Table Of Contents
Release Notes for Cisco IOS Release 12.0 ST
Determining the Software Version
Upgrading to a New Software Release
New Features in Cisco IOS Release 12.0(21)ST
10 Gbps POS Enhanced Services Line Cards
128 ACLs, MPLS VPN, IP Marking on Engine 2 POS Line Cards
BGP Policy Accounting on 3-Port Gigabit Ethernet Line Cards per VLAN Support
IP Services Engine Line Cards for the Cisco 12000 Series Internet Routers
MPLS AToM - Ethernet over MPLS and MPLS AToM - ATM AAL5 over MPLS
MPLS Enhancements in the Cisco 10720 Internet Router
MPLS Traffic Engineering (TE)—Interarea Tunnels on 12000 Series Internet Routers
MPLS VPN and Fast Reroute on 10 Gbps POS Enhanced Services Line Cards
MPLS VPN Carrier Supporting Carrier and Interautonomous Systems Supported on Engine 2 POS Line Cards
MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution
MPLS VPN Inter-AS—IPv4 BGP Label Distribution
MPLS VPN MIB and MPLS VPN MIB Traps
OSPF Sham-Link Support for MPLS VPN
OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers
RPR+ Support for Additional Line Cards in the Cisco 12000 Series Internet Router
SONET APS 1+1 for 4-Port OC-3 ATM and 1-Port OC-12 ATM Line Cards
VPN Aware DHCP Relay for Non-Overlapping Addresses
New Features in Cisco IOS Release 12.0(20)ST
8-Port Unchannelized E3/T3 Line Card
Generic Routing Encapsulation (GRE)
Multiplex Section Protection (MSP)
Priority Queueing (PQ/CBWFQ on ATM PVCs
Turbo Quality of Service (QoS)
New Features in Cisco IOS Release 12.0(19)ST1
Route Processor Redundancy Plus (RPR+)
New Features in Cisco IOS Release 12.0(19)ST
MPLS Traffic Engineering (TE)—Interarea Tunnels
New Features in Cisco IOS Release 12.0(18)ST
802.1p Support on the Cisco 10720 Internet Router
802.1q Support for the Cisco 10720 Internet Router
MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels
RPR+ Support for Engine 4 Line Cards in the Cisco 12000 Series Internet Router
Single Ring Recovery (SRR) Protocol
VT1.5 for Channelized OC-12 Card
Virtual Router Redundancy Protocol (VRRP)
New Features in Cisco IOS Release 12.0(17)ST
Cisco 10000 Series Edge Services Router
Fast Reroute LP Support for OC192
MPLS VPN—Interautonomous System Support (Engine 2 POS and Engine 2 QOC-12 ATM)
MPLS VPN Support for the 2-Port Channelized OC-3/STM-1 to DS1/E1 Line Card
MPLS VPN, TE, and LDP Support for the OC-192c and QOC-48c Line Cards
RPR+ in the Cisco 12000 Series Internet Router
New Features in Cisco IOS Release 12.0(16)ST
3-Port Gigabit Ethernet Line Card MPLS-VPN Features
MPLS VPN and Traffic Engineering Support for 6E3-SMB and 12 E3-SMB Line Cards
MPLS VPN Carrier Supporting Carrier for Engine 0 Line Cards
MPLS VPN—Interautonomous System Support
Policy Routing onto MPLS TE Tunnels
New Features in Cisco IOS Release 12.0(15)ST
New Features in Cisco IOS Release 12.0(14)ST1
MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion
New Features in Cisco IOS Release 12.0(14)ST
BGP Conditional Route Injection
Diff-Serv-Aware Traffic Engineering (DS-TE)
MPLS Quality of Service Enhancements
MPLS Label Switching Router MIB
MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for (TE) Tunnels
MPLS Traffic Engineering (TE)—Scalability Enhancements
MPLS VPN and TE support on the Cisco 12000 series Internet routers 6CT3-SMB Line Card
MPLS VPN Carrier Supporting Carriers
MPLS VPN Line Cards for Cisco 12000 Series Internet Routers (Engine 2 ATM)
Restrictions in Cisco IOS Release 12.0(14)ST
New Features in Cisco IOS Release 12.0(11)ST
Diff-Serv-Aware Traffic Engineering (DS-TE)
Label-Controlled ATM Interface (LC-ATM)
Label Distribution Protocol MIB
New MPLS VPN Line Card for Cisco 12000 Series Internet Routers
New Features in Cisco IOS Release 12.0(10)ST
MPLS Egress NetFlow Accounting
MPLS Label Distribution Protocol (LDP)
MPLS Multiprotocol Label Switching (Tag Switching)
MPLS Traffic Engineering and Enhancements
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection
New MPLS VPN Line Card Support for Cisco 12000 Series Internet Routers
MPLS VPN—OSPF Provider Edge (PE)-Customer Edge (CE) Support
VPN Routing/Forwarding (VRF) CLI Command
VPN Routing/Forwarding (VRF) ARP Entry Support
VPN Slow-Path Support on Engine 2 at Deaggregation Point (Between PE-P)
New Features in Cisco IOS Release 12.0(9)ST
MPLS Support on Dynamic Packet Transport (DPT)
MPLS Virtual Private Networks (VPN)
Multi-protocol BGP (MP-BGP)—MPLS VPN
Limitations That Apply to Cisco IOS Release 12.0(21)ST
Controlling the Rate of Logging Messages on the Cisco 10000 Series Edge Services Router
Testing Performance of High-Speed Interfaces on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(21)ST
Cisco Discovery Protocol on the Cisco 10000 Series Edge Services Router
Frame Relay and PPP Sessions on the Cisco 10000 Series Edge Services Router
Limited Availability of Images for the Cisco 12000 Series Internet Routers
VLAN Session Support on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(20)ST
Performance Routing Engine on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(12)ST
Configurable Throttling for Integrated IS-IS
Resolved Caveats—Cisco IOS Release 12.0(21)ST7
Resolved Caveats—Cisco IOS Release 12.0(21)ST6
Resolved Caveats—Cisco IOS Release 12.0(21)ST5
Resolved Caveats—Cisco IOS Release 12.0(21)ST4
Resolved Caveats—Cisco IOS Release 12.0(21)ST3
Resolved Caveats—Cisco IOS Release 12.0(21)ST2
Resolved Caveats—Cisco IOS Release 12.0(21)ST1
Open Caveats—Cisco IOS Release 12.0(21)ST
Resolved Caveats—Cisco IOS Release 12.0(21)ST
Resolved Caveats—Cisco IOS Release 12.0(20)ST6
Resolved Caveats—Cisco IOS Release 12.0(20)ST5
Resolved Caveats—Cisco IOS Release 12.0(20)ST4
Resolved Caveats—Cisco IOS Release 12.0(20)ST3
Resolved Caveats—Cisco IOS Release 12.0(20)ST2
Resolved Caveats—Cisco IOS Release 12.0(20)ST1
Resolved Caveats—Cisco IOS Release 12.0(20)ST
Resolved Caveats—Cisco IOS Release 12.0(19)ST5
Resolved Caveats—Cisco IOS Release 12.0(19)ST6
Resolved Caveats—Cisco IOS Release 12.0(19)ST4
Resolved Caveats—Cisco IOS Release 12.0(19)ST3
Resolved Caveats—Cisco IOS Release 12.0(19)ST2
Resolved Caveats—Cisco IOS Release 12.0(19)ST1
Resolved Caveats—Cisco IOS Release 12.0(19)ST
Resolved Caveats—Cisco IOS Release 12.0(18)ST1
Resolved Caveats—Cisco IOS Release 12.0(18)ST
Resolved Caveats—Cisco IOS Release 12.0(17)ST8
Resolved Caveats—Cisco IOS Release 12.0(17)ST7
Resolved Caveats—Cisco IOS Release 12.0(17)ST6
Resolved Caveats—Cisco IOS Release 12.0(17)ST5
Resolved Caveats—Cisco IOS Release 12.0(17)ST4
Resolved Caveats—Cisco IOS Release 12.0(17)ST3
Resolved Caveats—Cisco IOS Release 12.0(17)ST2
Resolved Caveats—Cisco IOS Release 12.0(17)ST1
Resolved Caveats—Cisco IOS Release 12.0(17)ST
Resolved Caveats—Cisco IOS Release 12.0(16)ST1
Resolved Caveats—Cisco IOS Release 12.0(16)ST
Resolved Caveats—Cisco IOS Release 12.0(15)ST
Resolved Caveats—Cisco IOS Release 12.0(14)ST3
Resolved Caveats—Cisco IOS Release 12.0(14)ST1
Resolved Caveats—Cisco IOS Release 12.0(14)ST
ISO Connectionless Network Service
Resolved Caveats—Cisco IOS Release 12.0(11)ST4
Cisco IOS Software Documentation Set
Cisco IOS Release 12.0 Documentation Set
Obtaining Technical Assistance
Release Notes for Cisco IOS Release 12.0 ST
May 8, 2003
Cisco IOS Release 12.0(21)ST7
Text Part Number OL-1147-07 Rev. W0
These release notes for the Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, and Cisco 12000 series Internet routers support Cisco IOS Release 12.0 ST, up to and including Cisco IOS Release 12.0(21)ST7. These release notes are updated, as needed, to describe new features, memory requirements, supported hardware, software platform deferrals, and changes to the microcode and related documents.
Cisco IOS Release 12.0 ST is based on Cisco IOS Release 12.0 S and Cisco IOS Release 12.0, and is currently tailored to provide new Multiprotocol Label Switching (MPLS) features in service provider environments. Cisco IOS Release 12.0 ST is synchronized to Cisco IOS Release 12.0 with each maintenance release of the software. Cisco IOS Release 12.0 S is the follow-on release to Cisco IOS Release 11.1 CC, which was also targeted to the service provider environment. Additionally, many of the features in Cisco IOS Release 12.0 S were first introduced for the Cisco 12000 series Internet routers in Cisco IOS Release 11.2 OS and for the Cisco 7000 family in Cisco IOS Release 12.0 T.
Use these release notes in conjunction with the Release Notes for Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S, which are located on Cisco.com and the Documentation CD-ROM.
For a list of software caveats that apply to Cisco IOS Release 12.0 ST, see the "Caveats" section. In addition to the caveats listed in the "Caveats" section, the software caveats that apply to Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S also apply to Cisco IOS Release 12.0 ST. For information on other caveats that might apply to Cisco IOS Release 12.0 ST, refer to the caveat documents for Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S that are located on Cisco.com and on the Documentation CD-ROM.
Note
MPLS Class of Service is now referred to as MPLS Quality of Service. This transition reflects the growth of MPLS to encompass a wider meaning and highlights the path toward Any Transport over MPLS.
Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at: http:///www.cisco.com/kobayashi/support/tac/fn_index.html.
Contents
These release notes contain the following sections:
•
Introduction
Cisco IOS Release 12.0(14)ST was the first general availability release of this software. Many of the features and the hardware supported in this software have been previously released to customers on other software releases.
For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.0 ST, see the "New and Changed Information" section and the "Caveats" section.
System Requirements
This section describes the following system requirements for Cisco IOS Release 12.0 ST:
•
Memory Requirements
Table 1 through Table 5 list the memory requirements for the platforms supported in Cisco IOS Release 12.0 ST.
Table 5 Memory Requirements for the Cisco 12000 Series Internet Routers1
Flash MemoryService Provider
gsr-p-mz
20 MB
128 MB
RAM
Service Provider/Secured Shell 3DES
gsr-k4p-mz
20 MB
128 MB
RAM
1 A Cisco 12000 series line card requires 128 MB of DRAM memory.
2 Cisco IOS Release 12.0(21)ST1 supports the Cisco 12000 series routers. Note that Cisco IOS Release 12.0(21)ST supports the Cisco 12000 series routers on a limited availability basis only.
Supported Hardware
Cisco IOS Release 12.0 ST supports the following platforms:
•
•
•
•
•
For additional information about supported hardware for this platform and release, please refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://tools.cisco.com/Support/Fusion/FusionHome.do
Note
Note
Note
Note
Supported Port Adapters
Table 6 lists the port adapters that are supported for the Cisco 7200 series and Cisco 7500/RSP series routers in Cisco IOS Release 12.0 ST and uses the following conventions:
•
•
•
Table 6 Supported Port Adapters for the Cisco 7200 Series and Cisco 7500/RSP Series Routers
SeriesPA-A1-OC3SM
1-port ATM OC3 single mode (IR)
No
Yes
PA-A1-OC3MM
1-port ATM OC3 multimode
No
Yes
PA-A2-4T1C-OC3SM=
ATM CES, 4T1 CES ports, 1 OC3 ATM SM port
Yes
No
PA-A2-4T1C-T3ATM=
ATM CES, 4T1 CES ports, 1 T3 ATM Port
Yes
No
PA-A2-4E1XC-OC3SM=
CES OC3, 4E1 ports, 120 ohm
Yes
No
PA-A2-4E1XC-E3ATM=
CES E3/E1, 120 ohms
Yes
No
PA-A3-OC3MM
1-port ATM Enhanced OC3c/STM1 multimode
Yes
Yes
PA-A3-OC3SMI
1-port ATM Enhanced OC3c/STM1 single mode (IR)
Yes
Yes
PA-A3-OC3SML
1-port ATM Enhanced OC3c/STM1 single mode (LR)
Yes
Yes
PA-A3-OC12MM
1-port ATM Enhanced OC12/STM4 multimode
(11)
No
Yes
PA-A3-OC12SMI
1-port ATM Enhanced OC12/STM4 single mode (IR)
(11)
No
Yes
PA-A3-E3
1-port ATM Enhanced E3
Yes
Yes
PA-A3-T3
1-port ATM Enhanced DS3
Yes
Yes
PA-A3-8E1IMA
8-port ATM Inverse Mux E1, 120 ohm
(11)
Yes
Yes
PA-A3-8T1IMA
8-port ATM Inverse Mux T1
(11)
Yes
Yes
PA-4C-E=
1-port Enhanced ESCON Channel
Yes
Yes
PA-SRP-OC12MM=
DPT-OC12 multimode (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7200 series only)
Yes
No
SRPIP-OC12MM=
DPT-OC12 multimode (Cisco 7500 series only)
No
Yes
SRPIP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7500 series only)
No
Yes
SRPIP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7500 series only)
No
Yes
SRPIP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7500 series only)
No
Yes
PA-4E
4-Port Ethernet 10BASE-T
Yes
Yes
PA-4E1G/75
4-port E1 G.703 Serial, 75 ohm/unbalanced
Yes
Yes
PA-4E1G/120
4-port E1 G.703 Serial, 120 ohm/balanced
Yes
Yes
PA-5EFL
5-port Ethernet 10BASE-FL
Yes
Yes
PA-8E
8-port Ethernet 10BASE-T
Yes
Yes
PA-FE-FX
1-port Fast Ethernet 100BASE-FX
Yes
Yes
PA-FE-TX
1-port Fast Ethernet 100BASE-TX
Yes
Yes
PA-2FE-FX
2-port Fast Ethernet 100BASE-FX
(15)
Yes
Yes
PA-2FE-TX
2-port Fast Ethernet 100BASE-TX
(15)
Yes
Yes
PA-GE
1-port Gigabit Ethernet
Yes
No
PA-F/FD-MM
1-port FDDI Full Duplex multimode
No
Yes
PA-F/FD-SM
1-port FDDI Full Duplex single mode
No
Yes
PA-H
1-port High-Speed Serial Interface (HSSI)
Yes
Yes
PA-2H
2-port High-Speed Serial Interface (HSSI)
Yes
Yes
PA-MC-T3
1-port multichannel T3
Yes
Yes
PA-MC-E3
1-port multichannel E3
Yes
Yes
PA-MC-2T3+
2-port multichannel T3
Yes
Yes
PA-MC-2T1
2-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-2E1/120
2-port multichannel E1, G.703 120 ohm interface
Yes
Yes
PA-MC-4T1
4-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-8T1
8-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-8E1/120
8-port multichannel E1, G.703 120 ohm interface
Yes
Yes
PA-MC-8TE1+
8 port multichannel T1/E1 8PRI
Yes
No
PA-MC-8DSX1
8 port multichannel T1 with integrated DSUs
Yes
Yes
PA-MC-STM-1MM
1-port multichannel STM-1 multimode
(14)
No
Yes
PA-MC-STM-1SMI
1-port multichannel STM-1 single mode
(14)
No
Yes
PA-4B-U
4-port BRI, U Interface
Yes
No
PA-8B-S/T
8-port BRI, S/T Interface
Yes
No
SA-ENCRYPT=
Encryption Service Adapter
Yes
Yes
SA-ISA
Integrated Services Adapter for IPSec or MPPE encryption
Yes
No
SA-VAM
VPN Acceleration Module (VAM)
Yes
No
PA-POS-OC3MM
1-port Packet-over-SONET OC3c/STM1 multimode
Yes
Yes
PA-POS-OC3SMI
1-port Packet-over-SONET OC3c/STM1 single mode (IR)
Yes
Yes
PA-POS-OC3SML
1-port Packet-over-SONET OC3c/STM1 single mode (LR)
Yes
Yes
PA-4T+
4-port Serial, Enhanced
Yes
Yes
PA-8T-V35
8-port Serial, V.35
Yes
Yes
PA-8T-X21
8-port Serial, X.21
Yes
Yes
PA-8T-232
8-port Serial, 232
Yes
Yes
PA-T3
1-port T3 Serial, T3 DSUs
Yes
Yes
PA-T3+
1-port T3 Serial, Enhanced
Yes
Yes
PA-2T3
2-port T3 Serial, T3 DSUs
Yes
Yes
PA-2T3+
2-port T3 Serial, Enhanced
Yes
Yes
PA-E3
1-port E3 Serial, E3 DSUs
Yes
Yes
PA-2E3
2-port E3 Serial, E3 DSUs
Yes
Yes
PA-4R-DTR
4-port Dedicated Token Ring, 4/16Mbps, HDX/FDX
Yes
Yes
PA-MCX-2TE1=
2-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-MCX-4TE1=
4-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-MCX-8TE1-M=
Signaling System 7 over IP (SS7oIP)
No
No
PA-MCX-8TE1=
8-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-VXA-1TE1-24+
1-port T1/E1 Digital Voice, 24 Channels
No
Yes
PA-VXA-1TE1-30+
1-port T1/E1 Digital Voice, 30 Channels
No
Yes
PA-VXB-2TE1+
2-port T1/E1 moderate capacity, enhanced
No
Yes
PA-VXC-2TE1+
2 port TE1 high capacity, enhanced
No
Yes
1 For a spare product number, append the product number with an equal sign (=). If a product number is listed as a spare product, only a spare product is available.
Determining the Software Version
To determine the version of Cisco IOS software currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following is sample output from the show version command. The version number is indicated on the second line.
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) 7200 Software (C7200-P-M), Version 12.0(21)ST, RELEASE SOFTWAREAdditional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.
