Cisco Bug: CSCul55948 - Mcast in tunnel mode ipsec ipv4 on WS-IPSEC-3 causes CPU to go to 100%
Sep 23, 2017
- Cisco Catalyst 6000 Series Switches
Known Affected Releases
<B>Symptom:</B> In a topology Router1---IPsec---Router2, sending multicast traffic on one tunnel end causes CPU on both routers to rise to 100%, with most of the utilization caused by interrupts, rendering the router unusable. Additionally there is a significant amount of traffic on the physical interfaces connecting both devices. The symptoms are similar to a routing loop causing huge amount of packets to be switched in software. <B>Conditions:</B> IPsec configuration with "tunnel mode ipsec ipv4" with WS-IPSEC-3 IPSEC VSPA on both routers. The problem was not seen when on at least one tunnel end the SPA-IPSEC-2G is used as crypto engine.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases