Preview Tool

Cisco Bug: CSCvs51228 - IPIP/GRE pkts coming in non-default VRF gets decap by matching tunnel where transport vrf is default

Last Modified

Jan 31, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases


Description (partial)

IPIP/GRE encapsulated pkts coming on interface in non-default VRF say VRF-X getting decapsulated and egress on interface in default VRF.

IPIP/GRE encapsulated pkts coming on VRF-X having outer src-ip/dst-ip matches with 
 tunnel dest and tunnel src of a tunnel and tunnel's transport vrf (tunnel use-vrf) is default vrf and There is no tunnel up in VRF-X with matching tunnel dest and tunnel src.

e.g when a ipip pkt with outer dest-ip ingress on interface with vrf member vrf-cust-1 
in below example and if Tunnel 102 does not exist or down pkt will still hit tunnel 101 in default VRF

interface Tunnel101
  tunnel mode ipip decapsulate-any ip
  tunnel source
  no shutdown

interface Tunnel102
  vrf member vrf-cust-1
  tunnel mode ipip decapsulate-any ip
  tunnel source
  tunnel use-vrf vrf-cust-1
  no shutdown
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.