01-06-2016 01:59 PM - edited 03-12-2019 12:07 AM
Hi,
I have two ASA5506-X setup for failover. It can run for a while and somewhere on is sending this message:
ciscoasa# /asa/scripts/run_qemu_kvm.sh: line 111: 1733 Aborted
(core dumped) /usr/bin/qemu-system-x86_64 -nographic -m $SYS_RAM -smp $NUM
_CORES -hda $DISK_IMAGE $HDD_PARAM $ISO_IMAGE -enable-kvm -net nic,macaddr=$CP_M
AC_ADDRESS,model=$DRIVER,vlan=1,name=cp,addr=$CP_BUS_ADDR -net tap,ifname=tap3,v
lan=1,script=no,downscript=no -net nic,macaddr=$MGMT_MAC,model=$DRIVER,vlan=2,na
me=mgmt,addr=$MGT_BUS_ADDR -net tap,ifname=tap4,vlan=2,script=no,downscript=no -
net nic,model=e1000,name=data,addr=$DATA_BUS_ADDR -serial pipe:$LOG_PIPE -serial
unix:$CONSOLE_SOCKET,server,nowait -fdb $META_INFO -monitor /dev/null $IPS_NO_R
EBOOT $ASA_SHMEM_CMD $ASA_SHMEM_CHAR_DEV $CPP_KVM_SHMEM_CMD $QEMU_MEM_PATH > $LO
G_PIPE 2>&1
The show failover command show the outside interface as "failed" even tough the show interface command shows it as up.
So no failover occurs
No other choice than reload the unit to clear the condition
This "breaks" the failover as it does not failover to the other unit since it's "failed"
Version is 9.5.2 (latest as January 6, 2016)
01-06-2016 04:21 PM
Alas their are no gold star releases for this platform yet because it is still too new.
Try dropping back one train to 9.4(2) and see if the resolves the issue.
01-13-2016 09:05 AM
Hi
I have the same problem, but in my case I have one 5506-X
Everything is working fine, users are navigating without interrumptions, I was working with 9.5(1) before the upgrade to 9.5(2) without this mesages:
asa5506# /asa/scripts/run_qemu_kvm.sh: line 111: 24492 Aborted (core dumped) /usr/bin/qemu-system-x86_64 -nographic -m $SYS_RAM -smp $NUM_CORES -hda $DISK_IMAGE $HDD_PARAM $ISO_IMAGE -enable-kvm -net nic,macaddr=$CP_MAC_ADDRESS,model=$DRIVER,vlan=1,name=cp,addr=$CP_BUS_ADDR -net tap,ifname=tap3,vlan=1,script=no,downscript=no -net nic,macaddr=$MGMT_MAC,model=$DRIVER,vlan=2,name=mgmt,addr=$MGT_BUS_ADDR -net tap,ifname=tap4,vlan=2,script=no,downscript=no -net nic,model=e1000,name=data,addr=$DATA_BUS_ADDR -serial pipe:$LOG_PIPE -serial unix:$CONSOLE_SOCKET,server,nowait -fdb $META_INFO -monitor /dev/null $IPS_NO_REBOOT $ASA_SHMEM_CMD $ASA_SHMEM_CHAR_DEV $CPP_KVM_SHMEM_CMD $QEMU_MEM_PATH > $LOG_PIPE 2>&1
If it is some kind of bug ... it would be great an explanation of what is happening, at 2 months from the release it must be a good time to find the solution =)
01-13-2016 11:25 AM
So that pretty much confirms it is an issue with 9.5(2). These are bleeding edge releases.
01-13-2016 12:07 PM
Hi,
I found out that if I remove the "management-access inside" command, I still get the crash but failover continue to work. Seems like something between the webvpn and asdm access. All of this use SSL/TLS
01-21-2016 06:52 AM
I'm getting this issue as well. I upgraded to 9.5.2 so I could use EZ VPN. Is there a recommended older version of the firmware that still has this feature I should roll back to?
01-21-2016 10:43 AM
I would use one of the 9.3(x) releases.
01-21-2016 11:58 AM
After reading the follow ups more closely, it looks like this bug only affects failovers and not VPN tunnels (like EZ VPN). If that's true then I wouldn't have to downgrade. Unless I'm missing something.
01-21-2016 12:05 PM
I think it is unlikely to have anything to do with EZVPN. That is very mature technology.
04-19-2016 08:15 PM
Just a followup that after upgrading to March 2016 release of asa952-6-lfbff-k8.SPA. This issue is no longer present.
01-14-2016 06:03 AM
I think it comes from the Qemu version running in 9.5(2), something happens with the FirePower virtual machine, but is not too significant to stop running because users still having service (Internet)
When I ran ASA in GNS3, with some versions of Qemu crashed or simply not run, this may be happening with Qemu and FP virtual machine inside the 5506-X with 9.5(2)
The message sends a log output to a file somewhere in the linux file system where is mounted ASA's IOS:
"....... > $LOG_PIPE 2>&1"
if we can get that log and send it to Cisco developers team it would be easier to find the solution
04-13-2016 07:59 AM
I have 2 5506-X both on 9.5(2) with the same issue, not in HA. I have 2 more I'm building for clients today as well. I'm guessing I'm going to see the same problem...
04-13-2016 01:06 PM
Drop back to 9.5(1).
04-14-2016 05:44 AM
It's not about getting back from versions.
Since I haven't problems with the operation, I didn't change firmware, as I told, the issue is with Qemu in the appliance, better Cisco change to a stable Qemu version, or Cisco doesn't have engeneers to do that?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide