Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSG 3.1(3)C4(13) blocks HTTP Continuation

Hi all,

I'm facing a very strange issue on CSG.

I have ten 7609 each with 2 CSG configured in fault tolerance. The alias IP address in client vlan of these CSG is used as next hop by a load balancer (7606 with SLB),the traffic is passing through the CSG to a set of SSGs that have default route in uplink vlan to a firewall load balacer that will route customers to many web servers.

It happened that suddenly all the CSGs in all chassis (simply load balanced,not talking each other) started to block only HTTP continuation back to customers.As far as I know, CSG rel4 goes mad when it receives tcp packet in wrong order since it has no buffer in server vlan,unfortunately, during the problem, all the sniff traces taken with ethereal showed correct TCP seq numbers coming back to CSGs from web server.This issue is related to a single IP address (defined with ip csg content) all other destinations are ok.The workaround is to restart all the CSGs.I already sent a show tech-support to TAC and I'm still waiting for answers.In the meanwhile, do someone knows how to understand why all the CSGs hanged simoultanesly?We got this problem on a PoP, after I week we faced the same problem on another PoP.The only common element is the destination IP of the web server.

Thanks in advance.



New Member

Re: CSG 3.1(3)C4(13) blocks HTTP Continuation

Here's an update. All destinations are affected, we also notice CSG arp errors: 00-00-00-00-00-00 0000 LEARNED 0x8000 down(1)

The CSG should use the next-hop mac address to reach remote destinations, I'm in doubt the fwlb is forwarding arp requests from other routers to CSG. In attachment you can find a trace taken from the fwlb (in this vlan there's a firewall that routes packets to the internet, note that is this firewall).

What if i configure in the fwlb the "no ip proxy-arp" interface command?