Technical Alerts

Loss of configuration, policy or other vital system data after upgrade to SGOS 6.2.2, 6.2.3 or 6.1.4.1

Technical Alerts ID:    TFA72
Version:    15.0
Status:    Published
Published date:    07/20/2011
Updated:    08/01/2012
 

Affected products and versions

SGOS 6.2.2.x and SGOS 6.2.3.1
SGOS 6.1.4.1 and SGOS 6.1.5.1

Problem description

A disk is at object store capacity when it has reached the maximum number of objects per disk it can hold. Systems that use the old disk layout, which is almost all systems in the field, have an object limit of 2.8 million objects per disk. A new disk layout introduced in 6.2 increases the object limit to varying values depending on the size of the disk. For example, a 500GB drive will support 13 million objects per disk and a 1TB drive will support 24 million objects per disk. Systems that use the new disk layout are not affected by this issue. When a system upgrades to 6.2 they do not automatically start using the new disk layout.

When a disk is at object store, an "overflow eviction" algorithm is used to best select an object to evict. The algorithm normally chooses objects with the old creation time but as an optimization would also preferentially choose objects whose creation time is prior to the cache reset time. This is because said objects cannot be served from cache, and thus they should be evicted first. A bug present in the affected products and versions introduced the issue where persistent system objects would be selected by the eviction algrythmn.

 

How to check if system could be affected by TFA72

The problem will not occur if the system is using the new disk layout.  This is recorded in CEDSK{N.EN_US}.1.14, where n is the disk number.  If this value is 2, then the system is not affected.

For a system to be a risk of TFA72, both of the following conditions are required:

1.    Compare the cache reset time on all disks with time with when the system was first upgraded to 6.x. If the cache rest time is prior to the upgrade, then the cache reset time hasn't changed since upgrading to 6.x. If it’s after the upgrade then they are at risk for TFA72. The cache reset time is recorded in the global stat CEGEN78 and the per disk stat CEDSK{N.EN_US}.1.12 where n is the disk number.  We expect the cache reset time values to always be the same in all stats but in case they aren't use the highest value for the cache reset time.

2.    The system needs to be near object store capacity.  This is because the "overflow eviction" algorithm is only used when a disk is at object store capacity.  The number of objects per disk is sum of the two stats CEDSK{N.EN_US}.2.1 and CEDSK{N.EN_US}.2.1.  Compare the sum of this value with the capacity of 2.8 million objects per disk.
 

Status

This problem has been solved with code fixes for each affected line of SGOS.

Resolution

Upgrade to a fixed SGOS release

  • Any SGOS in the 6.2 branch starting with 6.2.4.1

SGOS 6.2.4.1 can be downloaded at:
https://bto.bluecoat.com/download/product/7375

  • Create a backup of the configuration
  • Make sure you have physical access to the affected unit with either a serial console or pinpad configuration (depending on ProxySG model)
  • Perform a restore-defaults factory-defaults command  (restore-defaults keep-console will not resolve this issue)
  • Perform the initial setup using either serial console or the pinpad
  • Restore your configuration backup
     

WARNING: Performing a restore-defaults factory defaults on a 6.2+ build on a multi-disk system then the system will use the new disk layout by default.  If the customer thinks they will need to downgrade to a pre-6.2 release, they should run the "disk decrease-object-limit" command on the CLI which will change the system to disk layout version 1. 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question