Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
N7700 F3 linecard generating ICMP redirects for IPV6 multicast packets
IPV6 multicast packet received on F3 linecard
Issue is not present on M3 linecard
N7700 F3 linecard generating ICMP redirects for IPV6 multicast packets This issue started after upgrading hardware from N7000 to N7700, tested on the lab, issue is present with F3 linecards, when using M3 linceards nexus is not reporting any issues. ======================================= Lab repro =====Hardware===== ++N77-F348XP-23 =====Version====== version 8.3(2) Topology used: IXIA-----(E1/1)---N7700---(E1/2)-----(E1/1)---N9K(RP) Steps to reproduce it: Took the packet that generated the ICMP on CU environment. Injected that packet from IXIA to the N7700. On 9k we could observ the (S,G) After injecting the packet we could observe the ICMP header error reported by the nexus On old version following logg is observed: 019 Dec 10 05:14:07 sdc-ami-7k-1-1 %NETSTACK-3-FRAME_LENGTH_SHORT: netstack [6837] Frame length: 277 less than IPv6 payload length: 249 for packet received on interface Vlan428 ===================================================== Running Config N7700-F340.12.17-N7702-2-NON-ADMIN(config-if)# sh run !Command: show running-config !Running configuration last done at: Sat Jan 11 00:37:36 2020 !Time: Sat Jan 11 00:45:01 2020 version 8.3(2) hostname F340.12.17-N7702-2-NON-ADMIN feature pim6 feature eigrp feature interface-vlan feature hsrp username admin password 5 $5$vBfNS1cB$JP49ANJwdF2uAk19aKJ3PA7.polUhGPpthHzXq6pgy 8 role vdc-admin ip domain-lookup ipv6 access-list TAC1 statistics per-entry 10 permit ipv6 2620:17e:100:1406:10:142:228:10/128 ff38:40:2620:17e:100:4020:0 :1/128 20 permit ipv6 any any snmp-server user admin vdc-admin auth md5 0x573823cd5786b53de235426e3d952277 pri v 0x573823cd5786b53de235426e3d952277 localizedkey rmon event 1 log trap public description FATAL(1) owner PMON@FATAL rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL rmon event 3 log trap public description ERROR(3) owner PMON@ERROR rmon event 4 log trap public description WARNING(4) owner PMON@WARNING rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO ipv6 route 2620:17e:100:ff::1/128 1::2 ipv6 route 2620:17e:100:ff::10/128 1::2 ipv6 pim rp-address 2620:17e:100:ff::1 group-list ff38:40:2620:17e:100:8000::/81 ipv6 pim rp-address 2620:17e:100:ff::10 group-list ff38:40:2620:17e:100:4000::/8 8 ipv6 pim ssm range ff30::/12 vlan 1,428 vlan 1,428 vrf context management interface Vlan1 interface Vlan428 description QA-CE-ASA_OUT no shutdown ipv6 traffic-filter TAC1 in no ip redirects ip address 10.142.228.2/24 ipv6 address 2620:17e:100:1406:10:142:228:2/64 no ipv6 redirects ipv6 router eigrp 130 ip router eigrp 130 ipv6 passive-interface eigrp 130 ip passive-interface eigrp 130 ipv6 pim sparse-mode ipv6 pim dr-priority 4294967295 hsrp version 2 hsrp 428 authentication md5 key-chain HSRP-KEY preempt delay minimum 300 priority 255 ip 10.142.228.1 hsrp 428 ipv6 authentication md5 key-chain HSRP-KEY preempt delay minimum 300 priority 255 ip 2620:17e:100:1406:10:142:228:1 interface Ethernet1/1 switchport switchport access vlan 428 ipv6 port traffic-filter TAC1 in no shutdown interface Ethernet1/2 ipv6 address 1::1/68 ipv6 pim sparse-mode no shutdown interface Ethernet1/3 interface Ethernet1/4 interface Ethernet1/5 interface Ethernet1/6 interface Ethernet1/7 interface Ethernet1/8 interface Ethernet1/9 interface Ethernet1/10 interface Ethernet1/11 interface Ethernet1/12 interface Ethernet1/13 interface Ethernet1/14 interface Ethernet1/15 interface Ethernet1/16 interface Ethernet1/17 interface Ethernet1/18 interface