Guest

Preview Tool

Cisco Bug: CSCvs49377 - Useg EP sets SCLASS 10 after Peer-To-Local Move

Last Modified

Nov 16, 2020

Products (2)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 9000 Series Switches

Known Affected Releases

13.2(4e)

Description (partial)

Symptom:
After a virtual machine is vMotioned, traffic begins to drop the source from that endpoint. When running "show logging ip access-list internal packet-log deny" on the leaf switch, you can see policy drops for the endpoint.

Conditions:
Microsegmentation is enabled on a VMM Domain on EPG.
There is a VM behind a host which has a connection to two leaf switches in a non vPC configuration, but the leafs are configured in a vPC domain.  The Endpoint is only active on one switch at a time
     Because of this config, the leaf where the VM is connected will have the EP marked as local, and on the vPC peer switch the EP will be marked as "on-peer"
Now that VM moves to a completely separate leaf pair or vPC domain.
     After this, the leaf that had the EP marked as "on-peer" will get an update to install a "bounce" entry.  When this happens, the SCLASS flag is missing on the EP.
Now that VM moves back to the original configuration where it was local on the same leaf and "on-peer" on the same leaf as before.
Finally, the VM moves to local on the leaf where it was "on-peer" (Peer to local move).  Since the SCLASS flags is missing from the EP due to the previous bounce, it incorrectly gets programmed using the base SCLASS 10 instead of the correct SCLASS of the EPG.  This in turn causes traffic mis-classification and policy drops.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.