Cisco Bug: CSCup29049 - IKE v1/v2 continues to use deprecated IP even when there exists pref IP
Jan 31, 2017
- Cisco IOS
Known Affected Releases
Symptom: When multiple IPv6 addresses are available on tunnel source interface with the (lexicographically) first address being deprecated; 51700-154-2# sh ipv6 int e0/0 | inc subnet|lifetime 2340:1111:AAAA:4:A8BB:CCFF:FE00:6400, subnet is 2340:1111:AAAA:4::/64 [EUI/CAL/PRE] valid lifetime 255 preferred lifetime 15 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Address *about* to deprecate(preferred lifetime=0) 2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7, subnet is 2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7/128 <<<<<<<<<next preferred IP 2340:1111:AAAA:16:3D63:331B:E7A5:93C6, subnet is 2340:1111:AAAA:16:3D63:331B:E7A5:93C6/128 2340:1111:AAAA:16:A8BB:CCFF:FE00:6400, subnet is 2340:1111:AAAA:16::/64 [EUI/CAL/PRE] valid lifetime 755 preferred lifetime 355 The following log is seen when preffered lifetime expires: *Apr 14 00:47:24.942: [IPv6 Address]IPV6ADDR: Deprecating 2340:1111:AAAA:4:A8BB:CCFF:FE00:6400 from Ethernet0/0 Ideally after this crypto/tunnel should start using next preffered ip i.e 2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7 (other router generated traffic/session uses preferred ipv6 address (non-deprecated)), but it continues to use deprecated ipv6 address. Bouncing the tunnel interface or clearing the SA does not help. Upon valid time expiry of deprecated IP ,IKE starts using next preferred IP. Conditions: The issue is seen in following scenario: Flex-vpn client or DMVPN spoke with tunnel source being DHCPv6 client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases