"Symptoms: Small packets may be dropped when CEF is enabled. This situation may cause encryption or description failures for packets with a certain packet size.
Conditions: This symptom is observed when packets are switched on any interface via CEF or fast switching. The symptom affects packets with a small size (for example, 36 or 37 bytes).
Workaround: There is no workaround."
There is a duplicate bug of this one that is titled : VPN-NetGx: Excessive CPU usage with AH & multilink group
and it says "Using AH (authentication header) with ppp multilink-group uses excessive CPU. This happens only on the decrypt side. Two serial interfaces are bundled together on a "Multilink interface". On decryption Router A's CPU reaches 95% with just 100pps of 64 bytes and Router B's CPU reaches 95% with just 190ppps. Same routers, if used for
encryption with the same traffic do not use more than 5% of their CPU.
Even sofware crypto can decrypt the same amount of traffic with less than
5% of CPU.
This happens only with AH-SHA-HMAC or AH-MD5-HMAC and does not happen with:
If we increase the rate, packets are dropped on the decrypt side. "fw_qs_filled" counters in "show crypto engine accelerator stat" will
start increasing and eventually traffic will stop. "
In this situation, I would recommend opening a TAC case for troubleshooting.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...