QFX5K series switches encounter LLDPD memory leak and cause LLDPD core dump.
While receiving both IEEE and non-IEEE LLDPD packets simultaneously, QFX5K switches return the following message then get LLDPD core dumped.
<5>1 2019-11-01T17:04:05.051Z qfx5100 /kernel - - - Process (50940,lldpd) has exceeded 85% of RLIMIT_DATA: used 121352 KB Max 131072 KB
<5>1 2019-11-01T17:09:26.074Z qfx5100 /kernel - - - Process (50940,lldpd) has exceeded 85% of RLIMIT_DATA: used 121352 KB Max 131072 KB
Some connected devices (certain Oracle server) sends both IEEE and non-IEEE LLDPD packets at the same time. Under this situation, Juniper QFX5K switches will encounter LLDPD memory leak.
Here are the MAC address of the packets:
Ieee: (01:80:c2:00:00:0e)
non-ieee: (01:80:c2:00:00:03)
The permanent fix is available from Junos 14.1X53-D140 through Junos 19.3R1.
As a workaround, you can disable the 'protocol lldp'
or apply a firewall filter to block the LLDP packet in the related interface (s).
Example of firewall filter:
set firewall family ethernet-switching filter FF-LLDP-Block term 1 from destination-mac-address 01:80:c2:00:00:0e/48
set firewall family ethernet-switching filter FF-LLDP-Block term 1 from destination-mac-address 01:80:c2:00:00:03/48
set firewall family ethernet-switching filter FF-LLDP-Block term 1 from destination-mac-address 01:80:c2:00:00:00/48
set firewall family ethernet-switching filter FF-LLDP-Block term 1 then discard
set firewall family ethernet-switching filter FF-LLDP-Block term 1 then count LLDP-Block-counter
set firewall family ethernet-switching filter FF-LLDP-Block term 2 then accept