Prisma SD-WAN
Known Issues in Prisma SD-WAN ION Release 6.3
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Known Issues in Prisma SD-WAN ION Release 6.3
Learn about the known issues in Prisma SD-WAN ION Release 6.3.
Review a list of known issues for Prisma SD-WAN ION Release 6.3.
- Known Issues in Prisma SD-WAN ION Device Release 6.3.6
- Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5
- Known Issues in Prisma SD-WAN ION Device Release 6.3.2
- Known Issues in Prisma SD-WAN ION Device Release 6.3.1
To view the consolidated list of known issues across Prisma SD-WAN ION releases, see
here.
Known Issues in Prisma SD-WAN ION Device Release 6.3.6
The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.6.
| Issue ID | Description |
|---|---|
| CGSDW-34273 | A memory leak has been identified in the cgnxinfra process. The leak is triggered by a continuous flap in the controller connection, which is often caused by frequent WebSocket disconnections. This issue can lead to an Out of Memory (OOM) event and may cause the device to reboot. |
| CGSDW-34254 | A crash in the hitflagsd process has been observed on devices in L2 mode. The crash is triggered by a large number of continuous VPN flaps, which causes a timing issue in a datapath backend process. |
| CGSDW-34106 | After an HA switchover, VPNs configured over bypass ports take longer than expected to reestablish connectivity. This issue is observed on devices with a large number of interfaces, resulting in temporary VPN downtime and traffic loss. |
| CGSDW-33728 | A memory leak exists in the deprecated NetFlow extension API when configured on a device. This can lead to the device running out of available memory under high-stress conditions, causing it to reboot. |
| CGSDW-33555 | The dpdk-ctrl-port process on devices may crash due to a timing issue during device initialization after a reboot or upgrade. This can delay the initial bootup process and prevent interfaces from coming back up. |
| CGSDW-33506 | A crash in the fc-monitor process has been observed on devices after a version upgrade. This is triggered by a corrupted packet that causes a failure in the QAT library during packet handling. |
| CGSDW-31611 | The fp-rte process may crash due to a timing issue during device initialization after a reboot or upgrade. The crash results in traffic loss and a delay in the device's bootup process. |
| CGSDW-16922 | The fp-rte process may crash during device initialization after a version upgrade. The crash, which occurs in the port receiver function, is caused by a timing issue with interface and packet handling on devices with a large number of sub-interfaces and can lead to a delay in the initial boot up process. |
Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5
The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5.
| Issue ID | Description |
|---|---|
| CGSDW-33282 | After any process crash or ION device reboot, the system fails to zip and save the logs directory, leading to unmanaged log accumulation. |
| CGSDW-33237 | After upgrading to ION device 6.x with DPDK, higher control plane latency is observed, primarily because deeper Rx MAC and Intercore FIFOs introduce head-of-line blocking, particularly impacting applications during high-rate scan traffic. |
| CGSDW-32621 | After upgrading from 6.1.x to 6.3.5-b4, standby ION devices are losing connectivity to the controller because a local route entry for the LAN-IP, sharing the same subnet as the controller interface gateway, prevents packets from being locally terminated on the standby device. |
| CGSDW-32177 | After debug logging and filters are enabled, they are not disabled, leading to critical issues and customer outages. |
| CGSDW-31958 | After upgrading to 6.3.5-b4, Virtual Interfaces are experiencing "recvmsg() No buffer space Available" and "fp_drain_exec Resource temporarily unavailable" errors, leading to connectivity loss on ION devices, specifically observed with VPN and HA communication failures, which resulted in a split-brain scenario. |
| CGSDW-31862 | After an fp-rte process crash on 6.3.5-b4, a three-minute split-brain scenario occurrs because the HAM process waits for the fp-rte core dump creation to complete, leading to customer traffic impact. |
| CGSDW-31861 | After configuring enterprise DNS servers on the controller interface, app-probes are being sent relentlessly, leading to continuous CPU spikes and packet drops on lower-end devices, indicating a need for a timeout or limit on probe frequency until a genuine client DNS request fails. |
| CGSDW-30747 | After adding or removing Prisma Access tags from site configurations, or removing circuit tags from physical interfaces, the charon process restarts, unexpectedly triggering an HA switchover, which disrupts customer operations, particularly when rebuilding PA tunnels or migrating branches between regions. |
| CGSDW-30067 | After deploying ION 3200s in L2 mode on 6.3.4-b2, core.dpdk-ctrl-port issues are observed at ixgbe_dev_clear_queues, indicating a problem with DPDK control plane operations on the device. |
| CGSDW-27527 | After experiencing fast path CPU utilization at 100%, device performance degrades for active sessions, exhibiting high latency followed by complete traffic loss and a forwarding system outage, as seen with custom AppMix traffic which recovers only after a device reboot. |
Known Issues in Prisma SD-WAN ION Device Release 6.3.2
The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.2.
| Issue ID | Description |
|---|---|
| CGSDW-15027 | Incorrect SNMP interface bandwidth reported after a software upgrade from ION device version 5.6. |
| CGSDW-15967 | High memory consumption by the ADEM process causes ION device reboot. |
| CGSDW-21320 | The ION 1200 device does not respond to DHCP on SVI until there is a change in configuration or the device is rebooted. |
| CGSDW-21409 | FC crashes when many app-map entries are being created, modified, or deleted in parallel threads. |
| CGSDW-23395 |
After upgrading to device software version 6.3.2-b5, the backup
ION device continues to attempt to establish a connection with
the controller. Use the following workaround for this issue:
|
Known Issues in Prisma SD-WAN ION Device Release 6.3.1
Learn about the Known Issues in Prisma SD-WAN ION device release
6.3.1.
The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.1.
| Issue ID | Description |
|---|---|
| CGSDW-16922 | Potential fp-rte crashes during the upgrade process may lead to longer upgrade durations. However, it does not impact systems that are already up and running. |
| CGSDW-20649 | The SNMP daemon process is slowly consuming the memory in the ION device suggesting a possible memory leak. |
| CGSDW-20671 | Incidents related to RADIUS server are raised even when a RADIUS server is not configured. |
| CGSDW-20864 | If the only prefix of a VRF at a branch site is deleted, then the entries leaked to the DC site for the specific VRF are also deleted. The workaround is to configure at least one dummy global prefix for the VRF at the branch site. |
| CGSDW-21451 | After being assigned to a site, the ION device does not receive the VRF context in time. This causes incorrect mapping between interfaces and VRFs. |