[c-nsp] Cisco CSM issues

Rubens Kuhl Jr. rubensk at gmail.com
Sun Jul 16 22:39:50 EDT 2006


Hi.

I stumbled into what it seems to be an ugly CSM bug, and would like to
know if anyone has dealed with such issues before.

Scenario is a one-arm configuration, with host routes so VIP traffic
goes to CSM, policy-routing of real servers to make return traffic
flow thru CSM. CSM version is 4.3(a), running an 12.2(18)SXF4 Cat6500.
It's a fault tolerant configuration with one CSM on each 6500, CSM FT
and HSRP between the boxes.

Client-to-server traffic goes ok: CSM receives the packet, NAT the
destination to the real server and send it. But when server-to-client
(since the very first SYN+ACK) packet is received at CSM, it does the
real-to-vip NAT back and then sends the packet to the wrong
destination MAC. It has a route so all traffic would go to MSFC, but
it instead fills one random MAC from its arp table. The packet goes to
nowhere... 1 second later, a rubbish appears with client IP to VIP,
coming from the CSM MAC, and then CSM itself generates RST packets to
both client and real server to close the connection.

Besides that, defect CSCek31065 is in effect so one has to find the
debug info among thousands of "Invalid Encaps ID for get info" log
entries.

Any similar experiences, or CSM versions with a solid reliability track ?


Rubens


More information about the cisco-nsp mailing list