Guest

Preview Tool

Cisco Bug: CSCvs51228 - IPIP/GRE pkts coming in non-default VRF gets decap by matching tunnel where transport vrf is default

Last Modified

Jan 08, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

9.3(2.68)

Description (partial)

Symptom:
IPIP/GRE encapsulated pkts coming on interface in non-default VRF say VRF-X getting decapsulated and egress on interface in default VRF.

Conditions:
IPIP/GRE encapsulated pkts coming on VRF-X having outer src-ip/dst-ip matches with 
 tunnel dest and tunnel src of a tunnel and tunnel's transport vrf (tunnel use-vrf) is default vrf and There is no tunnel up in VRF-X with matching tunnel dest and tunnel src.


e.g when a ipip pkt with outer dest-ip 132.127.101.1 ingress on interface with vrf member vrf-cust-1 
in below example and if Tunnel 102 does not exist or down pkt will still hit tunnel 101 in default VRF

interface Tunnel101
  tunnel mode ipip decapsulate-any ip
  tunnel source 132.127.101.1
  no shutdown

interface Tunnel102
  vrf member vrf-cust-1
  tunnel mode ipip decapsulate-any ip
  tunnel source 132.127.101.1
  tunnel use-vrf vrf-cust-1
  no shutdown
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.