Guest

Preview Tool

Cisco Bug: CSCvv75643 - TCP Issues at vtcp alg layer in DNS NAT with large TCP strams

Last Modified

Sep 29, 2020

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

16.9.5

Description (partial)

Symptom:
Network address translation (NAT) Application-level gateway (ALG) for DNS can generate
unexpected TCP frames while processing a large request over TCP connection.

With every frame from server an ACK is sent also to client, while there was not traffic.
Once response is processed and sent to client, client ACKs are forwarded to server despite the message was acknowledged already.

When reaching available buffer, the connection is expected to reset, but the RST frame is sent to the server only.
Subsequent frames generate other RST frames, on the client side ignored due to invalid sequence.
Connection gets stuck until client times out.

Conditions:
DNS nat configuration, and size of TCP streams over about 40kB.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.