Guest

Preview Tool

Cisco Bug: CSCul55948 - Mcast in tunnel mode ipsec ipv4 on WS-IPSEC-3 causes CPU to go to 100%

Last Modified

Sep 23, 2017

Products (1)

  • Cisco Catalyst 6000 Series Switches

Known Affected Releases

12.2(33)SXJ2

Description (partial)

<B>Symptom:</B>
In a topology Router1---IPsec---Router2, sending multicast traffic on one tunnel end causes CPU
on both routers to rise to 100%, with most of the utilization caused by interrupts, rendering
the router unusable. Additionally there is a significant amount of traffic on the physical
interfaces connecting both devices. The symptoms are similar to a routing loop causing huge
amount of packets to be switched in software.

<B>Conditions:</B>
IPsec configuration with "tunnel mode ipsec ipv4" with WS-IPSEC-3 IPSEC VSPA on both
routers.

The problem was not seen when on at least one tunnel end the SPA-IPSEC-2G is used as crypto engine.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.