Cisco Bug: CSCvh88330 - VAI Leaks with IKEv1 DVTI
Aug 21, 2019
- Cisco IOS
Known Affected Releases
Symptom: When running IPSec sessions using DVTI's to clone the tunnel Virtual-Access interfaces then under prolonged tunnel churn due to remote endpoints toggling their connections some VAI's are never cleared from the interface list, leading to the total number of VAIs slowly increasing over time. The affected VAIs can be identified because they remain indefinately in Up/Down state on the device. Eventually the large number of VAI leads to increased processing during bring up of new incoming IPSec connections as the router needs to check the tunnel-interface cache for the remote endpoint in case of reusing an existing VAI before cloning a new one from the VTemplate. Conditions: IOS-XE device running IPSec using DVTI interfaces to clone the incoming tunnel requests.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases