[c-nsp] ASR1002 -- interface stops passing IPv4 traffic?

John Osmon josmon at rigozsaurus.com
Fri May 19 08:42:02 EDT 2017 

Thanks Paul -- this appears to be the exact issue.  I just didn't have
enough experience with the platform to know to look here.

	John


On Fri, May 19, 2017 at 12:09:18PM +0100, Paul Sherratt wrote:
> Hi John,
> 
> This sounds like it may be an input queue wedge on the interface, which is
> only fixed with a reload.
> 
> I've seen CVE-2016-1478 / CSCva35619 hit a few people.  If you're running
> an affected version you'll need to upgrade or workaround.  To verify, check
> queue size in "show interface" output - if it's a queue wedge you can issue
> "show buffers old [dump]" to confirm it is indeed the NTP bug causing your
> issues.
> 
> https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva35619
> 
> 
> Cheers,
> 
> Paul
> 
> On 19 May 2017 at 05:43, John Osmon <josmon at rigozsaurus.com> wrote:
> 
> > I've never found an IOS device I couldn't tame with the help of Usenet
> > and then google.  However, I'm new to the ASR1000 and IOS-XE, and I'm
> > running into something I've never seen before.
> >
> > I've got GigE ports that will pass traffic, and then suddenly stop.
> > The interface still shows up/up, but you can't even ping the local
> > interface from the router itself.
> >
> > We've can restore traffic by moving the config to another port, but the
> > "dead" port stays dead.  We've tried shut/no shut, new SFPs, and new
> > configs -- but the port still won't work.
> >
> > Interestingly, the port *DOES* work with IPv6 -- but not IPv4.  This
> > router doesn't use IPv6, but when I put an address on the interface, it
> > is pingable.
> >
> > If you apply an IPv4 /24 to the dead interface, the routing table shows
> > the /24 as a "connected" network, and shows a "local" /32 for the
> > address in use -- but is not pingable.
> >
> > The only thing we've found in common between the ports is that they
> > were connected to eBGP peers.  We've had three events, on ports
> > connected to two different providers.
> >
> > My next step is to get to the colo and move one of the "dead" ports to
> > a spanned port switch and start sniffing the line.
> >
> > Any suggestions would be appreciated.  Hardware in use includes:
> >    ASR1000-ESP10
> >    ASR1002-RP1
> >    SPA-8X1GE-V2
> >
> > Problem has occurred in both built-in and SPA-8X1GE-V2 ports, with
> > multi-mode, and GE-T transceivers.
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list