If an ARP request addressed to the IRB address is received on a local interface from a directly connected host, and with proxy-macip-advertisement knob configured; a mbuf memory leak will occur on the Juniper system due to a defect in software. Over a period of time, if the memory leak continues, it would cause traffic impact.
The following JUNOS releases are affected on all Juniper platforms that support EVPN:
18.1R3-S3, 18.2R3,18.3R2,18.4R2,19.1R1 and 19.2R1 or later
The fix will be available in upcoming JUNOS releases.
If an ARP request addressed to the IRB address is received on a local interface from a directly connected host, and with proxy-macip-advertisement knob configured; a mbuf memory leak will occur on the Juniper system due to a defect in software. Over a period of time, if the memory leak continues, it would cause traffic impact.
Please refer below PR for reference and details on software releases with fix once available.
PR 1461677 : EVPN Memory Leak with proxy-macip-advertisement
Following command can be used to check the "mbufs" usage. If current mbufs keep increasing over the time and reaches the value of 700000 or higher it may cause traffic impact.
root@> show system buffers
9413/1477/10890 mbufs in use (current/cache/total) <-----------------------------Current mbufs are 9413.
1286/904/2190/483894 mbuf clusters in use (current/cache/total/max)
1282/742 mbuf+clusters out of packet secondary zone in use (current/cache)
1/113/114/241946 4k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/71687 9k (page size) jumbo clusters in use (current/cache/total/max)
0/0/0/40324 16k (page size) jumbo clusters in use (current/cache/total/max)
5913K/2629K/8543K bytes allocated to network (current/cache/total)
0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
0/0/0 requests for jumbo clusters denied (4k/9k/16k)
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
Workaround:
In ERB ( Edge Routed Bridging) / Collapsed scenario , delete "proxy-macip-advertisement" configuration on all IRBs if already enabled. Juniper does NOT recommend "proxy-macip-advertisement" for ERB solution.
Once "proxy-macip-advertisment" configuration is deleted, mbufs leak should stop. However to recover already leaked mbufs, it is recommended to reboot the system by arranging a maintenance window at a convenient time to reset the mbuf values.
Please refer below link for more details.
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/proxy-macip-advertisement-edit-interfaces.html
In CRB ( Centrally Routed Bridging) / Distributed scenario, if you have local hosts directly connected to Spines, then configure "no-arp-suppression" on all VLANs. If you do not have any host directly connected to Spines, the mbuf leak should not occur.
Once "no-arp-suppression" is configured then mbuf leak should stop. However to recover already leaked mbufs, it is recommended to reboot the system by arranging a maintenance window at a convenient time to reset the mbuf values.
Please refer below link for further details on "no-arp-suppression":
https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/no-arp-suppression-edit-bridge-domains.html
Once the fix is available, "no-arp-suppression" can be disabled in CRB scenario.