Guest

Preview Tool

Cisco Bug: CSCvu22299 - [ESG]:VRF VNID translation is deleted after un-deploying a graph and deleting all ESGs under a VRF

Last Modified

Oct 03, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

15.0(1f)

Description (partial)

Symptom:
VRF communication between two EPGs is disrupted when the last endpoint security group (ESG) under this VRF table that is using a different contract (with a service graph) is removed and service-graph contract is un-deployed. One of the EPGs is in the main datacenter (that is, behind a local leaf switch) and other EPG is behind a remote location (that is, behind a remote leaf switch).

Conditions:
This issue occurs if the following conditions are met:

1. There is intra-VRF communication between two EPGs - one each in a local leaf switch and a remote leaf switch.
2. Use a service graph contract between two different ESGs in the same VRF table.
3. Delete the ESGs in this VRF table one by one.
4. Undeploy the service-graph contract between the ESGs in step (2).

Deleting the last ESG results in traffic disruption for the EPGs in step (1).
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.