Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Symptom: ESP80 may crash when tearing down PPP sessions on LNS at scale.
Conditions: Tearing down PPP sessions on LNS.
Workaround: There is no workaround.
Symptom: ASR 1000 ESP card crash, fman_fp_image core file and cpp-mcplo-ucode core file were generated.
Conditions: crash was seen when mpls flow monitor FLOW output command was issued on a interface with some traffic.
Workaround: Configure manually the following monitor/record for MPLS traffic (the native netflow ipv4 original-output doesn't include any MPLS field):
flow record mpls-record match ipv4 tos match ipv4 protocol match mpls label 1 details match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output match flow sampler collect routing source as collect routing destination as collect routing next-hop address ipv4 collect ipv4 source mask collect ipv4 destination mask collect transport tcp flags collect interface input collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last flow monitor mpls-monitor record mpls-record
Symptom: ESP reloads after reporting one or both of the following interrupts:
– CGI_CSR32_CGI_OTHER_LEAF_INT__INT_YIC_M40_TIMEOUT
– PIT_CSR32_PIT_HPI_MISC_LEAF_INT__INT_HPI_ISN_INVALID_ADDRESS_INT
A ucode core file may or may not be created when this event occurs.
Conditions: Only applies to ESP100, ESP200 and ASR1002-X.
Workaround: There is no workaround. The issue is fixed in the following releases: 15.2(4)S6 / XE3.7.6S, 15.3(3)S4 / XE3.10.4S, 15.4(1)S3 / XE3.11.3S, 15.4(2)S / XE3.12.0S, 15.4(3)S / XE3.13.0S.
Symptom: Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. The Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work. This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone.
Conditions: ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.
Workaround: There is no workaround on the ASR 1000 platform so far. Statically configuring ARP entries on the hosts will work.
Symptom: Ucode crash occurs with UWS-WAN_XE311 profile.
Conditions: While verifying NAT64 with traffic on.
Workaround: There is no workaround.
Symptom: An ESP crash may occur after removing an MFR interface soon after it was created.
Conditions: This behavior may be seen on IOS-XE platforms running software versions that support MFR. It may be dependent on the timing of the configuration and removal of the interface. The crash only affects the ESP card.
Workaround: It may be possible to avoid the crash by waiting a few seconds after creating an MFR interface before removing it.
Symptom: A Cisco ASR 1000 Series router configured as an IPSec endpoint may fail to reassemble fragmented ESP packets. During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.
Conditions: This symptom occurs due to UDP packet of a specific size received on the clear side of the device.
Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the device from getting into the ATTN_SYNC state.
Symptom: The show ip nat translation filter range [inside | outside] [local|glocal] start-ip end-ip command does not filter the output as per the range specified.
Conditions: This symptom occurs on Cisco ASR 1000 Series router.
Workaround: There is no workaround.
Symptom: There are compatibility issues between certain IOS-XE versions and SM-ES3X. With some combinations of SM-ES3X firmware and some releases of IOS-XE, the SM-ES3X will not boot. With the unsupported combinations, the SM-ES3X will not boot.
An error SPA-3-MSG_PARSE_FAILURE:iomd: Failed to parse incoming message from SM-ES3X-24-P slot 2 subslot 0 board 0. The module software may require an update and will be displayed on the IOS-XE console and the SM-ES3X will go into out of service state as shown in the show platform command.
router# show platform Chassis type: ISR4451-X/K9 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ISR4451-X/K9 ok 00:16:02 0/0 ISR4451-X-4x1GE ok 00:13:52 1 ISR4451-X/K9 ok 00:16:02 1/0 SM-X-1T3/E3 ok 00:12:29 2 ISR4451-X/K9 ok 00:16:02 2/0 SM-ES3X-24-P out of service 00:07:54 R0 ISR4451-X/K9 ok, active 00:16:02 F0 ISR4451-X/K9 ok, active 00:16:02 P0 Unknown ps, fail never P1 XXX-XXXX-XX ok 00:15:32 P2 ACS-4450-FANASSY ok 00:15:32
Conditions: Versions of SM-ES3X modules is incompatible with some earlier versions of IOS-XE. SM-ES3x version EJ1 is only compatible with the following major release versions of IOS-XE, or later: 15.3(3)S4 (XE 3.10.4), 15.4(1)S3 (XE 3.11.3), and 15.4(2)S (XE3.12.1).
Workaround: Ensure that a compatible combination of SM-ES3X and IOS-XE images are used. Upgrade/downgrade one or the other to get to a compatible pair.
Symptom: ESP100 crashes while running IPoE subscriber traffic class features.
Conditions: IPoE subscriber traffic class features are configured on Cisco ASR 1000 Series Router platform with ESP100 board.
Workaround: There is no workaround.
Symptom: One-way audio on some outgoing calls to PSTN across CUBE-SP. This is seen for call flow scenarios involving forking and with multiple call legs for the same call going through the SBC.
Conditions: Cisco ASR 1000 Series Router configured as CUBE SP SBC running IOS XE 3.10.1.
Workaround: There is no workaround.
Symptom: When packets are sent to crypto, a txnpMaxMtuExceeded message is seen.
Conditions: This symptom occurs only on Cisco ASR 1002x, ASR1000-ESP100, and ASR1000-ESP200 routers.
Workaround: There is no workaround.
Symptom: FP may crash.
Conditions: On changing pap limit from 30 to 60 with traffic on.
Workaround: There is no workaround.
Symptom: ASR router crashes with IOSd punting packet to port-channel with ERSPAN configured on the router.
Conditions: Port-channel and ERSPAN configured on the router.
Workaround: There is no workaround.
Symptom: A cpp-ucode crash is encountered.
Conditions: Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions: debug platform packet-trace enable, debug platform packet-trace packet 16 fia-trace, debug platform condition egress, debug platform condition start.
Workaround: Do not use fia-trace.
Symptom: ROMMON get_mac_addr and IOSXE IDPROM access fail on booting standby RP2.
Conditions: External USB thumb drive used on RP2.
Workaround: Remove external USB thumb drive on RP2.
Symptom: Incomplete kernel core file with filename ending in TEMP_IN_PROGRESS.
Conditions: Active RP kernel core dump in dual RP2 systems.
Workaround: There is no workaround.
Symptom: Traffic which needs to be sent between AppNav-controllers will get lost. Received inter-appnav-controller packets are assigned to the shutdown tunnel interface. As a result, no flows will be synchronized between this appnav-controller and appnav-controllers in the same appnav-controller-group. Asymmetrically routed packet also fails due to lack of flow, and unable to query flow from other appnav-controller.
Conditions: Having a shutdown tunnel interface configured with tunnel source equals to the local appnav-controller IP and tunnel destination equals to the IP of another appnav-controller in the appnav-controller-group (i.e. another ASR router). To detect this problem, the following counter goes up for every dropped packet: show platform hardware qfp active statistics drop | i Disabled. Alternatively you can use a packet-trace feature on 3.10.2 and above to check the dropped reply getting sent to the shutdown tunnel interface.
Workaround: Remove the shutdown tunnel from configuration or un-shutdown it.
Symptom: A router crashes while making changes to an AppNav policy map or a class map.
Conditions: This symptom occurs under the following conditions:
– Multiple AppNav controllers are used.
– Sessions are created and can be seen using show service-insertion statistics sessions command.
– AppNav policy map and class map is modified when live traffic is redirected by AppNav.
– Policy map or class map change results in a mismatch between AppNav controllers.
Workaround: When using AppNav Controller Group with multiple ACs, avoid changing the policy map or class map when there are active sessions present (use show service-insertion statistics sessions command).
Symptom: ESP fails to initialize and reboots. The following message will be seen on the IOS console:
*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - startup init (0x1) *Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - start CPP (0x1) The cpp_driver tracelog contains an entry which lists an A41C error code, indicating that the driver was unable to turn on termination.
Here is an example: 01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/dui/A41C: QFP0.0 - unable to turn on termination for DUI0. This is an intermittent failure, so the ESP will likely initialize successfully on the 2nd or 3rd attempt. This is an initialization issue, and once initialization completes successfully there are no further problems related to this condition.
Conditions: Only ASR1002-x, ESP100 and ESP200 are affected. Router configuration or traffic pattern do not affect this problem. The software is fixed in XE3.7.6S, XE3.10.4S, XE3.11.2S, XE3.12.0S and later releases.
Workaround: There is no workaround.
Symptom: PPTP sessions do not come up.
Conditions: Static translation for port 1723 for the inside server, and PAT for the data sessions.
Workaround: Use 1 to 1 mapping.
Symptom: An ESP crash is seen with IPv6 ping to or from an interface configured with IPSec and FNF.
Conditions: The crash is seen when the size of the IPv6 ping is greater than the interface IPv6 MTU.
Workaround: There is no known workaround. However, this is not a common scenario for IPv6 as fragmentation is always handled by the sending host/application.
Symptom: Kingpin crashes @ cmcc_2kp_cli_show_plim_status_cb.
Conditions: Kingpin crashes while issuing the show plat hard slot 0 plim status int command.
Workaround: There is no workaround.
Symptom: L2 frame checks failure when payload length increases with LDAP algorithm
Conditions: Steps: Translate SIP address into longer address length.
Workaround: There is no workaround.
Symptom: A CPP crash triggered by NBAR may occur on Cisco ASR 1000 Series routers, Cisco 4000 Series ISR routers, and Cisco CSR 1000V routers.
Conditions: This symptom may occur under rare conditions of traffic mixture and rate when NBAR and NAT are both enabled.
Workaround: There is no workaround.
Symptom: Issue PPP subscribers cannot be terminated in ASR1K, due to object being locked.
Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts EVSI wrong dpidb type errors 0 EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.
Workaround: Remove QOS of the PPP
Symptom: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.
Conditions: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.
Workaround: If customer do not need h.323 algorithm, a workaround is to disable h.323 algorithm using the no ip nat service h225 command.
Symptom: Some SIP packets drop with B2B, CGN, and BPA setup.
Conditions: Some SIP packets drop with B2B, CGN, and BPA setup.
Workaround: Reload router.
Symptom: Traffic not flowing on a queue following QoS reconfiguration or new interface creation. Also possible inability to change QoS configuration on any interface or create new interfaces/sessions following occurrence of this condition.
Conditions: Queue was previously being over subscribed when it was deleted leaving it in a flowed off congested state such that it would never drain. This issue affects ASR1K using ESP100 or ESP200, ASR1002X, and ASR1001X platforms only (i.e. ASR1K using ESP5/10/20/40 are unaffected by this issue/change).
Workaround: There is no workaround.
Symptom: ACLs applied to the mgmte do not work on the new active RP after a RP switch over.
Conditions: After a RP switch over as the old standby RP becomes the new active RP.
Workaround: Remove then reapply the ACLs to the mgmte on the new active RP.
Symptom: The saved ACLs applied to the mgmte from startup-config may not work after the system reload.
Conditions: After system reload.
Workaround: Remove and then reapply the ACLs to the mgmte after system reload.
Symptom: The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number of entries fall below 4000.
Conditions: This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue is hit when the operation involves both the flushing and SID notification.
Workaround: There is no workaround.
Symptom: A Cisco ASR 1002x router crashes.
Conditions: This symptom occurs during duty cycle testing with a lot of negative events in the DMVPN setup.
Workaround: There is no workaround.
Symptom: A Cisco ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: This symptom occurs with a Cisco ASR1002-X router running NAT with ALG traffic.
Workaround: There is no workaround.
Symptom: An ESP might crash.
Conditions: The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being analyzed.
Workaround: There is no workaround.
Symptom: A Cisco ASR1002X production router acting as a WAN-Aggregator reloads unexpectedly after pushing the AVC configuration from Cisco Prime infrastructure through an SSH session. The configuration push was successful onto the box, and the flow statistics were exported to the PI. However, after 30 minutes, the router reloaded with a "CPP mcplo_ucode" crash and a "fman_fp" crash. The box is configured with IKEv2 DMVPN and basic NAT, along with BGP and EIGRP. Four static NHRP tunnels from different branch locations terminated onto this box. All traffic from the branches were encrypted, decrypted on this router and NAT was applied to the decrypted traffic before sending it out of the port-channel interface towards the production network.
Conditions: This symptom is observed on a Cisco ASR 1002X router running CCO IOS-XE version 3.10.1. The crash has occurred only once. Currently AVC configurations have been backed out and the router is stable. This affects the AVC deployment on the network seriously.
Workaround: There is no workaround.
Symptom: In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing data plane. HA records robustly. The easiest way for the customer to recognize if this is happening is by examining the output of the show platform hardware qfp active system intra and the show platform hardware qfp standby system intra commands. If the output shows the counters "rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.
Conditions: DUAL FP systems with stateful HA features such as NAT configured.
Workaround: There is no workaround.
Symptom: ASR1006/15.4(1)S crashed while adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.
Conditions: Adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.
Workaround: There is no workaround.
Symptom: After sub package ISSU operation is performed, ELC does not come up and the following error messages are seen:
*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127) *Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127
Conditions: Issue is seen specific to ASR1000 Ethernet Line Cards (ELC): ASR1000-2T 20X1GE and ASR1000-6TGE line cards, and sub package upgrade. Issue is seen across all releases that support ELC.
Workaround: Consolidated upgrade can be performed.
Symptom: fman_rp process crashes. RP card is reloaded.
Conditions: When routing loop occurs in network and causes massive routing information update, an internal logic error may be triggered.
Workaround: Avoid routing loop.
Symptom: Crash in cpp_cp_svr when executing the show platform packet-trace packet all command.
Conditions: Crash can only occur when executing the show platform packet-trace packet all command.
Workaround: Display a single packet at a time using the show platform packet-trace packet num command instead of using all.
Symptom: Configured following features as part of IWAN performance testing for UTAH platform: AVC, PFR, QoS, AppNav, WAAS, DMVPN, and Crypto. Make sure DMVPN and MPLS tunnels are up and performance monitor, WAAS and crypto are enabled for these tunnels. Router crashes with traffic profile.
Conditions: Traffic profile includes, voice, http, and media traffic. A crash is seen as soon the traffic is initialized at less than 15% of load.
Workaround: There is no workaround.
Symptom: Ping fails with tunnel protection applied.
Conditions: Tunnel protection applied on GRE tunnel interface, using IKEv1 to negotiate IPsec SAs and remote node (IKEv1 responder) behind NAT.
Workaround: The users can switch to IKEv2.
Symptom: A customer on active box would only like to use the no activate commad for a single delegate registration entry below:
subscriber sip: 999999@site.com sip-contact sip: 001999999999@10.0.0.1 adjacency CUCM-llab delegate-registration sip:test.site.com adjacency PSTN-lab-SIP-CONNECT-test-lab profile SIP-CONNECT_TIMERS activate
Conditions: Sessions are deactivated and the stand-by router crashes.
Workaround: The no activate command must be executed at the delegate-registration sub section. This will prevent the deactivation of the sessions.
Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.
Conditions: While testing Ether-Like MIB for ASR1000-6TGE.
Workaround: There is no workaround.
Symptom: One-way audio incoming calls are redirected through CVP.
Conditions: Call flow:
Caller----G711----TDM GW----SIP-----ASR1K----SIP-----CUSP----SIP----CVP(Vz0)----IP-IVR | | -----SIP---CVP (BAMS) | |--------SIP---CUCM---Agent Phone (G729 only)
Initially, the caller is connected to IP-IVR, both ingress and egress leg of the CUBE is doing G711. Call is connected to the IP-IVR, then CVP sends a refer to the VXML GW for playing prompts and ringback tone. When the call is transferred to the agent, CUBE negotiated G729 at the sip level with the CVP, but because of mid-call signaling block on the ingress side, continue with the G711. Hence, xcoder is invoked on the CUBE to handle G729 to G711 and vise-versa, but CUBE is still sending G711 media to the agent phone side while the agent phone is sending G729 media to the CUBE.
Workaround: There is no workaround.
Symptom: Net flow cache entry is not created for IPV6 flows, and entries for IPv4 entries is not accurate. For IPv4 entries, the BGP next hop is not updated and set to 0.0.0.0.
Conditions: Upon Execution of RP switchover.
Workaround: After RP switch-over, remove BGP configuration from Core router ("P"), and configure it back. Upon BGP update on PE router, the BGP-NH will appear in FNF records.
Symptom: ASR crashes with no known trigger in CCSIP_SPI_CONTROL process.
Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ.
CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash.
Workaround: There is no workaround.
Symptom: Signal quality on 10G port using SFP-10G-LR and SFP-10G-ZR are poor. Some packets are lost as CRC errors at 10G full bandwidth traffic test.
Conditions: This is seen on 1RU-VE built-in 10G ports with software version 15.4(02)S
Workaround: There is no workaround, except to upgrade the software.
Symptom: CRC receive side errors have appeared on a variety of P4/P5 Nightster units utilizing both SR and LR optics during traffic flow tests. Not all units are experiencing the issue at present. Approximately, 10% of traffic are lost due to this issue at full 10G bandwidth traffic.
Conditions: This issue is seen on release 1RU-VE routers built-in 10G port running on software version 15.4(02)S.
Workaround: There is no workaround except to upgrade the software.
Symptom: Copper SFP (SFP-GE-T) interface in subslot 0/0 of Nightster does not come up with 10/100 mbps forced speed.
Conditions: The copper sfp (SFP-GE-T) interface hit this condition after router power cycle is issued.
Workaround: There is no workaround.
Symptom: Traceback and log error is noticed.
Conditions: While initiating H323 call with the SBC feature.
Workaround: There is no workaround.
Symptom: ATOM port-mode xconnect is up, but all traffic under the l2 vc is dropped and statistics shown under show mpls l2 vc detail command are zero.
Conditions: On reloading the router multiple times continuously with traffic on port-mode ATOM vc, at times the VC does not come up. This issue is seen only on the SPA SPA-2CHT3-CE-ATM.
Workaround: Shut/no shut of the controller on which the port-mode ATOM vc is created.
Example:
Bnet-A1(config)#controller
Bnet-A1(config)#controller E3 1/3/0
Bnet-A1(config-controller)#shu
Bnet-A1(config-controller)#shutdown
Bnet-A1(config-controller)#no shu
Bnet-A1(config-controller)#no shutdown
Bnet-A1(config-controller)#
Symptom: When configured as virtual tunnel end point (VTEP), the Router stops processing any data. It even fails to establish the OSPF neighbor relationship post the reload.
Conditions: When configured as VTEP, traffic stops on all Ports of the Ethernet Line Card after sometime. The problem also happens with packets going out of the ELC Ports having Multicast MAC address as destination MAC in the Ethernet header. The problem occurs only with ASR1000-6TGE/ASR1000-2T 20X1GE if any of the 1G/10G ports have egress Multicast MAC traffic.
Workaround: Reload the Line card and stop egress Multicast MAC traffic.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Symptom: In EFP xconnect setup, if local access EFP is default encap, local EFP state change from up to down will trigger remote CE interface down. This is the remote host shutdown feature.
Conditions: Occurs under he following conditions:
– Xconnect configured under EFP
– EFP is default encapsulation type
– Local EFP is down
Workaround: There is no workaround.
Symptom: Broadcast Packets are dropped after adding EVC config to ASR 1002 Router. The issue happened on and before Release 3.09.02. The issue doesn't happen on and after Release 03.10.00. After adding evc config, broadcast packets are dropped, L2BDReplicationStart is counted, and replication tree information disappears.
Conditions: on and before 03.09.02.
Workaround: To execute no shutdown command under service instance before configuration change.
Symptom: The team resource has not released after 32k EFP is configured and deleted on the ASR 1001 Router.
Conditions: With a configuration running 3.13 image, configure 32k EFP and check the tcam resource on the ASR 1K and delete the EFP. Then check the tcam on the asr1k, and will find the resource has not been released.
Workaround: Reload the router or FP.
Symptom: ESP Crashed when sending IPv6 fragmented traffic through dmvpn hub(mgre tunnel).
Conditions: This happens when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through dmvpn hub (mgre tunnel). Large amount of IPv6 fragment traffic (for example, 5G on ESP20) which exceeds reassembly performance number (less then 2G).
Workaround: Change MTU to avoid IPv6 fragmentation.
Symptom: BFD failing on RSP Failover on ASR1K with scale configuration.
Conditions: RSP Failover.
Workaround: There is no workaround.
Symptom: Crashes on ASR 1000 Router.
Conditions: Memory allocation is failed.
Workaround: There is no workaround.
Symptom: High RP and ESP utilization and generation of many large (~ 1 MB) logging files with names of the form "cpp_cp_F*".
Conditions: IPv4 multicast packets received on interfaces configured for IP subscriber sessions.
Workaround: There is no workaround.
Symptom: In the LISP getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic gets dropped with qfp error of IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP when the getvpn profile is applied to the LISP0 interface. The encrypted traffic flows in the LISP setup properly.
Conditions: getvpn profile is applied to the physical interface instead of lisp interface.
Workaround: Apply getvpn profile in the LISP interface.
Symptom: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. When do clear crypto session on hub and spoke twice, ESP is crashed.
Conditions: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. when do clear crypto session on hub and spoke twice, ESP is crashed.
Workaround: There is no workaround.
Symptom: ESP crashes at imgr_pktc_cmdsmapcreate_impl.
Conditions: Multiple RP switchovers with 10K flexvpn sessions with traffic
Workaround: There is no workaround.
Symptom: DPSS session is not cleared from the router when the dpss application ends gracefully. The session get cleared automatically after approx 3 mins. During this time, application with same application name cannot reconnect.
Conditions: Provide the conditions.
Workaround: Run the following command on router to clear the session immediately: one stop session all or Wait for the session to get cleaned automatically, or terminate the application ungracefully (ctrl + c).
Symptom: FP crash after the IOS-XE upgrade to 3.11.0S.
Conditions: ASR 1K router running 3.11.0S.
Workaround: There is no workaround.
Symptom: ASR1000 may crash unexpectedly.
Conditions: The crash is due to Flexible Net flow aging timers.
Workaround: There is no workaround.
Symptom: ASR1002 running asr1000rp1-adventerprisek9.03.04.06.S.151-3.S6.bin crashes at crypto ipsec update peer path mtu.
Conditions: None.
Workaround: There is no workaround.
Symptom: ASR1k crashes in SIP code.
Conditions: None.
Workaround: There is no workaround.
Symptom: When using the Anyconnect autoreconnect feature on the ASR platform, configurations dynamically applied to the virtual-access interface might be lost over the reconnection.
Example, the interface after initial connection establishment would have a QOS service policy applied:
ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate service-policy input INPUT-POLICY end After reconnection the INPUT-POLICY is missing:
ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate end
Conditions: This has been observed with configurations being applied from the user AAA profile over Radius authentication. Affected parameters observed are QOS service policies and access-group.
Workaround: Do not use the reconnect feature or apply those configurations directly to the Virtual-Template (if this is an option).
Symptom: Config-sync failure is seen when unconfiguring the crypto gdoi group.
Conditions: Seen on HA setup.
Workaround: There is no workaround.
Symptom: Traceback is seen.
Conditions: MSRPC regression test (mcp_alg_msrpc.tcl) is run
Workaround: There is no workaround.
Symptom: ASR1K crashes when pinging end-to-end over OTV with a frame size greater than (MTU-42) bytes.
Conditions: This has been seen on two ASR1002-X's running IOS-XE 03.10.01.S. Crash was seen when passing large packets across an OTV topology.
Workaround: Limit oversize packets across overlay topology.
Symptom: FTP signaling goes through fine across the ASR in the broken state, but the FTP Data session ( for both active/passive) does not get established.
Conditions: ASR running any of the recent IOS XE code after 3.7.3 with CGN shows this problem after normal operations for about every 2-5 hours.
Workaround: Either clear all the NAT translations ( clear ip nat trans *) or reload the ESP or issue is not seen on the IOS versions before XE 3.7.3 ( including).
Symptom: When doing ISSU super-pkg/sub-pkg upgrade/downgrade between XE3.12.0 CCO to/from latest XE3.12.1 throttle image with Broadband features, Stdby RP fails to come online within the expected time (around 10 mins) and it takes ~18 mins to come to STANDBY HOT state. Noticed that the process CCM RP(82) stucks about 8 mins.
Conditions: Fix for DDTS CSCuo84195 ISSU xe310<>xe311: STBY-RP stuck in process @CCM RF(82) after loadversion Is causing this DDTS.
Though DDTS CSCuo84195 issue is introduced in XE3.11.0, but only identified and fixed recently. Without this DDTS there will be an ISSU issue between XE310 <-> XE311 (or XE312 or XE313)+ images.
After the fix following are the compatible and versions, XE3.10.3 <-> XE3.11.2 <-> 3.12.1 <-> 3.13
Since we cannot commit to already existing labels of XE3.11.0, XE3.11.1 XE3.12.0, this will be known breakages and issu between these image to any latter image will fail.
Workaround: There is no workaround.