IPFW 防火墙无法创建动态 "keep-state" 条目可能会导致 DNS 中断

适用于

• ONTAP 9
• 对象存储

问题

• 当 ONTAP 被配置为将对象存储用作聚合，并且无法连接到对象存储服务器时，ONTAP 可能会遇到与其他服务器的连接问题
• "ipfw.ReachedMaxStates" 的 EMS 事件：

[?] Tue Nov 15 16:51:25  1100 [node1: OscHighPriThreadPoo: ems.engine.suppressed:debug]: Event 'ipfw.ReachedMaxStates' suppressed 1532977 times in last 61 seconds.
[?] Tue Nov 15 16:51:25  1100 [node1: OscHighPriThreadPoo: ipfw.ReachedMaxStates:notice]: The ipfw firewall failed to create dynamic "keep-state" entry. Reason: Dynamic entries for 'keep-state' rules allocation failure, current # of entries: 32800. Recent connections reaching this limit: [10.1.1.1]:14040->[10.22.33.44]:80 (TCP):32800; [10.2.2.1]:14036->[10.22.33.44]:80 (TCP):32800; [10.3.3.1]:14037->[10.22.33.44]:80 (TCP):32800; [10.4.4.1]:14038->[10.22.33.44]:80 (TCP):32800; [10.5.5.5]:14039->[10.22.33.44]:80 (TCP):32800;