Loading...
Loading...
- VNTAG is used to encapsulate packets so that they are able to reach the correct FEX HIF (Host interfaces) port - identifies unique FEX HIF interfaces. - Transit traffic on the impacted switch (#switch) when egressing out to a FEX interface (NIF/Network interface) with "no lacp suspend-individual" configured the VNTAG is not set for traffic destined to HIF. - This does not impact traffic sourced/destined from the impact switch itself (#switch), only transit traffic (e.g. ping sourced from #switch-2), which is dropped. - Ingress transit traffic on the impacted switch (#switch) coming from the FEX is not impacted (this is a unidirectional issue). - Host connected on FEX MAC can be seen learnt on NIF (Eth1/46) instead of HIF (Eth101/1/48), which is not expected.
- "no lacp suspend-individual" configured for NIF (aka FEX-fabric) ports on parent switch. - Applicable for FEXes - 2248TP-E, 2232TM-E, 2348UPQ, but possibly more models. - Applicable for N9K-93180 and N9K-3240YC and N9K-C9336C-FX2 switches with Cisco ASIC (possibly all Cisco ASIC models), not applicable for broadcom-based Nexus 93xx switches. - Issue is seen even after running fixed code for: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve31661. - Test host will be able to ping "#switch" but not "#switch-2" (ping request will hit #switch-2 but ping reply will be dropped when sent down Po101) in the topology below: +---------------------------+ +---------------------------+ | (#switch-2) | VPC | (#switch) | |Nexus 93180YC-EX +-----------------+Nexus 93180YC-EX | | VLAN 2128 SVI | | VLAN 2128 SVI | |IP:10.202.242.174 |==========|IP:10.202.242.173 | +---------------------------+ Peer-link +-------------+-+-+--------+ | | | | | | Po101 | | | Eth1/46 +--------------------+ +--------------+-+--+-----+ | Test host | | | | IP: +-------------------+ FEX-101 | | 10.202.242.177| Eth101/1/48 | 2248TP-E | +--------------------+ +---------------------------+ Broadcast/Unicast/Multicast from 10.202.242.177 is able to make it to 10.202.242.173 and back again. Broadcast/Unicast/Multicast from 10.202.242.177 is able to make it to 10.202.242.174, but Broadcast/Unicast/Multicast coming from 10.202.242.174 to 10.202.242.177 is dropped as the VNTAG is not sent for frames destined to the FEX.
Remove "no lacp suspend-individual" configuration from NIF(FEX-fabric) ports. To remove this configuration, configure "lacp suspend-individual".
- To verify you have hit this defect: [1] Check running configuration for FEX Network interface (NIF): switch# show run interface port-channel 101 membership !Command: show running-config interface port-channel101 membership !Time: Tue Sep 25 14:01:03 2018 version 7.0(3)I6(2) interface port-channel101 switchport switchport mode fex-fabric fex associate 101 no lacp suspend-individual <----"no lacp suspend-individual" needs to be configured to hit the issue. interface Ethernet1/46 switchport switchport mode fex-fabric fex associate 101 channel-group 101 no shutdown [2] Get the 'unit/asic','slice_num' and 'src_id' value from the physical member NIF port(s) to use in the command in step (4). switch# show system internal ethpm info interface ethernet 1/46 | i dpid IF_STATIC_INFO: port_name=Ethernet1/46,if_index:0x1a005a00,ltl=5964,slot=0, nxos_port=180,dmod=1,dpid=37,unit=0,queue=65535,xbar_unitbmp=0x0,ns_pid=255,slice_num=0,port_on_slice=37,src_id=66 <------ unit/asic = 0, slice_num=0, src_id = 66 [3] Get the ASIC name, use the first 3 letters "sug" in the next command in step (4). switch# attach module 1 module-1# show hardware internal version ------------------------------------------------------------------- Name InstanceNum Version Date ------------------------------------------------------------------- Sugarbowl 0 0x03 <--- ASIC is Sugarbowl ("sug" for short). [4] Run the next command which is not disruptive: module-1# debug hardware internal sug dump asic 0 slice 0 table tah_sug_rwx_RWPifTable 66 1 changed <------ unit/asic = 0, slice = 0, src_id = 66 | ASIC=sug, replace xxx with sug ("tah_xxx_rwx_RWPifTable") ovly_lu_vntag_mode=0x00000003 <--- search for this in the output, if set to 0x3, this defect is hit. Should be set to 0x1
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.