Cisco Bug: CSCvv33438 - ASR9K Flowspec policy not matched on PWHE due to missing UIDB entry caused by timing issue
Sep 16, 2020
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptom: The flowspec policy is not properly applied on the PWHE interface and we don't match the packets: #show flowspec afi-all internal Thu Jul 23 14:37:37.544 CEST AFI: IPv4 Flow :Dest:184.108.40.206/32,Source:220.127.116.11/32 Actions :Traffic-rate: 0 bps (bgp.1) Client Version: 0 Local: FALSE Unsupported: FALSE RT: VRF Name Cfg: 0x00 RT Cfg: 0x00 RT Registered: 0x00 RT Resolved: 0x00 Class handles: Handle : 3000000076000021 Class Handle Version: 1 Sequence: 1024 Match Unsupported: None Synced: TRUE Ref Count: 1 Last Error: 0:Success Last Batch: 59 Time Init: Jul 23 14:33:15 <<<<< Time iClass Update: Jul 23 14:33:15 <<<< Statistics (packets/bytes) Matched : 0/0 Dropped : 0/0 Conditions: - The problem can be hit when a flowspec policy is being applied to a PWHE on a LC, but the LC does not have any active members yet for that interfaces. - For instance, this timing issue may happen during the router or some LC reload after flowspec is configured. - This affects both cXR and eXR releases and is relevant to PWHE interfaces. Also all XR line-ups are affected, as it seems to be a day-1 bug.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases