In case it is useful for anyone else, underlying issue looks to be this:
Cisco CSCws27022: ECN bits being included as part of ECMP hash on IPv6 TCP
flows (Workaround: Do not use ECMP)
Appears to be platform specific, affecting Cisco Catalyst C9K UADP ASIC
(C9500-32C)
Another work-around might be to configure "ip cef load-sharing algorithm
original"
Tim:>
On Tue, Mar 25, 2025 at 4:33 PM Tim Durack <tdurack(a)gmail.com> wrote:
> Very helpful, thanks! Will post my own short story once complete...
>
> On Tue, Mar 25, 2025 at 4:24 PM Toke Høiland-Jørgensen <toke(a)toke.dk>
> wrote:
>
>> Tim Durack <tdurack(a)gmail.com> writes:
>>
>> > Toke,
>> >
>> > Resurrecting an old thread, did you ever write this one up?
>>
>> Hi Tim
>>
>> Thank you for the reminder! No, I never did get around to writing
>> anything at the time. However, now that you reminded me, I collected my
>> old notes and posted this:
>>
>>
>> https://blog.tohojo.dk/2025/03/ecn-ecmp-and-anycast-a-cocktail-of-broken-co…
>>
>> > I believe I have a customer reporting a similar problem with IPv6 TCP
>> ECN
>> > probably ECMP resulting in RST coming back from anycast services
>> > (Cloudflare).
>> >
>> > Tricky one to debug, looking for similar reports...
>>
>> Hoping the above is helpful :)
>>
>> -Toke
>>
>
>
> --
> Tim:>
>
--
Tim:>
--
Tim:>
Good Morning!
If anyone from AS58182 Wix.com is here, could you please contact me
off-list? Looking for some assistance troubleshooting reachability of the
service from our network for a mutual customer, and didn't get too far with
Tier 1.
Regards,
Ross Lindsay
AS14031
