Cisco IOS XE 3S Release Notes
Release 3.1S Features and Important Notes
Downloads: This chapterpdf (PDF - 779.0KB) The complete bookPDF (PDF - 3.73MB) | Feedback

New Features in and Important Notes About Cisco IOS XE 3.1S Releases

Table Of Contents

New Features in and Important Notes About Cisco IOS XE 3.1S Releases

New and Changed Information

New Hardware Features in Cisco IOS XE Release 3.1.4S

New Software Features in Cisco IOS XE Release 3.1.4S

New Hardware Features in Cisco IOS XE Release 3.1.3S

New Software Features in Cisco IOS XE Release 3.1.3S

New Hardware Features in Cisco IOS XE Release 3.1.2S

New Software Features in Cisco IOS XE Release 3.1.2S

New Hardware Features in Cisco IOS XE Release 3.1.1S

New Software Features in Cisco IOS XE Release 3.1.1S

Flexible NetFlow—Egress Support

Flexible NetFlow—Full Flow Support

Flexible NetFlow—Ingress Support

Flexible NetFlow—IPv4 Unicast Flows

Flexible NetFlow—MPLS Egress NetFlow

Flexible NetFlow—Multiple User-Defined Caches

Flexible NetFlow—NBAR Application Recognition

Flexible NetFlow—NetFlow Export over IPv4

Flexible NetFlow—NetFlow v9 Export Format

Flexible NetFlow—v5 Export Protocol

Flexible NetFlow—New Flexible NetFlow CLI

Flexible NetFlow—Output Features on Data Export

Flexible NetFlow—Sampling

New Hardware Features in Cisco IOS XE Release 3.1.0S

Cisco ASR 1013 Router

Field Programmable Hardware Device Upgrade

New Embedded Services Processors

New Software Features in Cisco IOS XE Release 3.1.0S

1+1 SR-APS Without Bridging

6PE Multipath

Additional PDL Support for NBAR

BGP—Remove/Replace Private AS Filter

BGP Dynamic Neighbors

BGP Slow Peer

Cisco Unified Border Element (Enterprise)

Cisco Unified Border Element (SP Edition)—Unified Model

DHCP—Relay Option 82 Encapsulation

DHCP—Server User Authentication

Embedded Event Manager (EEM) 3.0

Enable NAT High-Speed Logging per VRF

Event MIB and Expression MIB Enhancements

Firewall—NetBIOS ALG Support

Firewall—GPI (Granular Protocol Inspection) Phase-2 Support

Firewall Stateful Inter-Chassis Redundancy

HSRP for IPv6

Ingress Packet Scheduling (Intra-CC and Inter-CC Ingress Scheduling)

Input Packet Classification on SPA Interface Processor (SIP) Card

IP Tunneling, 6RD IPv6 Rapid Deployment

IPv6 Switching—Provider Edge Router over MPLS (6PE)

IPv6 VPN over MPLS (6VPE)

IPv6 VPN over MPLS (6VPE) Inter-AS options

IPv6—NSF and Graceful Restart for MP-BGP IPv6 Address Family

ISG—Authentication: DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

ISSU—BGP NSR (Nonstop Routing)

ISSU—HSRPv6 on VRF Interfaces

MPLS TE—RSVP Graceful Restart 12.0S-12.2S Interoperability

MPLS VPN—BGP Local Convergence

MPLS VPN—BGP Local Convergence for 6VPE/6PE

MPLS VPN 6VPE Support Over IP Tunnels

MPLS VPN over mGRE

NAT—Improved Pool Scaling

NAT—NetBIOS ALG Support

NAT—Real Time Streaming Protocol (RTSP) Support

NAT Stateful Inter-Chassis Redundancy

NBAR PDLM Feature Supported

NBAR Static IPv4 IANA Protocols

NSF/SSO—HSRPv6 on VRF Interfaces

NSF/SSO BGP NSR (Non Stop Routing)

Product Security Baseline: Password Encryption and Complexity Restrictions

QoS—Egress Service Policy 3 level Hierarchy (IPv4)

RADIUS Proxy Billing Accuracy

RADIUS VC Logging

VASI (VRF-Aware Software Infrastructure) Enhancements Phase I

VRF-Aware IPsec Phase 2 Support

vTCP for ALG Support

WCCP—Configurable Router ID

WCCP Closed Services

WCCP Increased Services

WCCP Outbound ACL Check

WCCP—Check Services All

WCCP—Egress Redirection

WCCP—Exclude Interface

WCCP—Fast Timers

WCCP—Group List

WCCP—Group Listen + Multicast Service

WCCP—VRF Support

XML-PI

Important Notes

Deferrals

Field Notices and Bulletins

Important Notes About IPSec Support on the Cisco ASR 1000 Series Router

NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers

Power Cycling a Cisco ASR 1013 Router

Important Notes in Cisco IOS XE Release 3.1.1S

SIP-40G:SPA-4XT-SERIAL

Important Notes in Cisco IOS XE Release 3.1.0S

Bidirectional Forwarding Detection (BFD)

DMVPN Spoke Support

GDOI Groups

GRE Keepalive with Tunnel Protection

Important Notes in Cisco IOS XE Release 2.6.0

Per-User Attribute On PPP Virtual Access

Legacy QoS Command Deprecation: Hidden Commands

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.5.0

Embedded Packet Capture

QoS - Policing Support for GRE Tunnels

QoS: QoS support for GRE/sVTI Tunnel

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.3.0

Any Transport Over MPLS (AToM) Support

MPLS TE Support

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.2.2

SSO for L2TP Tunnel Switching Not Supported

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.2.1

100M FX SFP Not Supported on Cisco 2-Port Gigabit Ethernet Shared Port Adapter

Intelligent Service Gateway (ISG) Features Not Supported

Per-Session Multicast Support

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.1.1

Startup Configuration File Backup

VRF-Aware NAT

Important Notes in Cisco IOS XE Release 2.1.0

High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers


New Features in and Important Notes About Cisco IOS XE 3.1S Releases


This chapter provides information about the new features introduced in the Cisco IOS XE 3.1S releases. In addition, important notes about these releases are included in this chapter.

Cisco IOS XE 3S releases inherit all Cisco IOS XE Release 2 features that were released prior to the introduction of the Cisco IOS XE 3.1S releases with few exceptions. For information about inherited features that were introduced in Cisco IOS XE Release 2 releases, for a list of new and changed features, and important notes that apply to Cisco IOS XE Release 2, see the "New and Changed Information" section in Cisco IOS XE Release 2 Release Notes.

This chapter contains the following sections:

New and Changed Information

Important Notes

New and Changed Information

This section lists the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1S and contains the following sections:

New Hardware Features in Cisco IOS XE Release 3.1.4S

New Software Features in Cisco IOS XE Release 3.1.4S

New Hardware Features in Cisco IOS XE Release 3.1.3S

New Software Features in Cisco IOS XE Release 3.1.3S

New Hardware Features in Cisco IOS XE Release 3.1.2S

New Software Features in Cisco IOS XE Release 3.1.2S

New Hardware Features in Cisco IOS XE Release 3.1.1S

New Software Features in Cisco IOS XE Release 3.1.1S

New Hardware Features in Cisco IOS XE Release 3.1.0S

New Software Features in Cisco IOS XE Release 3.1.0S

New Hardware Features in Cisco IOS XE Release 3.1.4S

There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.4S.

