Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
215
Views
0
Helpful
0
Replies

CSCsy35054 - NP1/2 UDP conns not updated when MAC address changes

andrew.butterworth
Level 7
Level 7

‎01-24-2015 07:31 AM - edited ‎03-20-2019 08:27 PM

We have a customer that appears to be experiencing this bug but with FWSM 4.1(15).

There is a Linux HA solution on one side of the FWSM and when a failover occurs the Linux HA sends a Gratuitous ARP which updates the FWSM ARP cache however not all connections are updated.  If we sniff traffic exiting the FWSM we can see the destination MAC address for 'some' existing connections have the wrong MAC address (the old MAC address).  The clients are constantly sending traffic (SIP) to the Linux server so the connection states are continually refreshed.  If we manually clear the connections or let them time out by disconnecting one of the SIP clients for 30-minutes (the default SIP control channel session timeout) it recovers, however this isn't practical.

We have recommended introducing a layer-3 hop between the FWSM and the Linux HA devices as we suspect this will solve the problem (i.e. the destination MAC will be the L3 next-hop and not the Linux server itself).  In looking at the issue we identified the behaviour as the same as that documented under BugID: CSCsy35054, however this says it appeared in 3.2(6) and was fixed in 3.2(12.1) & 4.0(5.4) however we are running 4.1(15) which is the latest release.

Any other ideas?

Andy

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents