Preview Tool

Cisco Bug: CSCup29049 - IKE v1/v2 continues to use deprecated IP even when there exists pref IP

Last Modified

Jan 31, 2017

Products (1)

  • Cisco IOS

Known Affected Releases


Description (partial)

When multiple IPv6 addresses are available on tunnel source interface with the (lexicographically) first address being deprecated;

51700-154-2# sh ipv6 int e0/0 | inc subnet|lifetime
    2340:1111:AAAA:4:A8BB:CCFF:FE00:6400, subnet is 2340:1111:AAAA:4::/64 [EUI/CAL/PRE]
      valid lifetime 255 preferred lifetime 15    <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<Address *about* to deprecate(preferred lifetime=0)  
    2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7, subnet is 2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7/128 <<<<<<<<<next preferred IP
    2340:1111:AAAA:16:3D63:331B:E7A5:93C6, subnet is 2340:1111:AAAA:16:3D63:331B:E7A5:93C6/128 
    2340:1111:AAAA:16:A8BB:CCFF:FE00:6400, subnet is 2340:1111:AAAA:16::/64 [EUI/CAL/PRE]
      valid lifetime 755 preferred lifetime 355

The following log is seen when preffered lifetime expires:
	*Apr 14 00:47:24.942: [IPv6 Address]IPV6ADDR: Deprecating 2340:1111:AAAA:4:A8BB:CCFF:FE00:6400 from Ethernet0/0
Ideally after this crypto/tunnel should start using next preffered ip i.e 2340:1111:AAAA:4:CC1D:6EB4:16E6:CBF7 (other router generated traffic/session uses preferred ipv6 address (non-deprecated)), but it continues to use deprecated ipv6 address.

Bouncing the tunnel interface or clearing the SA does not help. Upon valid time expiry of deprecated IP ,IKE starts using next preferred IP.

The issue is seen in following scenario:

 Flex-vpn client or DMVPN spoke with tunnel source being DHCPv6 client.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.