Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
By default, `no ip redirects` and `no ipv6 redirects` are not automatically configured on Layer 3 interfaces in NX-OS. Cisco best practices recommend that ICMP/ICMPv6 Redirect messages are disabled on all Layer 3 interfaces with this configuration so that traffic that falls within an ICMP/ICMPv6 Redirect scenario is not punted to the control plane and subsequently software forwarded. These traffic flows would be subject to CoPP (Control Plane Policing), which could cause packet loss if the bandwidth of these traffic flows exceeds the CoPP rate limiter and causes traffic to be dropped in hardware. This software defect is an enhancement to NX-OS that adds two features: 1. All Layer 3 interfaces (SVIs, routed physical interfaces, routed port-channels, loopbacks, etc.) have `no ip redirects` and `no ipv6 redirects` automatically configured on them when the interface is created. 2. Upon upgrading to an NX-OS software release where this enhancement is included, a syslog will be printed for each Layer 3 interface (SVIs, routed physical interfaces, routed port-channels, loopbacks, etc.) that does not already have `no ip redirects` and `no ipv6 redirects` configured. This syslog can be globally supressed with non-default configuration (e.g. `ip redirect suppress-syslog` and/or `ipv6 redirect suppress-syslog`). It looks like recent enhancements were introduced that automatically push this configuration in vPC environments with the vPC Peer Gateway feature enabled. However, this does not cover scenarios wherein customers use their Nexus platform primarily as routers (with large numbers of Layer 3 port-channels and/or physical interfaces), which is common in the Nexus 7000 and Nexus 9500 platforms (particularly in VXLAN BGP EVPN environments).
This enhancement (most notably the syslog) may be observed when a Nexus switch has Layer 3 interfaces (SVIs, routed physical interfaces, routed port-channels, loopbacks, etc.) that are not configured with `no ip redirects` and `no ipv6 redirects`.
Configure `no ip redirects` and `no ipv6 redirects` on all Layer 3 interfaces (SVIs, routed physical interfaces, routed port-channels, loopbacks, etc.) where ICMP/ICMPv6 Redirect messages are not explicitly needed.
Due to RFC requirements this enhancement cannot be completed and the bug is marked as closed. RFC1812 - Requirements for IP Version 4 Routers Section 5.2.7.2 Redirect Routers that can generate Code 3 redirects (Host and Type of Service) MUST have a configuration option (which defaults to on) to enable Code 1 (Host) redirects to be substituted for Code 3 redirects. RFC2461 - Neighbor Discovery for IP Version 6 (IPv6) Section 8.2 Router Specification A router SHOULD send a redirect message, subject to rate limiting, whenever it forwards a packet that is not explicitly addressed to itself (i.e. a packet that is not source routed through the router) See CSCvw60241 for a syslog that is being developed if ip redirects are detected to warn the user.