Guest

Preview Tool

Cisco Bug: CSCvs69867 - Support for Active fallback Session

Last Modified

Sep 02, 2020

Products (12)

  • Cisco Network Convergence System 5500 Series
  • Cisco Network Convergence System 5504
  • Cisco Network Convergence System 55A2-MOD-HD-S
  • Cisco Network Convergence System 5516
  • Cisco Network Convergence System 5502-SE
  • Cisco Network Convergence System 55A1-24H
  • Cisco Network Convergence System 5502
  • Cisco Network Convergence System 55A2-MOD-S
  • Cisco Network Convergence System 55A2-MOD-SE-S
  • Cisco Network Convergence System 5501-SE
View all products in Bug Search Tool Login Required

Known Affected Releases

7.3.1.CE

Description (partial)

Symptom:
There could be fallback macsec session interop issue with non-Cisco devices, which would expect their fallback peer convergence to happen before any fallback event(e.g. primary key mismatch/expiry) happens, so as to allow a smooth handover of programming control to fallback. 

Because of existing design, XR fallback does not advertise peers as long as session is secured with primary, there would be no peers convergence on the other end and the other box would clean up its programming immediately on fallback event instead of graceful handing over session to fallback. Whereas the XR box would take 30s for programming cleanup, and this would inadvertently cause traffic drop.

This new solution with the defect, runs both primary and fallback session independently. In ideal scenario the primary session will be SECURED and the fallback will be ACTIVE(indicating it has found its live peers and is ready to  program). When there is disruption in primary key, the fallback will drive the session to SECURED.

Note: To interop this new solution  with the legacy fallback model present, configure "enable-legacy-fallback" macsec-policy and apply it to the macsec interfaces.

Conditions:
This may occur when attempting fallback MACsec sessions with a non Cisco box  and the NCS5500 router platform.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.