New Software Features in Cisco IOS XE Release 3.1.4S

There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.4S.

New Hardware Features in Cisco IOS XE Release 3.1.3S

There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.3S.

New Software Features in Cisco IOS XE Release 3.1.3S

There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.3S.

New Hardware Features in Cisco IOS XE Release 3.1.2S

There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.2S.

New Software Features in Cisco IOS XE Release 3.1.2S

There are no new software features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.2S.

New Hardware Features in Cisco IOS XE Release 3.1.1S

There are no new hardware features supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.1S.

New Software Features in Cisco IOS XE Release 3.1.1S

The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.1S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.

Flexible NetFlow—Egress Support

Flexible NetFlow Egress allows the user to monitors traffic that the router is transmitting on an interface or subinterface.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—Full Flow Support

This feature allows users to enable Flexible NetFlow to collect Flow Records for every packet.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—Ingress Support

Flexible NetFlow feature allows users to collect flow records from IPv4 Unicast packet streams on the router.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—IPv4 Unicast Flows

Flexible NetFlow feature allows users to collect flow records from IPv4 Unicast packet streams on router.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—MPLS Egress NetFlow

Flexible NetFlow MPLS Egress accounting feature enables the user to account for Flows exiting from an MPLS network to an IP network. This feature will be useful for capacity planning and account for flows to a data center.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—Multiple User-Defined Caches

Flexible NetFlow feature enables the user to define their own records by specifying the key and non-key fields to customize the data collection to your specific requirements

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/fnetflow_overview_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/get_start_cfg_fnflow_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_fnflow_predf_rec_xe.html

Flexible NetFlow—NBAR Application Recognition

This enhancement of Flexible NetFlow will allow for L7 visibility from NBAR into Flow Records.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html

Flexible NetFlow—NetFlow Export over IPv4

This feature allows for Flows records (IPv4, IPv6, etc.) to be exported to the collector over IPv4.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html

Flexible NetFlow—NetFlow v9 Export Format

This feature defines a flexible export format for NetFlow defined by RFC 3954 to cover current and future technologies.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html

Flexible NetFlow—v5 Export Protocol

This feature defines Netflow v5 export protocol support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html

Flexible NetFlow—New Flexible NetFlow CLI

The feature enables a new NetFlow CLI to configure Flow record definition, Flow monitors, Flow Exporters and Sampler for Flexible NetFlow.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html

Flexible NetFlow—Output Features on Data Export

This feature provisions QoS and crypto on Flexible NetFlow export packets.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cfg_de_fnflow_exprts_xe.html

Flexible NetFlow—Sampling

Flow samplers are created as separate components in a router's configuration. Flow samplers are used to reduce the load on the device that is running Flexible NetFlow by limiting the number of packets that are selected for analysis. Samplers use either random or deterministic sampling techniques (modes):

Deterministic—The same sampling position is used each time a sample is taken.

Random—A randomly selected sampling position is used each time a sample is taken.

Flow sampling exchanges monitoring accuracy for router performance. When you apply a sampler to a flow monitor, the overhead load on the router of running the flow monitor is reduced because the number of packets that the flow monitor must analyze is reduced. The reduction in the number of packets that are analyzed by the flow monitor causes a corresponding reduction in the accuracy of the information stored in the flow monitor's cache. Samplers are combined with flow monitors when they are applied to an interface with the ip flow monitor command.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/fnetflow/configuration/guide/cust_fnflow_rec_mon_xe.html

New Hardware Features in Cisco IOS XE Release 3.1.0S

The following new hardware features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.0S.

Cisco ASR 1013 Router

The Cisco ASR 1013 router extends the Cisco ASR 1000 Series Routers to a chassis that can hold six SIPs and provides superslots (more height and power) for the Cisco ASR1000-RPs (route processor) and the ASR1000-ESPs (forwarding processor).

The Cisco ASR 1013 Router is a 24-SPA,3-rack-unit (RU), hardware-redundant chassis with two Embedded Services Processor (ESP) slots, two Route Processor (RP) slots, and six SIP slots that allows for full Route-Processor hardware redundancy, NSF, ISSU, and future Route-Processor service upgrades.

For information about the Cisco ASR 1013 Router, see Cisco ASR 1000 Series Aggregation Services Routers Hardware Installation Guide at the following location:

http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html

Field Programmable Hardware Device Upgrade

Beginning with Cisco IOS XE Release 3.1.0S, Cisco ASR 1000 Series Routers have the capability to allow users to perform upgrades in the field on programmable hardware devices. Field programmable hardware devices include the Complex Programmable Logic Device (CPLD) and the field programmable gate array (FPGA). In Cisco IOS XE Release 3.1.0S and later releases, a CPLD field upgrade is required to upgrade incompatible versions of firmware on the Cisco ASR1000-RP2 and Cisco ASR1000-SIP10 components in the Cisco ASR 1013 Router. A hardware programmable package is released to customers for the CPLD upgrade.

For more information, see Upgrading Field Programmable Hardware Devices for Cisco ASR 1000 Series Routers.

New Embedded Services Processors

Cisco IOS XE Release 3.1.0S introduces support for the following new Embedded Services Processors (ESPs):

The Cisco ASR1000-ESP40 is a 40Gbps, QFP-based forwarding processor for the Cisco ASR 1000 Series Aggregation Services Router platform.

See Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation Guide at the following location:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

See Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at the following location:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html

For information about the ASR1000-ESP40, see Cisco ASR 1000 Series Aggregation Services Routers Hardware Installation Guide at the following location:

http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/asr1routers/asr1higV8.html


Note While both the Cisco ASR1000-ESP40 and ASR1000-ESP20 exceed the 16 Mbps forwarding rate, the ASR1000-ESP40 packets per second rate is slightly less than ASR1000-ESP20 when sending continuous stream of small, 64-byte packets. However, at 92 bytes and larger, the ASR1000-ESP40 outperforms the Cisco ASR1000-ESP20. The difference at small packet sizes is a side-effect of optimizations made to achieve 40 Gbps for medium to large packets.


New Software Features in Cisco IOS XE Release 3.1.0S

The following new software features are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.1.0S. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes.

1+1 SR-APS Without Bridging

1+1 Single Router APS without Bridging feature is used when asserting LAIS on a non-active link.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/interface/configuration/guide/ir_sraps_without_bridging_xe.html

6PE Multipath

This feature allows for multipath (load balancing) support on 6PE.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html

Additional PDL Support for NBAR

The following PDL support will be updated/added: Youtube/dicom/cifs/Aim/msn/Sap/Vnc/Softphone + skinny parity/Mapi pdl/Bittorrent/Gnutella/Skype/Winmx parity/Sip parity/Cifs

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/clsfy_traffic_nbar_xe.html

BGP—Remove/Replace Private AS Filter

BGP - Remove/Replace Private AS Filter feature provides the ability for customers to remove/replace Private AS Numbers in the as-path from outgoing BGP updates.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/xe_3s/irg_xe_3s_book.html

BGP Dynamic Neighbors

BGP Dynamic Neighbors allow for configuration of prefix ranges which should accept incoming TCP sessions and dynamically create a BGP neighbor relationship with the source IP.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/xe_3s/irg_xe_3s_book.html

BGP Slow Peer

BGP Peers belonging to the same update group can be starved of route advertisements/withdrawals if there is a slow peer present in that update group. This feature detects the slow peers and moves them to a new update group so that other non slow peers can accept the update messages.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_slow_peer_xe.html

Cisco Unified Border Element (Enterprise)

The following Cisco Unified Border (Enterprise) features were introduced in Cisco IOS XE Release 3.1.0S:

Interworking of Secure RTP calls for SIP and H323

RFC4040 based Clear Channel Codec Signaling with SIP

Session Border Controller Enhancements for H.323-SIP and SIP-SIP Supplementary Services, Transcoding Optimization and Firewall Integration.

SIP-SIP Basic Feature Functionality for Session Border Controller (SBC)

SIP-SIP Extended Feature Functionality for Session Border Controller (SBC)

SIP-Support for SIP Video Calls with Flow Around Media

SIP Diversion Header Enhancements

SIP History INFO

SIP SRTP Fallback to Nonsecure RTP for CUBE

SIP to SIP Supplementary Services for Session Border Controller (SBC)

SIP Video Support for Telepresence Calls

SIP Gateway Support for the bind Command

Support Ability to Configure Source IP Address for Signaling and Media per SIP Trunk

Support for Configurable Pass-through of SIP INVITE Parameters

Support for Configuring Error Response Code Upon Out-of-dialog OPTIONS Ping Failure

Support for dynamic payload type interworking for DTMF and codec packets for SIP to SIP calls

Support for Expires timer reset on receiving or sending SIP 183 message

Support for generating Out-of-dialog SIP OPTIONS Ping messages to monitor SIP Servers

Support for interworking between RSVP capable and RSVP incapable networks

Support for MIB to report call volume and call rate related statistics on the Cisco Unified Border Element

Support for Multiple Registrars on SIP Trunks on a Cisco Unified Border Element, on Cisco IOS SIP TDM Gateways, and on Cisco Unified Communications Manager Express

Support for PAI, PPI, Privacy, P-Called-Party-ID and P-Associated-URI headers on Cisco Unified Border Element

Support for selective filtering of outgoing provisional responses

Support for SIP 181 'call is being forwarded' message

Transparent Tunneling of QSIG and Q.931 over SIP-SIP Cisco Unified Border Element

For information about these Cisco Unified Border Element (Enterprise) features, see the following documents:

Cisco Unified Border Element (Enterprise) Configuration Guide:

http://www.cisco.com/en/US/docs/ios/ios_xe/voice_cube_-_ent/configuration/guide/cube_ent/vb_book_xe.html

Cisco Unified Border Element (Enterprise) Configuration Guide: SIP Trunking for PSTN Access:

http://www.cisco.com/en/US/docs/ios/ios_xe/voice_cube_-_ent/configuration/guide/vb_ch2_xe_ps5640_TSD_Products_Configuration_Guide_Chapter.html

Cisco Unified Border Element (Enterprise) Configuration Guide: SIP-to-SIP Connections on a Cisco Unified Border Element:

http://www.cisco.com/en/US/docs/ios/voice/cube/configuration/guide/vb-gw-sipsip_ps10591_TSD_Products_Configuration_Guide_Chapter.html

Cisco Unified Border Element (SP Edition)—Unified Model

The following Cisco Unified Border Element (SP Edition) features were introduced in Cisco IOS XE Release 3.1.0S:

Call-routing:Customized System Error Messages

Call-routing:ENUM Client

DBE:Ia Profile:Allow b line parameter to be optional

DBE:Ia Profile:ETSI BGF Profile support

IMS:Rx Support

IMS:Subscribe to Users Registration state

Media:Asymmetric Payload-Type pass-through in both signaling (SIP/H.323) and media (RTP)

Media:DTMF method interworking and ACCEPT header handling

Media:SRTP to RTP support

Regulation-Compliance:CALEA IRI interface support

Release 3.1.0 General Enhancements

SIP Destination ID & SIP Source ID handling

SIP:IPv6 VRF Support

SIP:Redundant Signaling Peer

SIP:Support re-offer of a dynamic codec without an rtpmap present in the re-offered SDP

For information about these Cisco Unified Border Element (SP Edition) features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Unified Model

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbcu/2_xe/sbcu_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Unified Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbcu_book.html

For information about these Cisco Unified Border Element (SP Edition) Distributed Model features, see the following documents:

Cisco Unified Border Element (SP Edition) Configuration Guide: Distributed Model

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/sbc/2_xe/sbc_2_xe_book.html

Cisco Unified Border Element (SP Edition) Command Reference: Distributed Model

http://www.cisco.com/en/US/docs/ios/sbc/command/reference/sbc_book.html

DHCP—Relay Option 82 Encapsulation

IOS DHCP relay is enhanced to add an encapsulated option 82. Encapsulated option 82 is a composite option 82 created from the existing option 82 in the received DHCP message plus new information added by the IOS DHCP Relay.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_auth_dhcp_op60_82_xe.html

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/Configuring_the_Cisco_IOS_XE_DHCP_Relay_Agent.html

DHCP—Server User Authentication

The DHCP Server offers user authentication. An IP address is handed out if the requestor client authenticated itself.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_dhcp_ovrvw_xe.html

Embedded Event Manager (EEM) 3.0

The Cisco IOS Embedded Event Manager is an infrastructure feature that provides unique customization capabilities and event driven automation within Cisco products.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html

Enable NAT High-Speed Logging per VRF

The feature provides the user with a means to turn on/off ASR NAT High-Speed Logging on a per VRF basis.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_monmain_nat_xe.html

Event MIB and Expression MIB Enhancements

This feature provides RFC support for the Expression MIB and a command line user interface for configuring the Event and Expression MIBs.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/netmgmt/configuration/guide/nm_cfg_snmp_sup_xe.html

Firewall—NetBIOS ALG Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html

Firewall—GPI (Granular Protocol Inspection) Phase-2 Support

Firewall: GPI (Granular Protocol Inspection) Phase-2 feature enables support for additional protocols.

Firewall Stateful Inter-Chassis Redundancy

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_fwall_stateful_inter-chassis_redundancy_xe.html

HSRP for IPv6

Hot-Stand By Router Protocol (HSRP) for IP version 6 (IPv6). HSRP for IPv6 uses link local addresses and is compatible with IPv6 MPLS VPN (6VPE) when available.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-fhrp_xe.html

Ingress Packet Scheduling (Intra-CC and Inter-CC Ingress Scheduling)

This feature allows for ingress packet scheduling applicable to packets entering the ASR 1000 Router through an interface.

For information about Ingress Packet scheduling (both intra-CC & inter-CC ingress scheduling) and other SPAs supported on the Cisco ASR 1000 Series Routers, see the following document:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html

Input Packet Classification on SPA Interface Processor (SIP) Card

The feature allows for input packet classification at the Carrier Card based on various packet types and fields.

For information about Input packet classification on SPA Interface Processor card (SIP) and other SPAs supported on the Cisco ASR 1000 Series Routers, see the following document:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide at:

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRspasw.html

IP Tunneling, 6RD IPv6 Rapid Deployment

This feature implements 6RD draft and allows cost effective deployment of IPv6 over IPv4 core using v6 over v4 tunneling mechanism. This is an extension of 6 to 4 feature support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-tunnel_xe.html

IPv6 Switching—Provider Edge Router over MPLS (6PE)

This feature provides a method of sending IPv6 packets originating from an IPv6 Edge router across an MPLS network backbone running an IPv4 control plane, without making changes to the software on the MPLS PE routers.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-over_mpls_xe.html

IPv6 VPN over MPLS (6VPE)

IPv6 VPN features over a MPLS/IPv4 core infrastructure (6VPE), includes IPv6 VRF-Lite support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html

IPv6 VPN over MPLS (6VPE) Inter-AS options

IPv6 VPN features over a MPLS/IPv4 core infrastructure (6VPE), includes Inter-AS option a, b, c support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html

IPv6—NSF and Graceful Restart for MP-BGP IPv6 Address Family

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-mptcl_bgp_xe.html#wp1027129

ISG—Authentication: DHCP Option 60 and Option 82 with VPN-ID Support for Transparent Automatic Logon

ISG needs to support option 60/82 based TAL for provisioning per service QoS and VPN-ID sub-option for provisioning IP wholesale services. Currently IP Sessions cannot differentiate between devices behind a Layer3 CPE for. By adding Option 60 support, IP sessions can be set up for PCs and set top boxes separately, for example.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_auth_dhcp_op60_82_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iad_dhcp_svr_cfg_xe.html

ISSU—BGP NSR (Nonstop Routing)

BGP Nonstop Routing (NSR) maintains BGP sessions and state information across ISSU support on a PE device providing MPLS VPN services.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_nsr_sso_xe.html

ISSU—HSRPv6 on VRF Interfaces

This feature enables ISSU Support on HSRPv6 feature on VRF interfaces.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-fhrp_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_hsrp_xe.html

MPLS TE—RSVP Graceful Restart 12.0S-12.2S Interoperability

This feature provides support for per-node RSVP Graceful Restart Hello's in 12.2S IOS release, to allow interoperability with 12.0S IOS.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_rsvp_grace.html

MPLS VPN—BGP Local Convergence

This feature allows a MPLS VPN PE router to forward temporarily MPLS VPN packets received from the MPLS core via another PE temporarily when the local PE-CE link goes down. This improves end to end VPN traffic loss as the connectivity reestablishment does not depend on BGP network convergence over the MPLS/IGP core.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_vpn_pece_lnk_prot_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-roadmap_xe.html

MPLS VPN—BGP Local Convergence for 6VPE/6PE

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/mpls/configuration/guide/mp_vpn_pece_lnk_prot_xe.html

MPLS VPN 6VPE Support Over IP Tunnels

This functionality allows operators to provide 6VPE functionality over GRE tunnel instead of using MPLS LSP to reach the BGP nexthop (remote PE).

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-ov_mpls_6vpe_xe.html

MPLS VPN over mGRE

This feature allow for the ability to carry MPLS Layer 3 VPN traffic over mGRE.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/interface/configuration/guide/ir_mplsvpnomgre_xe.html

NAT—Improved Pool Scaling

NAT now supports 1200 overloaded single range pools.

NAT—NetBIOS ALG Support

This features allows NAT to be a part of NetBIOS ALG support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html

NAT—Real Time Streaming Protocol (RTSP) Support

This features adds RTSP NAT ALG support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipaddr/configuration/guide/iadnat_applvlgw_xe.html

NAT Stateful Inter-Chassis Redundancy

This feature allows for NAT Stateful Inter-Chassis redundancy support.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/iadnat-stateful-int-chass.html

NBAR PDLM Feature Supported

Classifying Network Traffic Using NBAR in Cisco IOS XE Software.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/configuration/xe-3s/Classifying_Network_Traffic_Using_NBAR_in_Cisco_IOS_XE_Software.html

NBAR Static IPv4 IANA Protocols

This feature allows NBAR to detect with classify a set of Protocol & Applications standardized by IANA.

For more details about this list, go to http://www.cisco.com/go/nbar and edit the IANA Protocol Pack1 document.

NSF/SSO—HSRPv6 on VRF Interfaces

This feature enables NSF/SSO support for HSRPv6 on VRF interfaces.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/ha/configuration/guide/ha-nonstp_fwdg_xe.html

http://www.cisco.com/en/US/docs/ios/ios_xe/ha/configuration/guide/ha-stfl_swovr_xe.html

NSF/SSO BGP NSR (Non Stop Routing)

BGP Nonstop Routing (NSR) maintains BGP sessions and state information across Stateful SwitchOver (SSO) functions.

For more information, see the following documents:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_nsr_sso_xe.html

Product Security Baseline: Password Encryption and Complexity Restrictions

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_00.html

QoS—Egress Service Policy 3 level Hierarchy (IPv4)

The QoS: Egress Service Policy 3 level Hierarchy (IPv4) feature supports 3 level policy-map hierarchy with queuing in the leaf level.

The parent level is the top or root level. It supports the default class with shape configured; a user cannot define a class. The parent level supports the following queuing services:

Shaping

Bandwidth Remaining Ratio (BRR)

Shaping and BRR

The child level is the middle level. It supports the following queuing services:

Shaping

BRR

Shaping and BRR

Bandwidth Remaining Percentage (BRP)

WRED

Fair Queue

Bandwidth and Priority are supported in a class at the child level as long as the class does not have a queuing policy as a child. This means the class is not directly part of a three level queuing hierarchy.

Users can over-provision shapers at child and parent levels. For example, users can have two child shapers of 50 Mbps and a parent shaper of 75 Mbps.

The grandchild level is the leaf level. It supports queuing services on the following interfaces:

Physical Interface

VLAN (GE)

subinterface (FR or serial)

GRE tunnel (IPv4)

sVTI (IPv4)

Mixed queuing and non-queuing features (marking and policing) are supported at the grandchild level.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/qos_policies_agg_xe.html

RADIUS Proxy Billing Accuracy

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/isg/configuration/guide/isg_radius_proxy_xe.html

RADIUS VC Logging

RADIUS Virtual Circuit (VC) Logging allows to accurately record the virtual path interface (VPI) and virtual circuit interface (VCI) of an incoming subscriber session.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_rad/configuration/xe-3s/RADIUS_VC_Logging.html

VASI (VRF-Aware Software Infrastructure) Enhancements Phase I

VRF-Aware Service Infrastructure (VASI) refers to the capability to use services within different VPN routing and forwarding instances (VRFs). VASI interfaces are virtual interface pairs, where each of the interfaces in the pair is associated with a different VRF.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_vasi_vrf_aware_software_infrastructure_ps11174_TSD_Products_Configuration_Guide_Chapter.html#wp1057881

VRF-Aware IPsec Phase 2 Support

This feature allows for IPSec VRF-Aware support for sVTI, Crypto Map-based ezVPN and DMVPN.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_xe.html

vTCP for ALG Support

This feature allows for TCP segment and reassembly support for ALG.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/sec_data_plane/configuration/guide/sec_vtcp_alg_sup_xe.html

WCCP—Configurable Router ID

This feature allows for the ability to configure the router ID which WCCP will use rather than relying on the router's selection mechanism.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP Closed Services

Permits WCCP services to configured such that the absence of an active client results in intercepted packets being dropped, rather than forwarded.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP Increased Services

This feature increases the number of WCCP services that can be configured from 7 to 256.

For more information, see the following document

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP Outbound ACL Check

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—Check Services All

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—Egress Redirection

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—Exclude Interface

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—Fast Timers

The WCCP Fast Timers feature enables WCCP to establish redirection more quickly when a WCCP client is added to a service group or when a WCCP client fails.

WCCP routers and WCCP clients exchange keepalive messages at a fixed interval. Prior to the introduction of the WCCP Fast Timers feature, the WCCP message interval is fixed at 10 seconds. The WCCP Fast Timers feature enables use of message intervals ranging from .5 seconds to 60 seconds and a timeout value scaling factor of 1 to 5.

The WCCP message interval capability introduced by the WCCP Fast Timers feature defines the transmission interval that WCCP clients and WCCP routers use when sending keepalive messages and defines a scaling factor used when calculating the timeout value. The WCCP router uses the timeout value to determine if a WCCP client is no longer available and to redirect traffic as a result.

The WCCP router enforces a single message interval per service group. WCCP clients with incompatible message intervals are prevented from joining a service group.

If a default message interval that is smaller than the default 10 seconds is used, there will be an increase in CPU usage.

You can use the show ip wccp service-number detail command to display information about the message interval settings being used in a WCCP service group. No output is displayed if the default 10-second message interval is used.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/configuration/xe-3s/iap-wccp.html

WCCP—Group List

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—Group Listen + Multicast Service

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

WCCP—VRF Support

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/ipapp/configuration/guide/ipapp_wccp_xe.html

XML-PI

For customers and partners needing to remotely adapt and control the behavior of Cisco devices, XML-PI 1.0 provides unambiguous and robust information access and control without the complexity and expense of screen-scraping technologies or external XML-to-CLI gateways.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_xmlpi_v1.html

Important Notes

The following sections contain important notes about Cisco IOS XE 3.1.0S Releases running on Cisco ASR 1000 Series Routers.

Deferrals

Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine if your software release is affected:

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

Field Notices and Bulletins

Field Notices—We recommend that you view the field notices for this release to determine whether your software or hardware platforms are affected. You can access field notices from http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html.

Bulletins—You can access bulletins from http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html.

Important Notes About IPSec Support on the Cisco ASR 1000 Series Router

This section contains important notes about IPSec support on the Cisco ASR 1000 Series Router:

IPSec CLI Support Notes

This section contains important notes about IPSec CLI support on the Cisco ASR 1000 Series Router:

For information about Cisco IOS IPSec commands, see the Cisco IOS Security Command Reference at: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s5.html

The show crypto engine command, which displays information about the crypto engine, is not currently supported on the Cisco ASR 1000 Series Router. The unsupported show crypto engine subcommands include the following:

accelerator (Shows crypto accelerator information.)

brief (Shows all crypto engines in the system.)

configuration (Shows crypto engine configuration.)

connections (Shows connection information.)

qos (Shows QoS information.)

The Cisco ASR 1000 Series Router does not currently support the display of send and recv error statistics using the show crypto ipsec sa identity command.

The Cisco ASR 1000 Series Router does not support the clear and show crypto commands on the standby Route Processor (RP) by design.

Counters in the show platform software ipsec fp active flow identifier n command are flagged for reset on read. You can use the show crypto ipsec sa command to obtain integral counters.

The show access-list command output does not show a packet count matching the ACL.

The Cisco ASR 1000 Series Router displays debugging information about the consumption of IPsec datapath memory; use the show platform hardware qfp act feature ipsec datapath memory command in privileged EXEC or diagnostic mode.

The Cisco ASR 1000 Series Router displays debugging information about the crypto engine processor registers; use the show platform software ipsec f0 encryption-processor registers command in privileged EXEC or diagnostic mode.

Crypto Map Support

This section contains important notes about IPSec crypto map support on the Cisco ASR 1000 Series Router:

The Cisco ASR 1000 Series Router does not currently support IPSec tunnel configuration for crypto maps with same IP address on both the tunnel interface and the physical interface. Configurations with different IP addresses are supported.

A possible Embedded Services Processor (ESP) reload may occur if a large number (such as 2000) of crypto maps are removed simultaneously. When removing a large number of crypto maps, it is recommended you unconfigure 500 crypto maps at a time and wait 25 seconds between operations.

The Cisco ASR 1000 Series Router does not support the show access-lists id command under crypto maps.

The Cisco ASR 1000 Series Router does not currently support the interface range command when configuring crypto maps.

IPSec Packet Processing

This section contains important notes about IPSec packet processing on the Cisco ASR 1000 Series Router:

Reloading an Embedded Services Processor (ESP) on the Cisco ASR 1000 Series Router may cause a few IPSec packets to drop before the initialization completes, but the traffic will resume after a brief interval.

The Cisco ASR 1000 Series Router will not discard an incoming IP datagram containing a Payload Length other than 4 in the authentication header (AH). For example, a 96 bit authentication value plus the 3 32-bit word fixed portion for any non-null authentication algorithm will not be discarded.

The Cisco ASR 1000 Series Router does not forward incoming authenticated packets with the IP option field set.

Group Encrypted Transport VPN Support on Cisco ASR 1000 Series Routers

When Group Encrypted Transport VPN is configured on a router, the "deny udp any any port=848" ACL rule is not added by default. You must manually add this rule in the Key Server ACL or Group Member ACL.

GET VPN Support

This section contains important notes about Group Encrypted Transport VPN (GET VPN) support on the Cisco ASR 1000 Series Router:

In Cisco ASR 1000 series router, group member policies downloaded from key server are treated as shared policy among all group members. So, it does not use the "reversed" policy to check for ingress packet. This behavior is different from other (Cisco7200/ISR) platform. To enable the same behavior as (Cisco 7200/ISR), use the platform ipsec godi accept-both command in global configuration mode. To disable, use the no form of this command as follows:

platform ipsec gdoi accept-both

no platform ipsec gdoi accept-both

Cisco ASR 1000 group member starts re-registration immediately when the local policies are modified. If user adds or removes multiple policies, then re-registration happens with every policy change.

To ensure normal traffic flow for a GET VPN configuration on a Cisco ASR 1000 series router, a Time Based Anti Replay (TBAR) window-size of greater than 42 seconds is recommended.

The Cisco ASR 1000 series router does not currently support the TBAR statistics display in the show crypto gdoi gm replay command.

If a Cisco ASR 1000 group member receives empty rekey message from key server, then it loses all its security associations.

The Cisco ASR 1000 series router does not currently support Easy VPN (EzVPN) and GET VPN on the same interface.

When a Cisco ASR 1000 series router is to apply the same Group Domain of Interpretation (GDOI) crypto maps to two interfaces, you should use local addresses for the crypto maps. Non-local address configuration is not supported.

The Cisco ASR 1000 series router does not currently support transport mode for TBAR.

The Cisco ASR 1000 series router only supports the reassembly of post-fragmented GET VPN packets that are destined for the local Cisco ASR 1000 Series Router in the GET VPN network

An enhancement is added to enable reassembly of IPsec transit traffic. This enhancement applies only to post-encryption fragmented IPsec packets. When this enhancement is enabled, IPsec will detect transit IPsec traffic and reassemble it before decryption. GET VPN transit IPsec traffic will be reassembled, decrypted, and forwarded to the destination. Non GET VPN transit IPsec traffic will be reassembled but not decrypted (because the ASR 1000 router is not the IPsec tunnel end point) and then forwarded to the destination.

To enable IPsec reassembly of transit traffic, use the platform ipsec reassembly transit command in global configuration mode. To disable IPsec reassembly of transit traffic, use the no form of this command as follows:

platform ipsec reassembly transit

no platform ipsec reassembly transit

IPSec SSO and ISSU Support Notes

The Cisco ASR 1000 Series Router supports stateful IPSec sessions on ESP switchover. During ESP switchover, all IPSec sessions will stay up and no user intervention is needed to maintain IPSec sessions.

For an ESP reload (no standby ESP), the SA sequence number restarts from 0. The peer router drops packets that do not have the expected sequence number. User may need to explicitly reestablish IPSec sessions to work around this issue for systems that have a single ESP after an ESP reload. User may experience traffic disruption over the IPSec sessions in such cases for the duration of the reload.

The Cisco ASR 1000 Series Router currently does not support Stateful Switchover (SSO) IPSec sessions on Route Processors (RPs). The IPSec sessions will go down on initiation of the switchover, but will come back up when the new RP becomes active. No user intervention is needed. User will experience traffic disruption over the IPSec sessions for the duration of the switchover, until the sessions are back up.

The Cisco ASR 1000 Series Router currently does not support stateful ISSU for IPSec sessions. Before performing an ISSU, users must explicitly terminate all existing IPSec sessions or tunnels prior to the operation and reestablish them post ISSU. Specifically, users must ensure that there are no half-open or established IPSec tunnels present before performing ISSU. To do this, we recommend user do a interface shutdown in the case of interfaces that may initiate a tunnel setup, such as a routing protocol initiating a tunnel setup, or interfaces that have keepalive enabled or where there is an auto trigger for an IPSec session. Traffic disruption over the IPSec sessions during ISSU is obvious in this case.

Summarizing and restating the different caveats:

ESP - switchover (with standby ESP) : Stateful :

IPSec sessions should be up. No user intervention needed.

ESP - Reload (No standby ESP) : Stateless :

IPSec sessions will go down and come back up. Usually no user intervention is needed. However, user may need to explicitly reestablish Ipsec session again if anti replay is configured (sequence number checking).

RP - switchover (with standby RP) : Stateless :

IPSec sessions will go down on RP switchover and should reestablish themselves when the new RP gains active role. No user intervention is needed.

ISSU (irrespective of chassis type): Stateless :

User must explicitly terminate all IPSec sessions by shutting the interfaces, perform ISSU and then reestablish tunnels by enabling the interfaces. No other intervention needed.

Miscellaneous IPSec Support Notes

This section contains miscellaneous important notes about IPSec support on the Cisco ASR 1000 Series Router:

The security association (SA) maximum transmission unit (MTU) calculation is based on the interface MTU instead of the IP MTU.

The Cisco ASR 1000 Series Router currently supports a maximum anti-replay window value of 512. If you attempt to configure a value larger than 512, the Cisco ASR 1000 Series Router defaults back to 512 internally (although the display still shows your user-configured value).

The Cisco ASR 1000 Series Router does not currently support nested SA transformation such as:

crypto ipsec transform-set transform-1 ah-sha-hmac esp-3des esp-md5-hmac 
crypto ipsec transform-set transform-1 ah-md5-hmac esp-3des esp-md5-hmac 
 
   

The Cisco ASR 1000 Series Router does not currently support Cisco IOS Certificate Authority (CA) server features.

The Cisco ASR 1000 Series Router does not currently support COMP-LZS configuration.

For the Cisco ASR 1000 Series Router, when configuring GRE over IPSec, user is recommended to use only Tunnel protection mode on the Tunnel interface. Using crypto maps on both tunnel and physical interface to achieve GRE over IPSec is not the supported method of configuration.

The Cisco ASR 1000 Series Router does not currently support VRF-Aware IPSec.

NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers

The NAT and Firewall ALG Support on Cisco ASR 1000 Series Routers matrix summarizes Network Address Translation (NAT) and Firewall Application Layer Gateway (ALG) feature support on Cisco ASR 1000 Series Routers in Cisco IOS XE  Release 2.1.0 and later releases. The matrix lists feature support by release. NAT and Firewall ALG support is cumulative; features introduced in earlier releases continue to be supported in later releases. You can access the matrix from the following location:

http://www.cisco.com/en/US/docs/routers/asr1000/technical_references/asr1000alg_support.pdf

Power Cycling a Cisco ASR 1013 Router

If you are going to power cycle a Cisco ASR 1013 Router, we recommend that you first perform a graceful reload on the router. Power cycling the router without first performing a graceful reload might cause a loss of data stored in the NVRAM. In other words, the configuration file might be lost. Note that this is not observed when a power failure occurs because each active power supply in the two power supply zones is power cycled at the same time during a power failure. If there is a chance that the router might be power cycled without a graceful reload, we recommend that you use the boot config file-system:configuration-file nvbypass command to specify a file system other than the NVRAM for storing the configuration file. The following are examples:

Router(config)# boot config harddisk:config_file.cfg nvbypass
Router(config)# boot config bootflash:configuration_data.cfg nvbypass

Important Notes in Cisco IOS XE Release 3.1.1S

This section describes important notes about Cisco IOS XE Release 3.1.1S and later releases.

SIP-40G:SPA-4XT-SERIAL

SPA-4XT-SERIAL was not supported in 3.1.0S when plugged into an ASR1000 with SIP-40. This SPA is supported in Release 3.1.1S on SIP-40 linecard.

For more information, see the following documents:

Cisco ASR 1000 Series Aggregation Services Routers SIP and SPA Hardware Installation, see section for SPA-4XT-Serial SPA in Table 1-4 (SIP and SPA Compatibility for Serial SPAs)

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/install_upgrade/ASR1000/asr_sip_spa_hw.html

Cisco ASR1000 Series Aggregation Services Routers SIP and SPA Software Configuration Guide

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/ASR1000/ASRintsw.html

Important Notes in Cisco IOS XE Release 3.1.0S

This section describes important notes about Cisco IOS XE Release 3.1.0S and later releases.

Bidirectional Forwarding Detection (BFD)

In Cisco IOS XE Release 3.1.0S Bidirectional Forwarding Detection (BFD) is no longer supported in IP Base software packages. For BFD support, use the Advanced IP Services or Advanced Enterprise Services packages.

DMVPN Spoke Support

In Cisco IOS XE Release 3.1.0S Cisco ASR 1000 Series Routers do not support the ip nhrp server-only command if they perform as DMVPN spokes.

GDOI Groups

Multiple GDOI groups with the same identity number (for example, 1234) can be configured on a group member as long as a different key server address is specified for each group. This is because both the group identity number and the server address are required to uniquely identify a group on a group member.

GRE Keepalive with Tunnel Protection

The Cisco ASR 1000 Series Router supports GRE keepalive with tunnel protection. However, the keepalive packet that is returned is not encrypted. This limitation is also mentioned in the "Limitations and Restrictions in Cisco IOS XE Release 3.1.0S" section.

Important Notes in Cisco IOS XE Release 2.6.0

This section describes important notes about Cisco IOS XE Release 2.6.0 and later releases.

Per-User Attribute On PPP Virtual Access

In Cisco IOS XE Release 2.6.0 multiple instances of the per-user attribute `Cisco-Avpair=lcp:interface-config=<cmd>' is not supported.

For example:

Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen

Cisco-AVPair= lcp:interface-config=ip unnumbered loopback2

Should be configured like this in Cisco IOS XE Release 2.6.0:

Cisco-AVPair = lcp:interface-config=ip vrf forwarding vpngreen \nip unnumbered loopback2

"Multiple instances will be supported in Cisco IOS XE Release 2.6.1"

Legacy QoS Command Deprecation: Hidden Commands

To streamline Cisco IOS QoS, certain commands are being hidden. Although these commands are available in Cisco IOS XE Release 2.6, the CLI interactive help does not display them. If you attempt to view a command by entering a question mark at the command line, the command does not appear. However, if you know the command syntax, you can enter it. The system will accept the command and return a message explaining that it will soon be removed. These commands will be completely removed in a future release, which means that you will need to use the appropriate replacement commands.

For more information, see the following document:

http://www.cisco.com/en/US/docs/ios/ios_xe/qos/configuration/guide/legacy_qos_cli_deprecation_xe.html

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.5.0

This section describes important notes about Cisco IOS XE Release 2.5.0 and later releases.

Embedded Packet Capture

The Embedded Packet Capture (EPC) feature is not functional and not supported for the Cisco ASR 1000 Series Routers.

QoS - Policing Support for GRE Tunnels

When queuing feature on the GRE tunnel interface is not supported with crypto configured on the physical interface.

QoS: QoS support for GRE/sVTI Tunnel

With IOS XE 2.5.0, the Cisco ASR 1000 Router Series supports Quality-of Service (QoS) applied to

A GRE or sVTI tunnel with policing and marking only for INGRESS traffic

A GRE or sVTI tunnel with 2-level hierarchy allowing queuing on the second level for EGRESS traffic

When there are multiple egress physical interfaces for a tunnel, and the tunnel target physical interface changes as a result of tunnel target destination route change, either manually by user configuration or by routing protocol, IOS will not prevent the tunnel traffic from moving to an alternate egress physical interface.

However, in IOS XE 2.5.0, QoS tunnel move feature is not supported. When tunnel traffic moved to an alternate egress physical interface, tunnel QoS policy may enter a suspended state. At this point, the tunnel QoS policy will have to be removed and reapplied to the tunnel interface for it to take effect.

In addition, queuing features on the GRE tunnel interface are not supported when IPSec is configured on the physical interface.

VRF-Aware NAT

Integrating NAT with MPLS VPNs

Prerequisites for integrating NAT with MPLS VPNs

Before performing the tasks in this module, you should be familiar with the concepts related to configuring NAT for IP address conservation. All access lists required for use with the tasks in this module must be configured before you begin the configuration task. For information about how to configure an access list, see IP Access List Sequence Numbering at the following location:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html


Note If you specify an access list to use with a NAT command, NAT does not support the commonly used permit ip any command in the access list.


Restrictions for Integrating NAT with MPLS VPNs

The following functionality is not supported for VRF-Aware NAT:

VPN to VPN translations. In other words, VRF cannot be applied on the NAT outside interface.

Translation of multicast packets

Translations with inside destinations

Reversible route maps

MIBs

MPLS traffic engineering

Configuring inside dynamic translations defined with outside interface mappings is not supported.

Configuring inside static translations with interface mappings is not supported. The following commands, which do not include VRF, are not supported:

ip nat inside source static esp local-ip interface type number

ip nat inside source static local-ip global-ip route-map name

ip nat inside source static local-ip interface type number

ip nat inside source static tcp local-ip local-port interface type number global-port

ip nat inside source static udp local-ip local-port interface type number global-port

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.3.0

This section describes important notes about Cisco IOS XE Release 2.3.0 and later releases.

Any Transport Over MPLS (AToM) Support

The configuration of Any Transport Over MPLS (AToM) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.3.0 is only supported on a subinterface; AToM cannot be configured on the main interface. In addition, you cannot have any IP configuration on the main interface when you have an AToM configuration on the subinterface. These configuration guidelines are applicable to VC mode, VP mode, and L2VPN PW redundancy.

MPLS TE Support

Cisco ASR 1000 Series Router users considering the implementation of MPLS TE are recommended to consult with their local Cisco technical support representative for Cisco IOS XE implementation details.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.2.2

This section describes important notes about Cisco IOS XE Release 2.2.2 and later releases.

SSO for L2TP Tunnel Switching Not Supported

If dual route processors (RPs) are used on the Cisco ASR 1000 Series Router in Cisco IOS XE Release 2.2.2 and L2TP Tunnel Switching is configured, then no l2tp sso enable must be configured.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.2. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.2.1

This section describes important notes about Cisco IOS XE Release 2.2.1 and later releases.

100M FX SFP Not Supported on Cisco 2-Port Gigabit Ethernet Shared Port Adapter

The 100M FX SFP is not supported on the Cisco 2-Port Gigabit Ethernet Shared Port Adapter (2x1GE SPA) on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1.

Intelligent Service Gateway (ISG) Features Not Supported

The following Intelligent Service Gateway (ISG) features are not supported on the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.2.1:

ISG IP subscriber functionality on the following types of access interfaces: Gigabit EtherChannel (GEC) (Port Channel), generic routing encapsulation (GRE), PPP (virtual-template), and Layer 2 Tunneling Protocol (L2TP)

ISG prepaid billing

ISG IP interface sessions

Interface statistics for ISG multiservice interfaces

Access lists cannot be configured as match criteria in ISG Layer 4 redirect configuration. As an alternative, Layer 4 redirect should be configured in ISG traffic class services.

Stateful Switchover (SSO and in-service software upgrade (ISSU) for ISG IP subscriber sessions or traffic class sessions. Upon switchover, an IP session must be recreated or restarted (for Dynamic Host Configuration Protocol (DHCP) sessions) when the session becomes active again.

SSO and ISSU for any features on IP subscriber sessions or traffic class sessions

SSO and ISSU for the following features on ISG PPP sessions:

Port-Bundle Host Key

Layer 4 Redirect

Traffic Class

Per-Session Multicast Support

Enhancements to the IP multicast feature provide support for per-session multicast in broadband environments in Cisco IOS XE Release 2.2.1.

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces and environments in Cisco IOS XE Release 2.2.1. VFR will automatically be configured when NAT is configured, but users must "not" manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.1.1

This section describes important notes about Cisco IOS XE Release 2.1.1 and later releases.

Startup Configuration File Backup

As a matter of routine maintenance on any Cisco router, users should backup the startup configuration file by copying the startup configuration file from NVRAM onto one of the router's other file systems and, additionally, onto a network server. Backing up the startup configuration file provides an easy method of recovering the startup configuration file in the event the startup configuration file in NVRAM becomes unusable for any reason.

For users using any Cisco ASR 1000 Series Router with a single RP, including any Cisco ASR 1002 or Cisco ASR 1004 Router, backing up the startup configuration file onto another router file system is especially important due to CSCsq70140, which is documented in the Caveats section of these release notes. The workaround for users who run into this caveat is to replace the startup configuration file in NVRAM with a backup copy of the startup configuration file on the router; therefore, customers who have backed up their startup configuration files onto the router will be ready to resolve these caveats if they occur on their Cisco ASR 1000 Series Routers using a single RP.

Example 1: Copying Startup Configuration File to Bootflash

Router# dir bootflash:
Directory of bootflash:/
 
   
   11  drwx       16384   Dec 4 2007 04:32:46 -08:00  lost+found
86401  drwx        4096   Dec 4 2007 06:06:24 -08:00  .ssh
14401  drwx        4096   Dec 4 2007 06:06:36 -08:00  .rollback_timer
28801  drwx        4096  May 29 2008 16:31:41 -07:00  .prst_sync
43201  drwx        4096   Dec 4 2007 04:34:45 -08:00  .installer
   12  -rw-   208904396  May 28 2008 16:17:34 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
 
   
Router# copy nvram:startup-config bootflash:
Destination filename [startup-config]? 
 
   
3517 bytes copied in 0.647 secs (5436 bytes/sec)
 
   
Router# dir bootflash:
Directory of bootflash:/
 
   
   11  drwx       16384   Dec 4 2007 04:32:46 -08:00  lost+found
86401  drwx        4096   Dec 4 2007 06:06:24 -08:00  .ssh
14401  drwx        4096   Dec 4 2007 06:06:36 -08:00  .rollback_timer
28801  drwx        4096  May 29 2008 16:31:41 -07:00  .prst_sync
43201  drwx        4096   Dec 4 2007 04:34:45 -08:00  .installer
   12  -rw-   208904396  May 28 2008 16:17:34 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
13 -rw-        7516   Jul 2 2008 15:01:39 -07:00  startup-config

Example 2: Copying Startup Configuration File to USB Flash Disk

Router# dir usb0:
Directory of usb0:/
 
   
43261  -rwx   208904396  May 27 2008 14:10:20 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
 
   
255497216 bytes total (40190464 bytes free)
 
   
Router# copy nvram:startup-config usb0:
Destination filename [startup-config]? 
 
   
3172 bytes copied in 0.214 secs (14822 bytes/sec)
 
   
Router# dir usb0:
Directory of usb0:/
 
   
43261  -rwx   208904396  May 27 2008 14:10:20 -07:00  
asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
43262 -rwx        3172   Jul 2 2008 15:40:45 -07:00  startup-config
 
   
255497216 bytes total (40186880 bytes free)

Example 3: Copying Startup Configuration File to a TFTP Server

Router# copy bootflash:startup-config tftp:
Address or name of remote host []? 172.17.16.81
Destination filename [pe24_asr-1002-confg]? /auto/tftp-users/user/startup-config
!!
3517 bytes copied in 0.122 secs (28828 bytes/sec)

VRF-Aware NAT

Dependency of NAT on VFR

ASRNAT will not handle fragmented packets unless VFR is configured on all NAT interfaces. VFR will automatically be configured when NAT is configured, but users must not manually unconfigure VFR on NAT interfaces as NAT cannot process the fragmented packets and out-of-order fragments correctly.

Important Notes in Cisco IOS XE Release 2.1.0

This section describes important notes about Cisco IOS XE Release 2.1.0 and later releases.

High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers

Table 1 describes some of the high level feature sets that are not supported for the Cisco ASR 1000 Series Routers in Cisco IOS XE Release 2.1.0 and later releases. Use Cisco Feature Navigator to confirm support for a specific feature. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Feature support is subject to change from release to release. Some high-level feature sets that were not supported in the initial Cisco IOS XE Release 2.1.0 are now supported. Table 1 has been updated to indicate when support has been introduced in later releases. For the latest feature information, see the New and Changed Information sections of these release notes and Cisco Feature Navigator.


Table 1 High-Level Feature Sets Not Supported for the Cisco ASR 1000 Series Routers 

Major Feature Category
Features Not Supported

ATM

Support for ATM features begins in Cisco IOS XE Release 2.3.0. No ATM features are supported in earlier releases.

Broadband

Support for ANCP begins in Cisco IOS XE Release 2.4.0. ANCP is not supported in earlier releases.

IPv6 Intelligent Service Gateway (IPv6 ISG)

Multilink PPP on L2TP Network Server (MLPPP on LNS)

Point-to-Point Protocol over Ethernet Tag (PPPoE Tag)

PPP over Q-in-Q (PPPoQinQ)

Ethernet OAM

Ethernet Operation, Administration, and Maintenance (OAM)

MPLS

Support for Carrier's Carrier begins in Cisco IOS XE Release 2.2.3. Carrier's Carrier is not supported in earlier releases.

Support for Ethernet over MPLS (EoMPLS) begins in Cisco IOS XE Release 2.4.0. Ethernet over MPLS (EoMPLS) is not supported in earlier releases.

Support for Inter-AS begins in Cisco IOS XE Release 2.2.2. Inter-AS is not supported in earlier releases.

IPv6 Provider Edge Router over MPLS (6PE)

IPv6 VPN over MPLS (6VPE)

Label Distribution Protocol (LDP) Session Protection

Support for Layer 2 VPN (L2VPN) begins in Cisco IOS XE Release 2.3.0. L2VPN is not supported in earlier releases.

Support for MPLS Traffic Engineering/Fast Reroute (MPLS TE/FRR) begins in Cisco IOS XE Release 2.3.0. MPLS TE/FRR is not supported in earlier releases.

Virtual Private LAN Service (VPLS)

Multicast

Multicast VPN

Routing

Performance Routing/Optimized Edge Routing (PFR/OER)

Security

Support for Group Encrypted Transport VPN (GET VPN) begins in Cisco IOS XE Release 2.3.0. GET VPN is not supported in earlier releases.

IPv6 IPSec

Support for Lawful Intercept begins in Cisco IOS XE Release 2.4.0. Lawful Intercept is not supported in earlier releases.

VRF-Aware Firewall

 

Support for VRF-Aware NAT when running ASRNAT this will not handle fragmented packets unless VFR is configured on all NAT interfaces.

Voice

Support for Cisco Unified Border Element (SP Edition) begins in Cisco IOS XE Release 2.4.0. Cisco Unified Border Element (SP Edition) is not supported in earlier releases. Earlier releases include support for Integrated Session Border Controller.