Cisco Bug: CSCvv82330 - When large number of policies are applied to a ASR1001-X running 17.3.1, traffic is dropped.
Oct 06, 2020
- Cisco ASR 1000 Series Aggregation Services Routers
Known Affected Releases
Symptom: With SD-WAN configuration on ASR1001-X, traffic is seen as being dropped as AppRoutePolicyDrop beyond an app route policy scale. Similar traffic drop will also be seen with PBR route-map or ACL scale configuration on ASR1001-X. All traffic on policy based flows going through ASR1001-X box started to get dropped with 17.3.1a after scaling up app-route policies. But the issue will be seen randomly on earlier releases as well and has been seen at least once on 17.2.1. The issue is seen SD-WAN configuration and it was determined that the problem only occurs when both the data-policy and app-route policy are applied on the device at scale. If scale is reduced with data-policy applied but app-route removed, or with app-route policy applied but data-policy removed, problem is not seen. Conditions: Platform - only ASR1001-X Policy scale - multiple SDWAN app route policies or PBR route map, ACL on large number of interfaces typically close to or exceeding half the TCAM capacity as seen by CLI: show platform hardware qfp active tcam resource-manager usage Releases - randomly on all releases supporting ASR1001-X Issue - Traffic drop with no matching policy
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases