Guest

Preview Tool

Cisco Bug: CSCvu12539 - F348XP-25 Linecard Won't Boot With FIPS Enabled

Last Modified

Jun 24, 2020

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

8.2(4)

Description (partial)

Symptom:
With FIPS mode enabled, we see the following symptoms when F348XP-25 linecards fail to boot after reload.

+ Module fails to boot.  After three retries the module powers down.  A power-up of the module results in the same issue.

======================================================
"show module"
Mod  Ports  Module-Type                         Model              Status
---  -----  ----------------------------------- ------------------ ----------
1    0      Supervisor Module-2                 N7K-SUP2E          active *
2    0      Supervisor Module-2                                    powered-up
3    48     1/10 Gbps Ethernet Module           N7K-F348XP-25      failure
4    48     1/10 Gbps Ethernet Module           N7K-F348XP-25      ok
======================================================

+ FIPS POST fails, followed by Im SAP timeout and MTS_OPC_FIPS_POST_TEST_RUN/MTS_SAP_SECURITY_DAEMON communication errors

======================================================
"show logging log"
2020 Apr  5 00:27:39 [hostname] securityd: FIPS POST Failed For Module 3  
2020 Apr 5 01:05:39 [hostname] %MODULE-2-LCM_MODULE_INSERT_FAILURE_TIMEOUT: Slot-3 has failed to boot up because the service "Im SAP" has timed out due to module insertion failure
2020 Apr 5 01:12:50 [hostname] %IM-3-IM_SEQ_ERROR: Error (sequence timeout) while communicating with component (null) opcode:MTS_OPC_SYNC_MESSAGE (for:RID_MODULE: 3)
2020 Apr 5 01:12:50 [hostname] %IM-3-IM_SEQ_ERROR: Error (sequence timeout) while communicating with component MTS_SAP_SECURITY_DAEMON opcode:MTS_OPC_FIPS_POST_TEST_RUN (for:RID_MODULE: 3)
======================================================

+ Multiple stuck MTS messages of source SAP = 179/dest SAP = 55 (Can range from tens to hundreds of stuck messages)

======================================================
"show system internal mts buffers details"
Node/Sap/queue  Age(ms)         SrcNode         SrcSAP  DstNode         DstSAP  OPC     MsgId            MsgSize RRToken        Offset
sup/55/nper           5888609        0x901             179        0xA01             55           2213    0x48c91d17 196         0x48c91d17  0xfaa1604 
sup/55/nper            5888609        0x901             179        0xA01             55           2213    0x48f2c5da  196         0x48f2c5da   0xfaa1404
sup/55/nper           5888609        0x901             179        0xA01             55           2213    0x491b3b6d 196         0x491b3b6d 0xfaa1204
======================================================
"show system internal mts sup sap 179 description"
Im SAP   
======================================================
"show system internal mts sup sap 55 description"
Security Daemon   
======================================================

+ "show system reset-reason" references the same MTS SAP

======================================================
"show system reset-reason mod 3"
*************** module reset reason (3) *************
Time stamp : At 660277 usecs after Sun Apr 5 01:12:50 2020
 
Service name : SAP:179
Reset reason : LC insertion sequence failure => [Failures < MAX] : powercycle
Serial number:
Error code : NA
<snip>
----- reset reason for module 3 (from Supervisor in slot 9) ---
1) At 662484 usecs after Sun Apr 5 01:12:50 2020
Reason: Reset Requested due to Fatal Module Error
Service: Im SAP
Version:
=====================================================

+ FIPS status shows 'FAILURE'

=====================================================
"show fips status"
FIPS Status: enabled
Switch Mode: FIPS
----------------------
LC STATUS
----------------------
3 PRE-POST FAILURE
=====================================================

Conditions:
+ F348XP-25 linecard installed
+ FIPS enabled on N7K chassis
+ Reload of linecard
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.