Why does a Layer2/Layer3 module become busy when a VLAN interface that is referenced by an IP local pool is deleted?

Aruba Employee

Question: Why does a Layer2/Layer3 module become busy when a VLAN interface that is referenced by an IP local pool is deleted?

 

Products and Software:This article applies to all Aruba controllers and Aruba OS versions that support VPN clients.

Issue

When a VLAN interface with an IP address that belongs to a local IP pool that is used by VPN clients terminating on a controller is deleted, the Layer2/Layer3 module becomes busy.

The modules become busy even when no VPN clients are actively terminating on the controller.

When the L2/L3 module becomes busy, subsequent L2/L3 commands timeout as shown in this example:

  • Sample configuration:

# vlan 10

# interface vlan 10

ip address 10.1.1.1 255.255.255.0

# ip local pool "VPN-Client-Pool" 10.1.1.11 10.1.1.254

(Aruba6000) # show vpdn l2tp local pool

IP addresses used in pool VPN-Client-Pool

0 IPs used - 244 IPs free - 244 IPs configured

  • Commands executed to remove the sample VLAN 10:

(Aruba6000) (config) #interface vlan 10

(Aruba6000) (config-subif)#shutdown

(Aruba6000) (config-subif)#no ip address

(Aruba6000) (config-subif)#exit

(Aruba6000) (config) #no interface vlan 10

Module Layer2/3 is busy. Please try later

(Aruba6000) (config) #no vlan 10

Module Layer2/3 is busy. Please try later

(Aruba6000) (config) #show vlan 10

Module Layer2/3 is busy. Please try later

(Aruba6000) (config) #show arp

Module Layer2/3 is busy. Please try later

  • System.log shows similar messages:

May 8 15:32:47 KERNEL: 0:<7>unregister_netdevice: waiting for eth1.10 to become free. Usage count = 2

May 8 15:33:18 KERNEL: 0:<7>unregister_netdevice: waiting for eth1.10 to become free. Usage count = 2

  • Audit.log shows similar audit-trail:

May 8 15:29:46 cli[1580]: USER: admin has logged in using serial.

May 8 15:32:05 cli[1580]: USER:admin@serial COMMAND:<no ip local pool "VPN-Client-Pool" > -- command executed successfully

May 8 15:32:11 cli[1580]: USER:admin@serial COMMAND:<interface vlan 10 > -- command executed successfully

May 8 15:32:13 cli[1580]: USER:admin@serial COMMAND:<interface vlan 10 shutdown > -- command executed successfully

May 8 15:32:16 cli[1580]: USER:admin@serial COMMAND:<interface vlan 10 no ip address > -- command executed successfully

May 8 15:32:38 cli[1580]: USER:admin@serial COMMAND:<no interface vlan 10 > -- command execution failed

May 8 15:32:58 cli[1580]: USER:admin@serial COMMAND:<no vlan 10 > -- command execution failed

Note that the system log messages and the corresponding audit-trail logs indicate that the command execution has failed.

The controller must be reloaded to get out of the Layer2/Layer3 module busy state before any Layer2/Layer3 commands can be executed successfully.



Solution

This issue has been fixed in ArubaOS versions 3.3.3.8, 3.4.3.0, 5.0.2.0, and later builds.

Customers who experience this issue are advised to upgrade ArubaOS to these versions or later ones.

If for any reason, an ArubaOS upgrade is not immediately feasible, then the following workaround can be used.

Workaround

1) Schedule a maintenance window.

2) Reload the controller.

3) Wait until all the processes are up and running.

4) Run basic sanity tests to ensure that all the APs and users are back online.

5) Shut down the VLAN interface.

6) Remove the VLAN interface IP address.

7) Remove the VLAN interface.

8) Remove the VLAN.

Note

To remove or decommission a VLAN, follow these steps:

1) Shut down the VLAN interface.

2) Remove the VLAN interface IP address.

3) Remove the VLAN interface.

4) Remove the VLAN itself.

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 03:01 PM
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: