Guest

Preview Tool

Cisco Bug: CSCvs08368 - FlexVPN Hub Memory Leak in AAA process when IKEv2 sessions are being established

Last Modified

Aug 29, 2020

Products (14)

  • Cisco IOS
  • Cisco ASR 1000 Series IOS XE SD-WAN
  • Cisco 4221 Integrated Services Router
  • Cisco 4331 Integrated Services Router
  • Cisco 4321 Integrated Services Router
  • Cisco ASR 1002-X Router
  • Cisco ASR 1001-X Router
  • Cisco 4351 Integrated Services Router
  • Cisco ISR 4000 Series IOS XE SD-WAN
  • Cisco ISR 1000 Series IOS XE SD-WAN
View all products in Bug Search Tool Login Required

Known Affected Releases

16.9.4

Description (partial)

Symptom:
In the output of "show process memory sorted" the Holding counter for Crypto INT process is increasing.

AND 

In the output of "show mem alloc totals" we see that the "Total" and "Count" counters keep increasing for AAA General DB and AAA Interface Struct:

Router#show mem alloc total

<snip>

Allocator PC Summary for: Processor

   Total      Count     Name               PC
147604448  145588  AAA General DB         iosd_shr_m_uk9_AAA_Core_crb:7FAF1FE68000+5C1410

71292112  145592  AAA Interface Struct   iosd_shr_m_uk9_AAA_Core_crb:7FAF1FE68000+5C128C

Conditions:
IKEv2 is used and session policies are being pushed from AAA.
The problem was found on a ASR1000 series router configured as a FlexVPN hub.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.