Guest

Preview Tool

Cisco Bug: CSCup03720 - VSG: Incorrect teardown of Service path TCP Connections

Last Modified

Feb 20, 2018

Products (1)

  • Cisco Virtual Security Gateway for Nexus 1000V Series Switch

Known Affected Releases

4.2(1)VSG2(1.1)

Description (partial)

Symptom:
VSG may sometimes tear down a Service Path TCP connection without any known triggers. This would cause the VSG to send a drop action for the return packets and cause traffic disruption.

This can be detected by viewing the vservice connections on the VSM:

VSM1# sh vser conn | in .1.2
 tcp  10.1.1.2:50016          172.16.1.1:443      P     E           12223
 tcp  10.1.1.2:50017          172.16.1.1:443      P     E           13094 <--- Session is established

VSM1# sh vser conn | in .1.2
 tcp  10.1.1.2:50016          172.16.1.1.4:443    P     FafRr       12943
 tcp  10.1.1.2:50017          172.16.1.1:443      P     E           13094
VSM1# sh vser conn | in .1.2
 tcp  10.1.1.2:50016          172.16.1.1:443      P     FafRr       12943
                                                                          <--- Session to port 50017 is gone

VSM1# sh vser conn | in .1.2
 tcp  10.1.1.2:50016          172.16.1.1:443      P     FafRr       12943

VSM1# sh vser conn | in .1.2
 tcp  172.16.1.1:443      D     10.1.1.2:50017                       8704 <--- Returning traffic for 50017 session is being dropped

Conditions:
VSG configured as a vservice on VSM. Conditions for teardown are unknown at this point.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.