Upgraded to 7.6.4 and unexpectedly received an error during the first post-upgrade policy deployment.
Summary: Tunnel source and tunnel destination combination configured on VTI interfaces must be unique.
Description: Interfaces: ZZZ have the same tunnel source address and the same destination address configured across multiple topologies.
Cause: The topologies: ZZZ have virtual tunnel interfaces using the same tunnel source and are mapping to the same destination IP address. This configuration is not supported and will cause deployment failure.
Topology was multipoint, and it was hard to pinpoint or understand what was causing this error, as there was no reference to the spoke causing the conflict.
After eliminating all point-to-point topology conflicts, I’ve checked inside the multipoint topology. Turns out some of the spokes had staging (shadow) public IP assigned as source of VTI tunnel interface, and since they were all staged on the same public IP, it started to trigger deployment errors.
I had to go into each spoke in multipoint topology to confirm public IP assignment as the source IP, and when it was showing a shadow IP, I had to refresh (click on/off) to show the correct IP.
Once this was done, deployment succeeded.