In case it is useful for anyone else, underlying issue looks to be this: Cisco CSCws27022: ECN bits being included as part of ECMP hash on IPv6 TCP flows (Workaround: Do not use ECMP)
Appears to be platform specific, affecting Cisco Catalyst C9K UADP ASIC (C9500-32C) Another work-around might be to configure "ip cef load-sharing algorithm original" Tim:> On Tue, Mar 25, 2025 at 4:33 PM Tim Durack <[email protected]> wrote: > Very helpful, thanks! Will post my own short story once complete... > > On Tue, Mar 25, 2025 at 4:24 PM Toke Høiland-Jørgensen <[email protected]> > wrote: > >> Tim Durack <[email protected]> writes: >> >> > Toke, >> > >> > Resurrecting an old thread, did you ever write this one up? >> >> Hi Tim >> >> Thank you for the reminder! No, I never did get around to writing >> anything at the time. However, now that you reminded me, I collected my >> old notes and posted this: >> >> >> https://blog.tohojo.dk/2025/03/ecn-ecmp-and-anycast-a-cocktail-of-broken-connections.html >> >> > I believe I have a customer reporting a similar problem with IPv6 TCP >> ECN >> > probably ECMP resulting in RST coming back from anycast services >> > (Cloudflare). >> > >> > Tricky one to debug, looking for similar reports... >> >> Hoping the above is helpful :) >> >> -Toke >> > > > -- > Tim:> > -- Tim:> -- Tim:> _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/KSVJBYJYTIEXCHF66JBWR3WBLJT7QX5J/