Ethernet1/19 interface Ethernet1/20 interface Ethernet1/21 interface Ethernet1/22 interface Ethernet1/23 interface Ethernet1/24 interface Ethernet1/25 interface Ethernet1/26 interface Ethernet1/27 interface Ethernet1/28 interface Ethernet1/29 interface Ethernet1/30 interface Ethernet1/31 interface Ethernet1/32 interface Ethernet1/33 interface Ethernet1/34 interface Ethernet1/35 interface Ethernet1/36 interface Ethernet1/37 interface Ethernet1/38 interface Ethernet1/39 interface Ethernet1/40 interface Ethernet1/41 interface Ethernet1/42 interface Ethernet1/43 interface Ethernet1/44 interface Ethernet1/45 interface Ethernet1/46 interface Ethernet1/47 interface Ethernet1/48 line vty N7700-F340.12.17-N7702-2-NON-ADMIN(config-if)# =============================================== With ethanalyzer we could observe the following: N7700-F340.12.17-N7702-2-NON-ADMIN# ethanalyzer local interface inband limit-captured-frames 0 Capturing on inband 2020-01-13 20:31:06.589360 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:100:4020:0:1 ANSI C12.22 291 Source port: 50916 Destination port: c1222-acse [BAD UDP LENGTH 241 > IP PAYLOAD LENGTH] 2020-01-13 20:31:06.589407 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:100:4020:0:1 ANSI C12.22 291 Source port: 50916 Destination port: c1222-acse [BAD UDP LENGTH 241 > IP PAYLOAD LENGTH] 2020-01-13 20:31:06.589426 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:100:4020:0:1 ANSI C12.22 291 Source port: 50916 Destination port: c1222-acse [BAD UDP LENGTH 241 > IP PAYLOAD LENGTH] 2020-01-13 20:31:06.589445 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:100:4020:0:1 ANSI C12.22 291 Source port: 50916 Destination port: c1222-acse [BAD UDP LENGTH 241 > IP PAYLOAD LENGTH] ============================================================ N7700 sending ICMP redirect: N7700-F340.12.17-N7702-2-NON-ADMIN# ethanalyzer local interface inband display-filter "ipv6.dst==2620:17e:100:1406:10:142:228:10" limit-captured-frames 0 Capturing on inband 2020-01-13 20:31:52.456878 2620:17e:100:1406:10:142:228:2 -> 2620:17e:100:1406:10:142:228:10 ICMPv6 339 Parameter Problem (erroneous header field encountered)[Packet size limited during capture] 2020-01-13 20:31:52.457011 2620:17e:100:1406:10:142:228:2 -> 2620:17e:100:1406:10:142:228:10 ICMPv6 339 Parameter Problem (erroneous header field encountered)[Packet size limited during capture] 2020-01-13 20:31:52.457206 2620:17e:100:1406:10:142:228:2 -> 2620:17e:100:1406:10:142:228:10 ICMPv6 339 Parameter Problem (erroneous header field encountered)[Packet size limited during capture] ========================================================= With M3 linecard same configuration we can observe some packets on the CPU, on 9K (S,G) is created, however nexus doesn't report any problem or genereate an ICMP ERROR Ethanalyzer on M3 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489375 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489393 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489411 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489429 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489539 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489560 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 00:4020:0:1 ANSI C12.22 303 Source port: 50916 Destination port: c1222-acse 2020-01-11 00:23:00.489578 2620:17e:100:1406:10:142:228:10 -> ff38:40:2620:17e:1 Looking for ICMP redirect: N7700-F340.12.17-N7702-2-NON-ADMIN# ethanalyzer local interface inband display-filter ipv6.dst==2620:17e:100:1406:10:142:228:10 limit-captured-frames 0 Capturing on inband No ICMP errors were reported ========================================