Guest

Preview Tool

Cisco Bug: CSCvh94828 - ARP is not processing subnet of all the IP addresses configured for the interface

Last Modified

Aug 14, 2019

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

6.2.1.BASE

Description (partial)

Symptom:
ARP local proxy will incorrectly drop some incoming ARP packets so that ARP resolution fails for these hots getting their ARP requests dropped.


Conditions:
When arp local proxy is enabled for an interface with primary and secondary addresses configured on the interface.

When a host connected to such an interface sends an ARP request, the router tries to validate the source address of the ARP request.  If the source address is a subnet broadcast address, then this ARP request would be dropped.

Due to this bug, the router incorrectly uses the subnet mask of the primary address when trying to determine whether the source address of the ARP request is a subnet broadcast when the source address is part of a secondary address range.  That means that some source addresses part of the secondary address range are incorrectly considered as subnet broadcast and their ARP requests are getting dropped.

This will lead to ARP request failures & local ARP proxy will not work. 

Please see the example below to explain it in detail:
* Primary address of an interface is configured with a /29 subnet mask value (255.255.255.248).
	* Secondary address configured with /26 subnet mask (255.255.255.192).
	* ARP local proxy is enabled & this should respond to ARP requests if the IP address is valid for that interface.
	* With local proxy enabled, the input IP address is validated for broadcast IP & reply is sent only if its not a broadcast IP.
	* While evaluating broadcast IP, only the primary address subnet value was used to determine if the incoming IP is broadcast. With its subnet mask of /29, ARP packets from every 8th IPv4 source (LSB: 111) is dropped. Example: x.x.x.7, x.x.x.15, x.x.x.23
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.