Table Of Contents
Release Notes for Cisco Service Control Operating System, Release 3.5.5
Resolved Issues—SCE 2000 and SCE 1000 Only
Open Caveats—Cisco SCE 1000 and Cisco SCE 2000
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco Service Control Operating System, Release 3.5.5
Revised: August 10, 2009, OL-19144-03Overview
These release notes for the Cisco Service Control Operating System describe the functional enhancements and fixes provided in Cisco Service Control Operation System (SCOS) Release 3.5.5. These release notes are updated as needed.
For a list of the caveats that apply to Cisco Service Control Operation System (SCOS) Release 3.5.5, see the "Open Caveats" section. Some caveats apply only to the Cisco SCE8000, some apply to the SCE 2000 and SCE 1000, and others apply to all SCE platforms.
Supports: SCOS Releases 3.5.0 and 3.5.5
•
Obtaining Documentation and Submitting a Service Request
Introduction
Cisco Service Control Operating System (SCOS) Release 3.5.5 for the SCE platforms includes functional enhancements, as well as fixes of issues that were identified during internal testing and customer interaction.
This document outlines the functional enhancements and resolved issues delivered in SCOS Release 3.5.5. It assumes the reader has substantial knowledge of the Cisco Service Control solution. For additional information, refer to the Cisco Service Control Engine documentation.
To access the new Cisco Service Control online documentation site, do the following:
1.
2.
3.
4.
SCOS Release 3.5.5
Compatibility Information
For information regarding the SCE platforms that are compatible with SCOS Release 3.5.5, see the Cisco Service Control Application for Broadband Download Guide.
Functional Enhancements
The following section describes the major SCE-platform-related functional enhancement found in Release 3.5.5. For information regarding other functional enhancements in Release 3.5.5, see the Release Notes for Cisco Service Control Application for Broadband (SCA BB), Release 3.5.5.
SCE8000 with GBE Interfaces
The SCE8000 can support GBE interfaces leveraging the Cisco standard 8 x GBE SPA SPA-8XGE-L-V2 and standard Cisco SFP optics.
Four of the SCE8000-GBE modules are supported:
•
•
•
•
Resolved Issues
•
•
Resolved Issues—SCE8000 Only
CSCsq94141
In rare cases, a condition in which the SNMP agent did not respond to new SNMP requests existed.
This issue is fixed in SCOS Release 3.5.5.
CSCsw34368
Attempting to modify only the subnet mask of the management IP using the ip address command resulted in the following error:
Error - Cannot replace management IP. Invalid state or parameters.
This issue is fixed in SCOS Release 3.5.5.
CSCsw79802
A second PP upgrade on top of the SCE8000 sometimes ended with hardware watchdog and a reload.
This issue is fixed in SCOS Release 3.5.5.
CSCsw80335
SNMPv2-MIB::sysDescr.0 was incorrect.
This issue is fixed in SCOS Release 3.5.5.
CSCsx26119
Pause packets were disabled by default.
This issue is fixed in SCOS Release 3.5.5.
CSCsx28890
After a reload, traffic was mirrored out on the same port that it came in on.
This issue is fixed in SCOS Release 3.5.5.
CSCsx40066
When establishing a connection to SCE8000 using Telnet, the client sometimes failed to acquire the IP address and the connection was aborted.
This issue is fixed in SCOS Release 3.5.5.
CSCsx45470
Sys command server process crashed unpredictably.
A helper daemon, scos-sys-cmd-server, is used by the main process to execute various Linux commands and scripts. In some rare cases, the daemon crashed, causing SCOS to lose some of its functionality, and there was no automatic mechanism to restart the daemon.
This issue is fixed in SCOS Release 3.5.5.
CSCsx96249
SCOS stopped responding when the SIP-8000 card was not installed, with no specific error message sent. In addition, the show version command, which indicates if the SIP-8000 is not installed, was not available due to the stoppage.
This issue is fixed in SCOS Release 3.5.5.
CSCsy34521
Internal compact flash file system errors were not detected by the software. This resulted in normal operation even though the internal compact flash reported errors.
This issue is fixed in SCOS Release 3.5.5.
CSCsy44697
If sntp update-interval was set to 900 (the default value for the SCE 2000 and previously the SCOS default value), it was changed to 64 (the SCE8000 default value) after reloading.
This issue is fixed in SCOS Release 3.5.5.
CSCsy47171
In the MIB II interfaces MIB, the 10 GBE interfaces were listed as 1 GBE instead of 10 GBE.
This issue is fixed in SCOS Release 3.5.5.
CSCsy74124
When the system went into recover mode after three reboots due to hardware init failure, no hardware information was displayed by either the hver or the show version CLI commands.
This issue is fixed in SCOS Release 3.5.5.
CSCsz15690
The last update time of the show sntp output may have been incorrect.
This issue is fixed in SCOS Release 3.5.5.
CSCsz25290
The cefcModuleStatusChange trap did not include the cefcModuleStatusLastChange value.
This issue is fixed in SCOS Release 3.5.5.
Resolved Issues—SCE 2000 and SCE 1000 Only
CSCsw72576
Under rare circumstances, a timeout of the control card watchdog caused an automatic reload in the SCE 2000.
This issue is fixed in SCOS Release 3.5.5.
Resolved Issues—All Platforms
CSCsm52337
When the system was in L2TP skip mode, runtime classification mismatch might have occurred.
This issue is fixed in SCOS Release 3.5.5.
CSCsq73252
The tpServiceLoss MIB sometimes showed an incorrect value.
This issue is fixed in SCOS Release 3.5.5.
CSCsu88206
When a pull response included an IP range (as opposed to one IP address), the Quota Manager (QM) sometimes mistakenly allocated two times the configured dosage.
This issue is fixed in SCOS Release 3.5.5.
CSCsw76802
Incorrect object ID was returned for SysObjId.
This issue is fixed in SCOS Release 3.5.5.
CSCsz10050
At Viewer authorization level, the show snmp command successfully executes. However, at this level, the SNMP agent information did not appear, and the agent state showed as disabled.
This issue is fixed in SCOS Release 3.5.5.
SCOS Release 3.5.0
Compatibility Information
You may install SCOS Release 3.5.0 on the following service control engine platforms:
•
•
•
•
SCOS Release 3.5.0 is not compatible with the following service control engine platforms:
•
•
Functional Enhancements
For information regarding the functional enhancements in Release 3.5.0, see the Release Notes for Cisco Service Control Application for Broadband (SCA BB) 3.5.0.
Resolved Issues
•
Resolved Issues—All Platforms
CSCso19855
When the SNMP agent was restarted on the SCE platform, the coldStart trap was not sent.
This issue is fixed in SCOS Release 3.5.0.
CSCsr30215
tpServiceLoss indicated an incorrect value for service loss. The service loss calculation did not take into consideration the accurate amount of packets bypassed from side-to-side during congestion.
Additionally, the calculation returned the average of aggregative counters, so that all past events of service loss were accounted (even long after they ended).
These issues are fixed in SCOS Release 3.5.0. The service loss calculation was changed to be the average service loss per second measured in the last minute. In SCE8000 (only), the system accurately counts and considers the packets that are bypassed during congestion
CSCsu63708
Upgrading or downgrading SCOS from admin level resulted in a failure message, even if the operation was successful.
This issue is fixed in SCOS Release 3.5.0.
Resolved Issues—SCE8000 Only
CSCsv88499
When MIB requests were received using a string index (as in RDR MIB), the SNMP agentx task stopped responding, where the string was lengthier than 13 characters.
This problem occurred when the RDR destination was configured on the device and authentication was required.
This issue is fixed in SCOS Release 3.5.0.
Limitations and Restrictions
The upgrade to SCOS Release 3.5.5 may result in re-initialization of the SCE 1000 or SCE 2000 hardware bypass module. This re-initialization process may cause a failure of the GBE link where the system stalls for a period of less than 1 second.
Table 1 lists cases in which re-initialization may occur (marked Yes).
When you perform a port scan operation on the SCE platform management port, the SCE platform may experience a reboot. The reboot is initiated by the SCE platform due to scheduling optimization for detecting failover conditions in periods of less than 1 second in a configuration of two cascaded SCE platforms. The following is recommended:
•
•
To disable the SCE watchdog, use the following root-level CLI commands:
configure watchdog software-reset disabled interface linecard 0 no watchdog•
configure watchdog software-reset enabled interface linecard 0 watchdogOpen Caveats
•
Open Caveats—Cisco SCE8000
CSCsm12163
SNMP protocol version v1 does not present 64-bit fields properly.
Workaround: Use SNMP v2.
CSCsq33416
FRU modules that are added after startup, such as an additional pluggable SPA optic, may not appear correctly in the entity MIB.
Workaround: After you install any new FRU units, execute a system reload.
