There is a bug that has been hit by one of our clients and we wanted to post a quick alert before other sites implement the change that causes this problem.

The problem is only of concern to sites running Sun Solaris and using the IP Multipathing facility – using multiple ethernet connections bundled together for availability and performance.

Here are the details of the problem:

There is an issue with IPMP failures (Probe based detection only) due to a kernel patch (141444-09 {SPARC} and 1414450-09 {x86}) found in the latest Solaris 10 Recommended Patch Cluster (Released 10/21/09).

See Patch Cluster ReadMe for additional details on patch contents.

The included kernel patch causes failures with IPMP Probe Based Failure Detection IPMP Groups, which is what we frequently use when deploying best practices standalone systems as well as SunCluster based systems. The problem can be confirmed by snooping the FAILED interface for outgoing ICMP probe packets that should exist but don’t, due to the bug caused by the kernel patch. Instead, the active interface that hasn’t failed will be sending and receiving ICMP probe packets using both configured IPMP group test IP address.

The details of the problem are in this bug document:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-271519-1 <http://sunsolve.sun.com/search/document.do?assetkey=1-66-271519-1>

Sun is recommending that the patch cluster (and the specific patch) not be backed out and remain in place because of security fixes it addresses.

Customers using probe based IPMP groups that require stability (and probe based IPMP failure detection) rather than security are best to avoid this Patch Cluster. Customers needing the security protection due to either operation within a hostile environment or compliancy requirements will need to convert their probe based IPMP groups to link based IPMP groups prior to applying the new Patch Cluster. This will reduce the effectiveness of the IPMP failure detection, but will allow the IPMP groups to remain functional until Sun addresses the issue.

We will continue to monitor this issue until resolution is announced, and will post updated information here.  Thanks to Corporate Technologies’ solution architect Ed Hamilton for detecting this problem and writing up the details.

No related posts.