Technical Announcement on Abnormal Disappearance of Static Cross-VPN Routes on H3C Routers and Switches
- 0Followed
- 0Collected ,178Browsed
Product Model
Router products:
CR16000-FA, CR16000-F, SR8800-X-S, SR8800-F, SR8800-X, RX8800, RA5100, RA5300 series routers
Switch products:
S12500R, S12500-X/S12500-F/S12500X-AF, S12500F-AF/S12500M-AF series, S12500R/S12500CR(V9) series switches
Involved Version
|
Product number |
Involved version |
|
CR16000-F、CR16000-F、SR8800-X-S、SR8800-F、SR8800-X、RX8800 |
81xx branch: versions between E8125 (inclusive) and R8151P28 (inclusive), and versions between R8151P50 (inclusive) and R8151P58 (inclusive) 82xx branch: versions between E8216 (inclusive) and R8260P27 (inclusive), and versions between R8261P10 (inclusive) and R8261P22 (inclusive) |
|
RA5100,RA5300 |
Versions between R0107P17 (inclusive) and R7607P517 (inclusive) |
|
S12500R |
R3606, F3607, F3607P01, F3607P02 versions |
|
S12500-X/S12500-F/S12500X-AF S12500F-AF/S12500M-AF Series |
F2808, F2809 version |
|
S12500R/S12500CR(V9) |
E5201P01 version |
Problem Description
When a static inter-VPN (including public) route is configured on the above device, if only the VPN instance (including public) is specified as the next hop and no specific next hop address is specified, deleting and creating an irrelevant VPN instance on the device will cause the device to fail. All static cross-VPN routes above disappear, for example:
[H3C] ip route-static vpn-instance vpn1 100.1.1.1 24 public // Configure a static inter-VPN route without specifying the next hop address
[H3C] display ip routing-table vpn-instance vpn1 100.1.1.0 24 // Check that the static VPN route is added to the table normally and takes effect
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
100.1.1.0/24 Static 60 0 0.0.0.0 InLoop0
[H3C] undo ip vpn-instance ceshi1 // Randomly delete a VPN instance
[H3C] ip vpn-instance ceshi2 // Randomly create a new VPN instance
[H3C] display ip routing-table vpn-instance vpn1 // Check that the static route of 100.1.1.0/24 in VPN1 has disappeared
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
Cause Analysis
When the device has the above configuration and the above operations, due to poor code protection, cross-VPN static routes will disappear in the IP routing table, and service forwarding related to these static cross-VPN routes will be interrupted.
Workaround/Solutions
Workaround
1. When configuring static inter-VPN (including public) routes, the next hop must specify a specific IP address.
2. For the devices involved, do not add or delete VPNs before upgrading versions or installing patches.
Solutions
Install the patch or upgrade the version to solve the problem, and the patch and version number of the product involved in solving the problem are as follows:
|
Product number |
problem-solving patch |
problem-solving version |
|
CR16000-F、CR16000-F、SR8800-X-S、SR8800-F、SR8800-X、RX8800 |
R8261P22H52 R8151P13H52 |
R8261P26 and later versions R8151P29 and later versions |
|
RA5100,RA5300 |
/ |
R7607P518 and later |
|
S12500R |
/ |
F3608 |
|
S12500-X/S12500-F/S12500X-AF S12500F-AF/S12500M-AF Series |
/ |
R2820 |
|
S12500R/S12500CR(V9) |
/ |
E5201P02 |