Cisco Bug: CSCup03720 - VSG: Incorrect teardown of Service path TCP Connections
Feb 20, 2018
- Cisco Virtual Security Gateway for Nexus 1000V Series Switch
Known Affected Releases
Symptom: VSG may sometimes tear down a Service Path TCP connection without any known triggers. This would cause the VSG to send a drop action for the return packets and cause traffic disruption. This can be detected by viewing the vservice connections on the VSM: VSM1# sh vser conn | in .1.2 tcp 10.1.1.2:50016 172.16.1.1:443 P E 12223 tcp 10.1.1.2:50017 172.16.1.1:443 P E 13094 <--- Session is established VSM1# sh vser conn | in .1.2 tcp 10.1.1.2:50016 172.16.1.1.4:443 P FafRr 12943 tcp 10.1.1.2:50017 172.16.1.1:443 P E 13094 VSM1# sh vser conn | in .1.2 tcp 10.1.1.2:50016 172.16.1.1:443 P FafRr 12943 <--- Session to port 50017 is gone VSM1# sh vser conn | in .1.2 tcp 10.1.1.2:50016 172.16.1.1:443 P FafRr 12943 VSM1# sh vser conn | in .1.2 tcp 172.16.1.1:443 D 10.1.1.2:50017 8704 <--- Returning traffic for 50017 session is being dropped Conditions: VSG configured as a vservice on VSM. Conditions for teardown are unknown at this point.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases