Table Of Contents
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Resolved Caveats—Cisco IOS Release 12.0(26)S3
Resolved Caveats—Cisco IOS Release 12.0(26)S2
Resolved Caveats—Cisco IOS Release 12.0(26)S1
Resolved Caveats—Cisco IOS Release 12.0(26)S
Resolved Caveats—Cisco IOS Release 12.0(25)S4
Resolved Caveats—Cisco IOS Release 12.0(25)S3
Resolved Caveats—Cisco IOS Release 12.0(25)S2
Resolved Caveats—Cisco IOS Release 12.0(25)S1
Resolved Caveats—Cisco IOS Release 12.0(25)S
Resolved Caveats—Cisco IOS Release 12.0(24)S6
Resolved Caveats—Cisco IOS Release 12.0(24)S5
Resolved Caveats—Cisco IOS Release 12.0(24)S4
Resolved Caveats—Cisco IOS Release 12.0(24)S3
Resolved Caveats—Cisco IOS Release 12.0(24)S2
Resolved Caveats—Cisco IOS Release 12.0(24)S1
Resolved Caveats—Cisco IOS Release 12.0(24)S
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Cisco IOS Release 12.0(26)S6 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
Symptoms: A description of what is observed when the caveat occurs.
•
•
Interfaces and Bridging
•
Symptoms: A Versatile Interface Processors (VIP) with a PA-MC-8TE1 port adapter may report its memory size as unknown even though the VIP appears to function normally, and Distributed Multicast Fast Switching (DMFS) may fail to function properly.
Conditions: This symptom is observed on a Cisco 7500 series when any of the following conditions are present:
–
–
Workaround: Enter the card type {t1 | e1} slot [bay] command on the PA-MC-8TE1+ port adapter and ensure that none of the controllers on this port adapter are shut down.
•
Symptoms: A few permanent virtual circuits (PVCs) go into a stuck state causing OutPktDrops on a Cisco 7200 router.
Conditions: This symptom occurs on a Cisco 7200 router running Cisco IOS Release 12.2(26) with a PA-A3-T3 ATM interface. The symptom may also occur in other releases.
Workaround: Remove and re-apply the PVC statement.
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This symptom is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: BGP fails to send an update or withdraw message to some peers when these peers have failed to converge properly after an earlier attempt.
Conditions: This symptom is observed on a Cisco router when you enter the clear ip bgp neighbor-address soft out command while BGP is in the middle of converging. The symptom does not occur when network traffic load is low and BGP has converged.
Workaround: To clear the error condition, enter the clear ip bgp neighbor-address soft out command again. Alternately, enter the clear ip bgp neighbor-address command (that is, without the soft out keyword).
•
Symptoms: The Multiprotocol BGP (MP-BGP) network entries counter increases above the real number of reachable networks.
Conditions: This symptom is observed when network activity occurs in a non-converged environment. The correct number of network entries is restored when there is a period of BGP stability that last for about 1 minute or more because BGP is able to converge and the scanner has time to run and collect the old network entries. However, if there is a sustained period of churn and BGP is only able to converge for a few seconds before new updates arrive, old BGP network entries are not cleaned up, causing the MP-BGP network entries counter to increase above the real number of reachable networks.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A POS Engine 2 line card originates a high traffic volume to a downstream router over a POS link because the same packet is sent over and over.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: When a large number of VRFs are configured, input OAM F5 loopback cells on the ATM interface are dropped continuously, even without traffic. You can see drops at "OAM cell drops" in the output of the show atm traffic EXEC command and at "Input queue drops" in the output of the show interface ATM EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(19), Release 12.3(5), or Release 12.3(4)T2 when the oam-pvc manage and ip vrf global configuration commands are configured. The symptom may also occur in other releases.
Workaround: Remove the ip vrf command. There is no workaround for a router such as a provider edge (PE) router that cannot remove VRFs.
•
Symptoms: When you use snmpget to retrieve information directly from the ifIndex table, the following error message is generated:
No Such Instance currently exists at this OID.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S.
Workaround: Do not snmpget. Rather, use snmpwalk or snmpgetnext.
•
Symptoms: If link bundling is configured on any line card in the router and the link bundle is loaded onto an Engine 2 line card that has VPN on FR subinterfaces and that is processing traffic, the Engine 2 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(28)S.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A VPN traceroute is broken. Packets drop at the CE1 where a port channel is configured as default route.
Conditions: This symptom occurs when a port channel is configured as a default route. The adjacency is always a drop/punt, which causes packets to drop.
Workaround: Do not configure a port channel as a default route.
•
Symptoms: On a Cisco router that functions as an egress PE router in an MPLS VPN network, after the customer-facing line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP request) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. You can recover from the symptom by manually pinging the interface of the CE router from the adjacent PE router.
Workaround: Configure static ARP entries for the next hop router in the static recursive routes.
•
Symptoms: Several VIPs may crash at about the same time because of a bus error.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S4 and that is configured with an RSP4 when the VIPs are configured for QoS but have insufficient memory.
Workaround: Increase the amount of memory on the VIPs.
•
Symptoms: Priority packets are dropped when a VIP is reset because of an OIR, microcode reload, or CBUS complex reset.
Conditions: The symptom is observed only on a multilink interface that has both input and output service policies enabled when the input policy is configured for policing or when the input policy is removed from the multilink interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface, or remove and re-attach the output policy.
•
Symptoms: An Engine 6 line card may reset because of an IPC timeout.
Conditions: This symptom is observed on a Cisco 12816 that runs Cisco IOS Release 12.0(27)S4 when you enter the shutdown command on the primary Clock Scheduler Card (CSC) or you enter the no shutdown command on the secondary CSC that is in the shut down state.
Workaround: There is no workaround.
•
Symptoms: One of the following two symptoms may occur on a POS ISE egress line card:
–
–
%EE48-4-GULF_TX_SRAM_ERROR: ASIC GULF: TX bad packet header detected. Details=0x4000
Conditions: These symptoms are observed on a Cisco 12000 series when an invalid packet is forwarded to an egress interface on an ISE line card.
Workaround: If the transmission on the interface is stuck, reload the line card by entering the hw-module slot x reload command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 3 line card sends unlabeled traffic after it has been toggled from explicit routing to default routing. The symptom is related to the handling of a default-route on an Engine 3 ingress line card that functions in an IP-to-MPLS path.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(30)S1 or any other image that includes the fix for caveat CSCsa64782, which is a preliminary requisite for default-route handling on an Engine 3 line card. The symptom occurs in the following scenario:
1.
2.
3.
After the transition from non-default routing to default routing, entering the clear ip route network command, with the address of the next hop for the network argument, causes an inconsistency, and traffic is forwarded as unlabeled.
Workaround: To restore proper operation, enter the clear ip route 0.0.0.0 command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 4 plus (E4+) line card that functions in an IP-to-tag switching scenario may generate "TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" error messages and tracebacks or may crash.
Conditions: This symptom is observed on a Cisco 12000 series when the ingress interface is an Engine 2 line card that has an input ACL and when an external LDP flap occurs that affects the Engine 4+ line card.
Workaround: There is no workaround.
•
Symptoms: A Engine 3 ISE line card may not properly handle incoming bad IP packets but may generate a traceback and a transient error message:
%GSR-3-INTPROC: Process Traceback= 400E10B4 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%EE48-3-BM_ERRS: FrFab BM SOP error 40000
%EE48-3-BM_ERR_DECODE: FrFab SOP macsopi_bhdr_pkt_len_zero_err%GSR-3-INTPROC: Process Traceback= 400E1090 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%LC-4-ERRRECOVER: Corrected a transient error on line card.The line card may also crash.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1 or Release 12.0(26)S5a.
Workaround: There is no workaround.
•
Symptoms: When an ingress ISE line card is used with a default route that iBGP learns over a MPLS core, the following two symptoms may occur:
–
–
Conditions: These symptoms are observed on a Cisco 12000 series when the traffic path follows a recursive default route and when recursive load sharing occurs.
Workaround: Prevent outbound load sharing to the default route by changing the IGP metrics.
