Table Of Contents
Release Notes for the Cisco 10000 Series ESR
for Cisco IOS Release 12.2(2)BY3
April 1, 2002
These release notes provide information about Cisco IOS Release 12.2(2)BY3, which provides broadband aggregation features for the Cisco 10000 series edge services router (ESR). These release were updated to include fixes for caveats discovered and resolved since the release of Cisco IOS Release 12.2(2)BY2 (see the "Resolved Caveats in Cisco IOS Release 12.2(2)BY3" section).
These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode and related documents.
Cisco IOS Release 12.2(2)BY3 is based on the following releases:
•Cisco IOS Release 12.2(2)BY2
•Cisco IOS Release 12.2(2)BY1
•Cisco IOS Release 12.0(19)SL for features specific to the Cisco 10000 series ESR
•Cisco IOS Release 12.2B for platform-independent features
For a list of the software caveats that apply to Cisco IOS Release 12.2(2)BY1, see the "Caveats in Cisco IOS Release 12.2(2)BY1" section.
To review the release notes for Cisco IOS Release 12.0(19SL, go to www.cisco.com and click Technical Documents > Aggregation > Cisco 10000 Series Edge Services Routers > Cisco 10000 Series ESR Release Notes > Release Notes for the Cisco 10000 Series ESR for Cisco IOS Release 12.0(19)SL.
To review the release notes for Cisco IOS Release 12.2, go to www.cisco.com and click Technical Documents. Select Release 12.2 from the Cisco IOS Software drop-down menu. Then click Cisco IOS Release Notes > Cisco IOS Release 12.2.
This document contains the following sections:
Upgrading to a New Software Release
For specific information about upgrading your Cisco 10000 series ESR to a new software release, see the Cisco 10000 Series ESR Software Configuration Guide.
For general information about upgrading to a new software release, see the product bulletin Cisco IOS Upgrade Ordering Instructions located at:
For additional information about ordering Cisco IOS software, refer to the Cisco IOS Software Releases URL:
This broadband aggregation image requires that you have the PRE1 version (part number ESR-PRE1) of the Performance Routing Engine (PRE) installed in the Cisco 10000 series ESR chassis. To verify which PRE is installed in the ESR, use the show version command.
New Features in Cisco IOS Release 12.2(2)BY3
The following new features are included in the Cisco 10000 series ESRCisco IOS Release 12.2(2)BY3:
ARP and PPPoE Discovery Packet Throttling
ARP and PPPoE discovery packet throttling enhances the performance of the Cisco 10000 series ESR by limiting the transmission of ARP and PPPoE discovery packets toward the route processor of the PRE to 4 Mbps.
Call Admission Control
The Call Admission Control feature enables the Cisco 10000 series ESR to reject PPP call setup requests if the use of system resources goes beyond a defined limit. The use of system resources such as CPU utilization and memory is very high when a large number of sessions are trying to come up at the same time (for example, when the system is rebooting or line is flapping).
To configure the limit setting which triggers the router to reject PPP call setup requests, use the call admission limit total-concurrent-charge command as follows:
call admission limit total-concurrent-charge
Where total-concurrent-charge is an integer percent of the system resources in use.
We recommend that you set the call admission limit to 90.
New Features in Cisco IOS Release 12.2(2)BY1
Cisco IOS Release 12.2(2(BY1 brings broadband aggregation to the Cisco 10000 series ESR, and enables the router to emulate an L2TP Network Server (LNS)/home gateway upstream from a DSL access network. In this role, the ESR connects to an L2TP Access Concentrator (LAC), terminates the point-to-point protocol (PPP) layer, and assigns a network layer configuration to the remote client. The ESR then routes or forwards the remote client data to the backbone network.
The following new features and improvements are supported in Cisco IOS Release 12.2(2)BY1 to provide broadband aggregation. If you need more information on configuring these features, see the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2.
In addition to the standard protocols supported by the Cisco 10000 series ESR, this release supports the following protocols for broadband aggregation:
•PPP sessions encapsulated in L2TP tunnels
•Routing with Bridged Encapsulations (RBE)
•PPPoX and RBE autosense for LLC/SNAP encapsulation
•PPPoX autosense for SNAP
•PPPoA autosense for MUX encapsulation
•PPPoE and RBE on a VC
Scalability for broadband aggregation for the Cisco 10000 series ESR includes support for the following:
•Up to 32,000 L2TP tunneled PPP sessions or PTA subscribers
•Up to 32,000 VCs (in high VC Count mode only).
•Up to 4,000 VCs (with full functionality)
•Up to 3200 tunnels
AAA and Address Assignment
The following new AAA and address assignment features are supported in this release:
•RADIUS based authentication
•IP address assignment from local pools (both configured using CLI and downloaded using RADIUS)
•IP address assignment from RADIUS servers (as part of AAA)
•DHCP relay agent support for unnumbered interfaces
•RADIUS request with VPI/VCI information
Accounting, Network Management, and Configuration
New router accounting, management, and configuration features in this release include:
•Range based CLI
•Support for Cisco-VPDN-MGMT-MIB
•RADIUS interim accounting
•RADIUS VPI/VCI accounting
•Configuration using RADIUS AV pairs
Cisco 10000 Series ESR Software Features
Table 1 lists the leased line features based on Cisco IOS Release 12.0(19)SL, and supported in the Cisco 10000 series ESR.
Limitations and Restrictions
This section describes any limitations and restrictions that you should review before you use the Cisco 10000 series ESR.
Features Removed to Enable Broadband Aggregation
To add broadband aggregation to this release, it was necessary to remove some software features that are standard features in the Cisco 10000 series ESR. The following software features were removed:
•Multi Link Frame Relay
•Cisco IOS NetFlow Accounting
Applying ACLs to Virtual Access Interfaces
In Cisco IOS Release 12.2(2)BY3 and previous releases, if you apply an ACL to a virtual access interface template, the ACL is ignored and has no effect.
Controlling the Rate of Logging Messages
It is important that you limit the rate that system messages are logged by the Cisco 10000 series ESR. This helps to avoid a situation in which the router becomes unstable and the CPU is overloaded. To control the output of messages from the system, use the logging rate-limit command.
We recommend that you configure the logging rate-limit command as follows:Router(config)# logging rate-limit console all 10 except critical
This rate-limits all messages to the console to 10 per second, except for messages with critical priority (level 3) or greater.
For more information on the logging rate-limit command, see the Cisco IOS Configuration Fundamentals Command Reference.
Testing Performance of High-Speed Interfaces
Cisco IOS software running on the Cisco 10000 series ESR has multiple queues for all classes of traffic over high-speed interfaces. The software selects a queue based on the source and destination address for the packet. This ensures that a traffic flow always uses the same queue and the packets are transmitted in proper order.
When the Cisco 10000 series ESR is installed in a real network, the high-speed interfaces work efficiently to spread traffic flow equally over the queues. However, using single traffic streams in a laboratory environment may result in less-than-expected performance.
Therefore, to ensure accurate test results, you should test the throughput of the gigabit Ethernet, POS, or ATM uplink with multiple source or destination addresses.
Tip To determine if traffic is being properly distributed, use the show hardware pxf cpu queue command.
This section contains important issues that you should be aware of with Cisco IOS Release 12.2(2)BY3 and previous releases.
High VC Count Mode
The new High VC Count mode enables the Cisco 10000 series ESR to support 32,000 VCs with PPPoE, PPPoA, or RBE protocols. The High VC Count mode is set on a per-port basis, and imposes certain limitations, regardless of how the VCs are defined.
Note To avoid long VC session bring-up times, we recommend that you use unnumbered and range-based VCs when configuring a high number of VCs.
The following limitations apply in High VC Count mode:
•ACLs and Service-Policies only apply to the physical interface, not to individual VCs
•All VCs on a physical interface must reside in the same VRF
•PVC Discovery is not supported.
•OAM Management is not supported.
To set the router to High VC Count mode, use the no atm pxf queuing command.
The following example shows High VC Count mode enabled on an atm port:Router(config)# interface atm 2/0/3Router(config-if)# no atm pxf queuing
Provisioning for Scaling
Cisco engineers have identified several configuration parameters that enable the Cisco 10000 series ESR to scale the configuration. Please ensure that you have the following commands and parameters in your configuration.
If you plan to run RADIUS authentication, set the small, middle, and big buffers to 15000, 12000, and 8000, respectively. Use the buffers command to do this. For example:Router(config)# buffers small perm 15000Router(config)# buffers mid perm 12000Router(config)# buffers big perm 8000
For typical RADIUS servers, if the RADIUS server is only a few hops away from the router, we recommend that you set the RADIUS server retransmit rate to 5 and the RADIUS server timeout rate to 15 using the radius-server command. For example:Router(config)# radius-server retransmit 5Router(config)# radius-server timeout 15
L2TP Tunnel Settings
It is mandatory that you configure an L2TP tunnel password. To do so, use the l2tp tunnel password command. For example:Router(config)# vpdn-group tunnel1Router(config-if)# l2tp tunnel password 7
The nosession-timeout command determines the length of time a tunnel persists when there are no sessions in it. You must set this timeout to 30. For example:Router(config)# vpdn-group tunnel1Router(config-if)# l2tp tunnel nosession-timeout 30
You must also configure the L2TP tunnel receive window to 100, with the minimum retransmit timeout of 2, and a maximum retransmit timeout of 8. For example:Router(config)# vpdn-group tunnel1Router(config-if)# l2tp tunnel receive-window 100Router(config-if)# l2tp tunnel retransmit timeout min 2Router(config-if)# l2tp tunnel retransmit timeout max 8
If you configure ATM subinterfaces for L2TP tunnels, configure aal5snap encapsulation to avoid a condition where a flapping interface could cause the system to be overloaded with ARP requests. You can do this using the encapsulation command. For example:Router(config)# interface atm 5/0/0.4Router(config-if-atm-vc)# encaps aal5snap
To keep the LNS from timing out a PPP authentication process, set the ppp timeout to 100 using the ppp timeout authentication command. For example:Router(config)# interface Virtual-Template1Router(config-if)# ppp timeout authentication 100
Cisco Discovery Protocol
The Cisco Discovery Protocol (CDP) is disabled by default. To maximize scalability in the Cisco 10000 series ESR, do not enable CDP.
Gratuitous ARP Requests
To maximize the performance of the router, you must disable gratuitous ARP requests using the no ip gratuitous-arp command. For example:Router(config)# no ip gratuitous-arp
The keepalive command is an interface-specific command. If you configure a virtual-template with any form of the keepalive command, including the no keepalive command, or the keepalive [seconds] command, the subinterfaces are not used with that virtual-template interface.
Trunk Interface Input Queue
To ensure high scalability, set the trunk interface input hold queue to a high value. For example:Router(config)# int gig1/0/0Router(config-if)# hold-queue 4096 in
Note The OC-12 ATM line card trunk interface input hold queue defaults to 27230, and in Cisco laboratory tests, the OC-12 ATM line card has achieved the highest scalability at this setting. We recommend that you do not change the default setting.
AAA Authentication on the NME Port
If you use AAA authentication on the NME port, set both the in and out interface hold queues to 4096. For example:Router(config)# int fe 0/1Router(config-if)# hold-queue 4096 inRouter(config-if)# hold-queue 4096 out
Virtual Templates and PPP Session Scaling
If you configure a virtual template using interface-specific commands, the Cisco 10000 series ESR does not achieve the highest possible PPP session scaling. To verify that the router has no interface-specific commands within the virtual-template configuration that would limit PPP scaling, use the test virtual-template <number> sub interface command.
In the following example, the output of the test virtual-template <number> sub interface command indicates that subinterfaces cannot be created using the virtual template. Two interface-specific commands are set: carrier-delay and ip rtp priority.Router(config)# test virtual-template 11 subinterfaceSubinterfaces cannot be created using Virtual-Template11Interface specific commands:carrier-delay 45ip rtp priority 2000 2010 500
If you do not use the SNMP management tools of the router to monitor PPP sessions, you can prevent the virtual-access subinterfaces from being registered with the SNMP functionality of the router and using memory by using the no virtual-template snmp command. For example:Router(config)# no virtual-template snmp
Table 2 lists interface-specific commands that prevent the Cisco 10000 series ESR from attaining the highest possible PPP session scaling.
Inserting a New Line Card
Unlike other Cisco routers, if you insert a new or different line card into a Cisco 10000 series ESR chassis slot that previously had a line card installed, the line card initially reports that it is administratively up.
Resolved Caveats in Cisco IOS Release 12.2(2)BY3
This section lists caveats found since the release of Cisco IOS Release 12.2(2)BY2 and are fixed in Cisco IOS Release 12.2(2)BY3.
Previously, when RADIUS accounting was configured on an LNS, NAS-Port (radius attribute 5) was not included in the accounting record. This problem has been fixed.
In the past, the OC-12 ATM line card reported that the line protocol was up even though the cable was not attached. This problem has been fixed.
Previously, if you shut down an OC-12 ATM line card interface that was up, reloaded the Cisco IOS software, and then enabled the interface with the no shutdown command, the interface indicated it was still down. This problem has been fixed.
In the past, the ATM interface changed to the shutdown state when you added or changed the parameters of the hold-queues. This problem has been fixed.
In the past, if atm pxf queuing mode was configured on the Cisco 10000 series ESR, the pxf queue was full, and the number of drops was increasing, the flowbit process halted. This problem has been fixed.
In rare circumstances when the route processor of the PRE was performing a route update, the following error message appeared on the console:%PXF-2-FAULT: T1 SW Exception: CPU[t1r3c1] 0x00000680 at 0x0D68 LR 0x097300:07:04: %PXF-2-FAULT: T1 Exception summary: CPU[t1r3c1] Stat=0x00000003 HW=0x00000000LB=0x00000000 SW=0x00000680
This problem has been fixed.
Previously, the PPPoE VLAN RADIUS attribute 5 NAS Port ID contained only the interface number. The VLAN id number was missing. This problem has been fixed.
In the past, if you configured a PPPoE session, the following message was entered in the system log:Access109, changed state to upFeb 16 22:46:36: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceVirtual-Access310, changed state to downFeb 16 22:46:38: %PARSER-4-BADCFG: Unexpected end of configuration file.Feb 16 22:46:38: %LINK-3-UPDOWN: Interface Virtual-Access456, changed state to up
This problem has been fixed.
Previously, if there were 4000 or more PVCs running at the line rate, a reassembly interface sometimes stopped working and considered all input traffic as input errors and dropped the input traffic. This problem occurred on the OC-12 and 4-port OC-3 ATM line cards, and has been fixed.
In the past, any Cisco router with PPP capabilities crashed after 100 days—regardless of configuration. This problem has been fixed.
Previously, the session-timeout attribute was not applied to PPPoA PTA sessions. This problem has been fixed.
In the past, the Cisco 10000 series ESR did not update the values for bytes in/out and packets in/out for RADIUS-enabled accounting. This problem has been fixed.
Previously, if PPP over Ethernet or PPP over ATM was configured on the Cisco 10000 series ESR, LCP advertised an MRU of 1500 bytes instead of a value equal to the MTU of the relevant virtual template interface. This problem has been fixed.
In the past, LNS used 1464 in MRU negotiation regardless of the MTU configuration in the virtual template or the ip mtu adject feature.
In the past, when the route processor of the PRE was injecting traffic that was destined for an ATM interface, some ping packets were corrupted before they left the Cisco 10000 series ESR. This problem has been fixed.
Previously, accounting records on the RADIUS server contained the NAS-IP-Address (attribute 4) of the LNS, instead of the NAS-IP-Address of the LAC. This problem has been fixed.
Resolved Caveats in Cisco IOS Release 12.2(2)BY2
This section lists caveats found since the release of Cisco IOS Release 12.2(2)BY1 and are fixed in Cisco IOS Release 12.2(2)BY2.
An error can occur with management protocol processing. Please use the following URL for further information:
Caveats in Cisco IOS Release 12.2(2)BY1
Table 3 describes the caveats for the Cisco 10000 series ESR running Cisco IOS Release 12.2(2)BY1.
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following sites:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Cisco documentation is available in the following ways:
•Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:
•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS (6387).
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to firstname.lastname@example.org.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn. Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
Technical Assistance Center
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
P3 and P4 level problems are defined as follows:
•P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
Contacting TAC by Telephone
If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
P1 and P2 level problems are defined as follows:
•P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
•P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.
CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0201R)
Copyright © 2002, Cisco Systems, Inc.
All rights reserved.