OPERATIONAL DEFECT DATABASE
...
...
This is an enhancement to the behavior of how LISP IPv4 tables are populated. Prior to 17.4+ we used strictly CEF to populate the entries for MAC:IP bindings. This could lead to more IP-to-MAC bindings then what is expected in 17.4 onward. In addition, this also was not a very secure method of populating the tables hence the behavioral change
Customer is using bridged VM and upgrades to 17.4+, customer will see the new method of LISP IPv4 tables and how they are populated
The behavior moves from CEF only --> utilizing IPDT tables to populate the entries. In this scenario, 21:1 IP:MAC bindings is supported in 17.4 and starting in 17.10 we up this to 1000:1 If customers upgrade and only see a 1:1 entry in IPDT, then they will need to go under the instance-id (or issue the command globally under router listp to impact all VLANs) and allow multiple mac to ip bindings router lisp Instance-id 8191 Service ethernet dynamic-eid detection multiple-addr *Note* - DNAC does not push these configurations unless you are on a code combination of 17.10/2.3.5. If you are on a release prior to this, then the configurations above will need to be entered manually
N/A PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
