Guest

Cisco Service Control Operating System Software

Release Notes for Cisco Service Control Operating System, Release 3.7.x

Hierarchical Navigation

Downloads

Table Of Contents

Release Notes for Cisco Service Control Operating System, Release 3.7.x

Overview

Contents

Introduction

Limitations and Restrictions

Cisco Service Control Operating System Release 3.7.5

Compatibility Information

New and Enhanced Features

IPv6

Mirroring all TCP-fragmented HTTP GET packets

NAI Subscriber Type Information in Gx Subscriber Integration

Updates to Raw Data Records

Resolved Issues

Resolved Issues—Cisco SCE 8000

Cisco Service Control Operating System Release 3.7.2

Compatibility Information

New and Enhanced Features

Hardware Bypass

Tunable to Restrict the Length of the HTTP_COOKIE

Addition of Package Id to Redirection URL

Turn On and Turn Of Lately Used Mechanism for a Single Application

CDMA Reports

Debug CLI to Indicate RDR Drops

Resolved Issues

Resolved Issues—Cisco SCE 8000

Resolved Issues—All Cisco SCE Platforms

Cisco Service Control Operating System Release 3.7.1

Compatibility Information

New and Enhanced Features

VLAN ID to Virtual Gi ID Mapping Support

Resolved Issues

Cisco Service Control Operating System Release 3.7.0

Compatibility Information

New and Enhanced Features

CLI Interface Warning Banner

OS Fingerprinting and NAT Detection

Management Interface VLANs

Command-Level TACACS+ Authorization

Assigning ACLs to Specific Services

Resolved Issues

Resolved Issues—Cisco SCE 8000

Resolved Issues—All Platforms

Open Caveats

Open Caveats—Cisco SCE 8000

Open Caveats—Cisco SCE 1000 and Cisco SCE 2000

Open Caveats—All Cisco SCE Platforms

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco Service Control Operating System, Release 3.7.x

Revised: March 22, 2012, OL-24147-04

Note This document supports all the 3.7.x releases of Cisco Service Control Operation System.

Overview

The release notes for the Cisco Service Control Operating System describe the functional enhancements and fixes provided in the Cisco Service Control Operation System (SCOS) Release 3.7.x. These release notes are updated as needed.

For a list of the open caveats that are applicable to Cisco SCOS Release 3.7.x, see the "Open Caveats" section. Some caveats are applicable only to the Cisco Service Control Engine (SCE)8000 platform, some to the Cisco SCE 2000 and Cisco SCE 1000 platforms, and others to all the Cisco SCE platforms.

Contents

Introduction

Limitations and Restrictions

Cisco Service Control Operating System Release 3.7.5

Cisco Service Control Operating System Release 3.7.2

Cisco Service Control Operating System Release 3.7.1

Cisco Service Control Operating System Release 3.7.0

Obtaining Documentation and Submitting a Service Request

Introduction

Cisco SCOS Release 3.7.x for SCE platforms includes new features, as well as fixes for issues that were identified during internal testing and customer interaction.

This document outlines the functional enhancements and resolved issues delivered in Cisco SCOS Release 3.7.x. It assumes that the reader has substantial knowledge of the Cisco Service Control solution. For additional information, see the Cisco SCE documentation.

To access the new Cisco Service Control online documentation site, do the following:

1. On Cisco.com, go to http://www.cisco.com/cisco/psn/web/psa/default.html?mode=prod.

2. From the Products list, select Service Exchange > Cisco Service Control > Cisco Service Control Product.

Limitations and Restrictions

Upgrading to Cisco SCOS Release 3.7.x may result in reinitialization of the SCE 1000 or SCE 2000 hardware bypass module. This reinitialization process may cause a failure of the GBE link when the system stalls for a period of less than one second.

Table 1 lists the cases in which reinitialization may occur (marked Yes).

Table 1 Cases in Which Upgrading May Cause System Reinitialization 

To

From

3.0.0

3.0.1

3.0.3

3.0.4

3.0.5

3.0.6

3.1.x1

3.5.x2

3.6.x3

3.7.x4

2.5.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.5

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.6

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.7

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.8

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

2.5.9

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

3.0.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

3.0.1

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

3.1.5

3.1.6

3.1.7

3.5.0

3.5.5

3.6.0

3.6.5

3.7.0

1 Cisco SCE Releases 3.1.0, 3.1.1, 3.1.5, 3.1.6, and 3.1.7.

2 Cisco SCE Releases 3.5.0, and 3.5.5

3 Cisco SCE Releases 3.6.0, and 3.6.5

4 Cisco SCE Releases 3.7.0, and 3.7.5


When you perform a port scan operation on the SCE platform management port, the SCE platform may experience a reboot. This reboot is initiated by the SCE platform because of scheduling optimization for detecting failover conditions in periods of less than one second in a configuration of two cascaded SCE platforms. We recommend the following:

Use IP access lists to eliminate port scans that take place because of actual attacks.

If the system administrator must perform a port scan operation as part of the security check, it is advisable to disable the SCE watchdog only for the period of time in which the port scan is performed.

To disable the SCE watchdog, use the following root-level CLI commands: 

configure 
watchdog software-reset disabled 
interface linecard 0 
no watchdog

To re-enable the SCE watchdog, use the following root-level CLI commands: 

configure 
watchdog software-reset enabled 
interface linecard 0 
watchdog

Cisco Service Control Operating System Release 3.7.5

This section describes the compatibility information, new features, resolved issues, and open issues pertaining to Cisco SCOS Release 3.7.5.:

Compatibility Information

New and Enhanced Features

Resolved Issues

Compatibility Information

For information about the Cisco SCE platforms that are compatible with Cisco SCOS Release 3.7.5, see the Cisco Service Control Application for Broadband Download Guide.

Cisco SCOS Release 3.7.5 is compatible only with Release 3.7.5 of the Cisco SCMS Collection Manager.

New and Enhanced Features

This section describes the major Cisco SCE platform-related new features and enhancements in Cisco SCOS Release 3.7.5:

IPv6:

Configuration

Service-Based Controls

Flow Filter

Tunnels Supported

Redirection and Blocking

Raw Data Records

Mirroring all the TCP-fragmented HTTP GET packets

NAI Subscriber Type Information in Gx Subscriber Integration

Updates to Raw Data Records

IPv6

Cisco SCOS Release 3.7.5 supports software-based processing of IPv6 traffic on Cisco SCE 8000 devices.

The features that are available for IPv4, such as traffic processing, application classification, and management APIs (except subscriber integration features), are available for IPv6 too. IPv6 features work only in the subscriberless mode.

To configure the Cisco SCE 8000 devices to handle IPv6 traffic, configure the IPv6 environment after upgrading to Cisco SCOS Release 3.7.5.

For details on configuring Cisco SCE 8000 for IPv6 traffic, see the following guides:

Cisco SCE8000 GBE Software Configuration Guide, Release 3.7.x

Cisco SCE8000 10GBE Software Configuration Guide, Release 3.7.x

Cisco SCOS Release 3.7.5 does not support classification and control of IPv6 fragmented packets. This also applies to IPv6 tunnels where classification of internal and external fragmentation is not supported. See the software configuration guides for information about the IPv6 implementation limitations.

Traffic Processor Card Configuration

In Cisco SCOS Release 3.7.5, IPv6 is configured on traffic processor cards and not on individual traffic processors. When configured, a traffic processor can process either IPv4 or IPv6 traffic, but not both. Several combinations of configurations are available in the single SCM mode and dual SCM mode. See the software configuration guides for details.

Service-Based Controls

Service classification and global bandwidth controls are applicable for both IPv4 and IPv6. For example, there is only one browsing service, for both IPv6 and IPv4 browsing traffic. Allocating a global bandwidth controller to a certain service limits IPv6 and IPv4 traffic within that service.

Flow Filter

For IPv4, the following fields are considered for flow filtering:

Subscriber-side IP (range and inverse)

Network-side IP (range and inverse)

Subscriber-side Port (range and inverse)

Network-side Port (range and inverse)

Either TOS or Tunnel-Id—based on the traffic-rule tunnel-id-mode configuration (range and inverse)

Protocol Field (All, None, or a Specific Protocol)

TCP Flags (choose or ignore)

Direction of traffic (subscribers, network, or both)

For IPv6, all the fields considered for IPv4 are considered, with the following exceptions:

For TCP Flags, only SYN, ACK, RST, and FIN are considered and not PSH and URG.

No range option for Subscriber-side IP and Network-side IP; instead, the prefix length is used.

No inverse support for any of the fields.

The Protocol Field supports only TCP and UDP protocols.

Traffic Flows

The number of flows that Cisco SCE 8000 supports for IPv6 traffic is now restricted to 2 million on a single SCM. Even though Cisco SCE 8000 can be configured to support more flows, we recommend that you do not configure a value that is more than the default.

Tunnels Supported

Cisco SCE 8000 supports 6to4, 6rd, and DS-Lite tunnels for IPv6 traffic. DS-Lite with extension header is also supported.

Configure IPv6 environment before configuring any of these tunnels. To configure the 6to4 and 6rd tunnels, configure the 6to4 environment after configuring the IPv6 environment.

Redirection and Blocking

Redirection and blocking are supported in IPv6 for native IPv6 traffic. They are not supported on the 6to4, 6rd, and DS-Lite tunnels.

Raw Data Records

The following RDRs support IPv6 information:

Transaction RDR

Transaction Usage RDR

HTTP Transaction Usage RDR

Blocking RDR

Link Usage RDR

New fields are added to the RDRs to support IPv6 information. See the Cisco Service Control Application for Broadband Reference Guide, Release 3.7.x for details on the new fields.

Mirroring all TCP-fragmented HTTP GET packets

From Cisco SCE Release 3.7.5, you can configure Cisco SCOS to mirror all the segments of the HTTP GET packets if the HTTP port is 80, 8080, or 8081. A new tunable, GT_SEG_GET_MIRROR, has been added to configure this feature.

NAI Subscriber Type Information in Gx Subscriber Integration

From Cisco SCE Release 3.7.5, the Subscription-Id (443) AVP received from the PCRF is stored along with the corresponding Subscription-Id-Type (450) and Subscription-Id-Data (444).

By default, Cisco SCE considers all the mobile subscribers to be of END_USER_E164(0) type. In all diameter messages, END_USER_E164 type will be sent. If the subscription-Id-Type received for a particular subscriber is NAI, Cisco SCE stores and sends the NAI type in all subsequent transactions.

Updates to Raw Data Records

Three new fields have been added to the network usage RDRs (NURs). The partyOSMap field carries the the OS Finger Printing information. Two fields added after the partyOSMap field are reserved for future use.

Resolved Issues

This section describes the resolved caveats pertaining to Cisco SCOS Release 3.7.5:

Resolved Issues—Cisco SCE 8000

Resolved Issues—Cisco SCE 8000

This section describes the resolved caveats in the Cisco SCE 8000 platform in Cisco SCOS Release 3.7.5.

CSCtj56344

In Release 3.6.0 and Release 3.6.1, Cisco SCE 8000 device configured in the IP Tunnel L2TP Skip mode did not process traffic on the first traffic processor. This was because of poor handling of non-first fragment packets.

This issue is resolved in Cisco SCOS Release 3.7.5.

CSCtq94071

When OS Fingerprinting was enabled, OS information of parties were populated on the control cards and line cards.

When a party aged or logged out, or party mappings were removed, the OS information was cleared from the control cards and line cards. When the no party db command was used, the OS information was cleared from the line cards but not from the control cards.

This issue is resolved in Cisco SCOS Release 3.7.5.

CSCtt07532

In the Cisco SCE 8000 platform, when the Gx-RAR message was received, the Cisco SCE sent Gy-CCR(t) without waiting for Gy-CCA to send Gy-CCR(u). However, the diameter machine went directly from the Pending-U state to the Pending-T state, which was not permitted as per the standards.

This issue is resolved in Cisco SCOS Release 3.7.5.

Cisco Service Control Operating System Release 3.7.2

This section describes the compatibility information, new features, resolved issues and open issues pertaining to Cisco SCOS Release 3.7.2.

It consists of the following sections:

Compatibility Information

New and Enhanced Features

Resolved Issues

Compatibility Information

For information about the Cisco SCE platforms that are compatible with Cisco SCOS Release 3.7.2, see the Cisco Service Control Application for Broadband Download Guide.

New and Enhanced Features

This section describes the major SCE platform-related new features and enhancements in Cisco SCOS Release 3.7.2:

Hardware Bypass

Tunable to Restrict the Length of the HTTP_COOKIE

Addition of Package Id to Redirection URL

Turn On and Turn Of Lately Used Mechanism for a Single Application

CDMA Reports

Debug CLI to Indicate RDR Drops

For information regarding other functional enhancements in Cisco SCOS Release 3.7.2, see the Release Notes for Cisco Service Control Application for Broadband 3.7.x

Hardware Bypass

The Cisco SCE 8000 platform now supports the Hardware Bypass feature. The main objective of this feature is to hardware bypass the traffic of the configured static parties created in the hardware bypass mode at the hardware level, based on their IP address or IP range.

Tunable to Restrict the Length of the HTTP_COOKIE

The size of the HTTP_ COOKIE field in the Cisco SCE platform can be now reduced using the GT_MAX_COOKIE_LENGTH tunable. The value range of GT_MAX_COOKIE_LENGTH can be from 0 to 65535.

Addition of Package Id to Redirection URL

This feature, which is supported in the Cisco SCE 8000, adds a package ID or a profile ID in the redirection URL, in addition to other configured parameters such as subscriber ID or service ID. This feature is activated when the GT_Redirect_enablePackageID tunable value is set as true.

Turn On and Turn Of Lately Used Mechanism for a Single Application

This feature enables or disables tunables based on the corresponding tunable values. The following new tunables have been added for P2P applications that are using the lately used mechanism:

GT_PL_MODULE__LATELY_MARKS_WINNY_ENABLED

Enables or disables the Winny module.

GT_PL_MODULE__LATELY_MARKS_BITTORRENT_ENABLED

Enables or disables the BitTorrent module.

GT_PL_MODULE__LATELY_MARKS_WAREZ_ENABLED

Enables or disables the Warez module

GT_PL_MODULE__LATELY_MARKS_VAGAA_ENABLED

Enables or disables the Vagaa module

GT_PL_MODULE__LATELY_MARKS_THUNDER_NETWORKING_ENABLED

Enables or disables the Thunder module.

GT_PL_MODULE__LATELY_MARKS_FREENET_ENABLED

Enables or disables the Freenet module.

GT_PL_MODULE__LATELY_MARKS_EDONKEY_ENABLED

Enables or disables the eDonkey module.

GT_PL_MODULE__LATELY_MARKS_JOOST_ENABLED

Enables or disables the Joost module.

GT_PL_MODULE__LATELY_MARKS_GNUTELLA_ENABLED

Enables or disables the Gnutella module.

CDMA Reports

The following new Vendor Specific Attributes (VSA) have been added to the Video Transaction Usage Raw Data Record (RDR), HTTP Transaction Usage RDR, and Subscriber Usage RDR:

3GPP2-Home-Agent-IP-Address—vendor-ID: 5535, attribute-ID: 7, data-type: address

3GPP2-ESN—vendor-ID : 5535, attribute-ID: 52, data-type : OCTETString

3GPP2-MEID—vendor-ID : 5535, attribute-ID: 116, data-type : OCTETString

3GPP2-PCF-IP-Address—vendor-ID : 5535, attribute-ID : 9, data-type : address

Debug CLI to Indicate RDR Drops

This debug CLI can now be used by the Cisco SCE platform to display or clear the total number of RDR reports generated, successfully sent to the Control Processor, and reports dropped at the corresponding Traffic Processor.

Resolved Issues

This section describes the resolved caveats pertaining to Cisco SCOS Release 3.7.2:

Resolved Issues—Cisco SCE 8000

Resolved Issues—All Cisco SCE Platforms

Resolved Issues—Cisco SCE 8000

This section describes the resolved caveats in the Cisco SCE 8000 platform in Cisco SCOS Release 3.7.2.

CSCtt07477

When a huge amount of SNMP queries are sent from the SCE platform, the SNMP AgentX task crashes and as a result, the SNMP queries are not answered.

This issue is resolved in Cisco SCOS Release 3.7.2.

CSCtr32710

In Cisco SCOS Release 3.6.5, Release 3.6.6, and Release 3.7.0, the PQI application removes the diameter Gx command from the running configuration mode, as a result of which the command has to be added manually.

This issue is resolved in Cisco SCOS Release 3.7.2.

Resolved Issues—All Cisco SCE Platforms

This section describes the resolved caveats in all the platforms of Cisco SCE in Cisco SCOS release 3.7.2

CSCtu92802

Cisco SCE reboots during a subscriber logout. This is observed in the SCE 2000 and SCE 8000 platforms.

This issue is resolved in Cisco SCOS Release 3.7.2.

Cisco Service Control Operating System Release 3.7.1

This section describes the compatibility information, new features, resolved issues, and open issues pertaining to Cisco SCOS Release 3.7.1.

It consists of the following sections:

Compatibility Information

New and Enhanced Features

""

Compatibility Information

For information about the Cisco SCE platforms that are compatible with Cisco SCOS Release 3.7.1, see the Cisco Service Control Application for Broadband Download Guide.

New and Enhanced Features

This section describes the major SCE platform-related new features and enhancements in Cisco SCOS Release 3.7.1:

VLAN ID to Virtual Gi ID Mapping Support

For information regarding other functional enhancements in Cisco SCOS Release 3.7.1, see the Release Notes for Cisco Service Control Application for Broadband 3.7.x

VLAN ID to Virtual Gi ID Mapping Support

Cisco SCE 8000 supports the VLAN ID to Virtual Gi ID mapping feature. This feature enables SCE to map the VLAN ID retrieved from the subscriber traffic to a virtual Gi ID, thus, allowing the PCRF to fetch the policy corresponding to the VLAN ID and IP address, and send it to SCE. The physical VLAN ID received from the subscriber side traffic is in the range of 1-4094. This range (1-4094) is mapped to a static virtual ID that is of the range 1-255, and is used by the PCRF server to fetch the policy.

For more information on this feature, see the Cisco SCE 8000 GBE Software Configuration Guide.

Resolved Issues

This section describes the resolved caveats in the Cisco SCE 8000 platform in Cisco SCOS Release 3.7.1.

CSCtl22315

Throughput is down when VAS is enabled on the SCE8000 platform. This issue occurs irrespective of any server configuration.

This issue is resolved in SCOS Release 3.7.1.

Cisco Service Control Operating System Release 3.7.0

This section describes the compatibility information, new features, resolved issues, and open issues pertaining to Cisco SCOS Release 3.7.0.

It consists of the following sections:

Compatibility Information

New and Enhanced Features

Resolved Issues

Open Caveats

Compatibility Information

For information about the Cisco SCE platforms that are compatible with Cisco SCOS Release 3.7.0, see the Cisco Service Control Application for Broadband Download Guide.

New and Enhanced Features

This section describes the major SCE-platform-related new features and enhancements in Cisco SCOS Release 3.7.0:

CLI Interface Warning Banner

OS Fingerprinting and NAT Detection

Management Interface VLANs

Command-Level TACACS+ Authorization

Assigning ACLs to Specific Services

For information regarding other functional enhancements in Cisco SCOS Release 3.7.0, see the Release Notes for Cisco Service Control Application for Broadband 3.7.0

CLI Interface Warning Banner

The SCE8000 now supports the warning banner feature. A warning banner is a security warning message that is displayed when unauthorized users try to connect to SCE platform by using either Telnet or the console connection. It can also provide device details, as well as information about the service and application.

OS Fingerprinting and NAT Detection

Operating system fingerprinting is the process of determining the identity of a remote host operating system by analyzing packets from that host. It detects the operating system used by the subscriber and checks whether the subscriber is present in a NAT environment by analyzing the subscriber traffic.

An encrypted fingerprint file that has the list of OS signatures is packaged with each SCOS release. Signature files will be updated as needed, and the updated signature files will be available on Cisco.com.

The detected OS type is reported by using RDRs, VSA, SCA BB console, and CLI mechanisms.

Note When the OSFP fingerprinting is enabled, minimal drop in performance is expected, typically two to three percent. The drop in performance varies depending on the OS that are detected. For example, if many flows of unsupported OS are detected, the percentage drop of performance could be higher.

Management Interface VLANs

The SCE8000 now supports management network interface that is used for managing services such as the following:

Accessing the SCE shell through Telnet or SSH.

SNMP

Management interface VLANs provide a way to distinguish between these management services (Telnet, SSH, and SNMP) by using separate VLANs carried over the same physical port.

Command-Level TACACS+ Authorization

The SCE8000 now supports command-level TACACS+ authorizations. When command-level authorization is enabled, each CLI command that is issued must be authorized by the external TACACS server before the system actually executes the command. You can configure the authorization level at which command-level authorization is required. For example, you can configure command-level authorization only at the root level.

As with login and privilege-level authentication, if the TACACS+ server is unavailable, the regular fall back mechanism is used.

Assigning ACLs to Specific Services

The SCE8000 now supports access to each management service (Telnet, SNMP, and SSH) that can be restricted to an ACL. Interface-level lists are, by definition, a subset of the global list defined. If access is denied at the global level, the IP will not be allowed to access by using one of the interfaces. When an ACL is associated with a specific management service, that service checks the ACL to find out if there is permission for a specific external IP address trying to access the management interface.

Resolved Issues

This section describes the resolved caveats pertaining to Cisco SCOS Release 3.7.0:

Resolved Issues—Cisco SCE 8000

Resolved Issues—All Platforms

Resolved Issues—Cisco SCE 8000

This section describes the resolved caveats in the Cisco SCE 8000 platform in Cisco SCOS Release 3.7.0.

CSCtd98432

The diameter origin realm cannot be changed on the SCE platform. Even when the diameter origin-realm CLI command is executed, diameter messages are still sent with the default SCE realm (sce.cisco.com).

This issue is resolved in SCOS Release 3.7.0.

CSCte21978

When power supply is removed, a trap is not sent and the SCE does not change the operational status to reflect the power supply failure.

This issue is resolved in SCOS Release 3.7.0.

CSCtf74153

A Diameter TPS rate higher than 400 might cause memory exhaustion and reload of the SCE platform.

This issue is resolved in SCOS Release 3.7.0.

CSCtf75310

When using the SCE API in push mode, no Gy sessions are created upon login.

This issue is resolved in SCOS Release 3.7.0.

CSCtf75313

When using the SM API in push mode, no Gy sessions are created.

If the SM logs in a subscriber with no policy, Gx will then set a policy. And, although Gy is enabled, no Gy session will be opened.

This issue is resolved in SCOS Release 3.7.0.

CSCtg06262

Release 3.6.0, logins are stopped because of lock problems when working with the SM.

This issue is resolved in SCOS Release 3.7.0.

CSCth49754

In Release 3.6.0 Mobile, sometimes the prompt does not return after a series of show diameter CLI commands.

This issue is resolved in SCOS Release 3.7.0.

CSCtj38391

After enabling SSH, you cannot log in after disabling SSHv1 (no ip ssh SSHV1 command). However, if you enable SSH again (ip SSH command), then, even though the log shows "SSHv1 support is disabled.", you can log in through SSHv1.

This issue is resolved in SCOS Release 3.7.0.

CSCti78964

The show process cpu CLI sometimes shows very large values, indicating unrealistic CPU utilization. This is suspected to be a bug in Linux kernel 2.6.23+.

This issue is resolved in SCOS Release 3.7.0.

CSCtj70144

SNMP traps are not generated when VAS servers are enabled and disabled.

This issue is resolved in SCOS Release 3.7.0.

CSCtj71847

When the SCE applies a block rule and generates a TCP RST towards the client and the server, the RST directed towards the VAS server is sent to the network side with the VLAN tag added by VAS. The RST, therefore, does not reach the server.

This issue is resolved in SCOS Release 3.7.0.

CSCtk64233

The no diameter realm all command does not remove the forwarding mode associated with the realm.

This issue is resolved in SCOS Release 3.7.0.

CSCtk57464

SCE 8000 default management configuration is wrong. For the second management port feature in SCE 8000, the default configuration about "auto-failover" and "active-port" is not documented.

This issue is resolved in SCOS Release 3.7.0.

CSCtk76058

The management port cannot be activated without reload. For the second management port feature in SCE 8000, after setting the IP address in the management port, you must reload the SCE to make the port active.

This issue is resolved in SCOS Release 3.7.0.

CSCtl42778

To improve PCRF failover time and ignore additional socket FDs.

When unreachable diameter peers are configured, the execution of diameter-related CLI commands takes a few minutes before returning to the command prompt.

This issue is resolved in SCOS Release 3.7.0.

Resolved Issues—All Platforms

This section describes the resolved caveats in all platforms of Cisco SCE for release 3.7.0

CSCtn27279

When SSH was enabled on the Cisco SCE devices running Cisco SCOS Release 3.6.5, the default password was accepted for users not configured to access Cisco SCE devices using SSH.

This issue is resolved in Cisco SCE Release 3.7.0.

To enable a user to connect to Cisco SCE devices using SSH, you must configure both username and password for the user in Cisco SCE device. This is applicable to the default user names admin and root.

CSCte21978

When a power supply is removed, a trap is not sent and the SCE does not change the operational status to reflect the failure of one power supply.

This issue is resolved in SCOS Release 3.7.0.

CSCtk54906

The show interface LineCard 0 counters bandwidth command displays wrong output, which refers to the L1 bytes, when actually, Total BW is L1 and RxBW is L2.

This issue is resolved in SCOS Release 3.7.0.

CSCtl05749

The delayed logout feature cause a "Party DB: PartyDB::waitForState" warning. This feature was newly added in 3.6.5. The warning is harmless, but it can fill up the logs.

This issue is resolved in SCOS Release 3.7.0.

CSCtl05846

PartyDBManager shows high CPU usage only when there is no Subscriber Manager.

This issue is resolved in SCOS Release 3.7.0.

Open Caveats

This section describes the open caveats pertaining to Cisco SCOS Release 3.7.x. It consists of the following sections:

Open Caveats—Cisco SCE 8000

Open Caveats—Cisco SCE 1000 and Cisco SCE 2000

Open Caveats—All Cisco SCE Platforms

Open Caveats—Cisco SCE 8000

This section describes the open caveats pertaining to the Cisco SCE 8000 platform for the Cisco SCOS Release 3.7.x.

CSCts94869

In the show interface linecard 0 counter command output, the IPv6 packets are accounted as non-IP packets.

Workaround: Use IPv6 bytes counter or Link Usage RDR (LUR). The IPv6 bytes are available from the IPv6 bytes counter and from the Link Usage RDRs. The non-IP packets field shows both the IPv6 packets and the non-IP packets.

CSCtu12409

In the show interface linecard 0 counter command output, the DP L2TP control packet count field shows DP IPv6 byte sizes. The L2TP packet count is not displayed.

Workaround: None

CSCty64149

Instead of bypassing the IPv4 non TCP/UDP, flows are created for IPv4 non TCP/UDP and transaction usage RDR is received when the TCP 6to4 traffic is pushed to Cisco SCE 8000 in the following scenarios:

When 6to4 is disabled (IPv4 mode or 6to4 skip disabled)

When IPv6 mode is configured and 6to4 skip is disabled.

Workaround: None

CSCty64289

During a normal bootup of Cisco SCE 8000 devices, errors similar to the following may appear: 

"some hardware versions are incompatible with this software! "

Workaround: You can ignore this error.

CSCty65884

The Cascade setup does not work when the first traffic processor card on the Cisco SCE 8000 is configured for IPv6 and the second for IPv4.

Workaround: Configure the first traffic processor card to handle IPv4 traffic and the second to handle IPv6 traffic.

CSCty78963

If media flow, flow start, and flow end RDRs are enabled for IPv6 traffic, when at least one traffic processor card is configured for IPv6, messages similar to the following is seen in the debug log:

03/20/12 15:02:52 [000000942820:187:298] | 004 | 0000000349 | 0000000 | <<ERROR>> [0x0814:0x00a4] Function Pool Flow Handling Nodes: FncplFlow::funcGetFlowTuple- Wrongly invoked for IPv6 Flow - tupleType = 1

Too many similar error messages in the log can cause the SCE 8000 to restart. To avoid this issue, do not enable media flow, flow start, or flow end RDRs when IPv6 is configured on the device.

Workaround: None.

CSCty73906

Downgrading Cisco SCOS Release 3.7.5 to previous release displays error messages.

While downgrading Cisco SCOC Release 3.7.5 to Release 3.7.2, an error message similar to the following is displayed: 

"Could not allocate 7383087 bytes for Control Application XML data partition"

Workaround:

Reload the device again and install 3.7.2 PQI file from Cisco SCA BB Release 3.7.2.

Alternatively,

Follow these steps to downgrade to Cisco SCOS Release 3.7.2:

Step 1 Copy the Cisco SCOS Release 3.7.5 PQI file to the /apps/data/scos/app/ folder: 

SCE8000#> copy ftp://ftpdefaultdirectory/ 3.7.5/pqi_file.pqi /apps/data/scos/app/

Step 2 Uninstall the Cisco SCOS Release 3.7.5 PQI file: 

SCE8000(config if)#> pqi

Step 3 Uninstall the pqi_file.pqi.

Step 4 Copy the running configuration to the startup configuration: 

SCE8000#> copy running-config startup-config

Step 5 Install Cisco SCOS Release 3.7.2 PKG file from Cisco SCA BB Release 3.7.2.

Step 6 Install Cisco SCOS Release 3.7.2 PQI file from Cisco SCA BB Release 3.7.2.

CSCtx10148

Cisco SCE 8000 devices with dual SCM modules fails to support 16 million bidirectional flows when there are 250000 subscribers.

Workaround: None.

CSCty32405

Cisco Service Control Application for Broadband Reference Guide, Release 3.7.x with part number OL-24174-03, shows an unknown data type "ADDRESS" for the RDR fields 3GPP2-PCF-IP-Address and 3GPP2-Home-Agent-IP-Address.

The data type "ADDRESS" is equivalent to UINT32.

Workaround: None.

CSCty42786

On Cisco SCE 8000, when remaining quota RDR is enabled, Gx/Gy implementation sends VALIDITY time expires message before the actual time that was passed in AVP to the OCS.

Workaround: None.

CSCty54746

On Cisco SCE 8000, the session-id field of SCE diameter CCR-T messages contains meaningless characters.

Workaround: None.

CSCtx51801

On Cisco SCE 8000, when the device tries a push login for a gx subscriber, SCE fails with timeout error messages on CLI output.

Workaround: None.

CSCtx53825

On Cisco SCE 8000 with Cisco SCOS 3.6.5 in dual SCM scenarios, SNMP agent fails to start while restarting the SNMP process after the SNMP agent timer is increased to 30.

Workaround: None.

CSCty13726

Cisco SCE8000 platform configured in IP-Tunnel L2TP Skip mode does not process traffic on the first traffic processor.

This is a result of bad handling of non-first-fragments packets. Therefore, in networks with some IP fragmentation, it is likely that the problem will not be observed even if IP-Tunnel L2TP Skip is configured.

The appropriate workaround depends on whether L2TP tunneled traffic must be processed based on the internal IP layer.

Note This workaround is not applicable for cascade.

If L2TP tunneled traffic does not need to be processed based on the internal IP layer:

Workaround: Disable L2TP Skip.

If L2TP tunneled traffic must be processed based on the internal IP layer:

Workaround:

Run the following root-level CLI command: 

debug slot 0 ppc 0 func SimbaDPT[0].4DP[0].RegWr16 0x28 0x1000

This command provides an immediate solution to the problem, but it is not persistent across SCE reboot. To make this debug command run during the SCE8000 boot-up process, the command must be added to the genstart.txt file.

The genstart.txt file is located at /apps/data/scos/system/p3hidden/config/ (or /system/p3hidden/config/ from the SCE CLI). The genstart.txt file should exist on your SCE disk space and should be empty. If the file does not exist, create it under /apps/data/scos/system/p3hidden/config/.

To edit the file, you must use FTP to copy the file from the SCE platform to an FTP server. Then, edit the file, and use FTP to copy it back to the SCE platform.

