Technical Tip: How to solve NP7 PBA leak and interface instability when DFR reassembly is enabled

acapalbo · ‎01-15-2026

Description

This article describes that when DFR reassembly is enabled on a FortiGate in firmware version 7.4.8, the FortiGate may hit a known issue (ID 1164332).

A PBA leak occurs when oversized reassembled packets are sent to NP7. This causes HA and LACP packets to be dropped, eventually leading to:

Interface flapping.
Link instability.
HA instability.

Scope

This issue is observed when all the following conditions are met:

IP-Reassembly is enabled in the NPU, and the DFR module is used.
Fragments larger than ~8.2 KB arrive in the NP.
NPU performs reassembly of fragments (e.g., two ~8.5 KB fragments).

If the reassembled packet exceeds 16 KB, the NP7 buffer manager may become corrupted, causing PBA leaks and dropping system-control packets (HA, LACP, etc.).

This issue is documented in the FortiOS 7.4.8 Release Notes Known Issues section.

Solution

Disable IP-Reassembly in the NPU with:

config system npu
config ip-reassembly
set status disable
end
end

Note: Reboot is not required.

The following debug commands can help confirm whether NP7 entered an erroneous state and if PBA buffers are exhausted:

diagnose npu np7 pba all
diagnose npu np7 pmon all
diagnose npu np7 sse-stats all
diagnose npu np7 pdq all
diagnose npu np7 hif-stats all
diagnose npu np7 dce-drop-all all
diagnose npu np7 cgmac-stats all
fnsysctl cat /proc/net/np7/np7_0/tbl/cdb_spv_htab_csr_info
fnsysctl cat /proc/net/np7/np7_0/tbl/cdb_tpv_htab_csr_info

Technical Tip: How to solve NP7 PBA leak and interface instability when DFR reassembly is enabled

You are leaving our website