•
Symptoms: When you boot a Cisco 12000 series, some Layer 1 and CoS command are rejected with the following error messages:
Command "pos threshold sd-ber 9" not allowed on link-bundle member interface POS1/0 Command "tx-cos TEST" not allowed on link-bundle member interface POS1/0
Conditions: This symptom is observed on a Cisco 12000 series when a POS interface of an Engine 0 or Engine 2 line card has the tx-cos command enabled and is a member of a port channel or POS channel.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Cisco IOS Release 12.0(26)S5 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in the following format:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may reload when it performs Simple Network Management Protocol (SNMP) Notification Log MIB queries.
Conditions: This symptom is observed on all versions of Cisco IOS software.
Workaround: There is no workaround; however, the symptoms are not observed on a Cisco ONS 15530 or a Cisco ONS 15540 switch module because the symptoms have been resolved on these platforms.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial-In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
•
Symptoms: A router may generate a very large remote processing time report that may take between 10 and 25 seconds to be generated.
Conditions: This symptom is observed when you enter the rtr responder command for the first time and you do not reload the router.
Workaround: Reload the router after you have entered the rtr responder command.
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml.
•
Symptoms: A memory leak may occur in the IPC buffers of a Cisco router, and the output of the show processes memory command shows that the Pool Manager process holds increasingly more memory.
Router#show proc mem
Total: 231201504, Used: 202492916, Free: 28708588
PID TTY Allocated Freed Holding Getbufs Retbufs Process
...
5 0 149227592 69514888 79894996 135335724 66834832 Pool Manager
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S2 or 12.0(26)S3. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the ciscoEnhancedMemPoolMIB MIB from being polled by explicitly configuring an SNMP view. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, as in the following example:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8
The specific MIB that is being blocked is ciscoEnhancedMemPoolMIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
Interfaces and Bridging
•
Symptoms: A Cisco router may report spurious accesses when configured for Multilink PPP (MLPPP). This appears to be caused by fragmentation.
%ALIGN-3-SPURIOUS: Spurious memory access made at [hex] reading [hex] %ALIGN-3-TRACE: -Traceback=[hex]
Conditions: MLPPP must be configured for this symptom to occur.
Workaround: There is no workaround.
•
Symptoms: When you enter the show ip interface brief, the output indicates that a serial subinterface has a down status and that the protocol is down too:
router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.7.0.68 YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet0/4 unassigned YES NVRAM administratively down down
Ethernet0/5 unassigned YES NVRAM administratively down down
Serial4/0 unassigned YES NVRAM administratively down down
Serial4/1 unassigned YES NVRAM administratively down down
Serial4/2 unassigned YES NVRAM administratively down down
Serial4/3 unassigned YES NVRAM administratively down down
Serial4/4 unassigned YES NVRAM administratively down down
Serial4/5 unassigned YES NVRAM administratively down down
Serial4/6 unassigned YES NVRAM administratively down down
Serial4/7 unassigned YES NVRAM administratively down down
Serial5/0:23 10.0.0.1 YES NVRAM down down
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1 when you attempt to configure the interface and bring it up.
Workaround: There is no workaround.
•
Symptoms: When an snmpget is executed for an interface index below .1.3.6.1.2.1.31.1.1.1.6, the router responds with the following information:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.12 : VARBIND EXCEPTION: No Such Instance
However, an snmpwalk executes successfully for an interface index below .1.3.6.1.2.1.31.1.1.1.6.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 when an snmpget is executed for 4GE-SFP-LC subinterfaces or for an 4GE-SFP-LC interface when there is another interface index for the same interface. The symptom may be platform-independent.
Workaround: Reload the router.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: An Open Shortest Path First version 3 (OSPFv3) adjacency may flap when a standby Route Processor (RP) comes up after a switchover has occurred or after a router has reloaded. The router database may contain duplicate entries of the network link-state advertisement (LSA), or link LSA, or both.
Conditions: This symptom is observed after a switchover has occurred when the interface number of the interface that is configured for OSPFv3 changes.
This symptom is also observed after the router has reloaded when the interface number of the interface that is configured for OSPFv3 changes and when the neighbor still has the LSA (that was generated by the router on which the symptom occurs) with the old Link State ID (LSID) in its database. This situation may occur when the router does not clean up its LSA (for example, when the router reloads unexpectedly) or when the interface that connects to the neighbor is shut down before the router reloads and then brought back up after the router has reloaded.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router is a midpoint of a TE tunnel and the tunnel headend is a third- party vendor router, the Cisco router may crash.
Conditions: This symptom is observed during a period of network instability and may occur when a TE tunnel does not contain an EXPLICIT ROUTE object and when the tunnel is dynamically routed by using OSPF cost only.
Workaround: Use an EXPLICIT ROUTE object or ensure that there are no alternate paths in the network.
•
Symptoms: The IP background process is sluggish.
Conditions: This symptom occurs when many interfaces go down at the same time.
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the bgp log-neighbor-changes command configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the show ip bgp neighbors command or running the debug ip bgp neighbor updates command for a configured BGP neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: When VPNv4 route advertisement are received after BGP has converged, the existing path is updated but imported paths from the original path are not updated accordingly.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the maximum-paths number-of-paths import number-of-paths command is enabled. The symptom occurs when the path attributes are changed dynamically instead of the path being completely withdrawn and readvertised.
Workaround: Withdraw the prefix from the remote PE router and then readvertise the prefix.
•
Symptoms: An MPLS TE tunnel stays stuck in the "Path Half Admitting" state, as is shown by the output of the show mpls traffic-eng tunnel command, thereby preventing the tunnel from coming up.
Conditions: This symptom may be observed when a particular third-party router that functions as the headend for the MPLS TE tunnel sends a Path message to a Cisco router that functions as the midpoint for the router MPLS TE tunnel and that does not have the mpls traffic-eng tunnels interface configuration command enabled on the outbound interface that would be used to forward the Path message.
Workaround: Enter the mpls traffic-eng tunnels interface configuration command on the outbound interface of the Cisco router. Then, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on this interface, and save the configuration.
Miscellaneous
•
Symptoms: An output wedge and drops may occur on the multilink interface of a Cisco 7200 series. The output of the show interfaces privileged EXEC command may display the following information:
.
.
.
Multilink3 is up, line protocol is up
.
.
.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5526
Queueing strategy: fifo
Output queue: 31/40 (size/max)
.
.
.
Conditions: This symptom is observed on a multilink interface that has two E1 interfaces in a multilink bundle when there is a low traffic rate.
Workaround: Use the physical interface without a multilink bundle.
•
Symptoms: When changing the MTU on an Engine 2 3-port 1GE line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12416 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: Ensure there is no traffic going through the Engine 2 3-port 1GE line card when attempting to change the MTU.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: A VIP crashes with the following error message:
VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=10, code=0x10
Conditions: This symptom is observed on a Cisco 7500 series when you re-use a channel group (or subinterface) that was previously configured with a Frame Relay DLCI "set" service policy.
Workaround: Remove the "set" service-policy before you remove the channel group (or subinterface).
•
Symptoms: The SNMP counters and CLI for Frame Relay subinterfaces may be incorrect.
Conditions: This symptom is observed a Cisco 12000 series with ISE POS line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: An E4+ POS line card reports %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM errors. On rare occasions the line card may crash when it receives a malformed packet.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3 or Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: A dual SRP ring fails to become active completely due to an is-type mismatch. The output of the show clns neighbors command indicates that a certain system interface remains in the "Init" state indefinitely, although the output of the show ip interface brief command shows that this interface is up.
Conditions: This symptom is observed when a dual SRP ring is configured on three routers that run Cisco IOS Release 12.2S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may cause interfaces to flap, and the following spurious memory access messages may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x603C2724 reading 0x194 %ALIGN-3-TRACE: -Traceback= 603C2724 601D2888 601D40B4 00000000 00000000 00000000 00000000 00000000
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S when you the clear cef linecard command.
Workaround: There is no workaround.
•
Symptom: A line card with an ATM QoS configuration may crash.
Condition: This symptom is observed on a Cisco 12406 that runs a Cisco IOS interim release of Release 12.0(29)S.
Workaround: There is no workaround.
•
Symptoms: IPv6 unicast and multicast traffic may not recover on an Engine 4 plus (E4+) 1x10 GE line card after you have performed two software OIRs of the primary CSC.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0S.
