Guest

Cisco RF Gateway Series

Field Notice: FN - 63686 - RFGW10 with SUP7E Supervisor Card that Runs Cisco IOS-XE Release 3.2.2SQ Image Might Stop Processing L3/IP Traffic. Workaround Available.

Field Notice: FN - 63686 - RFGW10 with SUP7E Supervisor Card that Runs Cisco IOS-XE Release 3.2.2SQ Image Might Stop Processing L3/IP Traffic. Workaround Available.

September 24, 2013


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
24-SEP-2013
Initial Public Release

Products Affected

Products Affected Comments
RFGW10 with RFGW-X45-SUP7-E
SW Release: Cisco IOS ®-XE 3.2.2SQ Affected 

Problem Description

RF Gateway (RFGW)10 with a SUP7E supervisor card that runs Cisco IOS-XE Release 3.2.2SQ image might stop processing all layer 3 (L3)/IP traffic on the device if the Management port FastEthernet1 (Fa1) is enabled and in use. All Downstream External PHY Interface (DEPI) sessions might also go down and not recover. Secure Shell (SSH)/TELNET/PING to/from the supervisor might also not work.

Conditions under which an issue can occur:

  • RFGW10 with a SUP7E Supervisor card that runs Cisco IOS-XE Release 3.2.2SQ image
  • Fa1 port is enabled (not shut down) and in use, where packets flow through Fa1
  • Fa1 port has Cisco Express Forwarding (CEF) fastpath enabled, which is the default behavior for Release 3.2.2SQ - the interface configuration does not have the no ip route-cache cef line

The affected image shows that the unsupported drop counters increment for any access through the Management IP as shown here:


Background

The SUP7E Supervisor card of the RFGW10 platform might lose all L3 connectivity to/from the switch IP address. Switching continues to work, but IP traffic to/from the switch does not. This includes Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), Telnet, and SSH. Once problem symptoms occur, they persist until the switch is reloaded.

The root cause is that packets get dropped in the CEF fast switch path. CEF uses a global counter that is not designed to be accessed from two threads; that is, the code is not reentrant. The addition of Fa1 functionality adds a second thread that accesses this counter when the Fa1 port has the CEF fastpath enabled. With two CPU cores on the SUP7E, the two threads get accessed at the same time, which corrupts this counter. All L3 packets get dropped if this counter exceeds a maximum value.

This issue only affects RFGW10 with a SUP7E Supervisor card that runs Cisco IOS-XE Release 3.2.2SQ when the Management port Fa1 is enabled. The image information is shown here:

 

Cisco IOS-XE Releases 3.2.0SQ and 3.2.1SQ are not affected since they do not support the Management port.

The issue is fixed in Cisco IOS-XE Release 3.3.0SQ or newer releases
.

Problem Symptoms

  • SSH/TELNET/PING to/from supervisor do not work.
  • All DEPI sessions might go down and fail to recover.

Workaround/Solution

In order to avoid this issue, there are three alternatives:

  • Keep the Management port Fa1 disabled (shutdown) (see Example 1)
  • Disable CEF on Management port Fa1 (see Example 2)
  • Upgrade to Cisco IOS-XE Release 3.3.0SQ or newer releases (if available)

*** If the problem has already occurred, apply one of these workarounds, and then reboot the system *** .

Example 1 - how to shut down the Fa1 port:
RFGW-10(config)#interf fa1 
RFGW-10(config-if)#shutdown
RFGW-10(config-if)#end
RFGW-10#show run interf fa1
Building configuration...

Current configuration : xxx bytes
!
interface FastEthernet1
ip vrf forwarding Mgmt-vrf
no ip address
shutdown
speed auto
duplex auto
End



Example 2 - how to disable CEF on the Fa1 port:
RFGW10(config)#interf fa1 
RFGW10(config-if)#no ip route-cache cef
RFGW10(config-if)#end

RFGW10#show run interf fa1
Building configuration...

Current configuration : xxx bytes
!
interface FastEthernet1
ip vrf forwarding Mgmt-vrf
ip address 10.45.100.31 255.255.254.0
no ip route-cache cef
speed auto
duplex auto
end


This issue is fixed in Cisco IOS-XE Release 3.3.0SQ, because it ensures that Fa1 traffic does not use the CEF fastpath.

DDTS

In order to follow the Cisco bug ID link and see detailed bug information, you must be a registered customer, and you must be logged in.

DDTS Description
CSCue76243 (registered customers only) Sup7E/Sup7LE/4500X SW not receiving to router traffic: ping, telnet, ssh

For More Information

If you require further assistance, or if you have any further questions about this field notice, contact the Cisco Systems Technical Assistance Center (TAC) by one of these methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.