如果连接数量过多、则会导致ONTAP防火墙错误ipfw.Re高速 率最大状态、从而导致CIFS和NFS中断
适用场景
- ONTAP 9
- CIFS
- NFS
问题描述
- 事件
ipfw.ReachedMaxStates
伴随 NFS 或 CIFS 中断
[Node-01: secd: ipfw.ReachedMaxStates:notice]: The ipfw firewall failed to create dynamic "keep-state" entry. Reason: Dynamic entries for 'keep-state' rules allocation failure, current # of entries: 32768. Recent connections reaching this limit: [10.1.1.10]:29441->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:12204->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:51003->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:17652->[0.0.0.0]:53 (UDP):32768;
- Ontap 无法连接到 AD 进行身份验证,导致 CIFS 访问问题
- CIFS/NFS 间歇性无法访问
- 外部名称服务不可用、并出现错误
permission denied
[Node-01 ERROR secd.cifsAuth.problem: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.1.1.115
[ 0 ms] Login attempt by domain user 'HBEU\HBEU-SVC-SA-S1SVC' using NTLMv2 style security
[ 3] Failed to connect to 10.1.1.245 for DNS via Source Address 10.1.1.10: Permission denied
[ 4] Failed to connect to 10.1.1.245 for DNS via Source Address 10.1.1.10: Permission denied
**[ 5] FAILURE: Unable to contact DNS to discover domain controllers.
[ 5] Unable to make a connection (NetLogon:DOMAIN.AD.CO), Result: RESULT_ERROR_DNS_CANT_REACH_SERVER
[ 5] CIFS authentication failed