Cisco Bug: CSCvs59641 - EIGRP inserting /32 route from LISP redistribution even when ARP is removed, causing loop
May 23, 2020
- Cisco Nexus 7000 Series Switches
Known Affected Releases
Symptom: We have 2 N7K (N7K-Agg1 & N7K-Agg2) routers configured as EIGRP stub to reduce the query domain. The ASA is not a stub. Thus, in the setup, we see that when we lose x.x.x.x/32 (which are LISP redistributed routes) on N7K-Agg2. N7K-Agg2 only sends a unicast QUERY to ASA (Firewall) and not to N7K-Agg1 (which is a stub). This is because here there are mixed peers (stubbed and non-stubbed) on an interface, EIGRP sends UNICAST QUERY only to non-stubbed PEER. This means ASA receives a UNICAST QUERY and N7K-Agg1 does not receive the QUERY. The same happens on N7K-Agg1. When LISP routes are withdrawn from RIB of N7K-Agg2, EIGRP topology has an alternate path via N7K Agg1. Since the query is suppressed when DUAL is initiated for x.x.x.x/32, the alternate path which is via N7k Agg1 gets installed into the RIB. Similarly, it happens for N7k-Agg1 and it ends up pointing to each other resulting in a routing loop. As mentioned in Nexus config guide https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_eigrp.html#55002 When using EIGRP stub routing, you need to configure the distribution and remote routers to use EIGRP and configure only the remote router as a stub. Also, as mentioned in IOS documentation regarding stub functionality, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/15-mt/ire-15-mt-book/ire-eigrp-stub-rtg.html Conditions: + LISP learns dynamic EID routes from ARP for directly connected servers. + Further LISP routes (/32) getting redistributed into EIGRP. + N7K-Agg1 & N7K-Agg2 routers configured as EIGRP stub to reduce the query domain. + Each VRF on the N7K-Agg switch has 2 Eigrp neighbors: ASA FW as a non-stubbed peer and peer N7K-Agg switch as a stubbed peer. + EIGRP sends UNICAST QUERY only to non-stubbed PEER which is ASA, on the other hand, peer N7K-Agg does not receive the QUERY since it is configured as a stubbed peer.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases