[c-nsp] 7600 HFIB bug?

[Persio Pucci]

Hi all. I am new to the list and this is my first post. :)

Trying to get to the bottom of a situation, sans-TAC. Long story short, for
context sake, I had a 7300 that was replaced by a 7600 at my Rio de Janeiro
site connecting to SP and NY.

(SP --- RIO --- NY)

Everything was working fine by the time we were finishing replacing the box,
when our circuit to Sao Paulo was hit and stayed down for about 6 hours.
When the circuit came back up, some communication to NY was just simply not
working, the SP rotuer could not reach, for whatever reason, IP addresses
that were reachable after replacing the box, before the hit. It used to work
on a TE tunnel I had to remove and make Rio a BGP hop to put it to work
while I tried to figure wtf was going on. Ever since, I can ping NY's IP
address from Rio, but cannot from SP, altough all routing is in place
(ISIS), all CEF entries are there.

Well, after a few weeks working on this when time was allowed, I came to a
intriguing situation today, while working with the help of a friend. I was
trying to debug this by using a permit ACL with log-input on the Rio
interfaces and see what was going on. When I applied the ACL on the
interfaces (ip permit x x log-input, ip permit any any), things started
working, and I was again able to ping from SP to NY. If I remove the ACL, I
cease to ping NY from SP.

I seems like something is borked at the 7600, cause the packets won't go
through if they are CEF switched, but they will when they are punted to the
CPU for the logging. Lookis like some FIB/HFIB issue that is beyond
my comprehension.

Any ideas besides going to TAC? Tks!