Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.1S
This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.1S.
Symptoms: The following error message is reported just before a crash: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error There may not be any tracebacks given for the crash.
Conditions: This symptom is observed under normal conditions.
Workaround: There is no workaround.
Symptom: No calls shown when the show call active voice brief command is run, however many active calls are running.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Tacacs authentication fallback is not working.
Conditions: This symptom occurs in single connection TACACS host.
Workaround: Disable the single connection.
Symptom: Memory leaks are observed after unconfiguring BFD sessions.
Conditions: This symptom occurs after BFD sessions are unconfigured.
Workaround: There is no workaround.
Symptom: Router crashes with the following message: Unexpected exception to CPU: vector 1200
.
Conditions: This symptom occurs due to a change in the bandwidth or policing rate of the dialer interface.
Workaround: Downgrade to Cisco IOS Release 15.1(4)M4.
Symptom: ASR1001 or ASR1002 may report the following message after booting IOS "%IOSXEBOOT-1-BOOTFLASH_FAILED_MISSING: (rp/0): Required Bootflash disk failed or missing, reloading system.
Conditions: This Error message is due to the internal eUSB memory device rarely not responding to the initial accesses. A reboot will address the issue. This error can occur when a specific eUSB device is used. To check the installed eUSB, perform the following command:
Router> show usb summary Check if the following device is present: USB Device: STEC USB 2.0 Bus: 01 Port: 01 Cnt: 01 Speed: 480 Vendor: 136b ProdID: 0003 Rev: 1.00
Workaround: System reboot clears the condition.
Symptom: %IOSXE-3-PLATFORM: R0/0: kernel: physmap-flash.0: Chip not ready
Conditions: While doing redundancy force-switchover on ASR1006 (RP1)
Workaround: Reload ASR1006
Symptom: iWAG GTPv1 fails to setup PDP contexts when interacting with some vendor's ggsn products due to improper default QOS profile.
Conditions: Problem happens when interacting with certain ggsn products which do not ignore the allocation and retention value in QOS Required.
Workaround: Since the default QOS value cannot be changed now, the only workaround would be to see whether the specific ggsn product supports ignoring the allocation and retention value or the whole qos required.
Symptom: In some scenarios, retransmitted packets are not accounted against the retransmitted packet count metric.
Conditions: If retransmitted packets have the same sequence numbers and same IP IDs, they are NOT treated as retransmitted packets. This can sometimes cause the retransmission packet count to be zero (0), incorrectly, even when there are retransmitted packets.
Workaround: There is no workaround.
Symptoms: Forwarding loop is observed for some PfR-controlled traffic.
Conditions: This symptom is observed with the following conditions: - Traffic Classes (TCs) are controlled via PBR. - The parent route is withdrawn on selected BR/exit.
Workaround: This issue does not affect configured or statically defined applications, but only affects learned applications so this can be used as one workaround. Another option is to issue shut/no shut on PfR master or clear the related TCs with the clear pfr master traffic-class command (this fixes the issue until the next occurrence).
Symptom: ASR1000 Router Processor crashes with punted fragment-bit set multicast packets.
Conditions: This symptom occurs when the fragment bit is set in the multicast packets, and when these packets get punted to Router Processor.
Workaround: There is no workaround.
Symptom: MVPNv6 traffic is not received for a random set of MVRFs after MVPN is re-configured.
Conditions: This issue is observed only when ALL VRFs in the system are un-configured and re-configured for MVPN.
Workaround: One possible workaround is to clear IPv6 PIM control plane state using the clear ipv6 pim vrf <name> topology command for the selected states on the VRFs affected.
Symptom: There is no command options and flags for enabling or disabling the EZchip provided debug levels
Conditions: This condition is observed on the Popinac ELC
Workaround: There is no workaround.
Symptom: ASR1K ucode crash with interrupt cause REM_REM_MISC_ERR_LEAF_INT_INT_REM_POP_REQ_TO_EMPTY_SCHED
Conditions: Issue can be seen on when flapping a Multilink PPP or MLFR interfaces. Timing window to hit this issue is very small so not a common occurrence on a bundle flap.
Workaround: There is no workaround.
Symptom: Some kernel failure messages (e.g. COMRESET failed) may be seen on the console logs.
Conditions: This symptom is observed when performing a soft OIR of the NIM-SSD module or after the chassis comes up following a power cycle.
Workaround: There is no workaround.
Symptom: esp-gmac 256 performance of 1400B packets is much less than esp-gcm 256, 20Gbps vs. 30.4Gbps.
Conditions: suite-B transform set esp-gmac 256 vs. esp-gcm 256.
Workaround: There is no workaround.
Symptom: It is very difficult to debug empty video recordings
Conditions: For all video recording calls
Workaround: Do packet capture
Symptoms: Redistributed internal IPv6 routes from v6 IGP into BGP are not learned by the BGP neighboring routers.
Conditions: This symptom occurs because of a software issue, due to which the internal IPv6 redistributed routes from IGPs into BGP are not advertised correctly to the neighboring routers, resulting in the neighbors dropping these IPv6 BGP updates in inbound update processing. The result is that the peering routers do not have any such IPv6 routes in BGP tables from their neighbors.
Workaround: There is no workaround.
Symptoms: The Agent Greeting is not played out.
Conditions: This symptom is observed with the Agent Greeting Call Flow using CVP.
Workaround: There is no workaround with this build.
Symptom: The interrupt infrastructure is in place; the userspace handling of interrupt delivery to Aggregation ASIC userspace driver code is not being done correctly.
Conditions: This fixes the userspace handling of interrupt delivery to Aggregation ASIC userspace driver code
Workaround: There is no workaround.
Symptom: A FlexVPN spoke configured with an inside VRF and front-door VRF may have problems with spoke-to-spoke tunnels if they are not the same. During tunnel negotiation, two Virtual-access interfaces are created (while only one is needed), the one in excess may fail to cleanup correctly. As a result, the routes created by NHRP process may lead to loss of traffic, or traffic may continue to flow through the Hub.
Conditions: This symptom occurs when the VRF used on the overlay (IVRF) and the VRF used on the transport (FVRF) are not the same.
Workaround: There is no workaround.
Symptom: RP crashed due to redzone corruption.
Conditions: crashing because of improper memory management.
Workaround: There is no workaround.
Symptom: An open routing application cannot install a route into the router.
Conditions: This symptom is observed when the application sets up the route with Null0 as a next-hop interface.
Workaround: There is no workaround.
Symptom: Input characters can be dropped or garbled when copy/paste is used for module console input.
Conditions: When copy/paste is used to send characters to the module console sessions, it is possible for characters to get dropped, or not displayed properly during the module session.
Workaround: Manually enter any input needed on the module console rather than using cut/paste to send large amounts of text to the module console.
Symptom: After deleting a VRF, you are unable to reconfigure the VRF.
Conditions: BGP SAFI 129 address-family is not configured, but unicast routes are installed into multicast RIB to serve as upstream multicast hop, as described in RFC 6513. This applies to vrfs configured before BGP is configured.
Workaround: There is no workaround once it occurs beyond unconfiguring BGP. Configuring a dummy vrf multicast address-family under BGP before the issue occurs can prevent the problem from occurring.
Symptom: When the configuration option "file verify auto" is enabled and a local copy operation is done for a file that does not contain a signature, e.g. a log file or configuration back, the copy will fail.
Conditions: file verify auto is enabled in running configuration.
Workaround: Use copy or noverify or disable file verify auto.
Symptom: %IOSXE_RP_SPA-4-IFCFG_CMD_TIMEOUT: Interface configuration command
Conditions: Observed tracebacks and traffic drop during MDR upgrade
Workaround: There is no workaround.
Symptom: MPLS-TP L2 VCs are down after SIP reload and RP switchover
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: After a linecard is removed and reinserted (OIR), traffic may fail to pass through some virtual circuits which have been configured for pseudowire redundancy.
Conditions: This symptom is observed when the first segment ID in the redundancy group is numerically greater than the second segment.
PE1#show ssm id | inc 1st 1stMem: 16394 2ndMem: 12301 ActMem: 12301 1stMem: 16394 2ndMem: 12301 ActMem: 12301 After the OIR is performed, it can be seen that the segments are reversed on the linecard. ESM-20G-12#sh ssm id | inc 1st 1stMem: 12301 2ndMem: 16394 ActMem: 12301 1stMem: 12301 2ndMem: 16394 ActMem: 12301
Workaround: There is no workaround.
Symptom: A reload may occur while using show oer and show pfr commands via SSH.
Conditions: This symptom is observed when the show pfr master application detail command is used via SSH.
Workaround: There is no workaround.
Symptom: ASR-CUBE: Crash observed with DSMP.
Conditions: Load scenario issue is observed.
Workaround: There is no workaround.
Symptom: One-way video is seen while CUBE is trying to negotiate packetization mode=1 for H264 video codec in both the legs and one video endpoint doesn't support packetization mode=1 for H264 video codec.
Conditions: When there is DO-DO video call from a video endpoint which supports only Packetization Mode=0 for H264 video codec to a video endpoint which supports both packetization modes like 0 & 1.
Workaround: Make an EO-EO video call from the endpoint which only support packetization mode=0,so that CUBE will negotiate packetization mode=0 for both the legs and two-way video will be seen.
Symptom: The DHCP snooping database agent can appear to get stuck when using FTP as the transfer protocol. In the output of 'show ip dhcp snooping database' the following is observed:
Agent URL : <FTP URL> Write delay Timer : 300 seconds Abort Timer : 300 seconds Agent Running : Yes Delay Timer Expiry : 0 (00:00:00) <<<<< Delay timer is at zero, but process will never re-start Abort Timer Expiry : Not Running Last Succeeded Time : 02:09:53 PDT Thu Jun 6 2013 <<<<< Time will never update Last Failed Time : None Last Failed Reason : No failure recorded. Total Attempts : 12 Startup Failures : 0 Successful Transfers : 11 Failed Transfers : 0 Successful Reads : 1 Failed Reads : 0 Successful Writes : 10 Failed Writes : 0 Media Failures : 0
Conditions: This was seen only when using FTP as the protocol to transfer the DHCP snooping binding database to an external server.
Workaround: Use another file transport mechanism like SCP or TFTP as a workaround to this issue. Once the issue is hit, the only known workaround is to reload affected device.
Symptom: After a web-logon, users do not get the web-logon response page sent by the portal. If the web-logon is successful, users are not redirected to the web address which they have entered initially but are redirected to the portal for authentication.
Conditions: This symptom occurs under the following conditions:
1. Walkby feature is enabled with L4R & PBHK features applied to the lite session.
2. User initiated the web-logon request.
Workaround: There is no workaround.
Symptom: "playout-delay fax" command does not change T.38 and modem Passthrough playout buffer to accommodate packet jitter.
Conditions: This symptom occurs when the ability to reduce the default Fax playout is delayed.
Workaround: There is no workaround.
Symptom: Missing dial tone when pressing new call with existing two-way whisper call.
Conditions: This symptom is observed with whisper intercom only.
Workaround: There is no workaround, however you are able to make outgoing call without dial tone.
Symptom: A path confirmation failure occurs for Dual Tone Multifrequency (DTMF) tones.
Conditions: This symptom occurs in an SIP-SIP call flow in IPv4 and IPv6 scenarios.
Workaround: There is no workaround.
Symptom: PPPoE sessions are getting stuck.
Conditions: This is a timing issue. Issue is seen with qos accounting and accounting accuracy enabled. This was observed on active under very high load with CoA requests and session disconnect for a session happening almost at the same time. This happens on new active after RP switchover, if the switchover happens when a session was getting established. This does not need a CoA request, but needs Rabapol pushed through per user profile.
Workaround: There is no workaround.
Symptom: On an ASR involving transcoded calls, hung data plane issue is seen during abnormal disconnect of the calls.
Conditions: On an ASR involving transcoded calls, hung data plane issue is seen during abnormal disconnect of the calls.
Workaround: There is no workaround.
Symptom: Router crashed at ccsip_spi_incoming_reg_contact_change
Conditions: When configuring "registrar ipv4:9.60.51.254" under "sip-ua"
Workaround: There is no workaround.
Symptom:During MDR in a APS Setup, under certain conditions, IOSXE_APS-3-CCCONFIGFAILED, mesage is seen.
Conditions:If the MDR of Protect interface is Started first followed by a MDR of the Working, then the above TB will occur.
Workaround: Ensure that the working Interface is the first which goes through the MDR. IF the interfaces are on the SAME SIP, the traffic must be flowing through the Working interface, to ensure zero traffic drops.
Symptom: PW traffic is not flowing after SSO/card reset the active PTF card.
Conditions: The symptom is observed with the following conditions:
1. Create a unprotected tunnel between the active PTF card and create a PW.
2. Apply the table map. Bi-directional traffic is flowing fine.
3. SSO/reset the active PTF card in node 106 (4/1).
4. Now tunnel core port is in standby card.
5. Observed bi-directional traffic is not flowing once the card becomes up.
6. Again reset the active PTF card (5/4).
7. Observe uni-directional traffic only is flowing.
Workaround: Delete the PW and recreate it again. However, note that if you do an SSO/card reset, the issue reappears.
Symptom: Sometimes, IPCP assigns an different address for clients from wrong address pool.
Conditions: This symptom is observed under the following conditions: - peer default ip address command is configured on dialers. -There are some dialers on the Cisco router. -The issue could happen on Cisco IOS Release 15.2(4)M3.
Workaround: There is no workaround.
Symptom: ICMP v6 traffic is observed to drop
Conditions: ICMP v6 traffic is observed to drop with cxsc configured under the zbfw policy-map. Drops are observed the zone is applied on a DMVPN tunnel.
Workaround: There is no workaround.
Symptom: Matching the last protocol under it's attributes will not work.
Conditions: Using the default protocol-pack.
Workaround: Currently there is no workaround.
Symptom: Crypto session does not comes up in EZVPN.
Conditions: This symptom is observed when a Crypto session is being established.
Workaround: There is no workaround.
Symptom: Group Member is registering the third Key Server in its list in a redundant KS scenario, when certificate of first KS has been revoked.
Conditions: This symptom is observed under the following conditions: - GM has a list of 3 or more Key server - Certificate based authentication with OCSP validation - First KS certificate has been revoked.
Workaround: There is no workaround.
Symptom:
ASR1001-5-DEV(config-sbc-sbe-sip-hdr-ele)# sip header-profile hprof2 ASR1001-5-DEV(config-sbc-sbe-sip-hdr)# store-rule entry 1 ASR1001-5-DEV(config-sbc-sbe-sip-hdr-ele-act)# condition request-uri sip-uri-user store-as uname Error: sip-uri-user is only valid for To, From and Request-Line
Conditions: This symptom occurs when the following config is pasted into config terminal or on reading startup-config with following config
---------------------------------------------------------------------------------------------- sip header-profile hprof1 store-rule entry 1 condition header-name Allow header-value store-as Avalue store-rule entry 2 condition request-uri sip-uri-user store-as uname
Workaround: exit sbc, re-enter the specified store-rule/condition
---------------------------------------------------------------------------------------------- sip header-profile hprof1 store-rule entry 1 condition header-name Allow header-value store-as Avalue exit exit exit exit sbc test sbe sip header-profile hprof1 store-rule entry 2 condition request-uri sip-uri-user store-as uname
Asymmetric Payload Inter-working was introduced in XE310. Hence adding HA support for asymmetric payload inter-working here to provide complete solution as requested by some customers.
Symptom: ICMP error packets having icmp message in the payload are being dropped when NAT64 and ZBFW are configured.
Conditions: The configuration should include nat64 and zbfw.
Workaround: There is no workaround.
Symptom: OSPFv3 routes go missing after an NSR switchover.
Conditions: This symptom occurs after an SSO.
Workaround: Clear the IPv6 OSPF process.
Symptom: Switch crashes with EOAM and IP SLA Ethernet-monitor configurations
Conditions: Occurs infrequently when EOAM configuration include VLANs. Does not occur if all EOAM configurations are configured with only Ethernet Virtual Circuits (EVC)
Workaround: There is no workaround.
Symptom: High CPP_CP process CPU load on ESP100 caused by session counter collection.
Conditions: ESP100 and ISG scale
Workaround: Reduce number of counters associated with ISG session
Symptom: show plat soft iomd [slot/subslot] connecti statistics will, under some circumstances, on the first execution will display random counters.
Conditions: The first execution of the show plat soft iomd [slot/subslot] conn statistics.
Workaround: Execute a clear plat soft iomd [slot/subslot] connect statistics command.
Symptom: OSPF N2 default route missing from Spoke upon reloading Hub. Hub has a static default route configured & is sending that route over DMVPN tunnel running OSPF to spoke. When hub is reloaded, the default route is missing on Spoke. NSSA-External LSA is there on Spoke after reload, but the routing bit is not set. Hence, it is not installed in RIB on Spoke.
Conditions: Default originated using command "area X nssa default-information-originate"
Workaround: Removing & re adding "area X nssa default-information-originate" on Hub resolves the issue.
Symptom: Traffic drop after the sso
Conditions: with RSP10g
Workaround: There is no workaround.
Symptom: crypto context show command display unknown authentication and confidentiality output
Conditions: sha256, sha384, sha512, gmac and gcm
Workaround: There is no workaround.
Symptom: The crypto session remains UP-ACTIVE after tunnels are brought down administratively.
Conditions: This symptom occurs in tunnels with the same IPsec profile with a shared keyword.
Workaround: There is no workaround.
Symptom: Callflow: Verizon ? SIP trunk ? CUBE (ASR 1000)? CUSP ? Genesys ? Interactions IVR. CUBE does not ACK and BYE (glare handling case) after sending Cancel and receiving 200 Ok for cancel from CUSP.
Conditions: Verizon cancelled the call 300 milliseconds (aprox) after sending the invite, it caused the 200Ok of the invite and the Cancel to cross wire between CUSP and Genesy. By that time CUSP had already sent 200 Ok for CANCEL to CUBE, thus CUBE did not respond to the following 200 OK (for Invite).
Workaround: There is no workaround.
Symptom: BGP routes are not marked Stale and considered best routes even though the BGP session with the peer is torn down. A hard or soft reset of the BGP peering session does not help. For BFD-related triggering, the following messages are normally produced with the BGP-5-ADJCHANGE message first, and the BGP_SESSION-5-ADJCHANGE message second. Under normal conditions, the two messages will have identical timestamps. When this problem is seen, the order of the messages will be reversed, with the BGP_SESSION-5-ADJCHANGE message appearing first, and with a slightly different timestamp from the BGP-5-ADJCHANGE message. In the problem case, the BGP_SESSION-5-ADJCHANGE message will also include the string "NSF peer closed the session" For example when encountering this bug, you would see:
May 29 18:16:24.414: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast vpn vrf VRFNAME topology base removed from session NSF peer closed the session May 29 18:16:24.526: %BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf VRFNAME Down BFD adjacency down Instead of: May 29 18:16:24.354: %BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf VRFNAME Down BFD adjacency down May 29 18:16:24.354: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast vpn vrf VRFNAME topology base removed from session BFD adjacency down
Log messages associated for non-BFD triggers are not documented.
Conditions: This symptom is observed when BGP graceful restart is used in conjunction with BFD, but it is possible (but very low probability) for it to happen when BGP graceful restart processing happens when any other type of BGP reset (eg: clear command) is in progress. Affected configurations all include: router bgp ASN... bgp graceful-restart... The trigger is that BGP exceeds its CPU quantum during the processing of a reset, and gives up the CPU, and then BGP Graceful Restart processing runs before BGP can complete its reset processing. This is a very low probability event, and triggering it is going to be highly dependent on the configuration of the router, and on BGP's CPU requirements. It is not possible to trigger this bug unless BGP graceful-restart is configured.
Workaround: If you are engaged in active monitoring of router logs, and the bug is being triggered by a BFD-induced reset, you can detect this situation by watching for the reversal of log message order described in the Symptoms section, and then take manual steps to remedy this problem when it occurs. On the problematic router, issue no neighbor <xxx> activate command under the proper address-family will clear the stale routes. The other option is to manually shutdown the outgoing interface which marks the routes as "inaccessible" and hence not been used anymore. This prevents the traffic blackhole but the routes will stay in the BGP table.
Symptom: A CUBE router may reload
Conditions: This is only seen on a router processing voice traffic
Workaround: There is no workaround.
Symptom: icmp packet size 1439-1454 will be drop at next hop because the L2 frame size is bigger than 1518, 1500 MTU acceptable frame size.
Conditions: crypto map with NAT in between tunnel end point
Workaround: There is no workaround.
Symptom: traceback observed when Interface Virtual-Access3(for ezVPN server) changed state to down on MCP_DEV(XE311)
Conditions: Interface Virtual-Access3(for ezVPN server) changed state to down.
Workaround: There is no workaround.
Symptom: The no passive-interface <if-name> command will be added automatically after configuring the " ipv6 enable " command on the interface even though the "passive-interface default" command is configured for OSPFv3. --- (config)#interface FastEthernet0/2/0 (config-if)#ipv6 enable (config-if)#end #sh run | sec ipv6 router ospf ipv6 router ospf 100 router-id 10.1.1.1 passive-interface default no passive-interface FastEthernet0/2/0 <<< Added automatically. ---
Conditions: This symptom occurs when the "passive-interface default" command is configured for OSPFv3.
Workaround: Adjust the configuration manually. In this example it would be "passive-interface FastEthernet0/2/0".
Symptom: traceroute to MIP mac address is failing
Conditions: Portchannel traceroute to MIP mac address of egress interface failing
Workaround: There is no workaround.
Symptom: Prefixes/TCs stay INPOLICY although some configured resolvers are above threshold
Conditions: Policy uses non-default resolvers
Workaround: Only a reload of the MC solves this issue.
Symptom: ASR1K fails to initialize with cpp_driver held down message
Conditions: ESP-100, ESP-200 or ASR1002-VE configured with 40MB or 80MB TCAM devices manufactured by Renesas may fail to initialize.
Workaround: There is no workaround.
Symptom: SNMP occupies more than 90% of the CPU.
Conditions: This symptom is observed when polling the cefFESelectionTable MIB.
Workaround: Execute the following commands: snmp-server view cutdown iso included snmp-server view cutdown cefFESelectionEntry excluded snmp-server community public view cutdown ro snmp-server community private view cutdown rw
Symptom: Memory leak is seen when SDP passthru is configured.
Conditions: When SDP passthru is configured.
Workaround: There is no workaround.
Symptom: Prefixes withdrawn from BGP are not removed from the RIB, although they are removed from the BGP table.
Conditions: A withdraw message contains more than one NLRI, one of which is for a route that is not chosen as best. If deterministic med is enabled, then the other NLRI in the withdraw message might not eventually be removed from the RIB.
Workaround: Forcibly clear the RIB.
Symptom: The BGP task update-generation process may cause the router to reload, in a rare timing condition when there is prefix flap and there is high scale of prefixes going through update-generation, including the flapping prefix.
Conditions: The symptom is observed when the Cisco ASR router is acting as a route server for BGP along with having various route-server contexts. The router does not do any forwarding. It merely processes control plane traffic.
Workaround: There is no workaround.
Symptom: When an IOS router with one or more mpls ldp neighbors undergoes an mpls ldp router-id configuration change when non-stop routing had been previously enabled and then disabled prior to the router-id configuration change, sessions will fail to become NSR ready once mpls ldp nsr is reconfigured.
Conditions: This issue occurs when the mpls ldp router-id is reconfigured after mpls ldp nsr has been enabled and then disabled. After the router-id change, mpls ldp nsr must be reconfigured in order to encounter this issue.
Workaround: Reload the standby RP.
Symptom: Some neighbors are not discovered and the VCs don't come up
Conditions: SSO on box having VFIs with autodiscovery BGP and BGP signalling, with more than 2 remote PEs.
Workaround: There is no workaround.
Symptom: Basically, the fix is originally committed in XE3.7 release. The requirement is that when VC type is 4 for both VPLS and VPWS, ASR1k needs push a dummy tag in outgoing packets before forwarding them to core network and pop a dummy tag in incoming packets coming from core network. Such fix also needs be committed to XE3.10 release.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: A Cisco ASR 1000 router may display the following log with a traceback: SCHED-3-UNEXPECTEDEVENT Process received unknown event (maj 80, min 0).
Conditions: There is no known condition.
Workaround: Reload the router.
Symptom: IPsec transform set with esp-md5-hmac is not supported in this release. When esp-md5-hmac is used, though the IPsec tunnel is established, traffic can not pass through the tunnel. Inbound traffic will be dropped with HMAC error. Outbound traffic will reach to the peer, but will be dropped by the peer with HMAC error.
Error message : %IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00000002356612773534 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 5, src_addr 60.0.0.2, dest_addr 60.0.0.1, SPI 0xb98e9ee1
Conditions: Whenever esp-md5-hmac is used in an IPsec transform set.
Workaround: Use esp-sha-hmac, not use esp-md5-hmac.
Symptom: OSPF ABR router does not flush type-4 ASBR summary LSA after NSR swithover if the connection to ASBR is lost during NSR switchover.
Conditions: This symptom is occurs when the VSS system acts as ABR and loses connection to an ASBR during NSR switchover. This configuration is not recommended and Layer 3 topology should not change during the switchover.
Workaround: Clear ip ospf proc.
Symptom: IP SLA responder crash occurs on Cisco ASR 1002 router in Cisco IOS Release 15.2(4)S, Cisco IOS Release 15.2(4)S1, and Cisco IOS Release 15.2(4)S2.
Conditions:This symptom occurs when ip sla udp jitter with precision microseconds, udp jitter with milliseconds and udp echo are configured on the sender device with the same destination port on Cisco ASR 1002 router.
Workaround:Use different destination ports for udp-echo and udp jitter with millisecond precision than udp jitter with microsecond and optimize timestamp.
Symptom: bad ipcksum when tcp segment from inside
Conditions: Send tcp segments from inside (sip ALG)
Workaround: There is no workaround.
Symptom: The router crashes from some heap memory exception, such as "FREEFREE" or "BADMAGIC" within the checkheaps process.
Conditions: The router has experienced heavy, likely prolonged voice traffic, especially CUBE (IP-IP gateway) calls.
Workaround: There is no workaround.
Symptom: During normal operation, the Cisco ASR 1000 router may crash after repeated SNMP related watchdog errors.
Jun 15 2013 10:43:30.325: %SCHED-0-WATCHDOG: Scheduler running for a long time, more than the maximum configured (120) secs. -Traceback= 1#6d024ee43b83b4f5539a076aa2e8d467 :10000000 56A5348 :10000000 20F7D54 :10000000 2513910 :10000000 20F807C :10000000 20EBE84 :10000000 2119BA8 :10000000 20EBE84 :10000000 2106C24 :10000000 20EBE84 :10000000 213C9E8 :10000000 213CC34 :10000000 225B748 :10000000 222941C :10000000 2214314 :10000000 224812C -Traceback= 1#6d024ee43b83b4f5539a076aa2e8d467 :10000000 21416F0 :10000000 2513910 :10000000 20F807C :10000000 20EBE84 :10000000 2119BA8 :10000000 20EBE84 :10000000 2106C24 :10000000 20EBE84 :10000000 213C9E8 :10000000 213CC34 :10000000 225B748 :10000000 222941C :10000000 2214314 :10000000 224812C
Conditions: This symptom occurs while trying to obtain data from IP SLAs Path-Echo (rttMonStatsCollectTable) by SNMP polling operation.
Workaround: There is no workaround other than to disable SNMP configuration from the router.
Symptom: ASR router crashes for media forking HA feature
Conditions: media forking feature crashed in B2BHA standby router
Workaround: There is no workaround.
Symptom: CUBE send 403 response for untrusted Requests by default. This request to make the TDOS feature enabled by default came from marketing for Ease-of-use to the customer.
Conditions: Request should come from untrusted host.
Workaround: enable silent-discard explicitly.
Symptom: Router may crash when unconfiguring large (8k) redirect ACL list in MASK config
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptoms: When ASR1k receives Account Logon from web portal and coverts lite sessions to dedicated sessions, ASR1k may show inconsistent session counters between PI and PD shim layer. Without this debuggability enhancement, we are not able to tell whether the problem resides on PI sie or PD side.
Conditions: This condition is observed when converting lite sessions to dedicated sessions.
Workaround: There is no workaround.
Symptom: When ingress-PE switch the encapsulation of multicast traffic from default MDT to data MDT, the first packets after switchover will be added two labels (including both default and data MDT labels).
Conditions: When the traffic rate exceeds the threshold, the ingress-PE will switch to data MDT(encapsulate multicast packets into data MDT, instead of default MDT).
Workaround: There is no workaround.
Symptom: KS not sending rekey to the registered GM
Conditions: KS not sending rekey to the registered GM
Workaround: If we enable retransmission on KS, rekey are received by the GMs.
Symptom: The router crashes during the display of history traces during execution of command 'show monitor event-trace voip ccsip history all'
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Packets carrying IP Options and being encrypted end in a corrupted packet.
Conditions: An IPv4 packet carrying IP options traversing a GETVPN GM with TBAR enabled. After encryption, the outer IP header is corrupted. This issue doesn't manifest itself if no IP Options are present on the original IP packet
Workaround: There is no workaround.
Symptom: RP crashes [active RP, in the case of a dual RP setup] when the show otv isis database standard detail command is used to check details related to MAC addresses.
Conditions: This symptom occurs in valid OTV configurations (OTV state is UP and AED State is Yes).
Workaround: There is no workaround.
Symptom: Overlord crashing @ cvmx_clock_get_count on latest throttle image
Conditions: Overlord with KWAAS installed and with specific configuration combination
Workaround: There is no workaround.
Symptom: packet is dropped with reason of NatIn2out
Conditions: PAT configuration
Workaround: There is no workaround.
Symptom: When loading protocol-pack 6.0 or 6.1 a traceback might occur. There is no functionality impact.
Conditions: When loading protocol-pack 6.0 or 6.1 on top of version 15.3(3)S with RP1 platform.
Workaround: Currently there is no workaround.
Symptom: When inserting a SPA-4XT-SERIAL or after booting of a chassis containing SPA-4XT-SERIAL, the following messages are displayed:
*Jun 18 17:18:31.741 EDT: %IOSXE-4-PLATFORM: R0/0: kernel: ERROR: No thresholds defined for slot 1, BW 150 (mbps) *Jun 18 17:18:31.741 EDT: %IOSXE-4-PLATFORM: R0/0: kernel: ERROR: SPA 1: get buf 56 thresholds failed
These are only messages and have no affect on SPA functionality
Conditions: Occurs during reload/bootup of chassiswhich contains the SPA-4XT-SERIAL or during insertion of this SPA.
Workaround: There is no workaround.
Symptom: Dns response get dropped with no-payload configured and NAT FW
Conditions: configure nat FW(dns inspect) send dns query from inside, server then reply the response
Workaround: There is no workaround.
Symptom: intra mag roaming via dhcp request.
Conditions: intra mag roaming via dhcp request.
Workaround: There is no workaround.
Symptom: config / un config cause MAG config fail with MCSA
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: RP crash occurs while removing nat configs
Conditions: This condition is observed when you unconfigure 4k nat sessions from UUT
Workaround: There is no workaround.
Symptom: When subject name is used as secondary under trustpoint for authorization without primary configured, it doesn’t pick the correct value. Conditions: only subject name is configured as secondary without primary. Workaround: configure subject name as primary
Symptom: There is no known symptom.
Conditions: Astro can require a core voltage of up to 1.00V. However, the voltage was defaulted to 0.9V for all Astro chips. If an Astro requires 1.0V is on a board, it is only operating at 0.9V and could fail to operate properly at speed.
Workaround: There is no workaround.
Symptom: With MVPN BGP C-route signalling, some multicast states in the VRF might be left even when C-route state is withdrawn from BGP.
Conditions: This typically happens when all the BGP sessions on the PE go down (for e.g. manual clearing of BGP via "clear ip bgp")
Workaround:There is no known workaround.
Symptom:Complete traffic loss
Conditions: This condition is observed when you clear Xconnect all, on the box where pseudowire redundancy is configured and no other network event before this trigger
Workaround: Remove and reconfigure Xconnect service
Symptom: erspan performance downgrade in FP160
Conditions: erspan under FP160
Workaround: There is no known workaround.
Symptom: The system crashes, and it causes a reload. Messages that can be seen on the console indicate there is a "NULL pointer dereference" for example, BUG: unable to handle kernel NULL pointer dereference This is followed by a stack trace.
Conditions: This crash is unlikely to happen in normal situations. The user would need to have shell access, and then access a task file under /proc (for example, /proc/29208/ns/ipc) which gives stats on the IPC namespace. The crash is cause due to the lack of proper locking semantics on the variables controlling the IPC namespace.
Workaround: There is no workaround.
Symptom: NBAR doesn't activate
Conditions: with NAT under SIP, DNS traffic
Workaround: disable alg
Symptom: getting crashinfoo while running NATFW scipt with mcp_dev image
Conditions: Getting crashinfo
Workaround: Tried with other mcp_dev image but getting same crashinfo.
Symptom: Observe SSS msg chunk memory leak
Conditions: clear subscriber session all while scale sessions are coming up
Workaround: There is no workaround.
Symptom: Hw-Sw: ASR1004 ASR1000-RP2 ASR1000-ESP20 asr1000rp2-adventerprisek9.03.09.01.S.153-2.S1 The ESP goes down logging messages similar to what is shown below:
Jun 27 19:59:12.308: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:CPP Client process failed: cpp_cp det:HA class:CLIENT_SW sev:FATAL id:1 cppstate:RUNNING res:UNKNOWN flags:0x0 cdmflags:0x0 Jun 27 19:59:12.393: %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_ha: cpp_ha encountered an error -Traceback= 1#e1875e79d5b29fc4e498ecbc61cdf452 errmsg:F6DB000 2230 cpp_common_os:FF5A000 C330 cpp_common_os:FF5A000 C130 :10000000 6FA4 :10000000 12718 evlib:F435000 E3B8 evlib:F435000 10564 cpp_common_os:FF5A000 12FF8 :10000000 F108 c:E51F000 1E938 c:E51F000 1EAE0 Jun 27 19:59:13.054: %PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cp_svr has been helddown (rc 134) Jun 27 19:59:14.289: %PMAN-0-PROCFAILCRIT: F0: pvp.sh: A critical process cpp_cp_svr has failed (rc 134) Jun 27 19:59:18.422: %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_ha: cpp_ha encountered an error -Traceback= 1#e1875e79d5b29fc4e498ecbc61cdf452 errmsg:F6DB000 2230 cpp_common_os:FF5A000 C330 cpp_common_os:FF5A000 C130 :10000000 6FA4 :10000000 12718 evlib:F435000 E3B8 evlib:F435000 10564 cpp_common_os:FF5A000 12FF8 :10000000 F108 c:E51F000 1E938 c:E51F000 1EAE0
Conditions: On issuing "sh ip nat trans" when there are a large number of static networks and static NAT mappings
Workaround: Use AAA/Authorization functionality to restrict show ip nat translations OR clear ip nat translation from being issued
Symptom: Configured two APS groups ( one for OC3/hdlc and other with OC12/PPP) between ASR1013 and ASR1006 using back to back connections. APS group 1 interfaces Inactive after RP-switchover
Conditions: During ASR1013 Subpackage MDR
Workaround: There is no workaround.
Symptom: Seeing PuntPerCausePolicerDrops on sending traffic through LISP router.
Conditions: No traffic drops associated
Workaround: There is no workaround.
Symptom: Plim Ingress classification doesn't work on Clearchannel-SPAs. High priority traffic will continue to be treated as normal traffic and flows in Low Priority queue.
Conditions: With PLIM ingress classification, despite assigning "map ip dscp 16 - 31 queue strict-priority" traffic flows in Low Priority queue.
Workaround: There is no workaround.
Symptom: %MEDIATRACE-3-R_SNMP_COMM_STR_MISSING message is seen, suggesting to add 'snmp-server community public ro' command, but this command is already present on config.
Conditions: There is some access-limit mechanism in place on the SNMP config, such as 'snmp mib community-map' command
Workaround: Make sure the first community to appear in the config has no access-limit mechanism, or it has one that allows the router to query itself using SNMP.
Symptom: QFP crash
Conditions:
– create normal GTPv1 session and primary PDP
– delete request with teardown false
– update QOS with diff data TEID at both SGSN/GGSN, crash happened
Workaround: There is no workaround.
Symptom: Unable to authenticate to Root CA if already authenticated with Sub CA of the Root CA
Conditions: When authentication with SubCA is already successful, authentication with Root CA fails
Workaround: Authenticate Root CA first and then SubCA.
Symptom: VTCP is not robust enough when received tcp segments with abnormal sequence id. This may result FP crash. We observed a TCP packet much older than the current window on customer network.
Conditions: abnormal sequenced tcp segments received when vtcp buffering current flow
Workaround: There is no workaround.
Symptom: ucode crash seen on unconifugring nat with nbar
Conditions: Seen during a script run
Workaround: There is no workaround.
Symptom: peruser v4ACL HA replication broken in mcpdev
Conditions: When IPv4 and IPv6 profile for single user applied then v4 profile per user data not synced to standby.
Workaround: There is no workaround.
Symptom: "show hw-module subslot <> sensor" may show the rail-0 as "Margined"
Conditions: The output may show up on normal boot up of the BUILT-IN SPA of Ethernet Line Card.
Workaround: There is no workaround.
Symptom: Certain sequence of config/unconfig of PLIM commands resulted in error.
Conditions:
1. Add DSCP based Plim config.
2. Mark certain DSCP value as high or low priority with PLIM config command.
3. Delete the config added in step 1.
4. Now try to add a TOS bases Plim config. It will through error stating "config done in step 2" must be deleted. But config in step 2 is a subset of config in step1. It should be enough if the config in step1 is removed to add any new plim config.
Workaround: Remove the DSCP based config completely before adding any new TOS based config.
Symptom: The Calling-Station-Id is not sent in the accounting-request.
Conditions: Easy VPN server or Flex VPN remote access is configured along with the radius-server attribute 31 remote-id command.
Workaround: There is no workaround.
Symptom: A watchdog timeout crash is seen:
Jul 14 10:52:08 CDT: %SYS-3-CPUHOG: Task is running for (126000)msecs, more than (2000)msecs (1058/14),process = EIGRP-IPv4. -Traceback= 0x62295A0z 0x5A4B9A8z 0x5A46B10z 0x5A46D70z 0x59EDF2Cz 0x59EFE18z 0x59F0460z 0x59F0D80z 0x59F1094z 0x59F3FD8z 0x59F4A9Cz 0x5A33D00z 0x5A3419Cz 0x5A071F0z 0x5A080B8z 0x5A43F24z Jul 14 10:52:10 CDT: %SYS-3-CPUHOG: Task is running for (128000)msecs, more than (2000)msecs (1071/14),process = EIGRP-IPv4. -Traceback= 0x6CE1A74z 0x6CE106Cz 0x59F5C84z 0x59EE020z 0x59EFE18z 0x59F0460z 0x59F0D80z 0x59F1094z 0x59F3FD8z 0x59F4A9Cz 0x5A33D00z 0x5A3419Cz 0x5A071F0z 0x5A080B8z 0x5A43F24z 0x4DD9850z Jul 14 10:52:10 CDT: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = EIGRP-IPv4. -Traceback= 0x5A4253Cz 0x5A4A054z 0x622077Cz 0x622482Cz 0x6229720z 0x5A4B9A8z 0x5A46B10z 0x5A46D70z 0x59EDF2Cz 0x59EFE18z 0x59F0460z 0x59F0D80z 0x59F1094z 0x59F3FD8z 0x59F4A9Cz 0x5A33D00z %Software-forced reload
Conditions: This issue has been seen with DMVPN and IPV4 / IPV6 EIGRP configured. A crash occurs while DUAL is updating the EIGRP Topology table
Workaround: There is no workaround. Possibly downgrade to 15.2(4)M2 as the issue was seen after upgrading from this version.
Symptom: When a Port-channel interface with a carrier delay of 0 milliseconds and one or more service instances configured is removed, an unexpected process termination occurs.
Conditions: The issue will be seen only when there is both carrier delay ms 0 configuration and service instance configuration under a Port channel interface, and that Port-channel interface is removed using for example no interface Port-channel 1.
Workaround: There are several work around:
– Remove the service instance(s) from the Port-channel interface before deleting the interface.
– Remove the carrier delay from the Port-channel before deleting the interface.
– Configure a non-zero carrier delay instead of a 0 carrier delay.
– Don't use carrier-delay on port-channel interfaces in conjunction with service instances. Instead use carrier-delay on port-channel member interfaces. The use of "lacp fast-switchover" on the port-channel interface can also help to avoid the need for carrier-delay in cases where redundant LACP member links are in use.
Symptom: IOS crash after configuring MHBFD template and map
Conditions: configure: bfd-template multi-hop New-Temp no authentication sha keychain mhop-key-abc bfd map ipv4 4.4.4.4/32 1.1.1.1/32 New-Temp
Workaround: There is no workaround.
Symptom: ESP-100 may crash continuously on an ASR1K box with cpp_svr crashes causing the FP to go down
Conditions: Numerous QoS sessions with a single queue being created on an interface in a per-session basis on a Yoda platform (ASR1002-X/ESP100/ESP200)
Workaround: There is no workaround.
Symptom: Observing iosd crash while removing match criteria from class map.
Conditions: When multiple filters are matched in the same statement and any one of them is deleted the crash is seen.
Workaround: There is no workaround.
Symptom: Hash table updated incorrectly when more than one interface assigned with ip address on wae
Conditions: Apply ip and configs with uut and wae.
Workaround: Issue not seen when there is only one interface assigned with ip address on wae.
Symptom: Router crashes when the command "show voip rtp forking" is issued during load.
Conditions: Media Forking Enabled
Workaround: "show voip rtp forking" CLI should not be used under load
Symptom: Peer destination SIP trunk doesn't establish trunk due to option ping failover towards CUBE. This occurs when the peer to CUBE sends CUBE OPTION PINGS with max-forwards set to zero. The response from CUBE is to incorrectly respond back with a 483 message to many hops. Unified Communications Manager does accept that as a valid response but other User Agents might interpret it incorrectly and not consider the peer active unless receiving a 200OK.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Potential starving of features to use recycle queue resources because AppNav queue is made high priority
Conditions: Large amount of traffic large enough to exhaust the AppNav recycle queues used by mpass infra
Workaround: There is no workaround.
Symptom: Losing Eigrp Extended comminutes on bgp l3vpn route.
Conditions: When Remote PE-CE connection is brought down & only backup EIGRP path remains in the bgp table.
Workaround: clearing the problem route in the vrf will resolve the issue.
Symptom: Spurious Accesses messages on router
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: IFNF support a single L3 byte counter for a connection. There are no separate counter for the connection client and server. This fix adds client and server counters
Conditions: Current supported CLI: flow record test collect counter bytes long end With this fix, two additional counters can be collected: flow record test collect counter bytes long collect connection client counter bytes network long collect connection client counter bytes server long end
Workaround: There is no workaround.
Symptom: ATM autovc padi timeout
Conditions: autovc scaling
Workaround: There is no workaround.
Symptom: FMAN-FP crash may occur while broadband sessions are torn down
Conditions: When a large number of broadband sessions are being torn down, there is a possibility of a crash in FMAN-FP.
Workaround: There is no workaround.
Symptom: There are two possible symptoms for this problem, one is related to the "show" CLI and one is related to configuration (functional). 1) QoS Show CLI: Traceback on FP/ESP (in cpp_cp) when executing a "show plat hard qfp act feat qos..." command. This is a non-functional problem. 2) QoS Configuration Error: Traceback on FP/ESP (in cpp_sp) when configuring QoS features. This is a functional problem.
Conditions: Specific sequences of events are required to hit this problem. 1) QoS Show CLI (non-functional): Removing class(es) from attached service policies, attaching new targets, then issuing QoS platform show commands. 2) QoS Configuration Error (functional): Removing class(es) from attached service policies, attaching new targets, detaching "old" targets, re-adding same class(es) back to policy-map.
Workaround: Detach service policy from all targets before removing classes from service policy. The non-functional traceback
(1) is benign, no corrective action is needed. If the functional traceback
(2) has occurred, FP/ESP must be rebooted/reloaded to clear the QoS configuration error.
Symptom: Creating 2000 GRE IPSEC tunnels (sample configuration shown below, repeated 2000 times) causes RP crash. interface tunnel10001 bandwidth 1000 ipv6 address 1003:0:0:1::1/64 ipv6 enable tunnel source Loopback10001 tunnel dest 1004:0:1:1::1 tunnel mode gre ipv6 tunnel protection ipsec profile hub10001
Conditions: This symptom is observed under the following conditions: On ASR1K: Works fine when scaled up to 2500 sessions. At 4000, a crash is observed. The in between numbers are not available.
Workaround: Bring up the tunnels in staggered manner (booting with the configurations can also cause the issue) by shutting down the interface and the start them in batches.
Symptom: An FP crash and core file is generated.
Conditions: This condition is observed when the engineering/debug command sh pla ha qfp act datapath infra chunk basic <addr> with an invalid address is passed
Workaround: Do not use this debug command with an invalid address.
Symptom: VC not coming up
Conditions: VC not coming up with VPLS configs since vlan is down
Workaround: Perform a shut/no shut of the vlan interface
Symptom: A PLIM driver informational error TXMC - txmcBufferOverflow messages seen on the router.
Conditions: Seen with the oversubscribed traffic and Shut/noshut on the interface.
Workaround: There is no workaround.
Symptom: Route over OSPFv2 sham-link shows two next hop.
Conditions: This symptom is observed when the route entry is ECMP route between the sham-link and another path.
Workaround: Break ECMP by adjusting the OSPF cost.
Symptom: Certain connections are reset when active router is reloaded in HSRP pair.
Conditions: This condition is observed when you reload an active router.
Workaround: Keep the WAN interface down until Appnav Cluster converges and flow updates are completed.
Symptom: When E1 interface have both channel-group and ds0-group, some ds0-group may not come up on the remote side (suppose it's argot), and voice call cannot be made.
Conditions: This happens when both channel groups and ds0-groups are configured on the same Fortitude card.
Workaround: Current work around is to always configure ds0-group first, then configure channel-group or tdm-group.
Symptom: "clear controller wanphy x/x/x" command cannot clear counters of "sh controller wanphy x/x/x". This issue is seen on ASR1006.
Conditions: When insert the SPA after the router is up.
Workaround: Reload the router with the SPA. To-Recovery:
1. Reload the router with the SPA
2. "hw-module subslot x/x reload" can clear counters temporarily. But this way doesn't resolve this issue.
Symptom: the sending out isis/NHRP control message packet over tunnel from asr1k don't have special TOS value (prec 6)in the tunnel header
Conditions: ASR1k pre XE3.10 release, day-one issue.
Workaround: There is no workaround.
Symptom: OIR of Metronome-spa_BITSOUT results in QL-DNU at connected input source (Metronome-spa/Kingpin BITSIN).
Conditions: OIR of Metronome-spa_BITSOUT
Workaround: Remove and Re-apply BITSOUT clocking configuration.
Symptom: FP may crash with HTTP and FTP traffic
Conditions: Configured NAT, NBAR and appnav over gre tunnel and HTTP
Workaround: There is no workaround.
Symptom: Crash on C819G running 152-4.M1 due to memory corruption at vm_xif_malloc_bounded_stub.
Conditions: This condition is seen due to recursive function call of fib code, NHRP, IP SLA etc. However, these might not be the only trigger.
Workaround: There is no workaround.
Symptom: Named IP ACL does not work for Hash assignment
Conditions: Apply ip and acl configs on UUT
Workaround: There is no workaround.
Symptom: Path confirmation failure in T.38 Fax call with re-invite
Conditions: Voice to fax switch over, T38 fax is not working.
Workaround: There is no workaround.
Symptom: During Sub package ISSU Upgrade is performed on ASR1002-X router after upgrading the standby RP (R0/1) with new RP subpackages, Switchover is forced from the active IOS process to the standby IOS process. During the switchover, new active performs configuration Bulk-Sync with the standby. During this Bulk Sync operation, the configuration related to the Interfaces is not synced to the standby due to Bulk Sync MCL failures. The following error message will be displayed when this error is present. Sample Error Message: <.............> Config Sync: Bulk-sync failure due to Servicing Incompatibility. Please check full list of mismatched commands via: show redundancy config-sync failures mcl Config Sync: Starting lines from MCL file: interface Tunnel150 ! <submode> "interface" - tunnel source GigabitEthernet0/0/0.34 <..............> Standby takes more time(~744 seconds) for reaching terminal State.
Conditions: The symptom is observed after redundancy force-switchover step in ISSU upgrade procedure.
Workaround: Perform a standby IOS reload. "hw-module subslot R0/0 reload"
Symptom: Data rate for a QoS shaped MLPPPoA/MLPPPoEoA traffic class may exceed the configured QoS shape rate.
Conditions: This issue will be apparent if a parent or child shaper is defined on the MLPPP bundle interface that is less than the configured PVC data rate.
Workaround: The user can explicitly tell the shaper to account for the ATM Cell Overhead by appending the "account user-defined 0 atm" configuration option to the shaper configuration. Example: shape rate <rate> account user-defined 0 atm Note that if the session is already active when modifying the QoS policy-map, the session may need to be restarted for the QoS modification to take affect. This issue will be addressed in the upcoming XE3.8, XE3.10, and later releases. This issue will not be addressed in XE3.8 and XE3.9 and will require migration to XE3.10 or later releases to pick up this fix when available.
Symptom: ASR 1002-X experiences a watchdog reset due to a kernel core dump triggered by a possible divide-by-zero condition.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Call flow: Verizon -- CUBE -- CUSP -- Genesys/IVR, transferred with SIP Refer back to PSTN hair-pining the call on CUBE. When the call is put on hold to be transferred from IVR to PSTN, the codec negotiation fails, dropping the call with reason code 47 and hanging the UDP port used. All subsequent calls that try to re-use the same UDP port for RTP stream are dropped with reason code 47 and provision RSP failure is logged on show voip fpi stats
Conditions: Hair-pinned calls that received multiple M-Lines on the SDP received from Verizon on the original SIP Invite.
Workaround: There is no workaround. Reload of router is required to clear hung UDP ports.
- CSCui26516
- Symptom: Currently, SIP profiles copy variables data is available only in CCB, but not in SCB. Due to this limitation, copy variables doesn't work for the below cases. - out-of-dialog subscribe/notify pass-thru - in-dialog subscribe/notify after call is cleared (CSCug77212)
Conditions: When sip profiles copy variables data is used along with in-dialog subscribe/notify.
Workaround: There is no workaround.
Symptom: when ASR1000 connect with ISO HDLC equipment, the ATOM PW traffic could not transparent successfully.
Conditions: in L2VPN ATOM PW configuration, AC on the PE is CISCO HDLC encapsulation, and CE equipment is ISO HDLC.
Workaround:
1. CE configure CISCO HDLC.
2. CE configure as the FR, and PE configure as HDLC.
Symptom: Router crash.
Conditions: It only happens in rare cases on images supporting HA with IPv6 BSR configured. In this case it was found by quickly configuring and unconfiguring C-RPs. It is not clear whether this can happen in a normal use case.
Workaround: There is no workaround.
Symptom: erspan performance downgrade in Kingpin
Conditions: erspan on Kingpin
Workaround: There is no workaround.
Symptom: In rare occasions the standby RP on a dual RP system may crash after performing a switchover. The crash occurs due to an invalid message being sent from the RP to the RRP. The following tracebacks may be observed:
Jul 22 15:12:50.058 UTC: %COMMON_FIB-3-FIB_PATH_LIST_DB: Attempt to add empty path list 0/0: 7F0356E75750 -Traceback= 1#f7cffe13a57f1f88eefbd82deeaab4af :400000 876363 :400000 2C3B063 :400000 2C3AEA9 :400000 2C3CE05 :400000 2C2E3FF :400000 1728B37 :400000 1727E94 :400000 1727A77 :400000 1727968 :400000 5E1FF6F :400000 6536C5D :400000 5E1A433 :400000 5E1A09F Jul 22 15:12:50.062 UTC: %FRR_OCE-3-GENERAL: try to delete unempty frr db_node. -Traceback= 1#f7cffe13a57f1f88eefbd82deeaab4af :400000 876363 :400000 2CDF48D :400000 2CDD509 :400000 16CA2BD :400000 16CA21A :400000 171C2EC :400000 3EB784A :400000 1729863 :400000 1728B46 :400000 1727E94 :400000 1727A77 :400000 1727968 :400000 5E1FF6F :400000 6536C5D :400000 5E1A433 :400000 5E1A09F Jul 22 15:12:50.065 UTC: %FRR_OCE-3-INVALIDPAR: invalid setup state -Traceback= 1#f7cffe13a57f1f88eefbd82deeaab4af :400000 876363 :400000 2CDD520 :400000 16CA2BD :400000 16CA21A :400000 171C2EC :400000 3EB784A :400000 1729863 :400000 1728B46 :400000 1727E94 :400000 1727A77 :400000 1727968 :400000 5E1FF6F :400000 6536C5D :400000 5E1A433 :400000 5E1A09F
Conditions: There exists a very small timing window where the MPLS forwarding infrastructure may send an invalid message to the standby RP. The condition may occur if a large number of L2VPN AToM pseudowires are flapped within a window at the same time as a RP switchover is performed.
Workaround: There is no workaround.
Symptom: Tracebacks on standby support on reload of LC containing Pb free Patriot SPA Where we see vc number mismatch tracebacks on standby when we do an LC OIR with ct3 spas inserted
- Conditions: Fix of CSCud67270 Traceback @ spa_choc_dsx_create_vcidb should be present and CT3 SPA should be there and its OIR should be done
Workaround: There is no workaround.
Symptom: ASR1k CPP ucode crash
Conditions: Very big DNS packet are being processed.
Workaround: There is no workaround.
Symptom: The ESP crashes when updating a highly scaling configuration with a large number of flow-controllable nodes. The crash could be observed during dynamic reconfiguration such as changing the rates of a scheduling node, e.g. an ATM VC due to changing L2 shaping or QOS via MQC. The crash could also occur due to growing a scheduling node or moving an ATM VC from one class-of-service node to another. There are several other scenarios that could lead to a transformation of a hierarchy in order to lay out the tree correctly to meet the hardware requirements. One such example is applying a flat policy to or removing a child policy from a policy attached to an ATM VC.
Conditions: While transforming a hierarchy, there are hardware primitives used to execute the update logic safely. One of requirements for this procedure is to move flow-control from the old tree to the new tree in a particular order to prevent packets from getting out of order. The BQS resource manager had a bug that caused the update to deplete internal flow-control IDs.
Workaround: There is no workaround.
Symptom: With XFP OIR, TX Power is stuck at -40db sometime and the link fails to come up
Conditions: XFP OIR
Workaround: Another XFP OIR.
Symptom: Standby RP crashing when VRF transfer is done
Conditions: EoGRE HA configuration
Workaround: There is no workaround.
Symptom: Call transfer using refer method on CUBE will fail, if end UA, which involved in transfer, tries to de-activate the media with c=IN IP4 0.0.0.0 and a=recvonly.
Conditions: When a CUBE is trying to transfer the call using Refer method to a UA, and the UA responds with re-invite to de-activate the media with c=IN IP4 0.0.0.0 and a=recvonly, then CUBE will respond with 491. ====================== 007326: Jul 26 19:48:02.028 UTC: //2336/171907168923/SIP/Error/sact_media_event_send_invite_response: Failure in media negotiation -- Sending 491 response
Workaround: There is no workaround.
Symptom: udp tunnel header udp_len is definitely 0, not correctly fixed
Conditions: the tunnel intf is changed from un-udp tunnel to udp tunnel mode.
(1) vxlan case, the nve will auto create a udp tunnel. the tunnel interface also have the processing with tunnel mode updation, so cause the tun_mode is wrong saved in the uidb subblock
(2) pmip udp tunnel case, the tunnel is created with udp mode, not changed from other tunnel mode. so the tunnel mode saved in the uidb subblock is correct. this is the reason why pmip udp case not expose this issue.
Workaround: There is no workaround.
Symptom: Memory will be getting exhausted under load
Conditions: in SIP-SIP call when offer is with inband to nte and later in answer it is falling back to inband to inband then there is a memory leak
Workaround: Do not configure the nte in outbound dial-peer where it will be inband.
Symptom: fman_fp crash seen with 1K tunnels and routemaps
Conditions: while sending traffic with 1K tunnels and routemaps with ipv6 ACL
Workaround: There is no workaround.
Symptom: A random crash seen with l2vpn
Conditions: when remote PE is going through ISSU and has vpws and vpls config
Workaround: There is no workaround.
Symptom: Traceback seen at ace_crypto_free_hw_spi.
Conditions: Under load using static VTI.
Workaround: There is no workaround.
Symptom: Unable to configure interface Multilink greater than 65535. Previously able to configure Multilink interfaces in the range of 1 to 2147483647.
Conditions: Unable to configure interface Multilink greater than 65535.
Workaround: There is no workaround.
Symptom: When testing IPSec site-to-site static VTI tunnel between two ASR1000 with ESP100 with a stateless traffic test tool, the tool is reporting that some of the test frames are being received out of sequence. The packet reordering is happening in both the encrypt and decrypt direction. It is observed with both fixed frame size and IMIX traffic. The rate of reordered frames increases with increases in the test traffic rates.
Conditions: ASR1000 with ESP100, IPSec site-to-site static VTI tunnel.
Workaround: There is no workaround.
Symptom: traces @ IDMGR-3-INVALID_ID when queried for mplsTunnelTable MIB
Conditions: GETONE SNMP query for non-existing mplsTunnelTable entries
Workaround: Use GETNEXT queries instead of GETONE
Symptom: packet lost over GRE tunnels
Conditions: ERSPAN configured on the device, ping the gre tunnel address there are packets lost
Workaround: Disable ERSPAN
Symptom: Configure url tool ezpm and run traffic. Following fields have wrong values: connection to server netw delay sum, connection to client netw delay sum, connection client, server netw delay sum, connection application delay sum, connection application delay max, connection client server resp delay sum, connection server packets counter, connection initiator octets, connection client packets counter
Conditions: When url tool is configured alone.
Workaround: Enable other ezpm tool additionally.
Symptom: %LINEPROTO-5-UPDOWN: is output after executing 'no shutdown'. The link state is changed from 'admin down' to 'down' by 'no shutdown'. In such case, this message shouldn't be output. The message is output only first time.
Conditions: ASR1K
Workaround: There is no workaround.
Symptom: ASR1002x may crash
Conditions: 100 Hub PE, 900 CE with 100 VRF, 100 multicast source, 210K route mldp over GRE, after long duration test with multicast traffic When we have mldp over GRE, with paths being added and removed, the counters of the number of paths in a cef path list are not updated correctly. When they wrap (256) this may cause a crash. The problem comes when we remove a path we do not decrement the counter properly, so we need to add/remove a path from a path list 256 times to see the problem
Workaround: Do not modify paths in the way described in the conditions.
VLAN stats are not getting collected by RP
Symptom: VLAN Stats would not be displayed on RP
Conditions: When Scaled Vlans are configured and multiple times shut no shut or configure and unconfigure of vlans causes VLAN stats not collected to RP
Workaround: Reload of the line card.
Symptom: Link interfaces of multilink bundles may not report any packet or byte counts in either direction. This behaviour may be seen in show interface Virtual-Access <if number> outputs, and in show pppoe session packets outputs.
Conditions: This behaviour may be seen on ASR1000 routers, on broadband link interfaces. Broadband link interfaces affected may include PPPoE, PPPoEoA, and possibly PPPoA.
Workaround: It may be possible to get similar stats through the show command show platform hardware qfp active feature mlppp datapath bundle Virtual-Access <if number>.
Symptom: ignore-dtr command not present with 4xt-serial spa interfaces on ASR1k
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: "Show plat soft flow fp active exporter name <name>" displays invalid source and destination addresses if using IPv6.
Conditions: This is simply a display issue. The addresses are displayed in an IPv4 format. This fix checks the address type before displaying the addresses in the correct IPv4 or IPv6 format.
Workaround: There is no workaround.
Symptom: Configuration of an ISG Keepalive feature in an ISG policy on an IP subsciber session may result in the router generating keepalive requests to the subscriber even if there is some traffic on the subscriber session.
Conditions: The ISG policy templates feature should be enabled and any ISG feature (other than Forced Flow Routing, Absolute Timeout and Idle Timeout) should be configured on the session level (not under a traffic class) along with the Keepalive feature in the ISG policy.
Workaround: unconfigure ISG policy templates feature - unconfigure all ISG features (other than Forced Flow Routing, Absolute Timeout and Idle Timeout) on the session level (not under a traffic class) in the policy.
Symptom: FP crashes
Conditions: on changing tunnel mode to cgn
Workaround: There is no workaround.
Symptom: If CUBE received a REFER without Refer-To header, CUBE crashed in some platforms and there were trace backs in others.
Conditions: When REFER without Refer-To header is received.
Workaround: Refer-To is mandatory header in REFER Request. Hence might not encounter this case.
Symptom: When a new PW is added under vfi context, it does not come UP
Conditions: Seen for manual PWs (i.e config of the type "member 1.2.3.4 encapsulation mpls" under the vpls context)
Workaround: "clear l2vpn service vfi name <name of VFI context>", or deleting and reconfiguring the PW fixes the issue.
Symptom: Complete traffic drop for few seconds is seen after few mins of performing SSO switchover.
Conditions: Issue is seen only after few mins of performing SSO switchover.
Workaround: There is no workaround.
Symptom: 'no ip address trusted authenticate' is configured, 403 for REGISTER failed to pass-through via cube
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: cpp_cp_svr crash in LNS
Conditions: while tearing down PPPoX sessions. On ESP=100, ESP-200 or ASR1K 2RU VE systems, if more than 4000 sessions are created on one interface and then all sessions on that interface are torn down, this leads to a cpp_cp_svr crash on the ESP. Workaround: none
ASR1002-x crashed with rtsp alg
Symptom: ASR1002-x crashed with rtsp alg
Conditions: pa_remove fail, the memory will be double free in RTSP ALG, then cause ASR crash
Workaround: There is no workaround.
Symptom: The MLPPP bundle bandwidth is not updated which led to non-priority packet drops when traffic exceeds the current rate. In the case documented in this DDTS, a bundle rate is supposed to be set to 12M but it was instead set to 1.5M.
Schedule specifics: Index 1 (SID:0x0, Name: Virtual-Access339) Software Control Info: sid: 0x396eb, parent_sid: 0x38022, obj_id: 0x115e, parent_obj_id: 0x54 evfc_fc_id: 0xffff, fc_sid: 0x396eb, num_entries (active): 2, service_fragment: False num_children: 2, total_children (act/inact): 2, presize_hint: 0 debug_name: Virtual-Access339 sw_flags: 0x0883034a, sw_state: 0x00000905, port_uidb: 127126 orig_min : 0, min: 1536000 min_qos : 0, min_dflt: 1536000 orig_max : 0, max: 1536000 max_qos : 0, max_dflt: 1536000 share : 1 plevel : 0, priority: 65535 It should be set to 12M. Index 1 (SID:0x0, Name: Virtual-Access45) Software Control Info: sid: 0x38026, parent_sid: 0x38023, obj_id: 0x189, parent_obj_id: 0x54 evfc_fc_id: 0xffff, fc_sid: 0x38026, num_entries (active): 2, service_fragment: False num_children: 2, total_children (act/inact): 2, presize_hint: 0 debug_name: Virtual-Access45 sw_flags: 0x0883034a, sw_state: 0x00000905, port_uidb: 130692 orig_min : 0, min: 12288000 min_qos : 0, min_dflt: 12288000 orig_max : 0, max: 12288000 max_qos : 0, max_dflt: 12288000
Conditions: The Bundle rate was not being updated when QoS events preceded the rate update from MLPPP. If the MLP event is processed before the QoS event then there is correct behavior, however if the QoS event is processed before the MLP rate update event then the MLP event is lost and never gets processed to update the bundle bandwidth. This results in tail drops when the interface becomes congested prematurely.
Workaround: The workaround is to apply QoS after all member links have been successfully added to the bundle.
Symptom: Router constantly crashing after enabling TE tunnel over BDI interface
Conditions: when TE tunnel is exiting a BDI interface. This is not a supported design
Workaround: Use physical interface for TE tunnels.
Symptom: Crash in ospfv3_db_scope_str()
Conditions: Enable debug ospfv3 lsdb
Workaround: There is no workaround.
Symptom: Some WCCP issues are not easy to reproduce.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Traffic counter shows higher than expected value.
Conditions: ISG policy templating ON and uni-directional TC in service policy
Workaround: Use bi-directional TC in service policy
Symptom: Sometime there will not be any output for the command "show sbc global sbe sip subscribers filter <prefix>".
Conditions: Observed on a Cisco ASR1k platform configured as CUBE using the Service Provider (SP) feature set running IOS-XE version 15.3(1)S2.
Workaround: The command output is not granular enough. For example: If we execute command like this then it works:
#v1-z11#show sbc global sbe sip subscribers filter sip:1037@a.b.c.d #SBC Service "global" # #There are currently 2060 subscribers registered on this SBC. # #SIP subscribers: # #AOR: sip:1037@a.b.c.d #Subscriber Location[s]: sip:1037@x.x.x.x:5063 -> ENDPOINTS/PUBNET # Fast register active, fast time remaining 58 sec #Registrar adj: SIPCORE #Time left: 163 secs #Subscriber Category[s]: VRF Global IPv4 a.b.x.y then we see expected information about "sip:1037@a.b.c.d" subscriber. But if we execute: #v1-z11#show sbc global sbe sip subscribers filter sip:1037 #SBC Service "global"
we don't see anything. So the workaround is to use the first option.
Symptom: A roaming mobile customer (e.g. iPASS, Boingo etc.) logs on via a Web-Portal-Page and the ISG doesn't send in the radius accounting-request packet the V-Cookie to the Radius Server.
Conditions: Depends on ISG setup. In this case L & V Cookie must be send in accounting-request from ISG to AAA Server.
Workaround: There is no workaround.
Symptom: show platform software memory qfp-control-process qfp active is not working.
Conditions: Execution of the show command.
Workaround: There is no workaround.
Symptom: On the ASR1000 platform, if ip tcp adjust-mss is configured on an interface with a crypto map, then the TCP MSS value is not adjusted for egress TCP flows that are encrypted.
Conditions: This is only a problem when there is a crypto map configured on the same interface ip tcp adjust-mss is enabled.
Workaround: Configure ip tcp adjust-mss on the ingress LAN interface when crypto map is configured on the egress interface.
Symptom: The output shows that the QM CPP DRAM increases but does not decrease when fair-queue is removed from a class before it is active in HW. show plat hard qfp act inf exmem stat user | incl QM Over time the system runs out DRAM causing subsequent configuration events that require CPP DRAM objects to fail.
Conditions: When fair-queue is removed from a class before it is activated in the hardware, the BQS RM was not freeing the WRED DRAM object used to store the fair-queue configuration. Over time, the system runs out of CPP DRAM. The error message described in the description is displayed and all configurations start failing. This conditions impacts the whole system as opposed to just queueing features.
Workaround: There is no workaround.
Symptom: Packet trace showing incorrect ICMP type for ping terminated on router.
Conditions: When using packet trace with IOS-XE and ICMP traffic is traced.
Workaround: There is no workaround.
Symptom: Session query responses in Lite sessions have inconsistent calling-station-ID behavior
Conditions:
1. Walkby feature is enabled with L4R & PBHK features applied to lite session.
2. Session query to ISG.
Workaround: Do not depend on Calling-Station ID.
Symptom: When the command show xconnect is entered, it may result in a memory leak. This can be observed by entering the command show memory debug leaks chunks and seeing entries like this:
router#show memory debug leaks chunks Adding blocks for GD... I/O memory Address Size Alloc_pc PID Alloc-Proc Name Chunk Elements: AllocPC Address Size Parent Name Processor memory Address Size Alloc_pc PID Alloc-Proc Name AA3F8B4 2348 6D0B528 97 Exec PW/UDP VC event trace
Conditions: This symptom is observed when one or more xconnects are configured with UDP encapsulation.
Workaround: There is no workaround.
Symptom: Transfer is failing with midcall invite.
Conditions: CUBE not able to send out DO invite on to other leg in RE INVITE based transfer.
Workaround: Issue fixed.
Symptom: 6pe performance drop in xe310 release
Conditions: observed on small packet(82 bytes)
Workaround: packet size large than 82
Symptom: VC is not going after the access interface is down
Conditions: Scalable eompls under port-channel and shut the member link
Workaround: There is no workaround.
Symptom:QinQ inner vlan configuration on Native Asr1k Ethernet Linecard traffic would not pass
Conditions:QinQ Sub interface configuration with inner vlan as ANY, Native Asr1k Ethernet Linecard traffic to that sub interface will be dropped in the linecard.
Workaround: There is no workaround.
Symptom: The CPP process could while adding fair-queue on the fly. This does not require scaling to occur.
Conditions: When fair-queue is added on the fly while a default parent schedule is being deleted, a crash could occur because the RM cleanup code is destroying a wrong tree.
Workaround: There is no workaround.
Symptom: ISIS Flap on performing SSO
Conditions: with "nsf ietf" configured and one or more loopbacks configured as passive interfaces
Workaround: Two workarounds are available:
1)use "nsf cisco"
2) Continue to use "nsf ietf" but configure "ip router isis <process_name> " on the loopback interfaces.
Symptom: After configuring static nat ping fails and ip nat translation is not shown in show ip nat translations
Conditions: Core file generated after configuring static nat configuration
Workaround: There is no workaround.
Symptom: When new flows are established through an ASR configured with PAP; PAP does not allocate the new flows to GA that may have existing flows mapped it but their LA to GA mapping have not reached the limit as configured via the ip nat setting pap limit command, this causes an exhaustion of the pool and flows that require a translation are eventually dropped.
Conditions: ASR running NAT PAP
Workaround: There is no workaround.
Symptom: vrf-mismatch is seen under "show service-insertion statistics connection summary" after ESP Switch over in same box
Conditions: - Multiple ACs - At least 1 AC with dual FP - VRF configured - 1 VRF flows alive while reloading standby FP - Standby FP will come up with vrf mismatches
Workaround: ignore the error the VRF mismatch affects flow sync only for a short moment after standby FP is online. After the standby FP is online, it will get flow syncs from active FP. In few minutes, all the flows will be synced to standby.
Symptom: When configuring the following commands on ASR1k platform: exception memory ignore overflow io frequency 30 maxcount 5 exception memory ignore overflow processor frequency 30 maxcount 5 following error occurs:
F340.09.25-ASR1000-1(config)#$re overflow processor frequency 30 maxcount 5 F340.09.25-ASR1000-1(config)# *Aug 22 12:54:24.920: exception configuration not implemented *Aug 22 12:54:24.920: PARSE_RC-4-PRC_NON_COMPLIANCE< http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&counter=0&paging=5&links=reference&index=all&query=PARSE_RC-4-PRC_NON_COMPLIANCE> ; `exception memory ignore overflow processor frequency 30 maxcount 5'
Conditions: HW/SW: ASR1k/All IOS Non zero values in following commands: exception memory ignore overflow io exception memory ignore overflow processor example: exception memory ignore overflow io frequency 30 maxcount 5 exception memory ignore overflow processor frequency 30 maxcount 5
Workaround: There is no workaround.
Symptom: sis neigh can not be setup and stuck at "init" status
Conditions: when configured the MTU bigger than default value
Workaround: There is no workaround.
Symptom: Error message seen
Conditions: while configuring multipoint on ATM interface.
Workaround: There is no workaround.
Symptom: Can not compile.
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: On a Cisco ASR1k running the Cisco CUBE SP (Service Provider) feature set, IOS-XE version 15.1(3)S1, it is sometimes observed that a specific call transfer will have no way audio (dead air) upon the transfer completion.
Conditions: The CUBE SP has at least three physical interfaces that terminate three different SIP trunks (for example to ITSP, SIP based IVR and to a Cisco Callmanager) and the problematic transfer call flow signaling traverses all three SIP trunks on the same CUBE.
Workaround: If you have more than one CUBE available and if one of the transfer call leg traverses this second CUBE then the problem is not observed.
Symptom: CUBE fails to send INVITE with credentials when ITSP sends 401 Unauthorized. CUBE instead sends 503 Service Unavailable.
Conditions: "error-passthru" is configured under voice service voip.
Workaround: Disable "error-passthru".
Symptom: While testing "default_zone_basic_vrf_lite.tcl" script with latest mcp_dev "BLD-BLD_MCP_DEV_LATEST_20130821_003026" iam observing connectivity failure
- Conditions: Firewall and PBR interworking after CSCuh98033
Workaround: There is no workaround.
Symptom: ATM PVC gets stuck in "IN" state when SPA-24CHT1-CE-ATM is reloaded.
Conditions: Occurs during SPA reload or SPA OIR
Workaround: Reload router.
Symptom:
1. INFO not being responded by CUBE (in race condition)
2. INFO not being passed to other leg (in race condition)
Conditions: Race condition - Recvd mid-call RE-INVITE and INFO at almost the same time
Workaround: There is no workaround.
Symptom: sm_x_1t3e3: 802.3 pause frame support on mvl 2.6.32 kernel
Conditions: during congestion case
Workaround: limit the traffic from the host less than 45 mbps
Symptom: Hung sessions for protocol vilolations
Conditions: CUBE handling of unsupported flows and violations/attacks
Workaround: There is no workaround.
Symptom: ESP ucode crash observed with a SIPvicious packet observed %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions: The crashes are seen with SIPvicious packets
Workaround: Disable the SIP ALG for this port using no ip nat service sip udp port 5060 no ip nat service sip tcp port 5060.
Symptom: permit error all is not working
Conditions: log dropped message is enabled
Workaround: log dropped message is disabled.
Symptom: "show platform hardware slot r0 led status" may cause ASR1002X reload.
Conditions: "show platform hardware slot r0 led status" command on standalone ASR1002X.
Workaround: Not using the command.
Symptom: ASR1k crashed with error message CPPHA-3-FAULT F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions: ASR1k running 03.10.00.S with configured zone based firewall
Workaround: There is no workaround.
Symptom: ASR crashed with CGN NAT configuration.
Conditions: Seen with CGN BPA feature configured.
Workaround: Removing the CGN BPA configuration, the router stops crashing.
Symptom: Crash with Unexpected exception to CPU: vector 400, PC = 0x6B09EF1C, LR = 0x8B78034
Conditions: Interface is "no shut", and SIP bindings are in place on that interface: sip bind control source-interface GigabitEthernet0/0 bind media source-interface GigabitEthernet0/0
Workaround: Unknown, may need bindings configured, so removal of them should keep the crash from occurring.
Symptom: TDL meta file compat check issue
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: Standby SBC ASR1k seeing "SNMP-3-INPUT_QFULL_ERR". SNMP input queue never drops, it continues to increase until it gets stuck at 1000, causing SNMP unresponsiveness to the device.
Conditions: When polling ciscoSbcCallStatsMIB on Standby-RP ASR1k
Workaround: "default snmp-server" to soft reset the SNMP Engine to make the ASR1K respond again (refresh the input queue); then apply SNMPVIEW configuration to block the MIB.
********************************************
snmp-server view cutdown iso included snmp-server view cutdown ciscoSbcCallStatsMIB excluded snmp-server community <insert_your_community_string_here> view cutdown RO snmp-server community <insert_your_community_string_here> view cutdown RW ********************************************
Symptom: ESP reload using packet-trace tool.
Conditions: debug platform packet-trace enable debug platform packet-trace packet 16 show platform packet-trace packet all
Workaround: Display packets individually rather than all at once: show platform packet-trace packet <0-8191>
Symptom: modify bearer request is dropped.
Conditions: handoff from gtpv1 to gtpv2
Workaround: SGW recreate session
Symptom: Egress TCAM Look up failure for Vlan Scale on 6 Port 10G ELC.
Conditions: 24k vlan scale across ELC & interface reset.
Workaround: There is no workaround.
Symptom: Lite session related traceback in CPP client.
Conditions: ESP100, very high scale.
Workaround: Reduce number of sessions.
Symptom: On a router running low on memory, an EFP is attempted to be deleted, but fails due to lack of memory. The second attempt at removing that same EFP causes the router to restart.
Conditions: As a malloc failure caused the initial issue, the box must have a lot of configuration, and be using a lot of memory.
Workaround: Do not over configure the router.
Symptom: ASR1k can't reconnect IPsec tunnels correctly. And we can't send traffic over these tunnels.
Conditions: Disconnect and reconnect IPsec tunnels.
Workaround: Clearing sa can recover the tunnels.
Symptom: show run only shows 191 na-dst-prefix-table out of 200
Conditions: configured a lot of na-dst-prefix-table, specially, more than 191
Workaround: none na-dst-prefix-table 192 to 200 seem to be working OK, but cannot be shown and cannot save them into startup-config.
Symptom:ASR crash immediately when we add "mpls ip" under the interface.
Conditions:Hidden command "snmp-server hc poll" was already configured.
Workaround: Ensure the hidden command "snmp-server hc poll" has not been configured. The crash info also shows that the crash always happens always the following changes.
CMD: 'conf t' 15:33:05 CEST Mon Sep 2 2013 CMD: 'interface GigabitEthernet1/0/0' 15:33:11 CEST Mon Sep 2 2013 CMD: ' mpls ldp discovery transport-address interface' 15:33:21 CEST Mon Sep 2 2013 CMD: ' mpls ip' 15:33:40 CEST Mon Sep 2 2013 Exception to IOS Thread: Frame pointer 0x42201488, PC = 0x11F0DE04 UNIX-EXT-SIGNAL: Segmentation fault(11), Process = MPLS IFMIB Process -Traceback= 1#6b213acfe4ab8a0e4e3d7d7ea5d15df7 :10000000 1F0DE04 :10000000 15FB4E4 :10000000 15FB318 :10000000 15F8898 :10000000 15F8A1C
Symptom: ESP crash
Conditions: NAT NBAR
Workaround: There is no workaround.
Symptom: ISSU
Conditions: There is no known condition.
Workaround: There is no workaround.
Symptom: The ESP-100 and ASR1K-2X crash when flat policies are applied on both the tunnel and the destination sub-interface. This issue is observed when QOS is applied first on the tunnel then on the sub-interface as follows:
policy-map tunnel-shaper class class-default shape aver per 20 policy-map sub-int-shaper class class-default shape ave per 90 Be sure the tunnel is active and pointing to the sub-interface with QoS applied before applying the sub-interface policy. See the attached repro-steps for details. int tunnel1 service-policy out tunnel-shaper int g2/3/0.100 service-policy out sub-int-shaper
Conditions: When a sub-interface policy is applied after QoS is active on a tunnel, the tunnel is reparented from the current aggregation node to the sub-interface node. Since reparenting a leaf node requires adding a temporary node in the hierarchy to be able to move flow-control gracefully, the logic to detach the source leaf node from the temporary node was missing. As a result, the code generated a fatal error while attempting to free the temporary node before it is empty.
Workaround: There is no workaround.
Symptom: FP100 test CPLD image with version 13012900 is added in hw-programmable package.
Conditions: The FP100 test CPLD will be installed when the CPLD is upgraded.
Workaround: Do not upgrade FP100 CPLD.
Symptom: Waas and pfr features don't interoperate
Conditions: When both Appnav-waas and pbr/pfr are turned on
Workaround: There is no workaround.
Symptom: If an impedance option is specified for an external clock in the network-clock input-source configuration, other configuration (such as hold-off or wait-to-restore) may fail to be applied.
Conditions: This can be seen when using external clock inputs with an impedance option specified.
Workaround: It may be possible to achieve the desired behavior using global configuration (for example global hold-off or wait-to-restore configuration), if not there is no workaround.
Symptom: For VC type 4 PW, Ethernet VLAN, with single dot1q header packet, if one configure rewrite pop 1, expected situation is to copy COS from this header into dummy tag. In reality, we hit a bug, when COS 0 is copied into dummy tag into CORE.
Conditions: When transported traffic has outer vlan tag only, packet in MPLS core does NOT have copied priority field from dot1q header into MPLS EXP bits. Instead there is 0. When transported traffic has outer vlan tag and some vlan tags (QinQ), packet in MPLS core DOES have copied priority field from outer dot1q header into MPLS EXP bits.
Workaround: Configure input policy-map under service-instance, where each class match dot1Q COS and impose EXP bits.
Symptom: cvCallVolMediaIncomingCalls and cvCallVolMediaOutgoingCalls are showing 0 or wrong values
Conditions: Always
Workaround: There is no workaround.
Symptom: When a flat policy is applied to a MLPPP, MFR or GEC aggregation bundle, the current leaf schedule object is replaced with a new one. The code was not updating the cached object which resulted in accessing invalid memory when the bundle bandwidth is updated. The bandwidth is updated when a member link is added to or removed from the bundle. Configuration example: policy-map foo class prec1 bandwidth percent 10 interface Port-channel1 aggregate ip address 8.0.0.1 255.255.255.0 no negotiation auto lacp min-bundle 2 service-policy output foo
Conditions: When a bundle schedule is replaced, the cached object was not being updated leading to interface bandwidth update event to access invalid memory. The problem is not easy to recreate as would require the QOS event for processing the flat policy to be interleaved with an interface bandwidth update event.
Workaround: There is no workaround.
Symptom: echo request is dropped.
Conditions: echo request without private extension IE
Workaround: There is no workaround.
Symptom: Both ESP may crash
Conditions: while disabling flow entries with running traffic
Workaround: There is no workaround.
Symptom: When using ikev2 to establish an AES-GCM phase II, anti-replay remains disabled
R1-HUB#sh crypto ipsec sa | i trans|repl transform: esp-gcm 256, replay detection support: N transform: esp-gcm 256,
Conditions: IKEv2 Suite B [ aes-gcm]
Workaround: There is no workaround.
Symptom: REST API application will not connect with container
Conditions: All
Workaround: There is no workaround.
Symptom: Pause frames not getting generated for GE SPA
Conditions: If enabled pause frame threshold on Gig SPA then flow control won't happen.
Workaround: There is no workaround.
Symptom: ESP crashed with error message: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions: The crash is caused by a defect in BFD though no BFD is configured on any interface
Workaround: There is no workaround.
Symptom: The CP process crashes when reparenting more than 128 entries from one tree to the other. A reparenting event could be stimulated by either an internal or external event but this issue is more likely to caused by an internal reparenting. An internal reparenting could occur when a leaf node is transformed into a hierarchy layer node or when de-aggregating an aggregation node after the schedule size is below the 4000 threshold.
Conditions: When reparenting either a leaf or hierarchy layer entries, the resource manager was not clearing the counter that tracks the number of entries that need to be flushed after processing the first batch. This caused the code to run incorrectly to a point of completing the request prior to reprogramming the HW correctly. As a result some entries may be left in the source parent which cause a crash when the tree is freed before it is empty.
Workaround: There is no workaround.
Symptom: Cisco ASR 1000 Series Routers with ESP100 crash when Broadband MLPPP sessions configured with QoS are brought up or when sessions flap.
This also applies to the ASR1002-X.
Conditions: This issue is most prevalent on MLPPP Bundles with two or more member links. This issue also is seen with MLPPPoE, MLPPPoA, MLPPPoEoA, and MLPPPoLNS sessions.
Applicable to Cisco IOS-XE Release 3.10.1S.
Workaround: There is no workaround. Downgrade to Cisco IOS XE Release 3.10S.