CSCsq95048
The IP table contains entries for internal IP addresses and interfaces. This results in an inconsistency in the If index representation of the following components of the IP table:
•
•
•
Workaround: Ignore all entries in the IP tables, with the exception of the management interface. Refer to the following example:
The If MIB represents five interfaces as follows:
1. if index 1—mng port
2. if index 2—Traffic port 0
3. If index 3—Traffic port 1
4. If index 4—Traffic port 2
5. If index 5—Traffic port 3
The Ip tables and the at tables represent six interfaces as follows:
1. if index 1—eth0 - currently simba to simba
2: if index 2—eth1 - mng port
3. if index 3—eth2 - cofico 1 that is not connected
4. if index 4—lo
5. ifDescr.5—dummy0 - configure to skynet
6. ifDescr.6—skynet0
The only relevant ifIndex in these tables is the management interface, with IfIndex 1 in the IF table being equal to IfIndex 2 in the IP tables.
CSCsq96310
The default gateway cannot be configured before there is an IP address already configured. Trying to set the default gateway when IP address is set results in an error.
Workaround: Before adding the default gateway, configure the IP address.
CSCsr83407
The input and output interface byte counters are not consistent with each other. The input counters include the 4 bytes of the CRC, while the output counters do not include those 4 bytes.
Workaround: None
CSCsw48843
Insertion and removal of either the fan tray or a PSU is not properly indicated in the system. Refer to the following list.
•
–
–
•
–
–
–
Workaround: To obtain information regarding fan tray and PSU insertion or removal, use the following commands:
•
•
These commands must originate with the operator rather than providing an alert to the operator.
CSCsy09562
When you connect to the SCE8000 by SSH, the connection may fail and the following error message appears:
Error: invalid option '<some-ip>'.scos-cli-proxy version 3.5.1 Build 65Usage: scos-cli-proxy [-d] [-df <file-name>] [-dc] -h <remote-addr> -c <CLI-port> -s <shell-name> [-u <user-name>]-d : Enable debug mode-df : Enable debug mode, output debug data to file-dc : together with -d or -df, outputs every character being moved.-h : address of remote host for this session-c : port to connect to for CLI session-s : name of shell to execute for shell session-u : username of remote user--version : print the version and exitWorkaround: Type one or more arbitrary characters for the username (although the username is not defined on the SCE8000).
CSCsz38909
Output GMAC counters don't show multicast and broadcast packets. This is a defect of the Marvel MAC.
Workaround: None
Open Caveats—Cisco SCE 1000 and Cisco SCE 2000
CSCpu11798
When a PQI application file is installed or upgraded on the SCE, the SCE may lose a few packets for a few seconds. The overall percentage of this phenomenon is very low.
Workaround: Perform the upgrade in non-peak time.
CSCsc49573
When VAS mode is enabled, the system generally assumes that traffic with a VLAN tag is VAS traffic coming from the VAS servers, and therefore forwards it to the non-VAS link.
However, under the following conditions, a flow is forwarded by the SCE platform on the same link on which it was received and with no VLAN tag:
•
•
•
In some topologies, this behavior may cause VAS traffic to be incorrectly routed back to the VAS link.
CSCse05325
When the VAS Health Check initializes, the show interface linecard 0 VAS-traffic-forwarding VAS server-id <id> command shows the server being UP even if it is actually Down
The operative state of a VAS server while the Health Check is in Init state is considered to be Up as shown in the CLI command show interface linecard 0 VAS-traffic-forwarding VAS server-id <id>. In addition, during this time, the SCE platform may forward VAS traffic to this server.
CSCsj32282
A tunnel-id-based traffic rule defining DSCP marking applies the DSCP marking to non-tunneled traffic, also.
Workaround: When you define the traffic rule, always set the URG flag. For existing rules, replace with a new rule that is identical, with the addition of setting the URG flag.
CSCsj85601
When you remove all VPNs from the SM using the --force option, some management operations cannot be performed on the SCE until the operation completes. This occurs only when you remove several VPNs that have active subscriber mappings in the SCE.
Workaround: Instead of removing the VPNs along with their subscriber mappings by using the --force option, remove the subscribers first, and only then remove the VPNs (without the --force option).
CSCta13544
SCE integration with WebSense for content filtering, is not operational with the SCE1010 or SCE2020.
Elaboration: The content filtering integration between the SCE and Websense (using the CPA client), can only be used for limited lab trials. In cases where the solution is used at high rates with release 3.5.5 it might experience stability issues which can result in deadlock between the SCE and the WebSense server. The solution is fully operational with the SCE8000. The solution can be used at high rates with the SCE1010 or SCE2020 with Release 3.5.0 .
Open Caveats—All Platforms
CSCsd48922
The configured attack threshold is set for each PPC separately. For certain types of attacks, an attack is detected by the SCOS attack-filter module only if it is three times stronger (as measured by flow rate per second) than the configured value.
This occurs when the IP address common to all the flows of the attack is on the network side of the SCE platform, so all attacks of the single-side-network type have this issue.
CSCsg46885
When link reflection on all ports with line- card aware is configured, a link failure may be reflected to all ports (rather than only to the relevant link) if one of the ports that is connected to the failed line card is flickering due to a hardware problem.
CSCsi80337
If stalled by flow control, the SCE may reload.
By design, the SCE platform reacts to Ethernet flow control and does not activate it. Therefore, a situation could arise in which flow control stalls the SCE platform by overflowing the SCE platform queues and thereby causing traffic to be dropped on the RX interfaces. If this situation persists for more than 5 seconds. It may trigger the SCE platform internal sanity checks mechanism, which may in turn trigger a reload of the SCE platform in an attempt to recover.
CSCsm01291
Issues may occur when an SCE that is configured to create anonymous subscribers is connected to a subscriber manager that is working in push mode. Subscriber login may fail, or the subscriber may log in successfully, but not receive any traffic.
This occurs because, by design, the combination of anonymous subscribers and introduced subscribers is not supported.
Workaround: None
CSCsm19587
Quota events are not received by the SCE subscriber API client or QM because the internal RDR connection to destination 127.0.0.1 port 33001 is not configured.
Workaround: Configure the internal RDR connection as follows:
Step 1
Step 2
CSCsw37717
Configuring two anonymous groups with overlapping IP ranges based on IP address 0.0.0.0 causes continuous reboot of the SCE platform, either immediately during reboot or later during PQI installation.
Workaround: Any anonymous groups with an IP range based on IP address 0 (with the exception of 0.0.0.0:0x00000000) must be deleted from the SCE configuration file. Do this by manually editing the file /system/config.txt.
CSCsw49078
TCP RST packets that are injected during the blocking of TCP flows are padded in the L7 layer instead of Layer 2, with the result that they are padded to 80 bytes in total length rather than 60 bytes.
Workaround: None
CSCsw79718
If failover occurs in a pair of cascaded SCE platforms, mirrored packets enter an infinite loop under the following conditions:
•
•
•
In normal operation, the packets that are passed on the cascade ports are forwarded by the cascade bypass mechanism to the other link. If either SCE platform enters a stand-alone state, the cascade ports no longer perform a cascade bypass and instead they move the packets from one port to the other (0<->1, 2<->3). In such a case, if the mirroring is performed to the cascade ports link (usually link-1), the SCE duplicates packets from the other link into link-1, which is now functioning as a loop. The loop stops after the boxes are out of the stand-alone state.
The following error message is written in the log file:
Detected packets loop between a VAS server designated for mirroring and the SCE. This indicates an installation problemWorkaround: Configure the VAS traffic link on both SCE platforms to be link-0, so that packets are not mirrored over the cascade ports:
>configure>interface LineCard 0>VAS-traffic-forwarding traffic-link link-0>exit>exit>copy running-config startup-configCSCsw80782
After a number of imports of URLs from an encrypted CSV file to the URL blacklist, the system may perform a preventive reload due to a lack of heap space, as a part of memory leakage and fragmentation detection mechanism. Up to the stage of the reload, the system functions properly.
The number of file imports that trigger the reload by the mechanism depends on the number of URLs imported. For example:
•
•
The reboot is caused by a preventive mechanism that detects a memory leakage or fragmentation.
Workaround: Perform an initiated reload before the triggering of the detection mechanism.
Calculate the expected reboot time based on the import frequency and the number of URLs imported, and then plan an initiated reboot (use the reload command) at a convenient time before it is expected to happen spontaneously.
For example, based on the figures above:
•
•
You can monitor the memory status using the following ROOT CLI command:
SCE#> debug slot 0 ppc 0 func memShowstatus bytes blocks avg block max block------ --------- -------- ---------- ----------currentfree 44845608 1862 24084 42556192alloc 424822576 27725 15322 -cumulativealloc 284816368 2565976 110 -Return value is: 0 = 0x0.Monitor the value in the 'free' (row) 'max block' (column) size in the output. The value may decrease after each successive URL file import. When the value approaches 500,000, the system should be reloaded. (If it falls under 500,000, the system reloads automatically.)
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.