The DFWD process encountered an error while trying to send an interface configuration to the kernel over the routing socket.

DFWD is the process that controls the firewall. The DFWD_CONFIG_WRITE_FAILED message is logged each time the router attempts to write a firewall configuration to the interfaces on the PFE, but an error prevents it from doing so.

The messages themselves can vary. Here are some examples:

Usually the firewall configuration will still be committed, and you will not observe any noticeable impact. There can be exceptions to this.

The most common cause of this error message is when a configuration that includes firewall configuration is committed and synchronized on both a master and a redundant Routing Engine (RE). The non-master RE dfwd attempts to send interface state information to the kernel. It fails because it (the interface) does not exist on this RE. (Since this RE is a backup RE this is perfectly normal.) . Attempts have been made to prevent these errors from logging under these circumstances. It is, therefore, very uncommon to see these messages beyond Junos version 9.1; however, they are occasionally still seen.

There are various other rare causes for this error; most of which are harmless and depend on a variety of circumstances to be met.

If you are seeing this message, what is the detail of the error? If the reason given is “No such file or directory”, then you can safely ignore the message. If an object to which the configuration is being applied is gone, there simply is no need to try to apply the filter config.

Also, assess whether the message is coming from the backup RE. If so, chances are that the message is harmless, and simply the result of the backup RE attempting to manage objects that it does not have access to.

If these scenarios do not seem to match, or if you notice that the configuration is not being committed, or there are other impacts to service that seem to be connected with the messages, then please consult with your technical support representative for further troubleshooting.

If the error given is “No such file or directory ” or the message is coming from the backup RE, then no action is necessary. You can configure a regex match condition to prevent the message from being written to the logs.

If the error is different and there are measurable service impacts coinciding with the errors, then please consult with your technical support representative.

About the author


Leave a Comment