Last Modified: Apr 10, 2019
See more info
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 12.1.4, 22.214.171.124, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Opened: Dec 05, 2014
When a hardware accelerated shun list drops packets from a shunned host, the drops are not logged as they would be if dropped in software. This is because there is no equivalent logging infrastructure in hardware. However, there is a sys db variable called dos.blleaklimit (default value is 255) which controls how frequently packet(s) will be leaked by HW into SW. The leaked packets will be logged and statistics will also be available in AVR.
Reduced visibility when the drops are in HW.
SPVA, auto-blacklist enabled for the Single Endpoint Sweep vector.
As a workaround, if you set the leak limit to 0, all packets will be leaked into SW, and packets will be logged.