very very less traffic (< 100Mbit/s, 5000 concurrent Connections) and very less CPU load.

in the beginning we had 200s configured, then we noticed that secondary was going down when doing policy install. We opened a ticket and Support suggested us to increase timeout.

So we increased from 200 - 300s and then a week later from 300 to 600. Did not solve the Problem.

We did not reboot but we did "fw ctl set int fwha_freeze_state_machine_timeout" to modify it live.

Any suggestions:

- how to measure a usefull freeze_timeout for am policy install?

- which values are usefull to set and which value we should not exceed?

Regards