Guest

Preview Tool

Cisco Bug: CSCuj56186 - N7K: PBR next-hop is wrongly installed into TCAM

Last Modified

Aug 03, 2018

Products (7)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.1(2)E5 6.2(2)

Description (partial)

Symptom:
PBR next-hop is wrongly installed into TCAM if NX-OS tries to push PBR into TCAM before adjacency is resolved. As a result, the traffic is not forwarded properly.

# BEFORE RELOAD MODULE
Nexus7009# show hardware access-list input entries detail

  [00ae:0064:0064] redirect(0x5b)-routed ip 0.0.0.0/0 0.0.0.0/0   [34]       <<<< redirect to adj_index 0x5b

# AFTER RELOAD MODULE
Nexus7009# show hardware access-list input entries detail VLAN 2012  :

  [00ad:0063:0063] redirect(0x1)-routed ip 0.0.0.0/0 0.0.0.0/0   [0]        <<<< redirect to adj_index 0x1

The adj_index could be other than 0x1.

Conditions:
This issue happens if all PBR related I/Fs are configured on the same F2 card.

Pushing PBR into TCAM befor adjacency is resolved can happen with the following sequence.

// BASE //
vlan 2010,2012

interface Ethernet6/5
  switchport
  switchport mode trunk
  switchport trunk allowed vlan none
  no shutdown

// Sequence //
`feature pbr`
`interface Vlan2010`
`no shutdown`
`ip address 192.168.10.253/24`
`ip policy route-map PBR-Pool`
`interface Vlan2012`
`no shutdown`
`ip address 192.168.11.253/24`
`ip policy route-map PBR-PoolURL`
`int e6/5`
`switchport trunk allowed vlan 2010,2012`

It also happens with module reload.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.