OPERATIONAL DEFECT DATABASE
...
...
When ETA and AVC are configured together, multiple FNF exports are happening for the same flow after active timer expiry.
1. Catalyst 9k 2. ETA + AVC is configured. 3. Running affected IOS-XE
To fix the issue, we provided a logic which exports the fnf records only during active timeouts. Since, the flow is already present in the hardware table, while exporting the flow records, we are exporting the delta counters of packet and byte counters between active timeouts and we are updating the first seen time stamp of the flow to the last expired active timeout.
This issue is because of AVC not deleting the flows from Hardware flow table once active timer expiry happens. Whenever active timer expiry is happening for a flow, We should ideally be deleting the flow from hardware flow table. But, AVC and ETA together works in such a way that, flow gets deleted only when both the features want to delete the flow. Because of this limitation, same flow is always getting hit by active timeout incase of long lived flows. As that flow is still present in the hardware table, which is resulting in the continuous fnf flow exports.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
