Skip to content

NewValidation: CSCwp66238 #314

New issue
New issue
Open
Open
NewValidation: CSCwp66238#314
Labels
new_validation
@psureshb

Description

@psureshb
psureshb
opened on Dec 24, 2025

(use upvote 👍 for attentions)

Validation Type

[ ] - Fault

[ ] - Config

[X] - Bug

[ ] - Other

What needs to be validated

When OSPFv3 is configured between ACI and NX-OS with an IPSec ESP policy (encryption enabled), the ESP (Encapsulating Security Payload) sequence number (ESN) is always set to 0 and does not increment for each packet as required.

Not incrementing the ESP sequence number violates RFC4303 and weakens the anti-replay security guarantees of IPSec.

Validate the presence of ESP configuration policies in APIC in affected versions.

Why it needs to be validated

If the sequence number does not increment, these devices may drop packets or refuse to form OSPFv3 adjacencies with ACI/NX-OS.
This can impact network stability, routing, and may break connectivity between different segments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    new_validation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions