Guest

Preview Tool

Cisco Bug: CSCvu51926 - Implicit arp rule reshuffled to tile from tcam resulting in contract deny

Last Modified

Oct 03, 2020

Products (24)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 9516 Switch
  • Cisco Nexus 9396PX Switch
  • Cisco Nexus 9396TX Switch
  • Cisco Nexus 93108TC-FX Switch
  • Cisco Nexus 93120TX Switch
  • Cisco Nexus 93240YC-FX2 Switch
  • Cisco Nexus 9372TX-E Switch
  • Cisco Nexus 9332C Switch
  • Cisco Nexus 93108TC-EX Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

14.2(3q)

Description (partial)

Symptom:
ARP packets are dropped in the fabric that should be implicitly permitted using zoning-rule programming. The packet drop reason is SECURITY_GROUP_DENY and the specific rule is implicit deny for the VRF table.

Conditions:
This issue can occur if there are approximately 5000 or more vzAny contract TCAM rules (i.e sclass=any, dclass=any) with valid protocol and l4 filters. 

This unusally high number of vzany rules results in the rules getting moved from one memory in hardware to another memory, which exposes a software bug. Even an implicit ARP entry, which internally is a vzAny filter rule, is also impacted by this move.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.