ProblemSunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.
Sun Alert Notification
- Sun Alert ID: 103023
- Synopsis: Certain Solaris 8 and Solaris 9 Security Patches May Cause Lost Connectivity Over UDP or Poor Network Performance
- Category: Availability
- Product: Solaris 9 Operating System, Solaris 8 Operating System
- BugIDs: 6561086
- Avoidance: Patch
- State: Resolved
- Date Released: 02-Aug-2007, 24-Sep-2007
- Date Closed: 24-Sep-2007
- Date Modified: 07-Aug-2007, 18-Sep-2007, 24-Sep-2007
Certain Solaris 8 and Solaris 9 patches (116965-26, 114344-25, 116966-25 and 119435-15) on systems using IPv4 may cause reassembly of IP fragments to fail. This will result in poor network performance and may make systems unreachable over UDP.
Patches 116965-26, 114344-25, 116966-25 and 119435-15 have been WITHDRAWN and are no longer available on SunSolve.
2. Contributing Factors
This issue can occur in the following releases:
- Solaris 8 with patch 116965-26 (or later) and without patch 116965-29
- Solaris 9 with patch 114344-25 (or later) and without patch 114344-29
- Solaris 8 with patch 116966-25 (or later) and without patch 116966-28
- Solaris 9 with patch 119435-15 (or later) and without patch 119435-18
- Solaris 10 is not affected by this issue.
- Communication over IPv6 is not impacted by this issue.
- This issue only affects a system when a remote host communicates with the Solaris system with a fragmented datagram. To determine if the Solaris system has received any fragmented datagrams, check if the counter 'ipReasmReqds' has a non-zero value by running the following command:
% /usr/bin/netstat -s | /usr/bin/egrep ipReasmReqds
- This issue is more likely to occur when the network is under load.
- Some operating systems are known to send the fragments in reverse order which also triggers the issue and causes a loss of connectivity for those connections.
Should the described issue occur, the counters 'icmpOutTimeExcds' and 'ipReasmFails' will have non-zero values, usually in two digits or more. To check these counters, the following command can be run:
% /usr/bin/netstat -s | /usr/bin/egrep 'icmpOutTimeExcds|ipReasmFails'
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
- Solaris 8 with patch 116965-29 or later
- Solaris 9 with patch 114344-29 or later
- Solaris 8 with patch 116966-28 or later
- Solaris 9 with patch 119435-18 or later