This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2018-06-28 01:29 AM
Jump to solution

Weird 10Gb interface hangup

This more of a "friday" post for fun. Although problem was real - in one of our 5900 clusters running R80.10 the standby member out of blue produced some obscure errors on one of the 10Gb bond trunks (eth1-04)

 

Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: Detected Tx Unit Hang
Jun 27 19:29:19 2018 fwf2 kernel: Tx Queue <0>
Jun 27 19:29:19 2018 fwf2 kernel: TDH, TDT <37a>, <124>
Jun 27 19:29:19 2018 fwf2 kernel: next_to_use <124>
Jun 27 19:29:19 2018 fwf2 kernel: next_to_clean <37a>
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: tx_buffer_info[next_to_clean]
Jun 27 19:29:19 2018 fwf2 kernel: time_stamp <2a1b97a3e>
Jun 27 19:29:19 2018 fwf2 kernel: jiffies <2a1b98956>
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: tx hang 1 detected on queue 0, resetting adapter
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: Reset adapter
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: RXDCTL.ENABLE on Rx queue 0 not cleared within the polling period
Jun 27 19:29:19 2018 fwf2 kernel: bonding: bond0: link status down for idle interface eth1-04, disabling it in 200 ms.
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe: eth1-04: ixgbe_setup_mrqc: configure Symmetric RSS
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe: eth1-04: ixgbe_up_complete: Double vlan mode is not set
Jun 27 19:29:19 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: detected SFP+: 6‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

 

And then few seconds later all interfaces in the expansion slot started reporting continuously

Jun 27 19:30:55 2018 fwf2 kernel: ixgbe 0000:05:00.0: eth1-01: -1 Spoofed packets detected
Jun 27 19:30:55 2018 fwf2 kernel: ixgbe 0000:06:00.1: eth1-04: -1 Spoofed packets detected
Jun 27 19:30:55 2018 fwf2 kernel: ixgbe 0000:06:00.0: eth1-03: -1 Spoofed packets detected
Jun 27 19:30:55 2018 fwf2 kernel: ixgbe 0000:05:00.1: eth1-02: -1 Spoofed packets detected‍‍‍‍‍‍‍‍

 

It was resolved by node reboot. The only relevant SK I found was this Intermittent outages of TCP traffic on 10GbE interfaces in IP Appliances running Gaia OS but it's not applicable to R80.10 nor 5900 and offload is definitely disabled on interfaces.

 

Here's the best part - the display on the appliance at the time showed this

 

 

Does this mean firewall needs to go to toilet?? P-p-p-peee.... 

1 Solution

Accepted Solutions
AlekseiShelepov
Advisor
‎2018-06-28 12:37 PM
Jump to solution

I guess some things never change...

I think I used a wrong ISO file that time.

View solution in original post

11 Replies
Timothy_Hall
Legend Legend
Legend
‎2018-06-28 08:44 AM
Jump to solution

Sounds like the NIC hardware is what went into the toilet, the display was telling you that the "stream" of outbound packets was no longer getting handled by the NIC, and that the firewall's bladder was too full which can certainly be uncomfortable to say the least.  🙂

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Kaspars_Zibarts
Employee Employee
Employee
‎2018-06-29 12:43 AM
In response to Timothy_Hall
Jump to solution

0 Kudos
AlekseiShelepov
Advisor
‎2018-06-28 12:37 PM
Jump to solution

I guess some things never change...

I think I used a wrong ISO file that time.

Mike_Jones
Participant
‎2019-04-08 08:01 AM
Jump to solution

Sorry to bring an old post back to live, but I'm having a similar error on a 10Gb interface on a 5900.  A reboot initially fixed the issue, but it came back, and again required a reboot (not to mention a disk check on each reboot).

Did you have any more problems with your 5900 after your reboot?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-04-08 12:31 PM
In response to Mike_Jones
Jump to solution

What code version is the firewall using?  Make sure you have the latest GA Jumbo HFA applied as updated NIC driver versions are sometimes bundled in Jumbo HFAs.

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Mike_Jones
Participant
‎2019-04-08 02:40 PM
In response to Timothy_Hall
Jump to solution

Product version Check Point Gaia R80.10
OS build 479
OS kernel version 2.6.18-92cpx86_64
OS edition 64-bit

Using GA Jumbo HFA Take 169

 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-26 02:57 PM
Jump to solution

Well bringing back this old one again.
Last weekend we had a 5900 with a 10GB bond (2 interfaces), part of a VSX cluster, with exactly the same problem, a messages files completely filled with anti-spoofing messages. Older messages file was no longer available.
Code running R80.20 with jumbo 118
Regards, Maarten
0 Kudos
Mike_Jones
Participant
‎2020-03-27 06:06 AM
In response to Maarten_Sjouw
Jump to solution

Sorry I should have posted back with details on this.  This was a confirmed by CP to be a nic manufacturer hardware issue.  The 5900 was affected, and I think maybe a couple of other models?  However, it isn't always an issue on these models.  There are some checks you can do to see if you have the issue, but unfortunately, I moved out of the firewall world, and don't have access to check the details.  In short, contact CP support.

Found another detail from the past - affected 4 port cards, but not 2 port cards.  This went to R&D for investigation and they confirmed is was not software/driver related,but rather HW design.

Maarten_Sjouw
Champion
Champion
‎2020-03-27 07:08 AM
In response to Mike_Jones
Jump to solution

Thanks Mike, we will check with TAC.
Regards, Maarten
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-03-27 07:13 AM
In response to Mike_Jones
Jump to solution

Thanks for the followup, trying to distinguish NIC hardware problems from NIC driver problems can be pretty tough.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
bad_joojoo
Participant
‎2021-03-24 12:35 PM
Jump to solution

Hi, it would be interesting to understand if you have checked DMESG after the issue occurs and can confirm if your seeing a VETO bit message just after the ixgbe interfaces being taken offline. I had an opportunity to look at something similar and was fortunate enough to also capture an "error level 5" message from the PCIE drivers also being captured (effectively stating they we're going to sleep). Subsequently, I found that either a reboot or reloading the ixgbe driver (this reloads all ixgbe interfaces so take care) brings it back into service.

 

Did you ever find a resolution?

Kind Regards

Ju

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events