Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
- Customer has ITD configuration , when the customer ssh/telenet to VIP , it is not working , as the TCP Syn reaches to the Destination but the destination never replies with TCP Syn ACK due to invalid checksum - If the Customer ping VIP then it tries to ssh/telenet it works fine.
- version 8.3(1) - Platform Nexus7700
Ping the VIP then do SSh/Telnet. Remove the NAT ITD and do direct ssh.
+-----------------+ NAT ITD | | +--------------------> | F3 | | 1/1 1/2 | +----+--------+---+ VLAN 600 | | VLAN 413 Capture taken from here before NATing | | +----------------------------------------------->+ | | | +----+--------+---+ | 5/1 5/2 | | M3 | | 5/5/2 5/9/3 | +----+-----+------+ | | | | | | +----------+ +------------+ | | | | Capture Taken from here | | +------------------------> | | | 1/1 | ten1/1 +------------+----+ +--------+--------+ | | | | | N6k | | CAT-2 | | | | | +-----------------+ +-----------------+ 10.10.10.10 VLAN 413 172.16.160.146 VLAN 600 Source IP 172.16.160.146 VIP 100.100.100.100/32 Node ip 10.10.10.10 - The destination (N6k) is not replying the TCP Syn due to the invalid TCP Checksum. - We took a capture from the customer side and we can see the following: +Non Working ( do ssh without Pinging the VIP) ++The souce sends SYN with TCP Checksum 0xb666 ++We checked the Syn on the destination and we still see it 0xb666 which is not correct. +Working (Ping the VIP then do SSH) ++The source sends syn with TCP checksum 0X6b5c ++We checked the Syn on the Destionation side and we can see it is changed as expected to 0x2011 - We have been able to reproduce the issue in our lab. - For more detail refer to Lab repro section. - As you know the TCP Checksum is computed over the entire set of data (pseudo header plus TCP segment), pesudo header contains the Src IP and Dest IP ASIC Team confirmed, "NAT-ITD" will not support TCP checksum update in flanker, so closing the defect.