如果连接数量过多、则会导致ONTAP防火墙错误ipfw.Re高速 率最大状态、从而导致CIFS和NFS中断

适用场景

• ONTAP 9
• CIFS
• NFS

问题描述

• 事件ipfw.ReachedMaxStates伴随 NFS 或 CIFS 中断

[Node-01: secd: ipfw.ReachedMaxStates:notice]: The ipfw firewall failed to create dynamic "keep-state" entry. Reason: Dynamic entries for 'keep-state' rules allocation failure, current # of entries: 32768. Recent connections reaching this limit: [10.1.1.10]:29441->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:12204->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:51003->[0.0.0.0]:53 (UDP):32768; [10.1.1.10]:17652->[0.0.0.0]:53 (UDP):32768;

• Ontap 无法连接到 AD 进行身份验证，导致 CIFS 访问问题
• CIFS/NFS 间歇性无法访问
• 外部名称服务不可用、并出现错误 permission denied

[Node-01   ERROR   secd.cifsAuth.problem: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.1.1.115
  [  0 ms] Login attempt by domain user 'HBEU\HBEU-SVC-SA-S1SVC' using NTLMv2 style security
  [   3] Failed to connect to 10.1.1.245 for DNS via Source Address 10.1.1.10: Permission denied
  [   4] Failed to connect to 10.1.1.245 for DNS via Source Address 10.1.1.10: Permission denied
**[   5] FAILURE: Unable to contact DNS to discover domain controllers.
  [   5] Unable to make a connection (NetLogon:DOMAIN.AD.CO), Result: RESULT_ERROR_DNS_CANT_REACH_SERVER
  [   5] CIFS authentication failed