Guest

Preview Tool

Cisco Bug: CSCvu01307 - 6.6.3 - SRG - OS-FLOWTRAP-3-BAD_ACTOR_MAC_NOT_CLEARED prm_server Data, table, or file already exists

Last Modified

Jun 04, 2020

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

6.6.3.BASE

Description (partial)

Symptom:
after receiving these sequence of logs, the MAC address of the subscriber seems to be blocked permanently, the session does not come up anymore:

LC/0/0/CPU0:Apr 22 01:10:06.261 : flowtrap[163]: %OS-FLOWTRAP-4-BAD_ACTOR_MAC_DETECTED : Excessive Unclassified packets for RSP flow detected from source MAC address <MAC> on interface Bundle-Ether1.X. Traffic from this MAC address will be dropped for 15 minutes. 
LC/0/0/CPU0:Apr 22 01:25:06.261 : flowtrap[163]: %OS-FLOWTRAP-3-BAD_ACTOR_MAC_NOT_CLEARED : The platform failed to completely clear the 'penalty policing' for source MAC address <MAC> on interface Bundle-Ether1.X, 'prm_server' detected the 'warning' condition 'Data, table, or file already exists.'. 
LC/0/0/CPU0:Apr 22 01:25:06.261 : flowtrap[163]: %OS-FLOWTRAP-4-BAD_ACTOR_MAC_CLEARED : Source MAC <MAC> on interface Bundle-Ether1.X cleared from penalty-policing by timeout.

Conditions:
using flow trap to identify "bad actors" of those subscribers who are using the punt path excessively.
the problem with this functionality is that  it doesnt clear the mac from the bad table correctly at times leaving  the subscriber penalized forever.
this is specifically an issue with geo redundancy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.