Loading...
Loading...
While configuring Active/Active or Active/Standby SIG tunnels with Zscaler, and performing auto L7 Health Checks on each SIG tunnel, an issue can arise where if the source interface of one SIG tunnel goes down, the SIG tunnel that does not use the downed interface as its source becomes degraded due to the L7 Health Check. Consequently, the SIG tunnel that should not be down also goes down.
The conditions we currently know are as follows: - SIG Tunnels - L7 Health Checker is configured
No workarounds.
As a result of the investigation, it was determined that this behavior is the expected behavior by design. In SIG Trackers running versions earlier than 17.14, the issue described in the symptom may occur. In SIG Tracker, DNS queries are periodically sent for DNS resolution. When there is a change in the path used to execute these DNS queries, the sending path is reconfigured. When the sending path is reconfigured, the SIG Tracker is also reinitialized. During this reinitialization, the SIG Tracker temporarily goes down. As a result, the SIG Tunnel also temporarily goes down. In versions 17.14 and later, the implementation has been changed. Even if the DNS query path changes and reconfiguration occurs, the SIG Tracker is no longer reinitialized. As a result, the SIG Tracker does not go down, and consequently, the SIG Tunnel does not become degraded.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
BugZero Plan
Streamline upgrades with automated vendor bug scrubs
BugZero Prevent
Wish you caught this bug sooner? Get proactive today.