Workaround: Reload the E4+ 1x10 GE line card.
•
Symptoms: An Engine 2 3-port Gigabit Ethernet line card may stop transmitting packets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S6.
Workaround: Enter the hw-module reload command to enable the line card to resume transmitting packets.
•
Symptoms: Line cards in a Cisco 12000 series may fail when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two PRPs and that runs a Cisco IOS interim release for Release 12.0(30)S when you enter the redundancy force-switchover command. Note, however, that this caveat is resolved in Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•
Symptoms: A 4GE-SFP-LC line card may reload unexpectedly when it processes QoS traffic in a configuration with a VLAN on a VCG that is configured with an ingress CoS.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or a later release when the resolved ARPs are deleted, for example, when routers flap, when BGP peers do not respond, or when you enter the clear arp command. Note that the symptom may also occur on releases earlier than Release 12.0(26)S.
The ingress CoS includes a set command for the matched class: either a police command with a set command or a simple set command and either a set-mpls command or a set-dscp command.
Possible Workaround: Configure static ARPs.
•
Symptoms: In a scaled configuration with hundreds of eBGP peers with very low BGP timers, issuing clear ip bgp * may increase HW forwarding memory utilization.
Conditions: This problem is seen with 500 eBGP sessions with BGP keepalive timer of 3 seconds and hold timer of 9 seconds. The router has 200K MPLS VPN routes. This problem is not seen if the BGP timers are set to the default value.
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time, possibly generating CPUHOG errors and causing a watchdog crash. Other processes on the router may fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed on a Cisco 7300 series when the MPLS-LSR-MIB MIB is enabled, when you query the object mplsXCIndexNext, and when there are more than 1,000 Multiprotocol Label Switching (MPLS) labels active. However, the symptoms are platform-independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3.
snmp-server community public view nolsrmib ro
4.
•
Symptoms: A router may crash when you enter the crypto key generate dss key-name command.
Conditions: This symptom is observed on a Cisco 12012 that is configured for SSH but may occur on any Cisco platform that is configured for SSH.
Workaround: There is no workaround.
•
Symptoms: A generic routing encapsulation (GRE) tunnel may not work on a provider edge (PE) router if VPN is configured.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(25)S or a later release.
Workaround: There is no workaround.
•
Symptoms: The per-WRED-class drop counters do not increment in the output of the show queueing command even though there are aggregate WRED drops.
Condition: This symptom is observed when the random-detect legacy command is enabled on the main interface.
Workaround: Attach a policy map that has the random-detect legacy command enabled to the interface.
•
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software releases earlier than Cisco IOS Release 12.0(27)S3, Release 12.0(28)S1, and Release 12.0(30)S, the CPU utilization of a Cisco 10720 is high (x%/y%, where y is greater than 60 percent), and continuous BGP and LDP flapping is reported. The counters in the output of the show interface command show a large number of drops and the output of the show buffers command shows a large number of cache misses for the private IBC buffer pools.
Conditions: This symptom is observed when the Cisco 10720 functions in a broadcast ARP storm environment and when the length argument of the hold queue length in interface configuration command is not the default of 75 packets for any interface of the router (for example, the length argument is 2048).
Workaround: Revert the hold queue length in interface configuration command and the hold queue length out interface configuration command to the default setting on all interfaces with non-default hold queues.
•
Symptoms: An outbound ACL with a log/log-input keyword changes the IP destination address in the packets. As the result, packets that should be permitted are incorrectly denied.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(29)S when the incoming interface for the packets is a tag-switching interface. The symptom is observed irrespective of whether the interface with this outbound ACL is a tag-switching interface or not.
Workaround: Do not use the log/log-input keyword in the ACL.
•
Symptoms: Under a rare condition, when a main interface switches over to a backup interface on 4-port GE line card, a ping to another neighboring interface that is not at all related to the backup interface fails. A sniffer trace shows that the Src/Dst MAC address in the ICMP reply is that of the backup interface.
Conditions: This symptom is observed on a Cisco 12000 series when you repeatedly disable the main interface that is associated with a backup interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A Cisco 7200 series may crash when you modify a policy map on the router.
