Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Datapath Session - No syn

This thread has been viewed 11 times

  • 1.  Datapath Session - No syn

    Posted Nov 17, 2014 12:04 PM

    Most of devices are working fine, few devices are no working. I found the traffic on no-working devices are flagged with "Y" -No syn This issue happened on three SSIDs. There are few hundreds on each ssid. Most of them are working fine. But few (3-4) devices are not. We replaced the S3 Controller with 7240 recently.

    (Local1) # #show datapath session table 172.16.120.253 | include 192.120.20.226


    172.16.120.253 192.120.20.226 6 57762 443 0/0 0 0 0 tunnel 2635 d 0 0 YC
    192.120.20.226 172.16.120.253 6 443 57762 0/0 0 0 0 tunnel 2635 d 0 0  


    #7240


  • 2.  RE: Datapath Session - No syn

    EMPLOYEE
    Posted Nov 23, 2014 04:35 AM

    A "Y" simply means that there is no 3-way handshake.  It could exist for UDP traffic, so that is not a deal-breaker automatically.

     

     

    Please be more specific about what type of traffic is not working.  If they are specific devices that are not working, please let us know what devices those are and what encryption they are using so that we can get to the resolution of your issue.



  • 3.  RE: Datapath Session - No syn

    Posted Nov 27, 2014 01:44 PM

    Hi,

     

    It was TCP traffic. Encryption is WPA2-PSK. 

     

    The issue has been identified by Aruba Engineer. The root cause is memory leak.

     

    #show datapath crypto counters
    +----+------+-----------------------------------------------------+
    |SUM/| | | |
    |CPU | Addr | Description Value |
    +----+------+-----------------------------------------------------+
    | | [00] | Crypto Requests Total 1870643454 |
    | | [02] | Crypto Response received 1870643454 |
    | | [09] | IPSec Encryption Failures 2 |
    | | [16] | IPSec Encryption SA Ready Failures 2 |
    | | [56] | TKIP Encryption Failure 18 |
    | | [67] | TKIP Encryption Buffer Allocation F 18 |
    | | [79] | AESCCM Encryption Failures 2 |
    | | [80] | AESCCM Decryption Failures 114441 |
    | | [87] | AESCCM Encryption Station Not Ready 61929 |
    | | [88] | AESCCM Encryption Buffer Alloc Fail 12694510 |
    | | [89] | AESCCM Encryption Response Mismatch 2 |
    | | [93] | AESCCM Decryption Bad Length 12 |
    | | [94] | AESCCM Decryption Station Not Ready 62105 |
    | | [98] | AESCCM Decryption Invalid Replay Co 14203 |
    | | [110] | AESCCM Decryption Mic Failure 2012 |
    | | [149] | RSA Requests 20678 |
    | | [151] | RSA Response received 20678 |
    +----+------+-----------------------------------------------------+
    | | | |
    | G | [01] | Crypto Cores In Use 4 |
    | G | [14] | DOT1X Term Buffers 8192 |
    | G | [15] | DOT1X Term Buffers Free 8192 |
    | G | [17] | DOT1X Term Resends 24672 |
    | G | [18] | DOT1X Term Succeeded 20669 |
    | G | [19] | DOT1X Term NAKs 1 |
    +----+------+-----------------------------------------------------+
    | G | [00] | Crypto Accelerator Present TRUE |
    +----+------+-----------------------------------------------------+

     

    Thanks,

    Michael