Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

EVPN: Memory Leak with proxy-macip-advertisement configuration

0

0

Article ID: TSB17646 TECHNICAL_BULLETINS Last Updated: 26 Sep 2019Version: 1.0
Alert Type:
PSN - Product Support Notification
Alert Description:

If an ARP request addressed to the IRB address is received on a local interface from a directly connected host, and with proxy-macip-advertisement knob configured; a mbuf memory leak will occur on the Juniper system due to a defect in software. Over a period of time, if the memory leak continues, it would cause traffic impact.

The following JUNOS releases are affected on all Juniper platforms that support EVPN:
18.1R3-S3, 18.2R3,18.3R2,18.4R2,19.1R1 and 19.2R1 or later

The fix will be available in upcoming JUNOS releases. 

 

Solution:
If an ARP request addressed to the IRB address is received on a local interface from a directly connected host, and with proxy-macip-advertisement knob configured; a mbuf memory leak will occur on the Juniper system due to a defect in software. Over a period of time, if the memory leak continues, it would cause traffic impact.

Please refer below PR for reference and details on software releases with fix once available.

PR 1461677 : EVPN Memory Leak with proxy-macip-advertisement

Following command can be used to check the "mbufs" usage. If current mbufs keep increasing over the time and reaches  the value of 700000 or higher it may cause traffic impact.

root@> show system buffers
9413/1477/10890 mbufs in use (current/cache/total) <-----------------------------Current mbufs are 9413. 
1286/904/2190/483894 mbuf clusters in use (current/cache/total/max)
1282/742 mbuf+clusters out of packet secondary zone in use (current/cache)
1/113/114/241946 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/71687 9k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/40324 16k (page size) jumbo clusters in use (current/cache/total/max)
5913K/2629K/8543K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile


Workaround:


In ERB ( Edge Routed Bridging) / Collapsed scenario , delete "proxy-macip-advertisement" configuration on all IRBs if already enabled.  Juniper does NOT recommend  "proxy-macip-advertisement" for ERB solution.

Once "proxy-macip-advertisment" configuration is deleted, mbufs leak should stop.  However to recover already leaked mbufs, it is recommended to reboot the system by arranging a maintenance window at a convenient time to reset the mbuf values.

Please refer below link for more details.

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/proxy-macip-advertisement-edit-interfaces.html

 

In CRB ( Centrally Routed Bridging) / Distributed scenario, if you have local hosts directly connected to Spines, then configure "no-arp-suppression" on all VLANs. If you do not have any host directly connected to Spines, the mbuf leak should not occur.

Once "no-arp-suppression" is configured then mbuf leak should stop. However to recover already leaked mbufs, it is recommended to reboot the system by arranging a maintenance window at a convenient time to reset the mbuf values.

Please refer below link for further details on "no-arp-suppression":

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/no-arp-suppression-edit-bridge-domains.html

Once the fix is available, "no-arp-suppression" can be disabled in CRB scenario.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search