Upgrading to a New Software Release
For general information about upgrading to a new software release, see the Cisco document Software Installation and Upgrade Procedures located at the following location:
http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html
Microcode Software
Table 7 lists the current microcode versions for the Cisco 7500/RSP series. This series includes the Cisco 7500 series routers.
Microcode software images are bundled with the system software image, except for the Channel Interface Processor (CIP) microcode (all system software images) and the Versatile Interface Processor (VIP) microcode (certain system software images). Bundling eliminates the need to store separate microcode images. When the router starts, the system software unpacks the microcode software bundle and loads the proper software on all the interface processor boards. VIP and VIP2 microcode is bundled into all Cisco 7500 series feature sets listed in Table 7.
For further information about the CIP microcode, refer to the Cisco document Channel Interface Processor Microcode Release Note and Microcode Upgrade Instructions.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Different platforms support different feature sets. Table 8 through Table 12 list the newest features and feature sets supported by the Cisco 7200 series, the Cisco 7500/RSP series, the Cisco 10000 series, the Cisco 10720, and the Cisco 12000 series in Cisco IOS Release 12.0 ST. The tables use the following conventions:
•
•
•
Note
New and Changed Information
This section lists the new hardware and software features supported by the Cisco 7200 series, Cisco 7500 series, Cisco 10000 series, Cisco 10720 Internet router, and Cisco 12000 series Internet routers in Cisco IOS Release 12.0 ST and contains the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
For the latest hardware and software features, see the following section, "New Features in Cisco IOS Release 12.0(21)ST."
New Features in Cisco IOS Release 12.0(21)ST
Cisco IOS Release 12.0(21)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
10 Gbps POS Enhanced Services Line Cards
Platforms: Cisco 12000 series Internet routers
The 1-port OC-192 POS Enhanced Services (ES, also referred to as Engine 4 plus) and Quad OC-48 POS ES line cards for Cisco 12400 Internet routers support an extensive list of features that enable service providers to provide customers with the means to build scalable, feature-rich 10G networks that support value-added services, such as MPLS VPN, voice, and tiered service offerings, without compromising performance.
Cisco IOS Release 12.0(21)ST supports all the features in Release 12.0(21)S (see the note below) along with the following additional features:
•
•
•
•
•
•
Note
For information about how to install and configure 10 Gbps POS Enhanced Services line cards, refer to the Cisco documents at the following locations:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_pos/11420q48.htm
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_pos/11421192.htm
128 ACLs, MPLS VPN, IP Marking on Engine 2 POS Line Cards
Platforms: Cisco 12000 series Internet routers
Engine 2 (E2) Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers now support the following features:
•
For information about the performance improvement that you receive by using up to 128 ACL entries on input interfaces and how to enable the 128 ACL entries, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s10/hw_acl.htm
•
A Virtual Private Network (VPN) is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs enable highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/vpn.htm
•
This feature allows you to mark packets by setting the IP precedence bits or the IP differentiated services code point (DSCP) in the IP type of service (ToS) byte. By marking packets, you can classify traffic on the basis of the IP precedence or IP DSCP value. IP marking can be used to identify traffic within the network. Also, other interfaces can match traffic based on the basis of the IP precedence or DSCP markings. For more information about how to use IP packet precedence marking, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/cbpmark2.htm
These features (128 ACLs, MPLS VPNs, and IP precedence marking) are supported on the following E2 POS line cards:
•
•
•
•
BGP Policy Accounting on 3-Port Gigabit Ethernet Line Cards per VLAN Support
Platforms: Cisco 12000 series Internet routers
Cisco IOS Release 12.0(21)ST now supports Border Gateway Protocol (BGP) policy accounting on 3-port Gigabit Ethernet line cards per VLAN.
IP Services Engine Line Cards for the Cisco 12000 Series Internet Routers
Platforms: Cisco 12000 series Internet routers
The IP Services Engine (ISE) line cards (also referred to as Engine 3 line cards) for the Cisco 12000 series Internet router provide enhanced Layer 3 capabilities for high-speed customer aggregation, backbone connectivity, and peering solutions. These line cards are available in both concatenated and channelized versions. The ISE line cards offer the following advantages:
•
•
•
•
•
The following concatenated line cards are introduced for the Cisco 12000 series Internet routers:
Concatenated 1-Port OC-48/STM-16
The 1-port OC-48/STM-16 line card provides the Cisco 12000 series Internet routers with one 2488-Mbps concatenated Packet-over-SONET (POS) interface on a single card.
Concatenated 4-Port OC-12/STM-4
The 4-port OC-12/STM-4 line card provides the Cisco 12000 series Internet routers with four 622-Mbps concatenated Packet-over-SONET (POS) interfaces on a single card.
Concatenated 16-Port OC-3/STM-1
The 16-port OC-3/STM-1 line card provides the Cisco 12000 series Internet routers with 16 155-Mbps concatenated POS interfaces on a single card.
Refer to the following Cisco publications for additional information:
•
–
•
–
–
–
The following channelized line cards are introduced for the Cisco 12000 series Internet routers:
Channelized 1-Port OC-48/STM-16
The 1-port Channelized OC-48/STM-16 to DS-3/E3 line card supports both SONET and SDH framing and provides DS-3/E3 aggregation for the Cisco 12000 series Internet router. For SDH, both AU-3 and AU-4 mappings are supported. The line card interfaces with the Cisco 12000 series Internet router switch fabric and provides one OC-48/STM-16 duplex SC single-mode intermediate reach optical port that can be configured with up to 48 channelized interfaces.
Channelized 4-Port OC-12/STM-4
The 4-port Channelized OC-12/STM-4 to DS-3/E3 line card supports both SONET and SDH framing and provides DS-3/E3 aggregation for the Cisco 12000 series Internet router. For SDH, both AU-3 and AU-4 mappings are supported. The line card interfaces with the Cisco 12000 series Internet router switch fabric and provides four OC-12/STM-4 duplex SC single-mode intermediate reach optical ports. Each of these ports can be configured with up to 12 channelized interfaces.
Refer to the following Cisco publications for additional information:
•
–
•
–
–
Supported Features on ISE Line Cards
The ISE line cards that are introduced in Cisco IOS Release 12.0(21)ST support MPLS VPN and the following features on both physical interfaces and subinterfaces:
•
•
•
•
•
•
•
•
•
•
•
•
•
IPv6 for Cisco IOS Software
Platforms: Cisco 12000 series Internet routers
IPv6, formerly called IPng (next generation), is the latest version of IP and offers many benefits, such as a larger address space, over the previous version of IP (version 4). The IPv6 for Cisco IOS Software feature was first introduced in Cisco IOS Release 12.2(2)T. In Cisco IOS Release 12.0(21)ST, the IPv6 for Cisco IOS Software feature is enhanced by the addition of the following features:
•
•
•
•
•
•
For further information, refer to the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/index.htm
IS-IS HMAC-MD5 Authentication
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
The IS-IS HMAC-MD5 Authentication feature adds an HMAC-MD5 digest to each Intermediate System-to-Intermediate System (IS-IS) protocol data unit (PDU). HMAC is a mechanism for message authentication codes (MAC) using cryptographic hash functions. The digest allows authentication at the IS-IS routing protocol level, which prevents unauthorized routing messages from being injected into the network routing domain.
IS-IS has five packet types: link-state packet (LSP), LAN Hello, Serial Hello, complete sequence number PDU (CSNP), and partial sequence number PDU (PSNP). The IS-IS HMAC-MD5 authentication or the cleartext password authentication can be applied to all five types of PDU. The authentication can be enabled on different IS-IS levels independently. The interface-related PDUs (LAN Hello, Serial Hello, CSNP and PSNP) can be enabled with authentication on different interfaces, with different levels and different passwords.
The HMAC-MD5 mode cannot be mixed with the clear text mode on the same authentication scope (LSP or interface). However, administrators can use one mode for LSP and another mode for some interfaces, for example. If mixed modes are intended, different keys should be used for different modes in order not to compromise the encrypted password in the PDUs.
For more information about the IS-IS HMAC-MD5 Authentication feature, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/ftmd5isi.htm
Label Switch Routing
Platform: Cisco 10000 series edge services routers
The label switch router (LSR) feature enables the Cisco 10000 series edge services (ESR) router to function as a provider router (P router) in a Multiprotocol Label Switching (MPLS) network. Previously, the Cisco 10000 series ESR could function as a provider edge router (PE router), forwarding packets from an IP network to an MPLS (label imposition) network and from an MPLS network to an IP (label disposition) network. This feature adds full LSR support, enabling the router to perform MPLS-to-MPLS forwarding (label switching).
For more information about MPLS on Cisco routers, including the Cisco 10000 series ESR, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_rtr.htm
New Features
LSR provides the following new features:
•
•
•
•
•
–
–
–
Requirements
To run the LSR feature, the Cisco 10000 series ESR must have the PRE1 version (part number ESR-PRE1) of the Performance Routing Engine (PRE) installed in the Cisco 10000 series ESR chassis. You can verify which PRE is installed in the chassis by using the show version command.
MPLS AToM - Ethernet over MPLS and MPLS AToM - ATM AAL5 over MPLS
Platforms: Cisco 12000 series Internet routers
In Cisco IOS Release 12.0(21)ST, the following Multiprotocol Label Switching (MPLS) Any Transport over MPLS (AToM) features are supported:
•
•
The Ethernet over MPLS feature allows you to connect two VLAN networks that are in different locations, without using expensive bridges, routers, or switches at the VLAN locations. You can enable the MPLS backbone network to accept Layer 2 VLAN traffic by configuring the label edge routers (LERs) at both ends of the MPLS backbone.
In Cisco 12000 series Internet routers, Ethernet over MPLS label imposition is supported on the following engines and line cards:
•
Cisco 12000 Series 3-Port Gigabit Ethernet line cardsIn Cisco 12000 series Internet routers, Ethernet over MPLS label disposition is supported on the following engines and line cards:
•
Cisco 12000 Series 3-Port Gigabit Ethernet line cards
Cisco 12000 Series 8-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 16-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 4-Port OC12c/STM-4c POS/SDH line cards
Cisco 12000 Series 1-Port OC48c/STM-16c POS/SDH line cards•
Cisco 12000 Series 4-Port OC-48c/STM-16c POS line cards
Cisco 12000 Series 1-Port OC-192c/STM-64c POS/SDH line cardsFor further information, refer to the Cisco document MPLS AToM—Ethernet over MPLS at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/eompls20.htm
The ATM AAL5 over MPLS feature provides an ATM permanent virtual circuit (PVC) for transporting AAL5 PDUs across an IP/MPLS backbone with rate-limit policing and configurable PVC priority values. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
In Cisco 12000 series Internet routers, AAL5 over MPLS label disposition is supported on the following engines and line cards:
•
Cisco 12000 Series 4-Port OC-3c/STM-1c POS/SDH line cards
Cisco 12000 Series 1-Port OC-12c/STM-4c POS/SDH line cards•
Cisco 12000 Series 3-Port Gigabit Ethernet line cards
Cisco 12000 Series 8-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 16-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 4-Port OC12c/STM-4c POS/SDH line cards
Cisco 12000 Series 1-Port OC48c/STM-16c POS/SDH line cards
Cisco 12000 Series 1-Port OC-48c/STM-16c DPT line cardsIn Cisco 12000 series Internet routers, AAL5 over MPLS label imposition and disposition are supported on the following engines and line cards:
•
Cisco 12000 Series 4-Port OC-3c/STM-1c ATM line cards
Cisco 12000 Series 1-Port OC-12c/STM-4c ATM line cards
Cisco 12000 Series 4-Port OC-12c/STM-4c ATM line cardsFor further information, see the "AAL5 Transport over MPLS" section and refer to the Cisco document MPLS AToM—ATM AAL5 over MPLS at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsaal5.htm
Note
MPLS Enhancements in the Cisco 10720 Internet Router
Platform: Cisco 10720 Internet router
MPLS Provider Backbone and Provider Edge Functionality in the Cisco 10720 Internet Router
Cisco IOS Release 12.0(21)ST supports the following MPLS provider (P) backbone and provider edge (PE) functionality in the Cisco 10720 Internet router in addition to existing IP features:
•
•
•
The IP Virtual Private Network (VPN) feature for MPLS allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. An IP VPN is the foundation that companies use for deploying or administering value-added services including applications and data hosting network commerce, and telephony services to business customers. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_vpn.htm
Cisco's MPLS label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP VPNs that support multiple levels of services.
LDP provides a standard methodology for hop-by-hop, or dynamic label, distribution in an MPLS network by assigning labels to routes that have been chosen by the underlying Interior Gateway Protocol (IGP) routing protocols. The resulting labeled paths, called label switch paths or LSPs, forward label traffic across an MPLS backbone to particular destinations. These capabilities enable service providers to implement Cisco's MPLS-based IP VPN services across multivendor MPLS networks. For more information about MPLS LDP, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsldp_21.htm
Label switching combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. It enables service providers to meet challenges brought about by explosive growth and provides the opportunity for differentiated services without necessitating the sacrifice of existing infrastructure. The label switching architecture is remarkable for its flexibility. Data can be transferred over any combination of Layer 2 technologies, support is offered for all Layer 3 protocols, and scaling is possible well beyond anything offered in today's networks.
Specifically, label switching can efficiently enable the delivery of IP services over an ATM switched network. It supports the creation of different routes between a source and a destination on a purely router-based Internet backbone. Service providers who use label switching can save money and increase revenue and productivity. For more information about MPLS label switching, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_rtr.htm
New Show Commands for MPLS Forwarding in Cisco 10720 Internet Routers
In a Cisco 10720 Internet router, you can use the following command to display hardware information about the MPLS forwarding performed by Parallel Express Forwarding (PXF) for a given IP prefix or incoming MPLS label:
show hardware pxf cpu mpls [network [mask] | label]
Where:
network specifies the IP address of a destination network.
mask specifies the network mask of a destination network.
label specifies an incoming MPLS label.For more information on the command syntax and for sample output, refer to the Cisco document
Cisco IOS Software Configuration for the Cisco 10720 Internet Router at the following location:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/10720.htm
MPLS LDP—MIB Traps
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 12000 series Internet routers
Cisco IOS Release 12.0(11)ST introduced the MPLS Label Distribution Protocol (LDP) MIB, whereas Release 12.0(21)ST adds support for MPLS LDP MIB traps. When you enable MPLS LDP MIB notification functionality by issuing the snmp-server enable traps mpls ldp command, notification messages are generated and sent to a designated network management station (NMS) in the network to signal the occurrence of specific events within Cisco IOS software.
The MPLS LDP MIB objects involved in LDP status transitions and event notifications include the following:
•
•
•
•
Note
For further information, see the "Label Distribution Protocol MIB" section and refer to the Cisco document MPLS Label Distribution Protocol MIB at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/ldpmib21.htm
MPLS Traffic Engineering (TE)—Interarea Tunnels on 12000 Series Internet Routers
Platforms: Cisco 12000 series Internet routers
Cisco IOS Release 12.0(19)ST1 introduced the MPLS Traffic Engineering (TE)—Interarea Tunnels feature on the Cisco 7200 series and Cisco 7500 series routers. In Cisco IOS Release 12.0(21)ST, this feature is also supported on the Cisco 12000 series Internet routers.
The MPLS Traffic Engineering (TE)—Interarea Tunnels feature allows you to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required that the tunnel headend and tailend routers both be in the same area. The IGP can be either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
To configure an interarea tunnel, you specify on the headend router a loosely routed explicit path for the tunnel label switched path (LSP) that identifies each area border router (ABR) that the LSP should traverse using the next-address loose command. The headend router and the ABRs along the specified explicit path expand the loose hops, each computing the path segment to the next ABR or tunnel destination.
For further information, refer to the Cisco document MPLS Traffic Engineering (TE)—Interarea Tunnels at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st19/inter_ar.htm
MPLS VPN and Fast Reroute on 10 Gbps POS Enhanced Services Line Cards
Platforms: Cisco 12000 series Internet routers
The MPLS Virtual Private Network (VPN) and Fast Reroute (FRR) features are supported on Packet-over-SONET (POS) Enhanced Services (ES, also referred to as Engine 4 plus) line cards in Cisco 12000 series Internet routers, including:
•
•
A VPN is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs enable highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/vpn.htm
Regular MPLS traffic engineering automatically establishes and maintains label-switched paths (LSPs) across the backbone using Resource Reservation Protocol (RSVP). The path used by a given LSP at any point in time is based upon the LSP resource requirements and available network resources such as bandwidth.
Available resources are flooded via extensions to a link-state based Interior Gateway Protocol (IGP), such as IS-IS or OSPF.
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, because of messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
Fast Reroute provides link protection to LSPs. This enables all traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router interfacing the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through RSVP; the headend then attempts to establish a new LSP that bypasses the failure.
For more information about Fast Reroute, see the "MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection" section .
MPLS VPN Carrier Supporting Carrier and Interautonomous Systems Supported on Engine 2 POS Line Cards
Platforms: Cisco 12000 series Internet routers
The MPLS Virtual Private Network (VPN) features, carrier supporting carrier and interautonomous systems, are now supported on Engine 2 Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers, including:
•
•
•
•
The carrier supporting carrier (CsC) feature enables an MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. It provides the following benefits to the backbone carrier (the service provider that provides the segment of the backbone network to the other provider) and customer carrier (the service provider that uses the segment of the backbone network):
•
•
•
•
•
•
•
For more information about the MPLS CsC feature, see the "MPLS VPN Carrier Supporting Carriers" section and the Cisco document MPLS VPN Carrier Supporting Carrier at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/csc20.htm
The interautonomous systems feature provides MPLS VPN services that can span multiple autonomous systems and VPN service providers. It provides the following benefits:
•
•
•
For more information about the MPLS interautonomous system feature, see the "MPLS VPN—Interautonomous System Support" section and the Cisco document Inter-Autonomous Systems for MPLS VPNs at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/intras17.htm
MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. The backbone carrier offers BGP and MPLS VPN services. The customer carrier can be either:
•
•
Previously you had to use Label Distribution Protocol (LDP) and an internal gateway protocol (IGP) between PE and CE routers to achieve the same goal. Using BGP to distribute IPv4 routes and MPLS labels routes has the following benefits:
•
•
This feature is an extension of the MPLS VPN Carrier Supporting Carriers feature, introduced in Cisco IOS Release 12.0(14)ST. For more information, refer to the Cisco document MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution at the following location:
MPLS VPN Inter-AS—IPv4 BGP Label Distribution
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS VPN Inter-AS—IPv4 BGP Label Distribution feature enables you to set up a VPN service provider (SP) network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows:
•
•
–
–
Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPNv4 routes to the PE routers in the VPN (as mentioned in the first bullet). For example, in VPN1, RR1 reflects to PE1 the VPNv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPNv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.
•
Using BGP to distribute IPv4 routes and MPLS labels routes has the following benefits:
•
•
•
For more information, refer to the Cisco document MPLS VPN Inter-AS—IPv4 BGP Label Distribution at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsbgp.htm
MPLS VPN MIB and MPLS VPN MIB Traps
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 12000 series Internet routers
Simple Network Management Protocol (SNMP) agent code operating in conjunction with the Provider-Provisioned VPN (PPVPN) Multiprotocol Label Switching Virtual Private Network (MPLS VPN) MIB enables a standardized, SNMP-based approach in managing MPLS VPNs in Cisco IOS software.
The PPVPN MPLS VPN MIB is based on the Internet Engineering Task Force (IETF) draft MIB draft-ietf-ppvpn-mpls-vpn-mib-03.txt, which includes objects describing features that support MPLS VPN events. This IETF draft MIB, which undergoes revisions from time to time, is being evolved toward becoming a standard. Accordingly, the Cisco implementation of features of the PPVPN MPLS VPN MIB is expected to track the evolution of the IETF draft MIB.
Some slight differences between the IETF draft MIB and the actual implementation of MPLS VPNs within Cisco IOS software require some minor translations between the PPVPN MPLS VPN MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS software.
The SNMP objects defined in the PPVPN MPLS VPN MIB can be viewed by any standard SNMP utility. The network administrator can retrieve information in the PPVPN MPLS VPN MIB using standard SNMP get and getnext operations.
All PPVPN MPLS VPN MIB objects are based on the IETF draft MIB; thus, no specific Cisco SNMP application is required to support the functions and operations that pertain to the PPVPN MPLS VPN MIB features.
In Cisco IOS Release 12.0(21)ST, the PPVPN MPLS VPN MIB provides you with the ability to do the following:
•
•
•
•
•
•
•
For further information—including information about how to configure the router to send SNMP traps— refer to the Cisco document MPLS VPN MIB at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsvpnmib.htm
OSPF Sham-Link Support for MPLS VPN
Platform: Cisco 12000 series Internet routers
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configuration, the Open Shortest Path First (OSPF) protocol is one way you can connect customer edge (CE) routers to service provider edge (PE) routers in the VPN backbone. OSPF is often used by customers that run OSPF as their intrasite routing protocol, subscribe to a VPN service, and want to exchange routing information between their sites using OSPF (during migration or on a permanent basis) over an MPLS VPN backbone.
Using an OSPF sham-link in an MPLS VPN has the following benefits:
•
•
For further information about OSPF sham-link support for MPLS VPN, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/shamlink.htm
OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers
Platform: Cisco 12000 series Internet routers
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature provides the capability of suppressing provider edge (PE) checks. The checks are needed to prevent loops when the PE is performing a mutual redistribution of packets between Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). When VPN routing/forwarding (VRF) is used on a router that is not a PE (that is, one that is not running BGP), the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes.
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature allows you to split the router into multiple virtual routers, where each contains its own set of interfaces, routing table, and forwarding table. On the basis of routing information stored in the VRF IP routing table and VRF Cisco Express Forwarding (CEF) table, packets are forwarded to their destination using Multiprotocol Label Switching (MPLS).
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature gives you the ability to segment or single out parts of your network and configure those segments to perform specific functions, yet still maintain correct routing information.
For further information about the OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature, refer to the following Cisco document:
RPR+ Support for Additional Line Cards in the Cisco 12000 Series Internet Router
Platform: Cisco 12000 series Internet routers
The list of supported line cards for Route Processor Redundancy Plus (RPR+) now includes the following additional line cards:
•
•
•
•
•
•
The following line cards are already supported for RPR+:
•
•
•
•
All other line cards (that is, ATM and Engine 3 line cards) are reset and reloaded during a RPR+ switchover.
With RPR+, if the Active RP fails, or if a manual switchover is performed, these line cards are not reset during a switchover to the standby RP. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (that is, a link does not go down and back up).
Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/rpr_plus.htm
SNMP Version 3
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
Simple Network Management Protocol version 3 (SNMPv3) addresses issues related to the large-scale deployment of SNMP for configuration, accounting, and fault management. Currently SNMP is predominantly used for monitoring and performance management. The primary goal of SNMPv3 is to define a secure version of the SNMP protocol. SNMPv3 also facilitates remote configuration of the SNMP entities that make remote administration of SNMP entities a much simpler task. SNMPv3 builds on top of SNMPv1 and SNMPv2 to provide a secure environment for the management of systems and networks.
SNMPv3 provides an identification strategy for SNMP devices to facilitate communication only between known SNMP strategies. Each SNMP device has an identifier called the SNMP EngineID, which is a copy of SNMP. Each SNMP message contains an SNMP EngineID. SNMP communication is possible only if an SNMP entity knows the identity of its peer SNMP device.
SNMPv3 also contains a security model or security strategy that exists between an SNMP user and the SNMP group to which the user belongs. A security model may define the security policy within an administrative domain or an intranet. The SNMPv3 protocol consists of the specification for the User-based Security Model (USM).
Definition of security goals in which the goals of message authentication service include the following protection strategies:
•
•
•
•
–
–
–
For further information about SNMP version 3, refer to Cisco document SNMPv3 at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t3/snmp3.htm
SONET APS 1+1 for 4-Port OC-3 ATM and 1-Port OC-12 ATM Line Cards
Platforms: Cisco 10000 series edge services routers
In Cisco IOS Release 12.0(21)ST, the Cisco 10000 series edge services router (ESR) supports SONET automatic protection switching (APS) 1+1 redundancy for the 4-port OC-3 ATM and 1-port OC-12 ATM line cards. APS 1+1 support is card-to-card. When the active line card fails, the redundant line card takes over. For line cards with multiple ports (such as the 4-port OC-3 ATM line card), you can also use APS 1+1 support to switch from one port to another port as long as the redundant port is on a different line card.
The Cisco 10000 series ESR supports SONET APS operation that is:
•
•
•
Note
For information about configuring APS on a Cisco 10000 series ESR, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10ksw/apsos.htm
VPN Aware DHCP Relay for Non-Overlapping Addresses
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
In Cisco IOS Release 12.0(21)ST, Dynamic Host Configuration Protocol (DHCP) relay works with VPN routing/forwarding (VRF) Virtual Private Networks (VPNs). VPN Aware DHCP Relay for Non-Overlapping Addresses requires each VPN to have its own DHCP server.
VRF over FR Subinterfaces
Platform: Cisco 12000 series Internet routers
VPN routing/forwarding instances (VRFs) are supported over Frame Relay (FR) subinterfaces on Engine 2 Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers, including:
•
•
•
•
On an Engine 2 line card interface configured with Frame Relay encapsulation, each subinterface can be associated to either the global Forwarding Information Base (FIB) table or any configured VRF. This association is independent for each Frame Relay subinterface. It is not necessary for all subinterfaces on the same physical interface to belong to the same VRF.
Packets that arrive at an E2 line card interface with Frame Relay encapsulation are processed as follows:
•
•
•
New Features in Cisco IOS Release 12.0(20)ST
Cisco IOS Release 12.0(20)ST supports the following new features for the Cisco 10000 series edge services routers only:
•
•
•
•
•
4-Port OC-3 ATM Line Card
The 4-port OC-3 ATM line card provides four 155.52-Mbps SONET/SDH connections to ATM networks. It uses a standard implementation of ATM over SONET switching to provide four trunk uplinks for the Cisco 10000 series edge services router.
6-Port OC-3/POS Line Card
The 6-port OC-3/POS line card allows Internet access and provider-to-provider peering through Cisco 10000 equipment via unchannelized OC-3 interfaces. To meet global requirements, the card supports both SONET (STS3c) and SDH (STM1c) framing and signaling.
8-Port Unchannelized E3/T3 Line Card
The 8-port unchannelized E3/T3 line card is an advanced E3 and T3 interface module for the Cisco 10000 series edge services router (ESR). It supports eight physical BNC connections, which can be configured for E3 or T3. Each E3 or T3 connection can either support a full clear-channel or be subrated by limiting the data transfer rate, and thereby reducing the peak access rate.
Subrate modes configure each interface of the 8-port unchannelized E3/T3 line card to connect with Cisco port adaptors and with customer premise data service units (DSUs). The 8-port unchannelized E3/T3 line card supports maximum flexibility in that it can be used in any Cisco 10000 series ESR chassis (with no slot dependency) and can be hot-swapped. It is fully manageable by means of standard Cisco management tools, and it supports all IP networking protocols. In addition, it supports the following encapsulation protocols:
•
•
•
•
Diffserv Compliant WRED
The Diffserv Compliant WRED feature extends the functionality of Weighted Random Early Detection (WRED) to enable support for Differentiated Services (DiffServ) and Assured Forwarding (AF) Per Hop Behavior (PHB). DiffServ Compliant WRED enables customers to implement AF PHB by coloring packets according to Differentiated Services Code Point (DSCP) values and then assigning preferential drop probabilities to those packets.
Generic Routing Encapsulation (GRE)
Generic Routing Encapsulation (GRE) supports Generic Routing Encapsulation (GRE) IP and Distance Vector Multicast Routing Protocol (DVMRP) multicast tunnel modes to transport otherwise unroutable packets across the IP network and provide data separation for Virtual Private Network (VPN) services. GRE tunnels make it possible to have multiprotocol local networks running over a single-protocol backbone. They also provide workarounds for networks that contain protocols that have limited hop counts, connectivity for discontinuous subnetworks, and connectivity for VPNs across wide-area networks. DVMRP multicast tunnel modes are supported only between the Cisco 10000 series edge services router and a Sun SPARCstation that is running DVMRP version 3.8 or higher.
Multiplex Section Protection (MSP)
This feature adds support for Multiplex Section Protection (MSP) redundancy for the 4-port channelized STM-1 line card (ESR-4OC3-CHSTM1) for the Cisco 10000 router (ESR10008 and ESR10005). This feature provides linear, nonrevertive, 1+1 protection on a per-port basis. MSP support requires two ESR-4OC3-CHSTM1 line cards.
NetFlow Accounting
NetFlow Accounting supports gathering and exporting Version 5 and Version 8 record types to NetFlow FlowCollectors, and provides basic metering for a key set of applications, including network traffic accounting, usage-based network billing, network planning, and network monitoring capabilities.
Policy-Based Routing (PBR)
Policy-Based Routing (PBR) provides a tool for expressing and implementing the forwarding or routing of data packets, on the basis of the policies that are defined by network administrators. PBR allows policy override on routing protocol decisions by selectively applying policies based on access list and/or packet size. Network administrators can also use PBR to selectively change the IP ToS, IP precedence, and IP QoS Group fields for matching incoming packets on an interface.
The Cisco 10000 series edge services router supports a maximum of 255 PBR policies and 32 route maps within each policy. The following subset of policy-based routing commands is supported in this release of Cisco IOS software:
•
•
•
•
•
•
•
•
•
•
Priority Queueing (PQ/CBWFQ on ATM PVCs
Priority Queueing (PQ)/CBWFQ on ATM PVCs allows a service policy, including class queue policy statements, to be attached to ATM variable bit rate (VBR) virtual circuits (VCs). This feature is enabled using the Modular Quality of Service Command-Line Interface (MQC) syntax.
Subinterface Policy Maps
Subinterface Policy Maps allows you to use the service-policy command to configure quality of service (QoS) features at the subinterface level in addition to configuring QoS features on main interfaces. The types of subinterfaces supported include Frame Relay, ATM (both unspecified bit rate [UBR] and variable bit rate [VBR]), and 802.1Q VLAN. ATM VBR subinterfaces support all QoS features including queueing. On all other subinterface types, any queueing-related commands in the service-policy, such as bandwidth, priority, shape, queue-limit, and random-detect, are ignored.
Turbo Quality of Service (QoS)
Turbo Quality of Service (QoS) provides more efficient handling of QoS policy maps for quicker packet classification and a QoS solution that scales.
New Features in Cisco IOS Release 12.0(19)ST1
Cisco IOS Release 12.0(19)ST1 supports the following new features:
•
Frame Relay Fast Restart
The Frame Relay Fast Restart feature increases network availability by reducing recovery time from Route Processor (RP) failures on Cisco 7500 series and Cisco 10000 series routers in Frame Relay networks. This feature reduces recovery time by accelerating the transition from primary RP to standby RP after a hardware or software failure.
When a switchover from primary RP to standby RP occurs on a switch that has Frame Relay line cards, the switch must implement an initialization procedure to bring permanent virtual circuits (PVCs) back up and to reestablish dynamic mappings. While this procedure is under way, the Frame Relay interface is unavailable for traffic forwarding. Before the introduction of this feature, the initialization procedure took from 30 to 90 seconds to complete on each Frame Relay interface. The Frame Relay Fast Restart feature reduces interface restart time to 10 to 15 seconds.
Route Processor Redundancy Plus (RPR+)
The Route Processor Redundancy Plus (RPR+) feature is an enhancement to the RPR feature on Cisco 7500 series routers. RPR+ keeps the Virtual Interface Processors (VIPs) from being reset and reloaded when a switchover occurs between the active and standby Route Switch Processors (RSPs). Because VIPs are not reset, microcode is not reloaded on the VIPs, and the time needed to parse the configuration is eliminated, switchover time is reduced to 30 to 40 seconds.
New Features in Cisco IOS Release 12.0(19)ST
Cisco IOS Release 12.0(19)ST supports the following new features for the Cisco 10000 series edge services routers only:
•
ATM PVCs
The Cisco 10000 series edge services router (ESR) now supports 4000 ATM permanent virtual circuits (PVCs).
MPLS Traffic Engineering (TE)—Interarea Tunnels
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS Traffic Engineering (TE)—Interarea Tunnels feature allows you to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required that the tunnel headend and tailend routers both be in the same area. The IGP can be either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
To configure an interarea tunnel, you specify on the headend router a loosely routed explicit path for the tunnel label switched path (LSP) that identifies each area border router (ABR) that the LSP should traverse using the next-address loose command. The headend router and the ABRs along the specified explicit path expand the loose hops, each computing the path segment to the next ABR or tunnel destination.
For further information, refer to the Cisco document MPLS Traffic Engineering (TE)—Interarea Tunnels at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st19/inter_ar.htm
Per-Packet Load Balancing
Per-Packet Load Balancing (PPLB) ensures load balancing over multiple links by allowing the router to send successive data packets over paths, without regard to individual hosts or user sessions. PPLB uses a round-robin method to determine which path each packet takes to arrive at the destination.
New Features in Cisco IOS Release 12.0(18)ST
Cisco IOS Release 12.0(18)ST supports the following new features:
•
•
•
•
•
•
•
Feature module documentation for select features can be found on the
"New Features in Release 12.0(18)ST" page on Cisco.com or the Documentation CD-ROM.802.1p Support on the Cisco 10720 Internet Router
The IEEE 802.1p standard provides a means for individual end stations to request a particular quality of service (QoS) of the network and for the network to respond accordingly. 3-bits in the 802.1Q header with values ranging from 0 to 8 can be used to set different priority levels of user traffic at Layer 2. In the context of the Cisco 10720 router, the Modular QoS feature is used to set the 802.1p bits, similar to setting the IP type of service (ToS) bits. The switches that are deployed behind the Cisco 10720 router that supports this feature can take advantage of the priority bits for providing a higher quality of service for certain types of traffic.
802.1q Support for the Cisco 10720 Internet Router
The term "VLAN" refers to the ability to virtually create a LAN using a switched architecture. Rather than being defined on a physical or geographical basis, VLANs can be defined on a logical or organizational basis in which the network can be configured via software. The IEEE standard 802.1q defines the operation of VLAN bridges that permit the definition, operation, and administration of VLAN topologies within a bridged LAN infrastructure. This standard is based on a frame-tagging mechanism to identify the specific VLAN.
Bidirectional PIM
Bidirectional PIM is a variant of the Protocol Independent Multicast (PIM) suite of routing protocols for IP Multicast. In PIM, packet traffic for a multicast group is routed according to the rules of the mode configured for that multicast group. The Cisco IOS implementation of PIM supports the following three modes for a multicast group:
•
•
•
A router can simultaneously support all three modes or any combination of them for different multicast groups. In bidirectional mode, traffic is routed only along a bidirectional shared tree that is rooted at the rendezvous point (RP) for the group. In Bidirectional PIM (bidir-PIM), the IP address of the RP acts as the key to having all routers establish a loop-free spanning tree topology rooted in that IP address. This IP address does not need to be a router, but it can be any unassigned IP address on a network that is reachable throughout the PIM domain. Using this technique is the preferred configuration for establishing a redundant RP configuration for bidir-PIM.
Membership to a bidirectional group is signaled via explicit "Join" messages. Traffic from sources is unconditionally sent up the shared tree toward the RP and passed down the tree toward the receivers on each branch of the tree.
Bidir-PIM is designed to be used for many-to-many applications within individual PIM domains. Multicast groups in bidirectional mode can scale to an arbitrary number of sources without incurring overhead due to the number of sources.
Bidir-PIM is derived from the mechanisms of PIM sparse mode (PIM-SM) and shares many shortest path tree (SPT) operations. Bidir-PIM also has unconditional forwarding of source traffic toward the RP upstream on the shared tree, but it has no registering process for sources as in PIM-SM. These modifications are necessary and sufficient to allow forwarding of traffic in all routers based solely on the multicast routing entries (*, G). This feature eliminates any source-specific state and allows scaling capability to an arbitrary number of sources.
CNS Configuration Agent
Cisco Networking Services (CNS) is a foundation technology for linking users to network services. CNS Software Developers Kit (SDK) accomplishes this linking by making applications network-aware and increasing the intelligence of the network elements. CNS SDK provides building blocks to a range of customers in market segments such as enterprise, service provider, independent software vendors, and system integrators.
The CNS Configuration Agent feature supports initial configurations, incremental configurations, and synchronized configuration updates for Cisco IOS software-based routing devices.
Initial Configurations
When a routing device first comes up, it connects to the configuration server component of CNS Configuration Agent by establishing a TCP connection through the use of cns config initial, a standard command-line interface (CLI) command. The device issues a request and identifies itself by providing a unique configuration ID to the configuration server.
When the CNS web server receives a request for a configuration file, it invokes the Java Servlet and executes the corresponding embedded code. The embedded code directs the CNS web server to access the directory server and file system to read the configuration reference for this device (configuration ID) and template. The Configuration Agent prepares an instantiated configuration file by substituting all the parameter values specified in the template with valid values for this device. The configuration server forwards the configuration file to the CNS web server for transmission to the routing device.
The CNS Configuration Agent feature accepts the configuration file from the CNS web server, performs XML parsing, checks syntax (optional), and loads the configuration file. The routing device reports the status of the configuration load as an event to which a network monitoring or workflow application can subscribe.
Incremental (Partial) Configurations
When the network is up and running, new services can be added using the CNS Configuration Agent. Incremental (partial) configurations can be sent to routing devices. The actual configuration can be sent as an event payload by way of the Event Gateway (push operation) or as a signal event that triggers the device to initiate a pull operation.
The routing device can check the syntax of the configuration before applying it. If the syntax is correct, the routing device applies the incremental configuration and publishes an event that signals success to the configuration server. If the device fails to apply the incremental configuration, it publishes an event that indicates an error status.
After the routing device has applied the incremental configuration, it can write it to NVRAM, or wait until signaled to do so.
Synchronized Configurations
When a routing device receives a configuration, it has the option to defer application of the configuration upon receipt of a write-signal event. The CNS Configuration Agent feature allows the device configuration to be synchronized with other dependent network activities.
For further information on enabling CNS services on your routing devices, see the "CNS Configuration Agent" and "CNS Event Agent" feature modules at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/.
CNS Event Agent
Cisco Networking Services (CNS) is a foundation technology for linking users to network services. CNS Software Developers Kit (SDK) accomplishes this linking by making applications network-aware and increasing the intelligence of the network elements. CNS SDK provides building blocks to a range of customers in market segments such as enterprise, service provider, independent software vendors, and system integrators.
The CNS Event Agent is part of the Cisco IOS software infrastructure that allows Cisco IOS software applications to publish and subscribe to events on a CNS Event Bus. CNS Event Agent works in conjunction with the CNS Configuration Agent feature.
Cisco 10720 Internet Router
The Cisco 10720 Internet router is a high performance Cisco IOS router that enables service providers to offer next generation business class IP services within metropolitan networks. Designed with support for 10/100 and later 1000 Mbps Ethernet access and high speed OC48/STM16 DPT technology over fiber uplink, the Cisco 10720 Internet router allows service providers to offer IP services that are closer to the user, enabling the users to better control admission to network resources. The small form factor allows easy deployment in central locations within business complexes. Based on Cisco Parallel Express Forwarding (PXF) (Toaster-based) architecture, the Cisco 10720 Internet router is a cost effective reliable platform that allows advanced IOS features to be introduced simply, efficiently, and without compromising on performance.
DPT MIB
The Cisco 10720 router supports DPT MIB. Refer to the following document for additional MIB information:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SRP-MIB.my
Frame Relay Fast Restart
The Frame Relay Fast Restart feature increases network availability by reducing recovery time from Route Processor (RP) failures on Cisco routers in Frame Relay networks. This feature reduces recovery time by accelerating the transition from primary RP to standby RP after a hardware or software failure.
When a switchover from primary RP to standby RP occurs on a router that has been configured for Frame Relay encapsulation, the router must implement an initialization procedure to bring permanent virtual circuits (PVCs) back up and to reestablish dynamic mappings. While this procedure is under way, the Frame Relay interface is unavailable for traffic forwarding. Before the introduction of this feature, the initialization procedure took from 30 to 90 seconds to complete on each Frame Relay interface. The Frame Relay Fast Restart feature reduces interface restart time to 10 to 15 seconds.
The Frame Relay Fast Restart feature uses the methods described in the following sections to reduce interface restart time:
Accelerating the LMI Cycle
To address the possibility that the line protocol is down upon switchover to the standby RP, the Frame Relay Fast Restart feature introduces an accelerated Local Management Interface (LMI) cycle. The accelerated LMI cycle is designed to bring the line protocol up quickly, in turn making PVCs available sooner.
Before the introduction of Frame Relay fast restart, LMI polling cycles occurred every ten seconds, and on the sixth cycle a full LMI status request was sent. This LMI cycle resulted in the sending of a full LMI status request every 60 seconds. With the accelerated LMI cycle, a full status request is sent to the switch immediately after switchover to the standby RP. The next polling cycle begins within one second following receipt of the full status from the switch rather than waiting the default ten seconds. A full status request is also sent at the last polling cycle. The accelerated LMI cycle ends after a fixed number of polling cycles, which can be configured to meet the requirements of the switch.
The accelerated LMI cycle causes the line protocol to come up and PVCs to be reported active in one or two seconds instead of the 30 to 40 seconds that it would have taken before the introduction of this feature.
Note
Note
Accelerating Inverse ARP
Inverse Address Resolution Protocol (ARP) requests, where applicable, will be sent out as soon as a PVC becomes active. Before the introduction of the Frame Relay Fast Restart feature, when an Inverse ARP request was unsuccessful, the request was resent every 60 seconds. This new feature accelerates the Inverse ARP timer so that if a request comes back unsuccessful, a second request is sent in ten seconds. Subsequent requests are sent every 60 seconds.
MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels
When Multiprotocol Label Switching (MPLS) traffic engineering (TE) is configured in a network, the Interior Gateway Protocol (IGP) floods two metrics for every link: the normal IGP (OSPF or IS-IS) link metric and a TE link metric. The IGP uses the IGP link metric in the normal way to compute routes for destination networks. In previous releases, MPLS TE used the TE link metric to calculate and verify paths for TE tunnels. When the TE metric was not explicitly configured, the TE metric was the IGP metric.
The current enhancement enables you to control the metric used in path calculation for TE tunnels on a per-tunnel basis. It allows you to specify that the path calculation for a given tunnel be based on either of the following:
•
•
Post Switchover Core Dump
When a Route Processor (RP) crashes, it is sometimes useful to obtain a full copy of the memory image (called a core dump) to identify the cause of the crash. (Not all crash types will produce a core dump.)
In networking devices that support redundant route processors, one processor acts as the active processor while the other processor acts as the standby processor. In the event of a crash, the standby processor switches over to become the active processor. The Post-Switchover Core Dump feature allows the newly active processor to complete the switchover process before writing the core dump information from the previously active processor to a preconfigured file.
RPR+ Support for Engine 4 Line Cards in the Cisco 12000 Series Internet Router
The list of supported line cards for Route Processor Redundancy Plus (RPR+) now includes two additional Engine 4 line cards. With this addition, the complete list of supported cards becomes:
•
•
•
•
All other line cards are reset during a switchover.
With RPR+, if the Active RP fails, or if a manual switchover is performed, these line cards are not reset during a switchover to the standby RP. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (i.e. a link does not go down and back up).
Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/rpr_plus.htm
show idb Command
The show idb command is available on Cisco12000 series Internet routers. The show idb command displays the list of hardware interface description blocks (IDBs) in the router. The following is an example of the show idb command:
Router#show idb
Maximum number of IDBs 4096
2014 SW IDBs allocated (2392 bytes each)
13 HW IDBs allocated (5624 bytes each)
HWIDB#1 1 POS1/0 (HW IFINDEX, SONET, Serial)
HWIDB#2 2 POS1/1 (HW IFINDEX, SONET, Serial)
HWIDB#3 3 POS1/2 (HW IFINDEX, SONET, Serial)
HWIDB#4 4 POS1/3 (HW IFINDEX, SONET, Serial)
HWIDB#5 5 POS2/0 (HW IFINDEX, SONET, Serial)
HWIDB#6 6 GigabitEthernet3/0 (HW IFINDEX, Ether)
HWIDB#7 7 GigabitEthernet3/1 (HW IFINDEX, Ether)
HWIDB#8 8 GigabitEthernet3/2 (HW IFINDEX, Ether)
HWIDB#9 9 ATM4/0 (HW IFINDEX, SONET, HW ATM)
HWIDB#10 10 GigabitEthernet5/0 (HW IFINDEX, Ether)
HWIDB#11 11 GigabitEthernet5/1 (HW IFINDEX, Ether)
HWIDB#12 12 GigabitEthernet5/2 (HW IFINDEX, Ether)
HWIDB#13 13 Ethernet0 (HW IFINDEX, Ether)Single Ring Recovery (SRR) Protocol
The Single Ring Recovery (SRR) Protocol enables a spatial reuse protocol (SRP) ring to preserve full node connectivity in the event of multiple failures on one of its two counter-rotating rings while the other is failure free. In all other cases, the SRP ring maintains the standard SRP intelligent protection switching (IPS) behavior.
VT1.5 for Channelized OC-12 Card
The Cisco 10000 series edge services routers will support the VT1.5 on the Channelized OC-12 line card through the controller vt command. This enhancement allows the configuration of the virtual tributary (VT) controllers as well as the T3 controllers on the line card.
A VT controller on a Channelized OC-12 line card is channelized into 28 T1 interfaces by default. The controller vt command can be used to shut down a VT link or to change the settings for a T1 interface.
The VT link can be configured by entering the controller vt command:
controller vt slot/subslot/port.path
Where path is a value from 1 to 12. Each number represents a VT that houses 28 T1 lines.
Example:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# controller vt 1/0/0.1
Router(config-controller)#Virtual Router Redundancy Protocol (VRRP)
There are several ways in which a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or a static configuration. Examples of dynamic router discovery are as follows:
•
•
•
The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) and VLANs.
New Features in Cisco IOS Release 12.0(17)ST
Cisco IOS Release 12.0(17)ST supports the following new features:
•
•
•
•
•
•
Cisco 10000 Series Edge Services Router
The Cisco 10000 series edge services router (ESR) is a Layer 3 platform that allows service providers to provision IP services across thousands of leased-line connections. The Cisco 10000 series ESR aggregates large numbers of T3, T1, and DS0 leased lines through OC-12 Packet over SONET (POS) and Gigabit Ethernet interfaces. The Cisco IOS software offers a range of features that service providers can use to improve their network and customize their services.
The series consists of two chassis—an 8-slot chassis designed to meet the needs of large service providers and a 5-slot chassis designed to meet the needs of medium-to-large service providers.
Fast Reroute LP Support for OC192
The MPLS Traffic Engineering Fast Reroute—Link Protection feature is now supported for the following: Engine 4 OC-192 line cards in the Cisco 12000 series Internet routers with Cisco IOS Release 12.0(17)ST.
