Guest

Preview Tool

Cisco Bug: CSCvs53458 - uRPF strict mode check fails in VXLAN Fabric when Source IP Host Route is on Remote VTEP

Last Modified

Jun 22, 2020

Products (65)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 93600CD-GX Switch
  • Cisco Nexus 3548-X Switch
  • Cisco Nexus 9516 Switch
  • Cisco Nexus 3548 Switch
  • Cisco Nexus 92348GC-X Switch
  • Cisco Nexus 3636C-R Switch
  • Cisco Nexus 9396PX Switch
  • Cisco Nexus 92160YC-X Switch
  • Cisco Nexus 93108TC-FX Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

9.3(3)

Description (partial)

Symptom:
uRPF strict check fails with the use of VXLAN Anycast Gateway causing IP connectivity failures.
Traffic is dropped by uRPF check on Ingress VTEP.

Conditions:
VXLAN EVPN with Anycast Gateway configured on SVI:
fabric forwarding mode anycast-gateway

Incoming VLAN/SVI configured with Strict uRPF mode:
ip verify unicast source reachable-via rx

Global CLI:
no system urpf disable

Source IP used from end host/client is present on Ingress VTEP as a Remote host route pointing in the Overlay.
Remote VTEP has a local Adjacency (HMM) entry pointing to a local access port as ARP is resolved on it with the real presence of the IP

Ingress VTEP where uRPF strict check fails:
# Traffic is received with Source IP 10.100.100.100.
Though entry points as remote:
N9k-118-Leaf1# sh ip route 10.100.100.100/32 vrf CUSTOMER
IP Route Table for VRF "CUSTOMER"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.100.100.100/32, ubest/mbest: 1/0
    *via 10.222.12.3%default, [200/0], 00:20:29, bgp-1000, internal, tag 1000, segid: 100001 tunnelid: 0xade0c03 encap: VXLAN


Remote VTEP has HMM entry:
N9k-111-Leaf2# sh ip route 10.100.100.100/32 vrf CUSTOMER 
IP Route Table for VRF "CUSTOMER"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
?
10.100.100.100/32, ubest/mbest: 1/0, attached
    *via 10.100.100.100, Vlan100, [190/0], 00:18:59, hmm
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.