Guest

Preview Tool

Cisco Bug: CSCvs75321 - ISIS and MRIB out of sync for the FTag oifs

Last Modified

Aug 28, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

15.0(0.65)

Description (partial)

Symptom:
Broadcast Traffic/Unknown Unicast/multicast traversing the fabric can get blackholed on nodes that have inconsistent ISIS and MRIB states.

ISIS Output for FTAG 0
node-1103 (vsh)# show isis internal mcast routes | more  
<snip>
FTAG ID:   0 [Root] [Enabled] Cost:(   2/   8/   0)
----------------------------------
    Root port: Ethernet1/2.47
    OIF List:
      Ethernet1/5.12
      Ethernet1/6.16
      Ethernet1/13.24
      Ethernet1/17.21
      Ethernet1/19.37
      Ethernet1/20.43
      Ethernet1/22.23
      Ethernet1/23.38
      Ethernet1/24.41
      Ethernet1/25.50
      Ethernet1/33.33
      Ethernet1/34.34
<snip>
 
The MRIB outputs should include both the root port and the OIFs above aggregated into the "outgoing interface list"
However below you see that root port e1/2 is missing in the outputs.
In this scenario, the BUM traffic using FTAG 0 and ingressing port e1/2 gets dropped.
Sideband ELAM will register a fwddrop=1
 
FTAG 0 MRIB output
node-1103 (vsh)# show ip mroute detail vrf all | more    
<snip>
(*, 0.64.0.0/32), FTAG Route: , FTAG Enable , uptime: 31w5d, isis(0)
  Data Created: No
    OTV Router Mode
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 12)
    Ethernet1/25.50, uptime: 1d00h
    Ethernet1/24.41, uptime: 1d00h
    Ethernet1/23.38, uptime: 1d00h
    Ethernet1/22.23, uptime: 1d00h
    Ethernet1/20.43, uptime: 1d00h
    Ethernet1/19.37, uptime: 1d00h
    Ethernet1/17.21, uptime: 1d00h
    Ethernet1/13.24, uptime: 1d00h
    Ethernet1/6.16, uptime: 1d00h
    Ethernet1/5.12, uptime: 1d00h
    Ethernet1/34.34, uptime: 4w5d
    Ethernet1/33.33, uptime: 4w5d
<snip>

Conditions:
This issue occurs due to link flaps between leaf switches and spine switches or interDC links that may cause FTAG reconvergence, and ARP flood is enabled for the bridge domain.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.