This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED issues with 9.704-2 - high CPU load / disconnects

Hello

I am having problems with my RED setup since applying 9.704-2 to my both UTM appliances. They are "homified" SG 115w and UTM 220.

Both have two RED servers and clients connecting vice versa. I am using availability groups with special monitoring on the RED interfaces in order to select my best route to the other site.

This setup was working flawlessly without any issues including version 9.703-3 and all 4 RED tunnels being up at the time. After applying 9.704 I am only able to have one of the four tunnels active. As soon as I activate a second one, I am getting a log like the attached one.
It gives me disconnects, "Missing keepalive from [RED client interface], disabling peer [IP address]" and "Overflow happend on [RED client interface]" messages in the RED log.

red.log

Switching the ep-red RPM package back to the old version solves the problem for me.


BR,
Sascha



This thread was automatically locked due to age.
Parents
  • Hi,

    9.705 does not include RPM packages for red-firmware-chainboot and ep-red. But of course I could upgrade to the latest release.

    I am currently on 9.704-2. Though I have replaced
    ep-red-9.70-58.gdc75c10.rb3.i686
    with
    ep-red-9.70-56.gd3d4160.rb5.i686
    by using the command
    rpm -Uvh --oldpackage ep-red-9.70-56.gd3d4160.rb5.i686.rpm

    This solved my problem and reverted RED to its previous, "normal" behavior.

    With version 9.704-2 and downgraded to ep-red-9.70-56.gd3d4160.rb5.i686:
    sophos:/root # rpm -qa | grep red
    red-unified-firmwares-9700-0.358343537.gd6f8f71.rb3
    red-firmware-chainboot-8.17-0.76174932.g788e4c8
    ipv6-miredo-1.2.5-1.gd589f8c
    red15-firmware-5317-0.340969712.gdeba856ae.rb4
    red-firmware-8.17-0.g30d3fa5.rb1
    nss-shared-helper-chroot-1.0.10-0.7.10.81.g3fa4edb
    python-ordereddict-1.1-1.0.317998409.gab3cfdd.rb2
    red-firmware2-5317-0.340967634.g849d3589d.rb4
    ep-red-9.70-56.gd3d4160.rb5

    EDIT: I have now upgrade to 9.705-3.

    With version 9.705-3 (original):
    sophos:/root # rpm -qa | grep red
    red-unified-firmwares-9700-0.358343537.gd6f8f71.rb3
    red-firmware-chainboot-8.17-0.76174932.g788e4c8
    ipv6-miredo-1.2.5-1.gd589f8c
    red15-firmware-5317-0.340969712.gdeba856ae.rb4
    red-firmware-8.17-0.g30d3fa5.rb1
    ep-red-9.70-58.gdc75c10.rb3
    nss-shared-helper-chroot-1.0.10-0.7.10.81.g3fa4edb
    python-ordereddict-1.1-1.0.317998409.gab3cfdd.rb2
    red-firmware2-5317-0.340967634.g849d3589d.rb4

    The issue still persists.


    BR,
    Sascha

  • Hello Sascha,

    Thank you for the output!

    It looks like something is wrong with the rpm, can you please open a case with support and send me the Case ID, as I think I might need to bring this to the attention of the developing team.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children