Known Issues in Prisma SD-WAN ION Release 6.3
Focus
Focus
Prisma SD-WAN

Known Issues in Prisma SD-WAN ION Release 6.3

Table of Contents

Known Issues in Prisma SD-WAN ION Release 6.3

Learn about the known issues in Prisma SD-WAN ION Release 6.3.
Review a list of known issues for Prisma SD-WAN ION Release 6.3.
To view the consolidated list of known issues across Prisma SD-WAN ION releases, see here.

Known Issues in Prisma SD-WAN ION Device Release 6.3.6

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.6.
Issue IDDescription
CGSDW-34273A memory leak has been identified in the cgnxinfra process. The leak is triggered by a continuous flap in the controller connection, which is often caused by frequent WebSocket disconnections. This issue can lead to an Out of Memory (OOM) event and may cause the device to reboot.
CGSDW-34254A crash in the hitflagsd process has been observed on devices in L2 mode. The crash is triggered by a large number of continuous VPN flaps, which causes a timing issue in a datapath backend process.
CGSDW-34106After an HA switchover, VPNs configured over bypass ports take longer than expected to reestablish connectivity. This issue is observed on devices with a large number of interfaces, resulting in temporary VPN downtime and traffic loss.
CGSDW-33728A memory leak exists in the deprecated NetFlow extension API when configured on a device. This can lead to the device running out of available memory under high-stress conditions, causing it to reboot.
CGSDW-33555The dpdk-ctrl-port process on devices may crash due to a timing issue during device initialization after a reboot or upgrade. This can delay the initial bootup process and prevent interfaces from coming back up.
CGSDW-33506A crash in the fc-monitor process has been observed on devices after a version upgrade. This is triggered by a corrupted packet that causes a failure in the QAT library during packet handling.
CGSDW-31611The fp-rte process may crash due to a timing issue during device initialization after a reboot or upgrade. The crash results in traffic loss and a delay in the device's bootup process.
CGSDW-16922The fp-rte process may crash during device initialization after a version upgrade. The crash, which occurs in the port receiver function, is caused by a timing issue with interface and packet handling on devices with a large number of sub-interfaces and can lead to a delay in the initial boot up process.

Known Issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.3, 6.3.4, and 6.3.5.
Issue IDDescription
CGSDW-33282After any process crash or ION device reboot, the system fails to zip and save the logs directory, leading to unmanaged log accumulation.
CGSDW-33237After upgrading to ION device 6.x with DPDK, higher control plane latency is observed, primarily because deeper Rx MAC and Intercore FIFOs introduce head-of-line blocking, particularly impacting applications during high-rate scan traffic.
CGSDW-32621After upgrading from 6.1.x to 6.3.5-b4, standby ION devices are losing connectivity to the controller because a local route entry for the LAN-IP, sharing the same subnet as the controller interface gateway, prevents packets from being locally terminated on the standby device.
CGSDW-32177After debug logging and filters are enabled, they are not disabled, leading to critical issues and customer outages.
CGSDW-31958After upgrading to 6.3.5-b4, Virtual Interfaces are experiencing "recvmsg() No buffer space Available" and "fp_drain_exec Resource temporarily unavailable" errors, leading to connectivity loss on ION devices, specifically observed with VPN and HA communication failures, which resulted in a split-brain scenario.
CGSDW-31862After an fp-rte process crash on 6.3.5-b4, a three-minute split-brain scenario occurrs because the HAM process waits for the fp-rte core dump creation to complete, leading to customer traffic impact.
CGSDW-31861After configuring enterprise DNS servers on the controller interface, app-probes are being sent relentlessly, leading to continuous CPU spikes and packet drops on lower-end devices, indicating a need for a timeout or limit on probe frequency until a genuine client DNS request fails.
CGSDW-30747After adding or removing Prisma Access tags from site configurations, or removing circuit tags from physical interfaces, the charon process restarts, unexpectedly triggering an HA switchover, which disrupts customer operations, particularly when rebuilding PA tunnels or migrating branches between regions.
CGSDW-30067After deploying ION 3200s in L2 mode on 6.3.4-b2, core.dpdk-ctrl-port issues are observed at ixgbe_dev_clear_queues, indicating a problem with DPDK control plane operations on the device.
CGSDW-27527After experiencing fast path CPU utilization at 100%, device performance degrades for active sessions, exhibiting high latency followed by complete traffic loss and a forwarding system outage, as seen with custom AppMix traffic which recovers only after a device reboot.

Known Issues in Prisma SD-WAN ION Device Release 6.3.2

The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.2.
Issue IDDescription
CGSDW-15027Incorrect SNMP interface bandwidth reported after a software upgrade from ION device version 5.6.
CGSDW-15967High memory consumption by the ADEM process causes ION device reboot.
CGSDW-21320The ION 1200 device does not respond to DHCP on SVI until there is a change in configuration or the device is rebooted.
CGSDW-21409FC crashes when many app-map entries are being created, modified, or deleted in parallel threads.
CGSDW-23395
After upgrading to device software version 6.3.2-b5, the backup ION device continues to attempt to establish a connection with the controller. Use the following workaround for this issue:
  • On the active device, add a static route on the LAN interface which points to the controller interface IP address of the backup device.
  • On the backup device, add a static route on the LAN interface which points to the controller interface IP address of the active device.

Known Issues in Prisma SD-WAN ION Device Release 6.3.1

Learn about the Known Issues in Prisma SD-WAN ION device release 6.3.1.
The following table lists the known issues in Prisma SD-WAN ION Device Release 6.3.1.
Issue IDDescription
CGSDW-16922Potential fp-rte crashes during the upgrade process may lead to longer upgrade durations. However, it does not impact systems that are already up and running.
CGSDW-20649The SNMP daemon process is slowly consuming the memory in the ION device suggesting a possible memory leak.
CGSDW-20671Incidents related to RADIUS server are raised even when a RADIUS server is not configured.
CGSDW-20864If the only prefix of a VRF at a branch site is deleted, then the entries leaked to the DC site for the specific VRF are also deleted. The workaround is to configure at least one dummy global prefix for the VRF at the branch site.
CGSDW-21451After being assigned to a site, the ION device does not receive the VRF context in time. This causes incorrect mapping between interfaces and VRFs.