The firewalls deployed with the patched kernel have now been running
stably in production for more than 24 hours.

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  [Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Yakkety:
  Fix Released

Bug description:
  == Xenial SRU ==
  We've twice now tried to roll out new firewalls and twice had to
  revert back when the new firewalls almost immediately hung after

  At first we thought it was hardware issues, but after we reproduced it
  on 4 different firewalls, we realised it was more likely to be a
  problem with the Xenial kernel.

  We think we're running into something similar to:

  And Joel thinks the following patch might fix it:

  Unfortunately, even when we mimic live production traffic on the new
  firewalls with port mirroring, we only have a ~20% success rate at
  reproducing the kernel hang and I'm keen not to have any more failed
  migration attempts (and the corresponding downtime for many many

  == Fix ==

  == Testing ==
  We've just successfully migrated four firewalls
  that are running with the patched kernel. Previously two of them would
  have survived for less than 2 minutes, both have now been running in
  production for over an hour.

  I'll provide another update tomorrow, however at this stage I'd suggest
  that it makes sense to get this into an SRU.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to