Cisco Bug: CSCvu01307 - 6.6.3 - SRG - OS-FLOWTRAP-3-BAD_ACTOR_MAC_NOT_CLEARED prm_server Data, table, or file already exists
Jun 04, 2020
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptom: after receiving these sequence of logs, the MAC address of the subscriber seems to be blocked permanently, the session does not come up anymore: LC/0/0/CPU0:Apr 22 01:10:06.261 : flowtrap: %OS-FLOWTRAP-4-BAD_ACTOR_MAC_DETECTED : Excessive Unclassified packets for RSP flow detected from source MAC address <MAC> on interface Bundle-Ether1.X. Traffic from this MAC address will be dropped for 15 minutes. LC/0/0/CPU0:Apr 22 01:25:06.261 : flowtrap: %OS-FLOWTRAP-3-BAD_ACTOR_MAC_NOT_CLEARED : The platform failed to completely clear the 'penalty policing' for source MAC address <MAC> on interface Bundle-Ether1.X, 'prm_server' detected the 'warning' condition 'Data, table, or file already exists.'. LC/0/0/CPU0:Apr 22 01:25:06.261 : flowtrap: %OS-FLOWTRAP-4-BAD_ACTOR_MAC_CLEARED : Source MAC <MAC> on interface Bundle-Ether1.X cleared from penalty-policing by timeout. Conditions: using flow trap to identify "bad actors" of those subscribers who are using the punt path excessively. the problem with this functionality is that it doesnt clear the mac from the bad table correctly at times leaving the subscriber penalized forever. this is specifically an issue with geo redundancy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases