Table Of Contents
Release Notes for the Cisco PDSN 4.1 Feature in Cisco IOS Release 12.4(15)XR6
Migration Scenarios for Cisco PDSN 4.0
Upgrading to New Software Release
Determining the Software Version
Upgrading the Supervisor Image
Changing Configuration on Cisco PDSN in a Live Network
Cisco PDSN Software Features in Release 12.4(15)XR6
Unresolved Caveats in Cisco IOS Release 12.4(15)XR2
Unresolved Caveats in Cisco IOS Release 12.4(15)XR1
Unresolved Caveats Cisco IOS Release 12.4(15)XR
Resolved Caveats in Cisco IOS Release 12.4(15)XR5
Resolved Caveats in Cisco IOS Release 12.4(15)XR4
Resolved Caveats in Cisco IOS Release 12.4(15)XR3
Resolved Caveats in Cisco IOS Release 12.4(15)XR2
Resolved Caveats Prior to Cisco IOS Release 12.4(15)XR1
Obtaining Documentation and Submitting a Service Request
Release Notes for the Cisco PDSN 4.1 Feature in Cisco IOS Release 12.4(15)XR6
Published: July 08, 2009Revised: September 24, 2009, OL-20209-01Cisco IOS Release 12.4(15)XR6 is based on Cisco IOS Release12.4, with enhancements to the Cisco Packet Data Serving Node (Cisco PDSN) feature. This release is optimized for the Cisco PDSN feature on the Cisco Service and Application Module for IP (SAMI) card on the Cisco 7609 Internet Router.
Contents
These release notes include important information and caveats for the Cisco PDSN software feature provided by the Cisco IOS 12.4(15)XR6 for the Cisco 7609 Internet Router platform.
This release note includes the following topics:
•Upgrading to New Software Release
•Cisco PDSN Software Features in Release 12.4(15)XR6
•Obtaining Documentation and Submitting a Service Request
Introduction
Cisco PDSN is an IOS software feature that enables a Cisco SAMI Card on a Cisco 7600 Internet Router to function as a gateway between the wireless Radio Access Network (RAN) and the Internet. With Cisco PDSN enabled on a router, a stationary or roaming mobile user can access the Internet, a corporate intranet, or Wireless Application Protocol (WAP) services. Cisco PDSN supports both Simple IP and Mobile IP operations.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.4(15)XR6:
•Cisco PDSN Software Features in Release 12.4(15)XR6
Memory Requirements
Following are the memory requirements for the PDSN Software Feature Set that supports the SAMI card on the Cisco 7600 Router:
•Platform: Cisco 7600 Router
•Software/Feature Set: PDSN Software Feature Set
•Image Name: 12.4(15)XR- c7svcsami-c6ik9s-mz.124-15.XR6 (This file is a bundled image file)
•Required Flash Memory: 128 MB
•Required DRAM Memory: 2048 MB
•Runs From: RAM
Hardware Supported
Cisco IOS Release 12.4(15)XR6 is optimized for the SAMI card on the Cisco 7600 Router.
You can use the Hardware-Software Compatibility Matrix tool to search for hardware components that are supported on a Cisco platform and an IOS Release.
Note You must have a valid Cisco.com account to log in to this tool: http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Software Compatibility
Cisco IOS Release 12.4(15)XR6 is developed on Cisco IOS Release 12.4 and supports the features included in Cisco IOS Release 12.4, with the addition of the Cisco PDSN feature.
For information on the new and existing features, see Cisco PDSN Software Features in Release 12.4(15)XR6
MIBs
Old Cisco Management Information Bases (MIBs) will be replaced in a future release. Currently, OLD-CISCO-* MIBs are being converted into more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update from deprecated MIBs to the replacement MIBs as shown in Table 1.
Migration to Cisco PDSN
This section describes the migration paths and scenarios for Cisco PDSN 4.0:
•Migration Path for Cisco PDSN
•Migration Scenarios for Cisco PDSN 4.0
Migration Path for Cisco PDSN
Table 2 lists currently available or planned Cisco PDSN releases and the migration path to the SAMI card.
:
Migration Scenarios for Cisco PDSN 4.0
Based on Table 2, there are many possible migration scenarios. This document focuses on those scenarios closest to existing customer deployments. You must determine the migration path based on your end-to-end deployment.
Note We recommend that you perform the migration during a maintenance window.
You can also use this window for the following network redesigning activities:
•Redesigning IP addresses scheme
•Configuring the routing protocols
•Configuring network connectivity between PDSN and Home Agent
•Configuring application connectivity between PDSN and AAA servers
•Configuring routing on the new SAMI PDSN / Home Agent
Table 3 lists the most common migration scenarios:
For all of these migration plans, both hardware and software configurations have significant changes that require prudent operation planning and network redesign. See the Migration Steps section for the possible migration steps to minimize network reconfiguration and service disruption.
Migration Steps
Migration to the Cisco PDSN R4.0 image is more than replacing MWAM modules with SAMI modules. Ensure that you plan your migration such that migration activities have a minimal impact on the existing mobile subscriber's service connections.
Table 4 lists the migration tasks that are based on the scenarios established in the previous section.
Upgrading to New Software Release
The following sections describe how to determine the existing software version and how to upgrade your Cisco PDSN:
•Determining the Software Version
•Upgrading the Supervisor Image
•Changing Configuration on Cisco PDSN in a Live Network
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions located at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
Determining the Software Version
To determine the version of Cisco IOS software running on your router, log in to the router and enter the show version command in the EXEC mode:
Router#show version
Cisco IOS Software, MWAM Software (MWAM-C6IS-M), Version 12.4(15)XN , RELEASE SOFTWARECopyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Tue 11-Dec-07 15:44 by jsomiramROM: System Bootstrap, Version 12.2(11)YS2 RELEASE SOFTWAREPDSN-S2000-BAL uptime is 4 minutesSystem returned to ROM by bus error at PC 0x2033D804, address 0x283 at 06:56:44 PDT Mon Dec 3 2007System restarted at 03:29:24 PDT Tue Dec 11 2007System image file is "svcmwam-c6is-mz.xn"Cisco MWAM (MWAM) processor with 997376K/32768K bytes of memory.SB-1 CPU at 700MHz, Implementation 1025, Rev 0.2Last reset from power-on1 Gigabit Ethernet interface511K bytes of non-volatile configuration memory.Configuration register is 0x4Router#Upgrading the Supervisor Image
To upgrade the Supervisor image:
Step 1 Copy the SUP image to the disks (disk0: / slavedisk0:).
Step 2 Add the following command to the running-configuration boot system disk0: SUP-image-name. For example:
boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXE3.bin
Note To enable the image to reload properly, remove the previously configured instances of this CLI.
Step 3 Run the write memory command to save the running-configuration on the active and standby SUP.
Step 4 Run the reload command on the active SUP.
Both active and standby SUP reload simultaneously and come up with the SXE3-based image.
Running the reload command on the active SUP causes both the active and standby Supervisors to reload simultaneously, causing some downtime during the upgrade process.
Upgrading the SAMI Software
To upgrade an Cisco PDSN image on the SAMI card, follow the directions at the following URL:
Changing Configuration on Cisco PDSN in a Live Network
To change the working configuration on a Cisco PDSN in a live environment:
Step 1 Bring the standby PDSN out of service.
For example, to isolate the standby Cisco PDSN from the session redundancy setup, you must run the cdma pdsn redundancy command.
7600a-Stdy(config)# no cdma pdsn redundancy
Step 2 Run the write memory command to save the configuration.
Step 3 Make the necessary configuration changes on the standby PDSN, and save the configuration.
Step 4 Run the cdma pdsn redundancy command again and save the configuration.
Step 5 Issue the reload command to bring the standby PDSN back into the session redundancy setup with the changed configuration. Verify if the processor comes back in the SR setup using the following show commands:
7600a-Stdy# show standby brief
P indicates configured to preempt.|Interface Grp Prio P State Active Standby Virtual IPGi0/0.101 300 110 Standby 20.20.101.10 local 20.20.101.1017600a-Stdy# show cdma pdsn redundancy
CDMA PDSN Redundancy is enabledCDMA PDSN Session Redundancy system statusPDSN state = STANDBY HOTPDSN-peer state = ACTIVECDMA PDSN Session Redundancy StatisticsLast clearing of cumulative counters neverTotal CurrentSynced from active ConnectedSessions 15 15SIP Flows 15 15MIP Flows 0 0PMIP Flows 0 07600a-Stdy# show redundancy inter-device
Redundancy inter-device state: RF_INTERDEV_STATE_STDBYScheme: StandbyGroupname: pdsn-rp-sr1 Group State: StandbyPeer present: RF_INTERDEV_PEER_COMMSecurity: Not configured7600a-Stdy# show redundancy states
my state = 8 -STANDBY HOTpeer state = 13 -ACTIVEMode = DuplexUnit ID = 0Split Mode = DisabledManual Swact = EnabledCommunications = Upclient count = 9client_notification_TMR = 30000 millisecondsRF debug mask = 0x07600a-Stdy#Step 6 Configure the standby PDSN to take over as active by reloading the current active PDSN.
Note Because of a change of configuration following this step, an outage may occur on existing calls on the active PDSN (which is now being taken out of service) when synched with new active units.
Note We recommend that you disable the "HSRP preemption" configuration on the active and standby PDSN before proceeding with the configuration changes.
Step 7 Configure the current standby PDSN using the procedures described from Step 1 to Step 5
Note Configurations on the active and standby PDSN should be identical for PDSN SR to work properly.
Cisco PDSN Software Features in Release 12.4(15)XR6
Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay due to United States government regulations. When applicable, purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
Cisco IOS Release 12.4(15)XR6 supports the same feature sets as Cisco Release 12.4; additionally, it supports the PDSN feature. Cisco PDSN is optimized for the SAMI card on the Cisco 7600 Router, and includes the following new and existing features:
•Attribute Support
•Served MDN
•Framed Pool
•3GPP2 DNS Server IP
•Virtual Route Forwarding (VRF) with Sub-interfaces support
•Conditional Debugging Enhancements for Cisco PDSN Release 4.1
•IOS 5.0 Call Flow for HRPD
•QoS features based on IS-835-D
•Per Flow Accounting
•MIB Enhancements
•CAC
•Home Area, Maximum Authorized Aggregate Bandwidth and Inter-user Priority Attributes Downloaded from AAA
•Mobile Equipment Identifier (MEID) support
•Simple IPv6 Access
•Session Redundancy Infrastructure
•Radius Server Load Balancing
•Closed-RP/Open-RP Integration
•Domain-based Subscriber Authorization
•PPP Counters
•RP Counters
•Conditional Debugging Enhancements
•Trace Functionality
•Mobile IP Dynamic Home Address Deletes Older Sessions With Different IMSI
•Protocol Layering and RP Connections
•PPPoGRE RP Interface
•A11 Session Update
•SDB Indicator Marking
•Resource Revocation for Mobile IP
•Packet of Disconnect
•IS-835 Prepaid Support
•Prepaid Billing
•Mobile IP Call Processing Per Second Improvements
•IS-835-B Compliant Static IPSec
•Always On Feature
•PDSN Cluster Controller/Member Architecture
•PDSN MIB Enhancement
•Conditional Debugging Enhancements
•PDSN Cluster Controller/Member Architecture
•PDSN MIB Enhancement
•Cisco Proprietary Prepaid Billing
•3 DES Encryption
•Mobile IP IPsec
•Hardware IPsec Acceleration Using IPsec Acceleration Module—Static IPsec
•1xEV-DO Support
•Integrated Foreign Agent (FA)
•AAA Support
•Packet Transport for VPDN
•Proxy Mobile IP
•Multiple Mobile IP Flows
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
Caveats for Cisco IOS Releases 12.3 can be found on Cisco.com at http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_release_notes_list.html
The "Open Caveats" section lists open caveats that apply to the current release and might also apply to previous releases.
The "Resolved Caveats" section lists caveats resolved in a particular release, which may have been open in previous releases.
Note If you have an account with Cisco.com, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on Cisco.com at Software Center: Cisco IOS Software: Cisco Bug Toolkit: Cisco Bugtool Navigator II, or at http://www.cisco.com/support/bugtools.
Open Caveats
There are no new unresolved caveats in the following releases:
•Cisco IOS Release 12.4(15)XR6
•Cisco IOS Release 12.4(15)XR5
•Cisco IOS Release 12.4(15)XR4
•Cisco IOS Release 12.4(15)XR3
Unresolved Caveats in Cisco IOS Release 12.4(15)XR2
The following caveats are unresolved in Cisco IOS Release 12.4(15)XR2:
•CSCsv51151—For MIP Calls G15 and G16 for IP Flows in Not Sent Correctly
For MIP calls G15 and G16 for IP flows are incorrectly sent. When session is closed for IP flows, G15 & G16 sending the same values as the session.
This issue is seen under the following conditions:
–Open a MIP session with forward and reverse ipflows.
–Install TFT with forward and reverse packet filters (for opened ipflows).
–Close the session.
Workaround: none.
•CSCsv23569—Domant-Dormant Handoff f1-f2,f6-f10,f14 are Incorrectly Sent to New PCF
After performing a dormant-dormant handoff f1-f2 f6-f10 f14 are sent as non-zero values in acct-records for the new PCF.
This issue occurs under the following conditions:
–Open a session.
–Make it dormant by sending active stop from pcf.
–Perform a dormant-dormant handoff
Workaround: none.
Unresolved Caveats in Cisco IOS Release 12.4(15)XR1
The following caveats are unresolved in Cisco IOS Release 12.4(15)XR1:
•CSCsu89978—Packet Drop Observed with PDSN
A packet drop seen in PDSN is more than the allowed NDR rate with maximum sessions .
This condition occurs when a packet drop in the PDSN is more than the allowed 1 in 10000 packets, when traffic is through maximum number of sessions.
Workaround: none.
Unresolved Caveats Cisco IOS Release 12.4(15)XR
The following caveats are unresolved in Cisco IOS Release 12.4(15)XR:
•CSCsu56357—[acct] G9 Wrongly Sent in Final Acct-Stop After RevA-RevA Handoff
On Cisco router running Version 12.4(15)XR, the G9 attribute value is incorrectly sent in an accounting record (accounting stop) for main flow upon closing the session after RevA-RevA handoff.
This issue occurs under the following conditions:
–Opened a session.
–Performed RevA-RevA handoff.
–Closed the session.
Workaround: none.
•CSCsu59055—show cdma pdsn rp pcf stats Showing Incorrectly
show cdma pdsn rp pcf stats are showing incorrectly and the rp error stats (Max Service Flows , Unsupported So, Non-Existent A10, Bandwidth Unavailable) not showing in rp pcf stats.
This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4 (15)XR on SAMI 4.0 PDSN image.
Workaround: none.
•CSCsu62470—G9 Wrongly Sent in Acct-Stop to Old PCF after Dor-Act Handoff
The G9 attribute value is incorrectly sent in accounting records (Acct-stop) of IP-flows to AAA for old PCF after a Domant-Active Handoff. It should appear as "0" but it is appearing as "1".
This symptom occurs under the following conditions:
–Opened a session.
–Made the session dormant and ipflows inactive by sending active stop fom pcf.
–Then did an active handoff.
–Closed the session.
Workaround: none.
Resolved Caveats
The following caveats are resolved in Cisco IOS 12.4(15)XR6:
•CSCsy15227
Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml
•CSCsx70889
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.
•CSCta23281—Proxy MIP call does not work when the Cisco FA is configured for MIP solution with other vendors HA.
This problem occurs:
–During the Proxy MIP call setup with Non-Cisco HA.
–During the PMIP call establishment, while sending the Proxy MIP RRQ from FA to HA, FA adds Cisco specific extensions, which is not understood by other Vendor Home Agents.
Workaround: No workaround for Proxy MIP with other Vendor HomeAgents.
This problem has been resolved.
•CSCsz91376—Proxy MIP does not work due to false ARP entry created by PMIP on PDSN.
When the HA is reachable to FA through routing, and if there are other interfaces (on other processors) that can provide the Proxy ARP response to HA's IP address when requested by FA, this issue may occur.
Workaround: Correct the HA ARP entry manually and PMIP calls comes up. Alternatively, you can disable Proxy ARP on the neighbor PDSNs, in case the Proxy ARP is not required.
This problem has been resolved.
•CSCta15511—Unnecessary radius debugs are displayed on console (one extra line for each MN call closure) when conditional debugs are enabled.
This problem occurs when radius conditional debugs are enabled.
Workaround: None.
This problem has been resolved.
•CSCta23143—Airlink Active time is sent as zero during handoff.
This problem occurs when the session handoff happens from PCF-1 to PCF-2 with PPP renego, while sending the accounting record to PCF-1.
Workaround: None.
This problem has been resolved.
•CSCta23040—In Per PCF PPP statistics, current connections counter shows more value compared to global one.
This problem occurs during interPCF handoff with PPP renegotiation.
Workaround: None.
This problem has been resolved.
•CSCsz86656—SAMI does not set the DBUS trust bit to one, which in turn causes the 7600 to remark the DSCP of the Packets.
Workaround: Configure the command no mls qos rewrite ip dscp in 7600.
This problem has been resolved.
•CSCta15087—FA sends the Revocation Acknowledgement to port 434 and not to the source port.
Workaround: None.
This problem has been resolved.
•CSCsz74877—The CLI command no ip mobile tunnel path-mtu-discovery is lost after a reload.
This problem occurs when you reload the PDSN.
Workaround: Re-configure the PDSN when it is UP.
This problem has been resolved.
•CSCta22610—During Proxy MIP Call closure FA sends Revocation message to the HA.
This problem occurs when the PMIP call is closed from FA side.
Workaround: None.
This problem has been resolved.
•CSCta49336—For some type of subscribers, PDSN consistently corrupts length bits in random attributes of PPP frames (for example, LCP or IPCP) and forwards to the LNS. The corrupt attributes are rejected by the LNS, until the PPP negotiation fails.
This problem occurs while running PDSN on SAMI blade with version 12.4(15)XR5 only.
Note This is observed only for EVDO users.
Workaround: None.
This problem has been resolved.
Resolved Caveats in Cisco IOS Release 12.4(15)XR5
The following caveats are resolved in Cisco IOS 12.4(15)XR5:
•CSCsz21562—DSCP remarking does not occur for main A10 EVDO calls in downstream.
This problem occurs when you:
1. Configure the command cdma pdsn multiple service-flows qos remark-dscp <DSCP Remark Value> in Cisco PDSN with the required DSCP remark value.
2. Try Rev A call with no ip-flows, with Main A10 and no AUX connections.
3. Send the forward traffic.
The expected behavior is to copy any one of the following values to the Outer IP TOS:
–The DSCP value, if present in A11 RRQ,
OR
–The configured remark command cdma pdsn multiple service-flows qos remark-dscp AF11
OR
–TOS from the inner IP to the outer IP.
The values are not copied to Outer IP TOS.
Workaround:
Create at least one ip-flow along with Main A10.
This problem has been resolved.
•CSCsy92461—DSCP remarking does not occur for main A10 of EVDO calls.
This problem occurs when you:
1. Configure the command cdma pdsn multiple service-flows qos remark-dscp <DSCP Remark Value> in Cisco PDSN with the required DSCP remark value.
2. Try Rev A call with no ip-flows, with Main A10 and no AUX connections.
3. Send the reverse traffic, with DSCP TOS value greater than the Max class value allocated to Cisco PDSN.
The expected remarking does not occur since there are no ip-flows.
Workaround:
Create at least one ip-flow along with Main A10.
This problem has been resolved.
•CSCsz67185—A11 RRQ is rejected when both BSID and HRPD subnet elements are present.
Cisco PDSN rejects a call when an A11 RRQ is received with both BSID and HRPD subnet elements. According to the 3gpp2 standard, either BSID or HRPD, or both the subnets can be present in an A11 RRQ.
Workaround:
Send an A11 RRQ with either BSID or HRPD subnet.
This problem has been resolved.
Resolved Caveats in Cisco IOS Release 12.4(15)XR4
The following caveats are resolved in Cisco IOS 12.4(15)XR4:
•CSCta23228—PDSN reloads occasionally when PDSN deregisters a Mobile IP flow.
This problem occurs due to a race condition, which can happen rarely. For a Mobile IP call, when the PDSN asks to de-register the mobile IP flow, and if mobile IP process holds it for some duration. Meanwhile the flow may get deleted, in which PDSN refers the invalid flow, which may lead to crash.
Workaround: None.
•CSCsk41593—PAK_SUBBLOCK Error Found When Ping with >1500-byte Over Cellular Inter
The following error occurs when a ping packet is sent or received:
PAK_SUBBLOCK_ALREADY: 2 -Process= "IP Input"This condition occurs when large ping packets (greater than 1500 bytes) are sent to back-to-back cellular interfaces with GRE tunneling enabled.
Workaround: Disable the ip virtual-reassembly command on the cellular interface.
•CSCsk64158
Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml.
•CSCsm27071
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:
–The configured feature may stop accepting new connections or sessions.
–The memory of the device may be consumed.
–The device may experience prolonged high CPU utilization.
–The device may reload. Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory. The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
•CSCsm45113—RIB Installs Duplicate Routes for the Same Prefix
The router may install duplicate routes or incorrect route netmask into routing table. It could happen on any routing protocol. Additionally, for OSPF, a reload was observed.
The problem is triggered by SNMP polling of ipRouteTable MIB. The problem is introduced by CSCsj50773, see the Integrated-in field of CSCsj50773 for affected images.
Workaround: Do not poll the ipRouteTable MIB, instead poll the newer replacement ipForward MIB. The ipRouteTable MIB was replaced by ipForward MIB in RFC 1354.
The clear ip route command can correct the routing table until the next poll of ipRouteTable MIB.
•CSCsm97220
Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
•CSCsr29468
Cisco IOS software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.
Cisco has released free software updates that address this vulnerability.
Several mitigation strategies are outlined in the workarounds section of this advisory.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml
•CSCsw78831—[MIB] cCdmaFlowVpdnFailures Always Showing Zero
On a Cisco router running the PDSN 4.0 software, the MIB cCdmaFlowVpdnFailures always shows zero (0).
This occurs under normal failure conditions.
Workaround: none.
•CSCsw78901—Per PCF counter is Showing Wrong Value
On a Cisco router running PDSN 4.0 software, per PCF current connections under the show cdma pdsn statistics ppp pcf command are larger than the actual current connections in the PDSN.
Additionally, we observed that the connection req field in the show cdma pdsn stat ppp pcf command is unreasonably large.
The first condition occurs when the Service Option is sent after A10 establishment.
The second conditions occurs when the Service Option is sent during PPP negotiation and the cdma pdsn mib ignore mn-failures no-lcp-confreq command is configured.
Workaround: there is no workaround for the first condition. To work around the second condition, remove the cdma pdsn mib ignore mn-failures no-lcp-confreq command.