The line to append is: 

do debug slot 0 ppc 0 func SimbaDPT[0].4DP[0].RegWr16 0x28 0x1000

The following sample CLI session shows how to copy the file to an FTP server, copy the file back to the appropriate path in the SCE platform, and then verify that the added line does appear in the file: 

copy ftp://username:password@10.1.1.30/./genstart.txt 
/system/p3hidden/config/genstart.txt

After copying the file, verify if the appended line appears in the file: 

more /system/p3hidden/config/genstart.txt

do debug slot 0 ppc 0 func SimbaDPT[0].4DP[0].RegWr16 0x28 0x1000

CSCsq95048

The IP table contains entries for internal IP addresses and interfaces. This results in inconsistency in the If index representation of the following components of the IP table:

ipAddrTable

ipRouteTable

ipNetToMediaTable

Workaround: Ignore all entries in the IP tables, except for the management interface. See the following example:

The If MIB represents five interfaces as follows:

if index 1—mng port

if index 2—Traffic port 0

If index 3—Traffic port 1

If index 4—Traffic port 2

If index 5—Traffic port 3

The IP tables and the at tables represent six interfaces as follows:

if index 1—eth0 "currently simba to simba"

if index 2—eth1 "mng port"

if index 3—eth2 "cofico 1 that is not connected"

if index 4—lo

ifDescr.5—dummy0 "configure to skynet"

ifDescr.6—skynet0

The only relevant ifIndex in these tables is the management interface, with IfIndex 1 in the If table being equal to IfIndex 2 in the IP tables.

CSCtc28950

DDos global attacks (such as TCP syn and UDP fragment) do not result in sending a relevant SNMP trap. Note, however, that specific IP DDos attacks do result in sending a relevant SNMP trap.

Workaround: None

CSCte34741

The show bucket-state CLI command shows the wrong bucket status for breached buckets.

When you run the following CLI command on a subscriber that has several buckets in different states (some of them are in breach status), the output shows that all the buckets are in the "not breached" state:

show interface LineCard 0 subscriber name <sub_name> bucket-state

When you run the following CLI command on a specific bucket in breach state, the bucket status is "breached". And the next time you run the general show bucket-state CLI command (shown above), it will show as "breached", also:

show interface LineCard 0 subscriber name <sub_name> bucket-state id <bucket_id>

Workaround: None

CSCte75842

SCE 8000 not configured for ToS marking sometimes changes the ToS value. This problem is observed mainly on TCP SYN packets.

Workaround: Enable "quick forwarding". Although this may not solve the problem completely, it reduces greatly.

CSCte92800

In high-availability forwarding mode, when a peer is removed, it should be replaced in the list automatically, but it is not. As a result, when the primary Gy peer is removed, CCRs are not sent.

Workaround: None

CSCtf24792

In a chassis with two SCE8000-SCM modules installed, the management ports of the second SCM are active. If you plug a network cable into the management port of the SCE8000-SCM in slot 2, the Link LED turns on. This is confusing because this port has no IP address configured and should not be used.

Workaround: Use the management ports on the SCE8000-SCM only in slot 1.

CSCtf43847

"No Such Object available on this agent at this OID" message is returned by the snmpget command, even if a correct OID is requested. It occurs when taking the support file or applying the policy.

It occurs more often if multiple OIDs are requested in one snmpget command.

Workaround: Request only one OID per snmpget command.

CSCth28020

When the autofailover state is changed from "on" to "off", the inactive port does not retain the originally configured speed and duplex values.

Workaround: Configure the speed for the inactive port after autofailover is set to "off".

CSCth55499

The actual maximum rate for the ZUR is greater than the configured value. This is because ZURs are sent separately from each PPC, whereas one aggregated ZUR for all PPCs should be sent. As a result, the maximum rate for ZURs is not properly enforced.

Workaround: None

CSCth82475

After package change, CCR-U messages continue to be sent every 30 seconds.

Workaround: None

CSCti15865

The SCE 8000 crashed during Gx/Gy capacity testing while having 250K active sessions with long VSAs. All VSAs used were more than 200 bytes.

Workaround: Use normal VSAs rather than long VSAs.

CSCti18334

Introduction of VAS healthcheck in SCE 8000 causes minor performance degradation even when VAS is not enabled.

Workaround: None

CSCtj37754

No SNMP trap is sent when the external-bypass command is issued on the SCE 8000 GBE when OPB-SCE8K-2L-SM optical bypass modules are installed.

Workaround: None

CSCtj46134

On the SCE8000, VAS processing is done entirely by the software, and involves a performance hit. Therefore, VAS processing is not supported for delay-sensitive, bundled flow handling.

Workaround: None (known limitation)

CSCtj50046

The "on-failure cutoff" option of the connection-mode command does not block traffic for a few minutes when the SCE 8000 is rebooted.

Workaround: None

CSCtj58409

NALA MIP max node interrupts are generated, even though the subscriber ranges are present in NALA RAM. This does not affect functionality and is harmless.

Workaround: None

CSCtk67558

The notification of the first QuotaStatus RDR is delayed after the subscriber logs in. Subsequent notifications come through correctly.

Workaround: None

CSCtl10121

SNMP traps are not sent when only one of the eight fans fail.

Workaround: None

CSCtq20627

When a PQB or any operation is performed on an SCE8000 platform with high CPU utilization, the SCE or CLI might not respond.

Workaround: When performing new operations on the SCE8000 platform, ensure that the CPU utilization is low.

Open Caveats—Cisco SCE 1000 and Cisco SCE 2000

This section describes the open caveats pertaining to Cisco SCE 1000 and SCE 2000 platforms for Release 3.7.x.

CSCtd18312

Cascade links may remain down when link failure reflection is configured if:

Link failure-reflection is configured on both SCE platforms.

Both cascade links are disconnected and then connected again.

Workaround: Disable and enable link failure-reflection on the secondary SCE platform. Execute the following CLI command sequence on the secondary SCE: 

#configure

(config)#interface LineCard 0

(config if)#no link failure-reflection

(config if)#link failure-reflection

(config if)#exit

(config)#exit

CSCti17836

When SSH sessions are rapidly opened and closed and FTP sessions are run simultaneously, the SCE 2000 crashes with a fatal SafeFdManager error. Not observed in Release 3.6.x.

Workaround: Disable SSH.

CSCti18005

When SSH sessions are rapidly opened and closed, traffic rate is 1 GBE and FTP sessions are run simultaneously, the SCE 2000 crashes with a critical Section error. Occurs only in Release 3.6.1. Not observed in Release 3.6.5.

Workaround: Disable SSH.

Open Caveats—All Cisco SCE Platforms

This section describes the open caveats pertaining to all platforms of Cisco SCE for Release 3.7.x.

CSCtw48261

Cisco SCE 2000 moves to recovery mode while upgrading from Cisco SCE Release 3.6.5 and Cisco SCE Release 3.7.0. This happens when an application programming interface (API) initiates a connection during the reboot.

Workaround: Remove all connections from the management port and make sure no communication happens with the management port during the reboot.

CSCtx47997

On Cisco SCE 2000, when a port based classification is applied using Cisco SCA BB, the following issues are observed:

Link usage RDR with global usage counter ID 0 is always generated, even though there are no matching flows, along with the specific global usage counter ID on which there is a matching flow.

Zero RDRs, which are supposed to be generated at the time of pushing the traffic, are generated at the next fifth minute.

Link Usage RDRs are generated with a value zero for all metrics except for total active subscribers.

Link Usage RDR is different for TCP and UDP.

Workaround: None.

CSCtx33874

Cisco SCA BB Release 3.7.2 failed to apply policies on Cisco SCE 8000, running Cisco SCOS Release 3.7.2. The following message appears while trying to apply the policy:

Error Code = 8, Description: "Party 'N/A' already exists.", Detailed: "" (PRT_setDefaultPartyNameCfg:{name=N/A})

This issue occurs while applying policy after the Cisco SCE is reset to factory default using the erase startup config command.

This issue does not appear in Release 3.7.5.

Workaround: Remove the N/A party using the no party N/A in the configuration mode and then apply the policy.

CSCty18403

On Cisco SCE devices, packet drops are observed while upgrading the protocol pack (SPQI).

Workaround: None.

CSCty21517

On Cisco SCE devices, TCP/UDP fragmented packets on non-VAS links creates a layer 2 loop condition on VAS links (link-0/link-1).

Workaround: None.

CSCty38051

On Cisco SCE devices, when Vlink mode is enabled and the link global controllers are set to unlimited for each link, the AGC fails to control the traffic.

Workaround: Disable Vlink and use Per Link GC.

CSCty38340

On Cisco SCE 2000 with Cisco SCOS 3.5.5 may report incorrect quota consumption when used with multiple buckets and time frames.

Workaround: None.

CSCtc56711

The SCE fails to authenticate login through the TACACS server when the shared key contains a spaces. This causes login to the SCE to fail although the valid username/password are used to login. The SCE does not treat the space as a valid character in the key and terminates the key on the first space.

For example, if the configured key is 3b663ea010446e 72ecea2f1244853f73, the SCE takes the key as 3b663ea010446e.

Workaround: Do not use keys that contain spaces.

CSCtd94013

If fragmented UDP packets come from subscriber side at a rate higher than Permitted Information Rate (PIR), the SCE cannot control the bandwidth properly because the fragmented packets are not dropped at the network side.

Workaround: Try to avoid using fragmented packets. (Use the no accelerate-packet-drops CLI command to throttle fragmented packets at the software level.)

CSCth00248

SCE might reload during a policy apply operation. This was observed on rare occasions in Release 3.5.5 in SCE 2000 and SCE8000. This Could not be reproduced.

Workaround: None

CSCth82235

The SCE 8000 reboots occasionally without supplying a cause or reason in the log files.

Workaround: None

CSCtk08011

Transmit queue overflow warnings appear when VLURs are enabled.

Workaround : Disable the VLUR aggregation by configuring no periodic-records aggregate-by-cpu vlur under the interface line 0 mode.

CSCtl22778

Lower volume consumption is reported by Gy because of delay in quota allocations. RDR volume reported is different from Gy reported volume.

Gy quota profile is configured for the subscriber and quota is requested based on the classification. HTTP flow creation takes a few seconds from the time of request submission to SCE.

Workaround: None

CSCtn31028

HTTP redirection does not work with GRE tunnel external fragmentation.

Workaround: None

CSCtn64912

Intermittently, the Duration field values are not populated correctly in the Subscriber Usage RDRs (SUR). Total consumption of the allocated bandwidth causes delay in updating the SURs with in the configured duration. This is observed on the SCE 2020 and SCE 8000 platforms. This symptom is mostly visible when using custom reporting tools or when evaluating the RDRs manually. However, the effect of the delay is nominal with the Cisco SCA BB reporter tool.

Workaround: To resolve the condition temporarily, clear the affected subscriber mappings and reintroduce the affected subscribers.

CSCtq67752

Quota breach is enforced only after the completion of file download. For example, a large file with a size that exceeds the available quota limit, gets downloaded; while the next download gets blocked.

Workaround: None

CSCts66524

When there are many short lived subscribers, SCE raises CAT 4 RDRs even at a low RDR rate.

Workaround: Disable or increase remaining quota RDR timing so that the CAT 4 RDR rate is lowered.

CSCts69555

Without a P2P time-based rule, limiting is working as expected. However, with the same configuration for P2P limiting that is configured in a time-based rule, the P2P traffic exceeds the configured traffic.

Workaround: None

CSCtt70539

HTTP redirection does not work in the HTTP 404 error code pages.

Workaround: None.

CSCtw34069

During the installation of a new Cisco protocol update in Cisco SCOS, the subscribers may lose their mappings and be assigned with package 0 mappings.

Workaround: Clear the subscribers using the following CLI commands:

configure terminal

interface lineCard 0

no subscribers all

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.