Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

SR-7102 Maximum number of global associations reached, dropping packet

Igoris_1
Frequent Advisor

SR-7102 Maximum number of global associations reached, dropping packet

I have a problem on my internet router SR-7102 and it happens second time in a few months period. It appears like internet browsing occasionally stops.
Event log shows many events like:
[notice] FIREWALL: id=firewall ... msg="Maximum number of global associations reached, dropping packet ....
Just a few minutes before first message above I found root cause to those messages:
msg="Available heap free does not allow for a new association, dropping packet ......
Searching documentation and forums gave me nothing. Was trying 'clear' command for buffers, ip cache, ip policy-sessions- none helped. Router reload was the only resolution of the problem. Anybody has idea how to avoid this in the future?
2 REPLIES
Matt Hobbs
Honored Contributor

Re: SR-7102 Maximum number of global associations reached, dropping packet

clear ip policy-sessions would usually fix this type of error. Have you increased the default timeout settings at all? If they have been increased it's more likely that you will reach the session limit.

The defaults are:

ip policy-timeout tcp all-ports 600
ip policy-timeout udp all-ports 60
ip policy-timeout icmp 60
ip policy-timeout esp 60
ip policy-timeout ahp 60
ip policy-timeout gre 60

Are you running J.08.03? Also if it happens again can you get an output of 'show ip policy-stats'? Also get a 'show tech'.

How many devices are you NATing behind this 7102dl?
Igoris_1
Frequent Advisor

Re: SR-7102 Maximum number of global associations reached, dropping packet

all timeouts are default values.
Running latest J08.03.
No active NATing on this router.
'show ip policy-stats' did not show current sessions even close to the max value of 16000, was something about hundreds.
Unfortunately did not try 'show tech' at that time.