Guest

Preview Tool

Cisco Bug: CSCvh88330 - VAI Leaks with IKEv1 DVTI

Last Modified

Oct 25, 2019

Products (1)

  • Cisco IOS

Known Affected Releases

15.5(3)S0.1 16.2(0)

Description (partial)

Symptom:
When running IPSec sessions using DVTI's to clone the tunnel Virtual-Access interfaces then under prolonged tunnel churn due to remote endpoints toggling their connections some VAI's are never cleared from the interface list, leading to the total number of VAIs slowly increasing over time.

The affected VAIs can be identified because they remain indefinately in Up/Down state on the device.  Eventually the large number of VAI leads to increased processing during bring up of new incoming IPSec connections as the router needs to check the tunnel-interface cache for the remote endpoint in case of reusing an existing VAI before cloning a new one from the VTemplate.

Conditions:
IOS-XE device running IPSec using DVTI interfaces to clone the incoming tunnel requests.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.