Conditions: This symptom is observed when the Cisco 7200 series functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A PXF buffer leak occurs on an L2TPv3 decapsulation router, which van be observed in the output of the show hardware pxf cpu buffer command:
router#show hardware pxf cpu buffer
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 127 0 77165
3 256 34072 34072 0 0
4 128 59934 59934 0 0
Depending on the packet size, the buffer leak can occur in different pools.
Conditions: The symptom is observed on a Cisco 10720 in the following two scenarios:
–
–
Workaround: There is no workaround.
•
Symptoms: A VIP on a PE router may crash after a service policy is applied to the physical interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S3 and that is configured with a VIP4-80.
Workaround: First, shut the physical interface on the connected CE router. Then, shut the physical interface on the PE router before you apply the service policy on the PE router.
•
Symptoms: An Engine 1 or Engine 2 Gigabit Ethernet (GE) line card may stop switching traffic even though the line protocol is up. Pings and routing do not work, and traffic does not go through.
Conditions: This symptom is observed a Cisco 12000 series after error recovery and when the negotiation auto command is not configured for the interface of the GE line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface of the line card.
•
Symptoms: An MPLS traffic engineering (TE) tunnel may not come back up after a link flaps.
Conditions: This symptom is observed when the headend of the TE tunnel is a third-party router that has the no cspf command configured for the label switched path (LSP) and when the tunnel midpoint is a Cisco router that runs Cisco IOS Release 12.0(25)S1. The symptom occurs when the link downstream (that is, towards the tailend of the tunnel) on the Cisco router fails because the interface on either side of the link is shut down.
In addition, note that the third-party router does not increment the LSP ID when it receives a message, nor does it send a PathTear message in response to a PathErr message.
Possible Workaround: Use an explicit path on the third-party router but without the no cspf command enabled.
•
Symptoms: An Engine 4+ EPA-GE/FE-BBRD line card reports "%TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" errors, and the interfaces continue to flap with the following error message:
%GRPGE-6-INVALID_WORD: Interface GigabitEthernet15/1/0: Detected RX Invalid Word
When there is heavy traffic, the line card may crash without generating any crashinfo.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 or Release 12.0(27)S3.
Workaround: There is no workaround.
•
Symptoms: A CPUHOG situation may occur intermittently on a Cisco 12000 series, causing fabric pings to be lost and all OSPF and BGP adjacencies to be dropped.
Conditions: This symptom is observed in PRP on a Cisco 12000 series router.
Workaround: There is no workaround. However, the symptom resolves itself.
•
Symptoms: A VIP may crash while forwarding packets or a watchdog timeout crash may occur on the VIP during statistics collection.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RSP4 and that runs Cisco IOS Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: The offered rate counter in the output of the show policy-map interface command is inaccurate.
Conditions: This symptom is observed on a Cisco 12000 series when very high traffic rates are used.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) label distribution protocol (LDP) is configured and you enter the clear ip route EXEC command, the MPLS forwarding entries for some of the cleared routing prefixes may become unlabeled.
Conditions: This symptom is observed for prefixes that are connected (with an unspecified nexthop IP address) and that are not locally recognized. This situation may occur in a configuration in which two LDP peers are connected by a point-to-point link that uses PPP encapsulation, and in which both interfaces are configured to use IP addresses with /32 masks.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee12379. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Possible Workaround: Prevent the symptom from occurring by using a shorter network mask when you configure the interfaces or by using another encapsulation such as HDLC.
When the symptom occurs, restore proper operation by forcing the LDP session that is associated with the link to re-establish itself, or by forcing the LDP session to re-advertise labels for the affected prefixes. The LDP session can be reset by entering the clear mpls ldp neighbor command, by administratively disabling and then re-enabling one of the interfaces, or by deconfiguring and then reconfiguring LDP on one of the interfaces. The LDP session can be forced to re-advertise labels by modifying the outbound label filtering configuration. However, this method is complicated and should only be attempted if you are already very familiar with the required procedures, and if the routers do not already have a complicated label filtering configuration in place.
•
Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.
Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.
Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.
