In case it is useful for anyone else, underlying issue looks to be this: Cisco CSCws27022: ECN bits being included as part of ECMP hash on IPv6 TCP flows (Workaround: Do not use ECMP) Appears to be platform specific, affecting Cisco Catalyst C9K UADP ASIC (C9500-32C) Another work-around might be to configure "ip cef load-sharing algorithm original" Tim:> On Tue, Mar 25, 2025 at 4:33 PM Tim Durack <tdurack@gmail.com> wrote:
Very helpful, thanks! Will post my own short story once complete...
On Tue, Mar 25, 2025 at 4:24 PM Toke Høiland-Jørgensen <toke@toke.dk> wrote:
Tim Durack <tdurack@gmail.com> writes:
Toke,
Resurrecting an old thread, did you ever write this one up?
Hi Tim
Thank you for the reminder! No, I never did get around to writing anything at the time. However, now that you reminded me, I collected my old notes and posted this:
https://blog.tohojo.dk/2025/03/ecn-ecmp-and-anycast-a-cocktail-of-broken-con...
I believe I have a customer reporting a similar problem with IPv6 TCP ECN probably ECMP resulting in RST coming back from anycast services (Cloudflare).
Tricky one to debug, looking for similar reports...
Hoping the above is helpful :)
-Toke
-- Tim:>
-- Tim:> -- Tim:>