[c-nsp] ASR1002 -- interface stops passing IPv4 traffic?

Paul Sherratt lists at paul.sh
Fri May 19 07:09:18 EDT 2017 

Hi John,

This sounds like it may be an input queue wedge on the interface, which is
only fixed with a reload.

I've seen CVE-2016-1478 / CSCva35619 hit a few people.  If you're running
an affected version you'll need to upgrade or workaround.  To verify, check
queue size in "show interface" output - if it's a queue wedge you can issue
"show buffers old [dump]" to confirm it is indeed the NTP bug causing your
issues.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva35619


Cheers,

Paul

On 19 May 2017 at 05:43, John Osmon <josmon at rigozsaurus.com> wrote:

> I've never found an IOS device I couldn't tame with the help of Usenet
> and then google.  However, I'm new to the ASR1000 and IOS-XE, and I'm
> running into something I've never seen before.
>
> I've got GigE ports that will pass traffic, and then suddenly stop.
> The interface still shows up/up, but you can't even ping the local
> interface from the router itself.
>
> We've can restore traffic by moving the config to another port, but the
> "dead" port stays dead.  We've tried shut/no shut, new SFPs, and new
> configs -- but the port still won't work.
>
> Interestingly, the port *DOES* work with IPv6 -- but not IPv4.  This
> router doesn't use IPv6, but when I put an address on the interface, it
> is pingable.
>
> If you apply an IPv4 /24 to the dead interface, the routing table shows
> the /24 as a "connected" network, and shows a "local" /32 for the
> address in use -- but is not pingable.
>
> The only thing we've found in common between the ports is that they
> were connected to eBGP peers.  We've had three events, on ports
> connected to two different providers.
>
> My next step is to get to the colo and move one of the "dead" ports to
> a spanned port switch and start sniffing the line.
>
> Any suggestions would be appreciated.  Hardware in use includes:
>    ASR1000-ESP10
>    ASR1002-RP1
>    SPA-8X1GE-V2
>
> Problem has occurred in both built-in and SPA-8X1GE-V2 ports, with
> multi-mode, and GE-T transceivers.
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list