Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

TCP Reassembly Queue Overflows Lead to Poor Performance and Possible Application Disruption on 8.2.5P2 7-mode or ONTAP 9.1P16

Views:
474
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

Applies to

  • ONTAP 9.1 
  • Data ONTAP 8.2 7-Mode 

Issue

A security vulnerability fix in the ONTAP networking stack causes Transmission Control Protocol (TCP) performance to degrade and causes ONTAP to send invalid Selective Acknowledgement (SACK) options in the header of TCP packets. These invalid SACK options can expose an issue in some client networking stacks, causing the clients to fail to retransmit packets on normal retransmit timeout intervals. This interaction can cause application outages. For example, this problem may lead to NFS timeouts or SnapMirror failures.

Signature 

7-mode 8.2.5P2

Command: netstat -s -p tcp 

Counter: <no. packets> discarded because reassembly queue overflow 

ONTAP 9.1P16

Commands: 

node run -node <node> netstat -s -p tcp 

systemshell -node <node> netstat -s -p tcp 

Counters:  

For node level command: 

<no. packets> discarded because reassembly queue overflow 

For systemshell level command: 

<no. packets> discarded due to memory problems 

  • A packet-trace is needed during a problem to confirm if invalid SACK packets are being sent on the affected ONTAP versions. The invalid SACK packets will have an ACK value between one of the SACK left and right edge pairs. 

For each SACK range: 

If (SACK left edge <= ACK Value < SACK right edge) then an invalid SACK packet is confirmed.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support