Guest

Preview Tool

Cisco Bug: CSCvv82330 - When large number of policies are applied to a ASR1001-X running 17.3.1, traffic is dropped.

Last Modified

Oct 06, 2020

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

17.3.1

Description (partial)

Symptom:
With SD-WAN configuration on ASR1001-X, traffic is seen as being dropped as AppRoutePolicyDrop beyond an app route policy scale. Similar traffic drop will also be seen with PBR route-map or ACL scale configuration on ASR1001-X.

All traffic on policy based flows going through ASR1001-X box started to get dropped with 17.3.1a after scaling up app-route policies. But the issue will be seen randomly on earlier releases as well and has been seen at least once on 17.2.1. The issue is seen SD-WAN configuration and it was determined that the problem only occurs when both the data-policy and app-route policy are applied on the device at scale. If scale is reduced with data-policy applied but app-route removed, or with app-route policy applied but data-policy removed, problem is not seen.

Conditions:
Platform - only ASR1001-X
Policy scale -  multiple SDWAN app route policies or PBR route map, ACL on large number of interfaces typically close to or exceeding half the TCAM capacity as seen by CLI: show platform hardware qfp active tcam resource-manager usage
Releases - randomly on all releases supporting ASR1001-X
Issue - Traffic drop with no matching policy
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.