Cisco Bug: CSCvs14492 - Enhancement Request: Redistribute Local Routes into OSPF for uRPF/DHCP Relay Workaround
Nov 22, 2019
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptom: There is a limitation with URPF and DHCP Relay due to its interaction with vPC/HSRP. This is expected behavior as per the following note in the "Guidelines and Limitations" section of the DHCP configuration guide: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/security/config/cisco_nexus7000_security_config_guide_8x/configuring_dhcp.html#con_1272833 "If you are using both the Unicast reverse Packeting Forwarding (uRFP) strict mode in your client vPC VLANs and the First Hop Redundancy Protocol (FHRP) with the DHCP relay feature, the DHCP requests are sourced from the physical egress IP address interface (not the FHRP VIP) by default. Consequently, if your DHCP server is not on a directly connected subnet and you have multiple ECMP routes back to your vPC pair, some packets might land on the neighbor switch instead of the originating switch and be dropped by RFP. This behavior is expected. To avoid this scenario, perform one of the following workarounds: - Use the uRFP loose mode, not uRFP strict. - Configure static routes for the interface address on the affected FHRP interfaces and redistribute the static routes into IGP." Configuring static routes for the local addresses doesn't work; while OSPF redistributes static routes that are "active" (i.e. in the FIB), it doesn't redistribute those that are inactive (as the local route will be preferred). What actually does work is adding routes for the local addresses of the peer (using a direct L3-connection between the peers), but OSPF will now point all traffic to the wrong peer, which will then forward it to the correct one. This enhancement request is to be able to redistribute the "Local" route into OSPF to prevent that unnecessary hop. Conditions: vPC pair of Nexus switches with uRPF, FHRP, and DHCP Relay configured. Topology where DHCP server is not on a directly connected subnet and has multiple ECMP routes back to vPC pair.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases