Guest

Cisco ONS 15454 Series Multiservice Provisioning Platforms

Field Notice: File Descriptor Leak in Release 4.0, 4.0.1 and 4.1


April 19, 2005

March 2, 2004


Products Affected

Product

ONS 15327, ONS 15454, ONS 15454 SDH

Problem Description

A file descriptor leak can occur in Cisco ONS 15454, ONS 15454 SDH and ONS 15327 software Releases 4.0, 4.0.1 and 4.1.

Background

File descriptors are the operating system resource used for communicating information between internal tasks, writing and reading to files on the flash memory, and sending and receiving data over the external LAN. There are a finite number of available file descriptors, and exhaustion of these resources will have severe effects.

In the listed releases, a file descriptor leak can occur if a SOCKS proxy connection to the Network Element (NE) fails to establish properly. The SOCKS proxy server on the NE is used by Cisco Transport Controller (CTC) so that a Gateway Network Element (GNE) can provide SOCKS services for management traffic for an End-Point Network Element (ENE) for which it is acting as a firewall. To this end, the proxy server listens for new connections on TCP port 1080.

By default, a CTC session connected to an NE polls the SOCKS proxy server every minute, with a five second timeout, to determine if there are any new ENEs for which the NE is acting as a firewall. Note: This occurs even if the SOCKS proxy feature is not enabled.

Any failure of the once-a-minute polls, including a timeout, causes a file descriptor to be leaked on the NE. The chances of a SOCKS proxy poll failing to an NE on a well-maintained network are low, but on a congested or misconfigured network the chances are greater.

Problem Symptoms

When file descriptors are at or near exhaustion on an NE there are several indicators:

  1. The active Timing Communications and Control Card (TCC) might spontaneously reset.

  2. CTC manageability might be lost.

  3. New CTC, Cisco Transport Manager (CTM), or Transaction Language 1 (TL1) connections might fail to become established.

  4. Database backup or retrieval might fail.

  5. Reset or newly inserted cards might fail to boot up.

  6. The Standby Database Out of Sync (DBOOS) alarm might be present.

Workaround/Solution

If this issue is determined to be present, there are two steps that can be taken:

  1. Investigate the network to understand why the polls of the SOCKS proxy are failing, as this is likely a symptom of a network issue.

  2. Stop CTC and CTM from polling the SOCKS proxy on the NE. Note that changing CTC and CTM to stop using the proxy will prevent management of any ENEs, so this workaround is not usable if you need to use the proxy on GNEs.

    For CTC:

    1. Close the CTC session. CTC must not be running when updating CTC.ini.

    2. Access the profile directory: Right-click on the start button, left-click on Explore, and then click on the "Up" folder on the Explorer toolbar. You will see the CTC.ini file.

    3. Double-click and edit the file.

    4. Add the line: ctc.firewall.enable=false

    For CTM:

    1. Edit the /opt/CiscoTransportManagerServer/CTC.ini file on the CTM server computer, and add the line: ctc.firewall.enable=false.

    2. Restart the CTM server so that it re-reads this file.

    3. On UNIX clients, edit /opt/CiscoTransportMangerClient/cms/.ctcrc and add the same line.

    4. On Windows clients, edit C:\CiscoTransportManagerClient4_1\cms\cms.ini and add the same line.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCec17406 (registered customers only)

TCC and Entire node reboots on attacking port 1080

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.