The firewall process (DFWD), which manages compilation and downloading of Junos firewall filters, must dynamically allocate memory for its needs. This allocation request failed. The specific data structure that was being allocated is listed in the message.

The problem related to this syslog message is described in the following sections:

When the firewall process is unable to allocate memory, the system will create a syslog entry similar to the following example:

The cause may be due to a memory leak or a routing platform with insufficient memory.

Restart the firewall daemon by issuing the command restart firewall. This will free the memory allocated to DFWD and should stop the messages at least for a time. If the memory runs out soon after the daemon has restarted, then you may be running a configuration that needs more memory than your platform provides. Consult with your Juniper accounts team to discuss hardware upgrade options.

If a memory leak is present, then the DFWD process will steadily increase over time. You can monitor this process using the command show system processes extensive | match dfwd.

Additionally, you should examine the following output to help determine the cause of this message:

Look for any related events that occurred at or just before the DFWD_MALLOC_FAILED message.

Perform the following steps:

  1. If a memory leak or some issue other than simply not having enough memory to run the current configuration is indicated, open a case with your technical support representative.
  2. If it seems the configuration is just too large for the amount of memory on the platform, consider ways to reduce the load on this router (network design).

About the author


Leave a Comment