SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.

Problem

SunCluster join and reconfiguration failures, CVM Step 4 timeouts, CVM communication errors between nodes and UCMMD Panics. This issue is specific to UDP and thus only applies to CVM with SunCluster and not CVM with VCS.

Solution


Sun Alert Notification
  • Sun Alert ID: 103023
  • Synopsis: Certain Solaris 8 and Solaris 9 Security Patches May Cause Lost Connectivity Over UDP or Poor Network Performance
  • Category: Availability
  • Product: Solaris 9 Operating System, Solaris 8 Operating System
  • BugIDs: 6561086
  • Avoidance: Patch
  • State: Resolved
  • Date Released: 02-Aug-2007, 24-Sep-2007
  • Date Closed: 24-Sep-2007
  • Date Modified: 07-Aug-2007, 18-Sep-2007, 24-Sep-2007

1. Impact
Certain Solaris 8 and Solaris 9 patches (116965-26, 114344-25, 116966-25 and 119435-15) on systems using IPv4 may cause reassembly of IP fragments to fail. This will result in poor network performance and may make systems unreachable over UDP.
Patches 116965-26, 114344-25, 116966-25 and 119435-15 have been WITHDRAWN and are no longer available on SunSolve.

2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform:
  • Solaris 8 with patch 116965-26 (or later) and without patch 116965-29
  • Solaris 9 with patch 114344-25 (or later) and without patch 114344-29
x86 Platform:
  • Solaris 8 with patch 116966-25 (or later) and without patch 116966-28
  • Solaris 9 with patch 119435-15 (or later) and without patch 119435-18
Notes:
  • Solaris 10 is not affected by this issue.
  • Communication over IPv6 is not impacted by this issue.
  • This issue only affects a system when a remote host communicates with the Solaris system with a fragmented datagram. To determine if the Solaris system has received any fragmented datagrams, check if the counter 'ipReasmReqds' has a non-zero value by running the following command:
     % /usr/bin/netstat -s | /usr/bin/egrep ipReasmReqds
  • This issue is more likely to occur when the network is under load.
  • Some operating systems are known to send the fragments in reverse order which also triggers the issue and causes a loss of connectivity for those connections.

3. Symptoms
Should the described issue occur, the counters 'icmpOutTimeExcds' and 'ipReasmFails' will have non-zero values, usually in two digits or more. To check these counters, the following command can be run:
   % /usr/bin/netstat  -s | /usr/bin/egrep 'icmpOutTimeExcds|ipReasmFails'


4. Relief/Workaround
There is no workaround for this issue. Please see the Resolution section below.

5. Resolution
This issue is addressed in the following releases:
SPARC Platform
  • Solaris 8 with patch 116965-29 or later
  • Solaris 9 with patch 114344-29 or later
x86 Platform
  • Solaris 8 with patch 116966-28 or later
  • Solaris 9 with patch 119435-18 or later


Terms of use for this information are found in Legal Notices.

Search

Survey

Did this article answer your question or resolve your issue?

No
Yes

Did this article save you the trouble of contacting technical support?

No
Yes

How can we make this article more helpful?

Email Address (Optional)