Guest

Preview Tool

Cisco Bug: CSCvw03769 - vEdge 1000: BGP may advertise a default route that doesn't exist in RIB or OMP

Last Modified

Oct 22, 2020

Products (1)

  • Cisco SD-WAN

Known Affected Releases

20.1

Description (partial)

Symptom:
When ipsec tunnels are setup from vEdges towards Zscaler and a default route being advertised towards the service side Via OMP to BGP, if the ipsec tunnels go down, a default route learned via OMP might not get retracted and stays in the BGP table:

vEdge# show interface

                                          IF      IF      IF                      TCP
                   AF                     ADMIN   OPER    TRACKER  SPEED          MSS                 RX       TX
VPN  INTERFACE     TYPE  IP ADDRESS       STATUS  STATUS  STATUS   MBPS   DUPLEX  ADJUST  UPTIME      PACKETS  PACKETS
------------------------------------------------------------------------------------------------------------------------
<snippet>
0    ipsec1        ipv4  172.26.0.6/30    Up      Down    NA       -      -       1292    -           15659    0 <<<<<====
0    ipsec2        ipv4  172.26.0.10/30   Up      Down    NA       -      -       1292    -           15652    0 <<<<<====
<snippet>

vEdge# 

No default route in VPN 65

vEdge# show ip routes
<snippet>

                                            PROTOCOL  NEXTHOP     NEXTHOP          NEXTHOP
VPN    PREFIX              PROTOCOL         SUB TYPE  IF NAME     ADDR             VPN      TLOC IP          COLOR            ENCAP  STATUS
---------------------------------------------------------------------------------------------------------------------------------------------
0      0.0.0.0/0           static           -         ge0/0       x.x.x.x       -        -                -                -      F,S
0      0.0.0.0/0           static           -         ge0/1.11    x.x.x.x      -        -                -                -      F,S
<snippet>
65     x.x.0.0/16        omp              -         -           -                -        10.0.0.6         custom1          ipsec  F,S
65     x.x.0.0/16        omp              -         -           -                -        10.0.0.6         custom3          ipsec  F,S
65     x.x.9.0/24        bgp              -         -           x.x.x.x      -        -                -                -      I
65     x.x.9.0/24        connected        -         irb10       -                -        -                -                -      F,S
65     x.x.0.0/16      omp              -         -           -                -        10.0.0.6         custom1          ipsec  F,S
65     x.x.0.0/16      omp              -         -           -                -        10.0.0.6         custom3          ipsec  F,S
65     x.x.53.0/24     static           -         -           x.x.x.1    -        -                -                -      I
65     x.x.55.0/24     static           -         -           x.x.x.1    -        -                -                -      I


vEdge# show bgp routes vpn 65

                     INFO                       LOCAL                      AS
VPN  PREFIX          ID    NEXTHOP      METRIC  PREF   WEIGHT  ORIGIN      PATH   PATH STATUS          TAG
------------------------------------------------------------------------------------------------------------
65   0.0.0.0/0       0     0.0.0.0      -       -      32768   igp         Local  valid,best           0 <<<<=====
<snippet>

Conditions:
-BGP configured in Service VPN
-vEdge 1000 
-Running 20.1.12
-Configuring IPsec tunnels towards Zscaler
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.