•CSCsw79258—PDSN (LAC) Fails to Bring up the VPDN Calls After Stressing For Long Time
On a Cisco router running PDSN 4.0 software, the PDSN fails to bring up VPDN calls after stressing for long time.
This condition occurs when a large number of VPDN subscribers fail to establish calls, and if they continue retrying (for example, AAA not reachable, LNS not reachable, network outage, etc.), the PDSN per session IDs may exhaust after some time. After reaching this stage, the PDSN will not accept any new VPDN calls.
Workaround:
None
Resolved Caveats in Cisco IOS Release 12.4(15)XR3
The following caveats are resolved in Cisco IOS 12.4(15)XR3:
•CSCin61592—Allow Service Type=Authorize Only for Prepaid
Allow Service Type=Authorize Only for Prepaid and also includes the Framed IP address in an online Access request.
a. Open a session with Prepaid accounting enabled.
b. Send traffic till quota reached, then PDSN will send Online Access request to AAA with service-type set to Outbound for additional quota.
c. AAA will send Access reject to PDSN.
Workaround: none.
Resolved Caveats in Cisco IOS Release 12.4(15)XR2
The following caveats are resolved in Cisco IOS Release 12.4(15)XR2:
•CSCsu56357—G9 Wrongly Sent in Final Acct-stop After Reva-Reva Handoff
On Cisco router running Version 12.4(15)XR, the G9 attribute value wrongly sent in accounting record (accounting stop) for main flow upon closing the session after RevA-RevA handoff.
The following conditions exist:
–Opened a session
–Performed RevA-RevA handoff
–Closed the session.
Workaround: none.
•CSCsu59055—show cdma pdsn rp pcf stats Showing Incorrectly
The show cdma pdsn rp pcf stats command displays incorrectly, and rp error stats (Max Service Flows, Unsupported So, Non-Existent A10, Bandwidth Unavailable) are not showing in rp pcf stats.
This symptom is observed on a Cisco router that is running Cisco IOS Release 12.4 (15)XR on SAMI 4.0 PDSN image
Workaround: none.
•CSCsu62470—G9 Wrongly Sent In Acct-stop to Old Pcf After Dor-Act Handoff
The G9 attribute value is mistakenly sent in accounting records (Acct-stop) of IP-flows to AAA for old PCF after a domant-active handoff. The value should be sent as "0" but is going as "1".
The following conditions exist:
–Opened a session.
–Made the session dormant and ipflows inactive by sending active stop fom pcf.
–Performed an active handoff.
–Closed the session.
Workaround: none.
•CSCsu69297—PDSN Reloads After Reva-1x Handoff
After RevA-1x handoff, the PDSN reloaded.
This issue occurs under the following conditions:
–Open a Rev-a session.
–Install Packet filters.
–Perform handoff to 1x.
Workaround: none.
Resolved Caveats Prior to Cisco IOS Release 12.4(15)XR1
There are no resolved caveats prior to Cisco IOS Release 12.4(15)XR1.
Related Documentation
Table 5 describes the related documentation that is available:
Table 5 Related Documentation
Document Title Available FormatsCisco IOS Mobile Wireless Packet Data Serving Node Configuration Guide, Release 12.4T
•On Cisco.com at
http://www.cisco.com/en/US/docs/ios/mwpdsn/
configuration/guide/12_4t/mwp_12_4t_book.html
Documentation on Cisco 7600 Router
•On Cisco.com at
http://www.cisco.com/en/US/products/hw/routers/ps368/
tsd_products_support_series_home.html
Documentation on Cisco Catalyst 6500 Switch
•On Cisco.com at
http://www.cisco.com/en/US/products/hw/switches/ps708/
tsd_products_support_series_home.html
Documentation on Caveats for Cisco IOS Release 12.4
•On Cisco.com at
http://www.cisco.com/en/US/products/ps6350/
prod_release_notes_list.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)
Copyright © 2009 Cisco Systems, Inc.
All rights reserved.