•
Symptoms: Sampled NetFlow may stop functioning in 12.0(23)S3 or later releases.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4+ 4-port OC-48 line card. It occurs when the LC hardware is reset as a result of error recovery process.
Workaround: Disable and re-enable Sampled NetFlow.
•
Symptoms: The following warning message is reported on the console and can be observed in the logging buffer. The Route Processor (RP) cannot send packets, and as a result, all routing protocols go down.
camr_ibc_output: Exhausted TX descriptors
Conditions: This symptom is observed when the PXF runs close to its capacity or cannot process packets coming from the RP and when the RP forwards a large amount of packets.
Workaround: There is no workaround.
•
Symptoms: Sampled NetFlow stops functioning.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 line card.
Workaround: Disable and then re-enable Sampled NetFlow.
•
Symptoms: A Cisco 10720 crashes when you delete an IPv6 ACL.
Conditions: This symptom is observed when you delete the IPv6 ACL during the TurboACL compilation.
Workaround: Wait for the ACL to be fully compiled before you delete it.
•
Symptoms: When a policy map is applied to an output interface, corrupted fragmented packets may be sent.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S and that functions as an MPLS-to-IP disposition PE router when all of the following conditions are present:
–
–
–
–
When all of the above conditions exist, the outgoing IPv4 packets is not successfully fragmented.
Workaround: Ensure that the maximum MTU size that is defined for the output interface covers the size of the maximum IPv4 packet that is sent from this interface.
•
Symptoms: Spurious memory accesses may occur on a Cisco 7500 series and may cause high CPU usage on the RSP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) and that functions in an MPLS network.
Note that packet switching for MPLS packets over MLP bundles is not supported at the RSP level in Cisco IOS Release 12.0S.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat causes packets that are sent to the RSP for switching to be dropped. Distributed forwarded packets are forwarded correctly.
•
Symptoms: Removing a policy that has shape and bandwidth in the same class (in that same order) may cause a router to crash.
Conditions: This symptom is observed when the router functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series does not fragment IP traffic while switching the traffic into the MPLS core even when the size of the incoming IP packets exceeds the IP MTU of the egress interface. This situation causes the traffic to be dropped on the next hop router.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S or a later release when all of the following conditions are present:
–
–
–
Workaround: Ensure that the IP MTU of the egress interface exceeds the maximum size of the incoming IP packets.
•
Symptoms: When error recovery is performed on a 3-port Gigabit Ethernet (GE) line card that has port 0 in the shutdown state, the 3-port GE line card stop passing traffic on all ports.
Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(23)S or a later release and that is configured with an Engine 2 3-port line card.
Workaround: Reload the 3-port GE line card and leave port 0 in the up/down state.
•
Symptoms: Multicast traffic is not switched from a multilink interface on a Cisco 7500 series that is configured for distributed multilink PPP (MLP).
Conditions: This symptom is observed when the router is reloaded or when the multilink interface flaps.
Workaround: Enter the clear ip mds linecard * command on the Route/Switch Processor (RSP).
•
Symptoms: Incoming multicast traffic on a distributed MLP link is process-switched.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed MLP after the router has been reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•
Symptoms: Following an OIR, the show ip cef inconsistency now command may report an inconsistency between an RP and a VIP. There are no inconsistencies reported on the VIP itself.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7500 series may crash when you configure a T1 channel group.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S when the same channel group was previously configured for Frame Relay encapsulation, when one or more PVCs on the channel group were configured on the main interface with a map class that contained a service policy, when the channel group was deleted, and when the map class definition that it referenced was also deleted.
Workaround: Remove the Frame Relay encapsulation before you delete the channel group.
•
Symptoms: When a multilink bundle interface is created by entering the interface multilink group-name global configuration command, the Cisco Discovery Protocol (CDP) becomes incorrectly disabled. If the cdp enable interface configuration command is used to enable CDP on the multilink bundle interface, the command is not saved in the startup configuration and CDP remains disabled after the router is reloaded.
Conditions: This symptom is observed on a Cisco platform that is configured with a multilink bundle interface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Cisco IOS Release 12.0(26)S4 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
These caveats are documented in
Guest