Guest

Preview Tool

Cisco Bug: CSCum16315 - CoPP failure upon reload with 7600 HA and COPP v6ACL matching dscp

Last Modified

Apr 18, 2019

Products (1)

  • Cisco 7600 Series Routers

Known Affected Releases

n/a

Description (partial)

Symptom: 
Upon reload of a Cisco 7600 router configured 
with a CoPP policy containing IPv6 ACLs and DSCP matching, the CoPP is only applied to the 
active RSP as shown below.

After reload:

lab-7609-rsp-02#sh mod power
Mod Card Type                              Admin Status  Oper Status
--- -------------------------------------- ------------  ------------
  1  CEF720 48 port 10/100/1000mb Ethernet  on            on
  5  Route Switch Processor 720 (Active)    on            on
  6  Route Switch Processor 720 (Hot)       on            on
  7  CEF720 8 port 10GE with DFC            on            on
  8  CEF720 8 port 10GE with DFC            on            on
 

CoPP is applied to only the active RSP/SUP after reload:
 
lab-7609-rsp-02#sh policy-map control-plane in | inc class|Earl
    class-map: COPPCLASS_MCAST (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_MGMT (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_ALLOW_ICMP (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_MONITORING (match-any)
      Earl in slot 5 :
   class-map: COPPCLASS_FILEXFER (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_REMOTEACCESS (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_OSPF (match-any)
    class-map: COPPCLASS_LDP (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_BGP (match-any)
    class-map: COPPCLASS_MISC (match-any)
    class-map: COPPCLASS_UNDESIRABLE (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_IPV4_CATCHALL (match-any)
      Earl in slot 5 :
    class-map: COPPCLASS_IPV6_CATCHALL (match-any)
    class-map: class-default (match-any)
      Earl in slot 5 :
 

When this issue is triggered, the following error will be seen in the logs:

*Dec 14 02:33:14.579: %QM-2-TCAM_BAD_LOU: Bad TCAM LOU operation in ACL

This issue potentially exposes the device to a DoS vulnerability.
Conditions: This symptom occurs under the following conditions:

1. 7600 HA Environment.
2. CoPP IPV6 ACL with DSCP match.
3. Reload or Switchover.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.