Guest

Preview Tool

Cisco Bug: CSCuo81438 - F2: IP Protocol AH (51) Incorrectly Parsed Causing Silent Drop

Last Modified

Jan 30, 2017

Products (8)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 9-Slot Switch
  • Cisco Nexus 7700 10-Slot Switch

Known Affected Releases

6.2(8)

Description (partial)

Symptom:
AH packets (protocol 51) with an invalid AH header or fragmented AH packets with an offset greater than zero may be dropped by F2/F2E modules.

Conditions:
- This is specific to AH packets and more likely to see on fragmented AH packets.
- This only occurs on Nexus7000 F2/F2E modules

The following errors are may be seen on the L2 forwarding engine:

slot <module number> quoted "show hardware internal statistics device l2lu errors"

<snip>
|------------------------------------------------------------------------|
| Device:Clipper FWD              Role:L2                      Mod: 3    |
| Last cleared @ Fri May 16 02:15:59 2014
| Device Statistics Category :: ERROR
|------------------------------------------------------------------------|
Instance:0
Cntr  Name                                          Value             Ports
----- ----                                          -----             -----
  101 Ingress drop due to ltl table drop            0000000000013161  1-4 -
  231 Count parsing result error packet             0000000000013161  1-4 -

<snip>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.