Preview Tool

Cisco Bug: CSCup03720 - VSG: Incorrect teardown of Service path TCP Connections

Last Modified

Feb 20, 2018

Products (1)

  • Cisco Virtual Security Gateway for Nexus 1000V Series Switch

Known Affected Releases


Description (partial)

VSG may sometimes tear down a Service Path TCP connection without any known triggers. This would cause the VSG to send a drop action for the return packets and cause traffic disruption.

This can be detected by viewing the vservice connections on the VSM:

VSM1# sh vser conn | in .1.2
 tcp      P     E           12223
 tcp      P     E           13094 <--- Session is established

VSM1# sh vser conn | in .1.2
 tcp    P     FafRr       12943
 tcp      P     E           13094
VSM1# sh vser conn | in .1.2
 tcp      P     FafRr       12943
                                                                          <--- Session to port 50017 is gone

VSM1# sh vser conn | in .1.2
 tcp      P     FafRr       12943

VSM1# sh vser conn | in .1.2
 tcp      D                       8704 <--- Returning traffic for 50017 session is being dropped

VSG configured as a vservice on VSM. Conditions for teardown are unknown at this point.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.