Table Of Contents
Release Notes for
Cisco IP Solution Center, 4.1.1
June 27, 2007
All documentation, including this Release Notes for Cisco IP Solution Center, 4.1.1 document and any or all of the parts of the Release 4.1 documentation set, might be upgraded.
Cisco IP Solution Center software is referred to as ISC.
This document gives you an overview of this maintenance release and helps you understand what has changed since ISC 4.1. Please read this document prior to reading any other manual for ISC.
The information in this document is organized into the following sections:
Cisco IP Solution Center (ISC) 4.1.1 is a maintenance release for ISC 4.1, which includes the update to Cisco MPLS Diagnostics Expert (MDE) 1.0.2. The system recommendations for ISC 4.1.1 are based on those for ISC 4.1. To see these system recommendations, go to the "System Recommendations" section. URLs for base information about ISC 4.1 and an overview and suggested reading order of these documents is given in Cisco IP Solution Center Getting Started and Documentation Guide, 4.1. (http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/4_1/docguide/index.htm)
Customer-found problems that were found in ISC 4.1 and fixed in this maintenance release are documented in the "Problems Fixed in ISC 4.1.1" section. Some of the problems resulted in product enhancements and behavioral changes. The changes are highlighted in the "New and Changed Information in ISC 4.1.1" section.
For problems that were found and might still exist in ISC 4.1.1, see the "Known Problems in ISC 4.1.1" section.
The system recommendations and requirements are listed in Chapter 1, "System Recommendations" of Cisco IP Solution Center Installation Guide, 4.1 http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/4_1/install/index.htm.
The recommendation is to thoroughly review this information before even planning your installation, to be sure you have all the hardware and software you must successfully install.
Network devices supported in ISC 4.1.1 are listed with the tested IOS release in the following section, Network Devices and Related Software Supported.
Network Devices and Related Software Supported
Table 1, "Network Devices and Related Software Supported with ISC 4.1.1," in this document replaces Table 1-3 in Cisco IP Solution Center Installation Guide, 4.1. This new table gives all the current information listed alphabetically, beginning with the application name.
Problems Fixed in ISC 4.1.1
New and Changed Information in ISC 4.1.1
The following are enhancement and changed behavior topics for this ISC Release 4.1.1 (listed alphabetically):
Common ISC Infrastructure—Lock Manager Granting Locks on FIFO Basis (CSCsb85363)
In previous ISC releases, the Lock Manager, which is common to all ISC components, simply had requesting threads sleep for one second when any of the devices it was attempting to lock were already locked. When multiple threads were waiting on locks, such as device(s) to be locked, the first thread to awaken when the lock was available got the lock, not necessarily the thread that requested it first.
In ISC 4.1.1, each lock request is placed in a queue. (See Appendix C of Cisco IP Solution Center Infrastructure Reference, 4.1 for an explanation of how to navigate to the Dynamic Component Properties Library (DCPL) properties.) A new Queue Manager thread allocates all locks. Periodically (every 100 milliseconds, by default, but modifiable by a new DCPL property: lockmanager > queueServicingInterval), the Queue Manager thread iterates through the queue from the oldest lock request to the newest, and attempts to grant locks. This new design ensures that lock requests are serviced in the order they are received. For cases when all lock requests are only attempting to lock a single device, the locks are granted on a strictly first-in, first-out (FIFO) basis. For cases where requests are attempting to lock multiple devices, system throughput is maximized at the expense of absolute fairness.
An example is when an older lock request is waiting for locks on devices 1, 2, and 3 and device 3 is locked by another job. In this case, if a new lock request to lock the currently unlocked devices 1 and 2 occurs, this request is granted.
Common ISC Infrastructure—Log Viewer (CSCsd90574)
A new DCPL property sets the file limit that can be viewed in the Log Viewer for discovery, host, and task logs. (See Appendix C of Cisco IP Solution Center Infrastructure Reference, 4.1 for an explanation of how to navigate to the DCPL properties. Then navigate to GUI > Common > logFileViewThreshold.) If the file size exceeds the set limit (default: 10MB and maximum value: 50MB), an error message appears, recommending that you view the file manually. The log file can then be viewed offline using other editors.
L2VPN—Global Parameter Changing Causes Audit State of Lost (CSCsd82993, CSCsd83039, CSCsd83055, CSCsd84349, and CSCsd84364)
If you modify a global parameter that can be shared by multiple L2VPN Service Requests, the modification affects all Service Requests that share that specific parameter. Therefore, if you audit one of the previously deployed Service Requests with that global parameter, you receive a Lost state when you look at the audit. We recommend you audit all the Service Requests. To correct this Lost state, modify the Service Requests in which a Lost state occurred in the audit, so the global parameter has the new value. Redeployment is not required.
Examples of global parameters that would act in this way are:
•VLAN name for a VPLS service
•Maximum Transfer Unit (MTU) size on the uplink/Switched Virtual Interface (SVI)
•N-PE description for VPLS service
•Errdisable recovery value on switches for L2VPN and VPLS services
•Error recovery interval value on switches for L2VPN and VPLS services
L2VPN—Tunnel Select Pseudo Wire to TE Tunnel
In the TEM component, you can now select a specific Traffic Engineering (TE) tunnel you want to use for point-to-point transport on Layer 2 Any Transport over MPLS (AToM). This selection is available in Policy creation and Service Request creation. To do this, use the following steps:
Step 1 For Policy creation, navigate to Service Design > Policies > Create > L2VPN (P2P) Policy > L2VPN on MPLS Core and choose any of the Service Types: L2VPN ERS, L2VPN EWS, Frame Relay, or ATM. You will see a window similar to Figure 1, "Tunnel Selection in a Policy—PW Tunnel Selection Check Box," with the new ability to check a check box PW Tunnel Selection (for selecting the pseudo wire tunnel selection). The editable check box is selected by default, which allows you to edit the tunnel during Service Request creation time.
Figure 1 Tunnel Selection in a Policy—PW Tunnel Selection Check Box
Step 2 After you set up your policy, you use this policy during Service Request creation. Do the following:
a. Navigate to Service Inventory > Inventory and Connection Manager > Service Requests > Create > L2VPN.
b. Select the policy you created in Step 1 and click OK.
c. Select a link and interface, click Add Link, and click OK.
d. Select the other end link(s) and interface(s), click Add Link, and click OK.
Figure 2 EndToEnd Wire Editor
f. To deploy your Service Request, in addition to the selected PW Tunnel Selection check box, which is already selected because of the setup you did for policy creation in Step 1, you additionally need to add the number of your Interface Tunnel, as shown in Figure 3, "Tunnel Selection in a Service Request." You can specify which tunnel you want for point-to-point transport on Layer 2 AToM. This functionality assumes you have specified a valid tunnel and does no validity checking.
Figure 3 Tunnel Selection in a Service Request
L2VPN and Layer 3 MPLS VPN—Service Inventory Discovery Support Added and Changed
Chapter 4, "Service Inventory—Discovery," in Cisco IP Solution Center Infrastructure Reference, 4.1 explains the functionality when you navigate to Service Inventory > Discovery in ISC 4.1 for L2VPN and Layer 3 MPLS VPN. All figure references starting with 4- are to that ISC 4.1 document.
This section explains the ISC 4.1.1 Service Inventory—Discovery additions and changes relative to ISC 4.1 in the following subsections:
Overview of Multiple Service Discovery Processes
In ISC 4.1, only one service discovery process was allowed. (See Chapter 4, "Service Inventory—Discovery" of Cisco IP Solution Center Infrastructure Reference, 4.1.)
In ISC 4.1.1, you can now do multiple service discovery processes and you can restart from any of the previous steps. Support for multiple discovery processes allows you to do incremental discovery of the network. The ability to restart from previous steps helps you roll back the discovery process to a selected previous step. You can then resume discovery from that step instead of needing to restart the entire discovery process from the beginning.
The commit to ISC happens only at the end of the discovery phase, not after each step. See Figure 4, "Multiple Workflows," for an understanding of the new multiple workflows. Figure 5, "Discovery Workflow," shows an update to the discovery workflow from Figure 4-10 in the ISC 4.1 documentation.
In ISC 4.1, Providers, Customers, Sites, and Regions were created automatically, using the inventory file. In ISC 4.1.1, these must be created manually. Additionally, if Resource Pools are required, you must create Access Domains and Resource Pools manually. The user must create all of these objects before running service discovery.
•Workflow category in the data pane gives the name and information about the current discovery request/workflow.
•Click the Restart button and you receive a drop-down list of completed steps. Select a step and you will restart from that step.
•In the left column, Current Request gives the discovery request/workflow that is currently running. If there is no currently running discovery request/workflow, an initialization window appears to create a new discovery request/workflow.
•In the left column, Previous Requests lists all the discovered requests/workflows. You can look at the status and logs for any of these discovery requests/workflows.
Note There is no synchronization of NPCs or VPNs. Any modification must occur through the ISC user interface.
All existing devices in ISC show as Read Only on the device discovery GUI.
Figure 4 Multiple Workflows
Figure 5 Discovery Workflow
The new Workflow category in the data pane gives the name and information about the current discovery request/workflow.
L2VPN Service Discovery
In ISC 4.1, L2VPN service discovery was possible on either an Ethernet core or an MPLS core, but not a combination of the two.
ISC 4.1.1 supports mixed core service discovery. In a mixed core, the L2VPN services can span across the MPLS core or they can be confined to a local Ethernet domain alone (local switched services). ISC 4.1.1 supports discovering L2VPN services on a mixed core. Additionally, ISC 4.1.1 discovers local switched services that do not traverse N-PE devices. Figure 6, "Mixed Core," shows a mixed core.
Figure 6 Mixed Core
ISC 4.1.1 enhances the ISC 4.1 L2VPN service discovery by allowing multiple or incremental runs of L2VPN service discovery. Any new links configured on the network for existing VPLS services (present in ISC) can be discovered. However, you cannot discover modifications (synchronizations) or deletions of the existing services or links.
A new L2VPN service is discovered when any of the following are found compared to the services existing in ISC:
•A new Virtual LAN Identifier (VLAN ID) in an Ethernet core (Ethernet access domain)
•A new Virtual Circuit Identifier (VC ID) for virtual private wire service (VPWS) services on an MPLS core
•A new VPLS Forwarding Instance Identifier (VFI ID) for virtual private LAN service (VPLS) services on an MPLS core
Any new links that are configured on NPCs marked as Existing Modified or Conflicting are not discovered.
Note There is no synchronization in L2VPN service discovery. Any modification must be done manually through the ISC user interface. Only new VPNs are discovered. Also, services that occur on Existing Modified NPCs and Conflicting NPCs are not discovered.
MPLS Service Discovery
In ISC 4.1.1, in addition to the N-PE to CE and N-PE to No CE support for ISC 4.1, there is also now support for Layer 2 Access over Layer 3 VPN (UNI/U-PE to N-PE Service Requests with UNI configured on the U-PE).
In ISC 4.1.1, incremental discovery occurs for existing VPN links. The existing VPNs are not editable in the discovery GUI and the existing VPN links are bypassed during commit.
Note End-to-end connectivity is not shown. All the PE-CE links in a VPN are shown with HubRT and SpokeRT in the Route Target column. The PE device name is also shown in the From CE column.
For ISC 4.1.1, no changes occur for the partial mesh VPN detail window.
Figure 7 MPLS VPN Links—Hub-and-Spoke
When editing a VPN view window, the Edit button is enabled for multiple checks. When multiple checks are selected, however, only the Customer Name field is available, as shown in Figure 8, "Edit VPN."
Figure 8 Edit VPN
To discover large networks with a complex topology, we recommend you reset two DCPL properties, as follows:
Step 1 See Appendix C of Cisco IP Solution Center Infrastructure Reference, 4.1 for an explanation of how to navigate to the Dynamic Component Properties Library (DCPL) properties.
Step 2 Navigate to the property watchdog\server\discovery\heartbeat\timeout and set this property to 180000 milliseconds (3 minutes).
Step 3 Navigate to the property watchdog\server\discovery\java\flags and set this property to -Xmx3072m -XX:PermSize=256m -XX:MaxPermSize=512m
Step 4 Restart the ISC server.
In ISC 4.1, Named Physical Circuit (NPC) discovery results were written directly into the ISC database. In ISC 4.1.1, the NPC discovery results are written to the scratch pad and committed at the end of the discovery. The new incremental discovery compares the discovered NPCs with existing NPCs in ISC and determines the state. The states, as shown in Figure 9, "States," are as follows:
•New—No corresponding NPC exists in ISC. Only the New NPCs are committed to ISC.
•Existing—The discovered NPC is the same as the NPC in ISC.
•Existing Modified—The NPC in ISC has the same source and endpoint but one or more of the intermediate links might not be the same.
•Conflicting—The discovered NPC conflicts with the NPC in ISC.
Figure 9 States
Note There is no synchronization of NPCs. You must do this manually. Any modification must be done manually through the ISC user interface.
Initializing a New Discovery Task
When you first navigate to Service Inventory > Discovery, the first window that appears has changed from Figure 4-8 and Figure 4-9 in the ISC 4.1 documentation. The ISC 4.1.1 version, as show in Figure 10, "Device Discovery—CDP Fields," Figure 11, "Device Discovery—Device/Topology Fields," and Figure 12, "Device Discovery—Import Configuration File Fields," has the following change of information.
•Identification > Name is new. In this optional field, you can enter a unique name of your choice for the Workflow name. If you do not enter a name in this field, the system automatically generates a unique name for you.
•In the Device Discovery section, the fields that appear depend on the radio button you choose:
–When you choose the CDP (default) radio button, as shown in Figure 10, "Device Discovery—CDP Fields," two additional fields of information were added for ISC 4.1.1 instead of what appears for ISC 4.1 in Figure 4-8. The editable Output Device File field is optional and defaults to an XML file of the discovered devices. This file can then be an input Devices File for rerunning discovery using the Device/Topology option, found later in this window. The editable Output Connection File is optional and defaults to an XML file that contains device connectivity information that is written during CDP Device Discovery. This file can then be an input NPC Topology File for rerunning discovery using the Device/Topology option, found later in this window.
–When you choose the Device/Topology radio button, as shown in Figure 11, "Device Discovery—Device/Topology Fields," the Device File and NPC Topology File fields remain the same as for ISC 4.1 in Figure 4-9, with the exception that the NPC Topology File is no longer required.
–A new Import Configuration Files radio button, as shown in Figure 12, "Device Discovery—Import Configuration File Fields," has been added for ISC 4.1.1. The required Directory field is the directory on the server that contains configuration files for the devices to be discovered. The format of these files must be <filename>.cfg. The NPC Topology File field contains an XML file that contains device connectivity information that is used to automatically create NPCs.
•The Inventory File field no longer appears because during service discovery, Providers, Regions, Customers, and Sites are no longer automatically created. The user must manually create these files before running service discovery. If Resource Pools are required, Access Domains and Resource Pools must also be manually created before running service discovery.
Figure 10 Device Discovery—CDP Fields
Figure 11 Device Discovery—Device/Topology Fields
Figure 12 Device Discovery—Import Configuration File Fields
Editing Device Configurations
When setting Cisco CNS attributes, you have additional information in ISC 4.1.1 than was shown in Figure 4-15 for ISC 4.1. The information for ISC 4.1.1 is shown in Figure 13, "CNS Attributes Window." The two new columns of information are Terminal Server, which specifies the devices that represent the workstations that can be used to provision edge routers, and Port Number, which specifies the port numbers used by the terminal server.
Figure 13 CNS Attributes Window
New Discovery DCPL Properties
New DCPL properties were added to support the service discovery additions and changes. Navigate to the Discovery topic. (See Appendix C of Cisco IP Solution Center Infrastructure Reference, 4.1 for an explanation of how to navigate to the DCPL properties. There you will find the ISC 4.1 default settings and how to change them.)
Existing PE Roles Are Editable, Causing Commit Aborting (CSCsd30074)
When a device in ISC only has a hostname, the ISC device has no IP management address or domain name configured. If in Discovery, a device with the same hostname is discovered with an IP management address or is created manually in the Device Editor, the device might fail to commit to the ISC repository. The failure occurs because a match is determined with the existing ISC device, because both devices do not have a configured domain name.
1. Edit the device that exists in ISC and add the management IP address before Discovery. Discovery then treats that device as a duplicate and marks it read-only in the Device Editor.
2. During Discovery, in the Device Editor, enter a domain name for the discovered device. Discovery then treats this as a new device.
L2VPN, Layer 3 MPLS VPN, and TEM—Heap Size Increase for Large Deployments (CSCsd89114)
Heap is a block of memory segment for the L2VPN and Metro Ethernet, Layer 3 MPLS VPN, and TEM components. It is allocated for use by the Java virtual machine (JVM) process during runtime. It might need to be increased for large deployments. If the httpd process restarts, increase the heap size, as follows:
Step 1 cd $ISC_HOME/bin
Step 2 vi tomcat.sh
Step 3 Search for a line with -Xmx512m
Step 4 Set the heap size to 1GB or 2GB by replacing -Xmx512m with -Xmx1024m or -Xmx2048m, respectively.
Step 5 Save the tomcat.sh file.
Step 6 Enter stopall to stop the ISC server.
Step 7 Enter startwd to start the ISC server.
L2VPN Over MPLS Core—ATM VP Mode Support
In ISC 4.1.1, Asynchronous Transfer Mode (ATM) virtual path (VP) mode is now supported in addition to the previous ATM virtual circuit (VC) mode support for the L2VPN over MPLS core.
L2VPN VPLS—UNI Modification Moves the Service Request to Failed Deploy State (CSCsd85346)In some situations for L2VPN VPLS, modifying and deploying a User-Network Interface (UNI) from one port to another results in the Service Request going to the Failed Deploy state.
To correct this situation, do the following:
• Decommission the Attachment Circuit/Virtual Private LAN Service Link (AC/VPLSLink) on a particular UNI.
• Create and deploy a new AC/VPLSLink on a different UNI.
L2VPN and VPLS Policies—Keep Alive Option (CSCef14869)
Previously, during a Metro Ethernet Service Request deployment, the command no keepalive was automatically provisioned on a UNI of a Metro Ethernet service, to prevent a CPE from sending keep alive packets to the U-PE, for security purposes.
In ISC 4.1.1, an attribute was added in both the L2VPN and VPLS policies. The new Keep Alive option, in the form of a check box, is by default unchecked to indicate the need for issuing a no keepalive command. When you check this check box, you indicate to select Keep Alive as an option. This attribute is editable to support modification on a per Service Request basis.
Layer 2 Access to L3 MPLS VPN—U-PE Attributes Changed to UNI Attributes
In ISC 4.1.1, for Layer 2 access into MPLS Service Requests, the combination of U-PE and PE-AGG attributes are now shown as UNI attributes.
Layer 3 MPLS VPN—10 Gigabit Ethernet Interface Support
In ISC 4.1.1 for Layer 3 MPLS VPN, 10 gigabit Ethernet interface support has been added for MPLS VPNs. This is in addition to the interfaces listed as supported for MPLS VPN in Chapter 3 of Cisco IP Solution Center MPLS VPN User Guide, 4.1
MDE—IOS 12.2(28) SB Behavior Change
For IOS 12.2(28) SB as PE and P roles, the behavior of Cisco MPLS Diagnostics Expert (MDE) has changes relating to the detection of a failure. This is due to the command ip cef being disabled on a P or PE router.
The changes to the behavior of ip cef in IOS version 12.2(28) SB are as follows:
•When ip cef is disabled on a P router, IP connectivity is lost in any VPN through the P router.
•When ip cef is disabled on a PE router, IP connectivity is lost within a VPN from the PE to its connected CE.
For IOS version 12.2(28) SB with ip cef disabled:
•As a P, MDE diagnoses and reports the problem as an IP connectivity issue.
•As a PE, MDE diagnoses and reports an undetermined connectivity problem in the circuit between the PE and the CE.
For IOS 12.2(30) S, disabling ip cef does not cause any IP connectivity failure with the VPN. MDE diagnoses and reports that there is a problem with ip cef disabled on either the P or PE.
MDE—IOS Versions That Do Not Support MPLS OAM, Behavior Change
In MDE, a connectivity problem can be isolated to the MPLS core, edge, or Attachment Circuit. For non-MPLS Operation, Administration, and Maintenance (OAM) compliant IOS versions, if the problem is in the edge or Attachment Circuit areas, the problem is fully diagnosed and is MDE 1.0. This is about 70 percent of the problem types (failure scenarios) covered by MDE. If the problem is in the core, the system reports a connectivity failure, but cannot carry out further isolation and diagnosis. The system reports that there is a non-MPLS OAM IOS version present and that no troubleshooting was performed in the core.
In some circumstances where there is a problem in the core but non-MPLS OAM compliant IOS versions are present, MDE reports a mismatch between the forwarding information base (FIB) and label forwarding information base (LFIB) on the edge device. The presence of the message indicating non-MPLS OAM coupled with this failure condition could indicate a problem within the core and not, as reported, on the PE router.
The Label Switched Path (LSP) visualization function relies on MPLS OAM. Therefore, visualization cannot be initiated with a non-MPLS OAM compliant PE as a local endpoint. If the other PE is MPLS OAM compliant, we recommend you swap the local and remote endpoints.
MDE—MTU Support Removed
MDE Maximum Transfer Unit (MTU) Analysis support is no longer available in MDE 1.0.2 and ISC 4.1.1. The functionality has been withdrawn, because it did not satisfactorily solve the problem of identifying problems related to MTU.
NBI API—NPC Look Up Enhancement
A new northbound interface (NBI) application programming interface (API) has been introduced to look up NPCs. When given a U-PE as the starting device and an N-PE as a ending device, the API returns IDs of all the NPCs that match the starting device and ending device. For a ring topology, two NPCs are returned. Either identifier for either of the two NPCs can be chosen.
TEM—Multilink Interface Enhancement (CSCsd73082)
The Traffic Engineering Management (TEM) component now supports the multilink interface.
TEM—New Configuration Parameter (CSCsd90642)
In the TEM component, you can now determine whether the tunnel command mpls ip should be provisioned while provisioning Traffic Engineering primary tunnels. A new DCPL property has been introduced. (See Appendix C of Cisco IP Solution Center Infrastructure Reference, 4.1 for an explanation of how to navigate to the DCPL properties and change the settings.) Navigate to TE > Deployment > tunnelMplsIp. The default setting of true indicates to deploy the mpls ip command when provisioning Traffic Engineering tunnels. The setting of false indicates not to deploy the mpls ip command when provisioning Traffic Engineering primary tunnels.
This section contains the following information:
ISC 4.1.1 supports upgrading from ISC 3.2.2, 126.96.36.199, 188.8.131.52, 4.0, 4.0.1, or 4.1 after ISC 4.1 is installed.
If you have an existing VPNSC 1.x or 2.x repository, you must migrate it to be able to use it with ISC 4.1. Get the migration package, including the documentation that lists limitations, from email@example.com.
You must have ISC 4.1 installed before you download the software to upgrade to ISC 4.1.1 on the same server. Support for upgrading from 1SC 3.2.2, 184.108.40.206, 220.127.116.11, 4.0, or 4.0.1 to 4.1 is explained in Cisco IP Solution Center Installation Guide, 4.1.
Note If you are upgrading from an ISC release prior to ISC 4.1 and have an external Oracle database, you must upgrade your database to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
with the Partitioning, OLAP, and Data Mining options.
Then follow these steps:
Step 1 Before upgrading to this Maintenance Release, complete the discovery workflow. Otherwise, when you upgrade these previously initiated discovery workflows, the data discovered during that process might be lost.
Step 2 Before proceeding to install the ISC 4.1.1 Maintenance Release, be sure to back up your repository, as explained in Appendix C of Cisco IP Solution Center Installation Guide, 4.1 http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/4_1/install/index.htm
Note If you need to revert to your prior version of ISC, this backed up repository is the one you need to point to after uninstalling ISC 4.1.1. When you uninstall ISC 4.1.1, you do not remove modifications made to the repository in Step 11. Any Service Requests provisioned under ISC 4.1.1 will then need to be reprovisioned.
Step 3 Go to http://www.cisco.com/cgi-bin/tablebuild.pl/isc (where, in tablebuild.pl, the last character is the lower-case letter "l") to retrieve the ISC 4.1.1 Maintenance Release (isc-4.1.1-maint.tar.gz) and the database schema upgrade package (ISC411_UpgradeTool.tar.gz).
Note Patches that use ISC 4.1.1 as the base will also be located at http://www.cisco.com/cgi-bin/tablebuild.pl/isc
Step 4 Prior to installing the ISC 4.1.1 Maintenance Release, verify that you have 100 MB of free space in the $ISC_HOME directory and that you are logged in with the same username as the owner of your supported version of ISC.
Step 5 Navigate to a directory other than $ISC_HOME.
Step 6 Use the following command to untar and unzip the appropriate isc-4.1.1-maint.tar.gz file:
gunzip -c isc-4.1.1-maint.tar.gz | tar xf -
Step 7 If ISC is running, use the following command to stop the database, name server, and WatchDog on the machine on which it is running:
Step 8 If you are running on ISC 3.2.2,18.104.22.168, 22.214.171.124, 4.0, or 4.0.1, install ISC 4.1, as documented in Cisco IP Solution Center Installation Guide, 4.1.
Note Prior to installing ISC 4.1, if you are moving a repository from one machine to another, the schema upgrade fails unless the repository has been initialized on the new machine. This requires that you successfully run initdb.sh on the repository to update the host entry.
Thus, when you are upgrading from an ISC version prior to ISC 4.0.1, you must have a running ISC installation on your new machine that is the same version as that on your old machine so that initdb.sh can be used to initialize your repository with the correct hostname.
Step 9 Use the following command to run the patch installation script:
b. To accept the default value for a prompt indicated in [ ], for example, [n] or [y], press Enter. To terminate the installer at any time, press Ctrl-C. Specifically you will be asked to enter a new path or press Enter for the default [/opt/isc-4.1].
c. At the end of the installation, you will receive a message that the patch installation is complete.
Step 10 Use the following command on the ISC server to untar and unzip the database schema upgrade package:
gunzip -c ISC411_UpgradeTool.tar.gz | tar xf -
The directory ISC411_UpgradeTool is created. Before you proceed, read the README file that is located in this directory.
Step 11 Use the following commands on the ISC server to use the upgrade tool:
./upgradeISCSchema.sh <full path of ISC_HOME>
The log messages are printed on the window and written in the log file contained in the log directory under the directory ISC411_UpgradeTool.
Step 12 If you choose to uninstall this patch after successfully installing, follow the steps in the "Uninstall" section.
Note For all Cisco 7600s, you must do a config collection to synchronize the Service Requests in the repository. This is needed because ISC changed the way it detects Cisco 7600 hardware information.
To uninstall the ISC 4.1.1 Maintenance Release that was successfully installed by following the steps in the "Upgrade Paths" section, follow these steps:
Step 1 Log in with the same username as the owner of ISC.
Step 2 If ISC 4.1.1 is running, use the following command to stop the database, name server, and WatchDog on the machine on which it is running:
Step 3 Navigate to the directory $ISC_HOME/patch/isc126.96.36.199-patch, where the files and executable prior to installing ISC 4.1.1 were stored.
Step 4 Use the following command to run the patch script to uninstall:
b. To accept the default value for a prompt indicated in [ ], for example, [n] or [y], press Enter. To terminate the installer at any time, press Ctrl-C.
c. At the end of the uninstall, you will receive a message that the patch rollback is complete.
Step 5 Restore the repository that you backed up in Step 2 of the "Upgrade Paths" section, as explained in Appendix C of Cisco IP Solution Center Installation Guide, 4.1 http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/isc/4_1/install/index.htm
Note When you uninstall ISC 4.1.1, you do not remove modifications made to the repository. Any Service Requests provisioned under ISC 4.1.1 will then need to be reprovisioned.
1. All ISC patches are available at: http://www.cisco.com/cgi-bin/tablebuild.pl/isc
2. The supported Sybase and Oracle databases behave differently. All GUI queries are case-insensitive for Sybase and case-sensitive for Oracle.
3. ISC does not work with pop-up blockers in a web browser. If you have pop-up blockers installed, disable them.
4. When using an external Oracle database, the embedded Sybase database is still automatically launched for SLA support.
5. For all APIs, the Service Request name is unique and therefore, each Create Service Request API call needs to maintain this uniqueness.
Known Problems in ISC 4.1.1
To find known problems in Cisco IP Solution Center, use the following URL:
You must log into CCO.
You can search for specific bugs or search for a range by product name. This tool enables you to query for keywords, severity, range, or version.
The results display bug ID and title, found-in version, fixed-in version, and status. The bug ID is a hyperlink to detailed information for the bug ID's product, component, severity, first found-in, and release notes.
The results could be displayed in a feature matrix or spreadsheet.
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
You can access the most current Cisco documentation at this URL:
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
Product Documentation DVD
The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:
Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at firstname.lastname@example.org or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
From this site, you will find information about how to:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•For Emergencies only — email@example.com
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•For Nonemergencies — firstname.lastname@example.org
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:
•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
or view the digital edition at this URL:
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:
•Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental
Copyright © 2006 Cisco Systems, Inc. All rights reserved.