Note
MPLS Traffic Engineering Fast Reroute (FRR) delivers Layer 3 protection switching for networks that are currently configured with MPLS label switched paths (LSPs). MPLS Traffic Engineering FRR provides temporary rerouting around a failed link (in the future, a node). This protects against physical point-to-point link failures. Upon notification (such as loss of signal or loss of frame) of a facility, a path error failure is delivered to the LSP/tunnel headend and the logical LSP is rerouted to the next hop using a preconfigured backup LSP/tunnel.
Regular MPLS traffic engineering automatically establishes and maintains LSPs across the backbone using Resource Reservation Protocol (RSVP). The path used by a given LSP at any point in time is determined on the basis of the LSP resource requirements and network resources, such as bandwidth.
Available resources are flooded via extensions to a link-state based Interior Gateway Protocol (IGP), either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, due to messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
Fast reroute provides link protection to LSPs. This link protection enables all the traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router that interfaces the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through RSVP and completely reroutes the LSP around the failure.
Note
HSRP Support for MPLS VPNs
Note
Hot Standby Router Protocol (HSRP) support on a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) interface is useful when an Ethernet is connected between two provider edges (PEs) with either of the following:
•
•
Each VPN is associated with one or more VPN routing/forwarding (VRF) instances. A VRF consists of the following:
•
•
•
•
VPN routing information is stored in the IP routing table and the CEF table for each VRF. A separate set of routing and CEF tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN.
HSRP currently adds Address Resolution Protocol (ARP) entries and IP hash table entries (aliases) using the default routing table instance. However, a different routing table instance is used when VRF forwarding is configured on an interface, causing ARP and Internet Control Message Protocol (ICMP) echo requests for the HSRP virtual IP address to fail.
The HSRP Support for MPLS VPNs feature ensures that the HSRP virtual IP address is added to the correct IP routing table and not to the default routing table.
MPLS VPN ID
The MPLS VPN ID feature allows you to identify Virtual Private Networks (VPNs) by a VPN identification number, as described in RFC 2685. Multiple VPNs can be configured in a router. You can use a VPN name (a unique ASCII string) to reference a specific VPN configured in the router.
Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685). To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the service provider network that service that VPN.
Remote access applications, such as the RADIUS and Dynamic Host Configuration Protocol (DHCP), can use the MPLS VPN ID feature to identify a VPN. RADIUS can use the VPN ID to assign dial-in users to the proper VPN on the basis of the authentication information of each user.
Configuration of a VPN ID for a VPN is optional. You can still use a VPN name to identify configured VPNs in the router. The VPN name is not affected by the VPN ID configuration. These are two independent mechanisms to identify VPNs.
MPLS VPN—Interautonomous System Support (Engine 2 POS and Engine 2 QOC-12 ATM)
MPLS VPN—Interautonomous System Support is now added to the Engine 2 based Packet over SONET (PoS) and QOC-12 ATM line cards.
The MPLS VPN—Interautonomous System Support capability allows a BGP/MPLS VPN to span multiple service providers—each service provider has its own autonomous system.
MPLS VPN Support for the 2-Port Channelized OC-3/STM-1 to DS1/E1 Line Card
MPLS-VPN is now supported in the 2-Port Channelized OC-3/STM-1 to DS1/E1 line card for the Cisco 12000 series Internet router.
MPLS VPN, TE, and LDP Support for the OC-192c and QOC-48c Line Cards
Cisco IOS Release 12.0(17)ST adds support for the following features on the OC-192c/STM-64c Packet over SONET (PoS) and Quad OC-48cSTM-16c Packet over SONET (PoS) line cards:
•
•
•
The OC-192c/STM-64c Packet over SONET (PoS) line card provides the Cisco 12416 Internet router with a single 10-Gbps POS interface on a single card. The card interfaces with the 320-Gbps switch fabric in the Cisco 12016 Internet router and provides one OC-192 duplex SC or FC single-mode connection. This connection is concatenated, which provides for increased efficiency by eliminating the need to partition the bandwidth.
The Quad OC-48c/STM-16c Packet over SONET (PoS) line card provides the Cisco 12416 Internet router with a single 10-Gbps POS interface on a single card. The card interfaces with the switch fabric in the Internet router and provides one OC-48c/STM-16c duplex SC or FC single-mode connection. This connection is concatenated, which provides for increased efficiency by eliminating the need to partition the bandwidth.
Refer to the following document for further information about the OC-192c and QOC-48c line cards:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/index.htm
RPR+ in the Cisco 12000 Series Internet Router
When two Route Processors (RPs) are installed in a 12000 series Internet router chassis, one RP acts as the Active RP, and the other acts as a backup, or Standby RP. If the Active RP fails, or is removed from the system, the Standby RP detects the failure and initiates a switchover. During a switchover, the Standby RP assumes control of the router, connects with the network interfaces, and activates the local network management interface and system console.
With Route Processor Redundancy Plus (RPR+), the Standby RP is fully initialized and configured. This feature allows RPR+ to dramatically shorten the switchover time if the Active RP fails, or if a manual switchover is performed. Because both the startup configuration and the running configuration are continually synchronized from the Active to the Standby RP, line cards are not reset during a switchover. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (i.e. link does not go down and back up).
Supported Line Cards
In Cisco IOS Release 12.0(17)ST, RPR+ is supported in the following line cards with the 12000 series Internet routers:
•
•
All other line cards are reset during a switchover.
New Features in Cisco IOS Release 12.0(16)ST
Cisco IOS Release 12.0(16)ST supports the following new features:
•
•
•
•
•
3-Port Gigabit Ethernet Line Card MPLS-VPN Features
The following MPLS-VPN features are supported on the 3-Port Gigabit Ethernet line card for the Cisco 12000 series Internet routers:
•
•
•
•
BGP Next Hop Propagation
The BGP Next Hop Propagation feature allows you to set Border Gateway Protocol (BGP) attributes for a BGP route reflector and the ability to turn off the nexthop calculation for eBGP peers.
Fast Software Upgrade
Using Fast Software Upgrade (FSU), you can reduce planned downtime. With FSU you can configure the system to switch over to a standby RSP, which is preloaded with an upgraded Cisco IOS software image. FSU reduces outage time during a software upgrade by transferring functions to the standby RSP that has the upgraded Cisco IOS software preinstalled. The only downtime with a Fast Software Upgrade is the time required for the standby RSP to take control during the switchover. You can also use FSU to downgrade a system to an older version of Cisco IOS software or have a backup system loaded for downgrading to a previous image immediately after an upgrade.
MPLS VPN and Traffic Engineering Support for 6E3-SMB and 12 E3-SMB Line Cards
Cisco IOS Release 12.0(16)ST adds support for the following features on the 6E3-SMB and 12E3-SMB line cards:
•
•
•
The 6E3-SMB and 12E3-SMB line cards consist of high-density E# service through 6 or 12 E3 interfaces.
The 6-port line card is a partially depopulated version of the 12-port line card. The 6-port line card consists of a total of 12 connectors. A single port consists of one coaxial connector for receiving (Tx) and one coaxial connector for transmitting (Tx). The ports on the 6-port line card are numbered 0-5.
The 12-port line card consists of a total of 24 connectors. A single port consists of one coaxial connector for receiving (Rx) and one coaxial connector for transmitting (Tx). The ports on the 12-port line card are numbered 0-11.
See the following document for further information about the 6E3-SMB and 12E3-SMB line cards:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_chan/11613e3.htm
MPLS VPN Carrier Supporting Carrier for Engine 0 Line Cards
Cisco IOS Release 12.0(16)ST adds support for MPLS VPN carrier supporting carriers for Engine 0 line cards on the Cisco 12000 series Internet routers carrier.
Carrier supporting carrier is a term used to describe a situation where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st16/csc16.htm
MPLS VPN—Interautonomous System Support
The MPLS VPN—Interautonomous System Support feature allows a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) to span service providers and autonomous systems.
As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. (An autonomous system is a single network or group of networks that is controlled by a common system administration group and that uses a single, clearly defined routing protocol.)
Also, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless to the customer.
The MPLS VPN—Interautonomous System Support feature provides that seamless integration of autonomous systems and service providers. Separate autonomous systems from different service providers can communicate by exchanging IPv4 network layer reachability information (NLRI) in the form of VPN-IPv4 addresses.
The border edge routers of the autonomous systems use exterior border gateway protocol (EBGP) to exchange that information. Then, an interior gateway protocol (IGP) distributes the network layer information for VPN-IPv4 prefixes throughout each VPN and each autonomous system. Routing information uses the following protocols:
•
•
An MPLS VPN with interautonomous system support allows a service provider to provide to customers scalable Layer 3 VPN services, such as web hosting, application hosting, interactive learning, electronic commerce, and telephony service. A VPN service provider supplies a secure, IP-based network that shares resources on one or more physical networks.
The primary function of a EBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. See the section "Routing Between Autonomous Systems" for more information.
Interautonomous system configurations supported in an MPLS VPN can include:
•
•
Policy Routing onto MPLS TE Tunnels
Cisco IOS Release 12.0(16)ST now supports mapping packets to tunnels. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt1/1cindep.htm
Route Processor Redundancy
Route Processor Redundancy (RPR) provides an alternative to the High System Availability (HSA) feature currently available on Cisco 7500 series routers. HSA enables a system to reset and use a standby RSP in the event of a failure of the active RSP.
Using RPR you can reduce unplanned downtime. RPR enables a quicker switchover between a primary and secondary RSP in the event of a fatal error on the active RSP. When you configure RPR, the standby RSP loads a Cisco IOS image on boot up and initializes itself in standby mode. In the event of a fatal error on the active RSP, the system switches to the standby RSP, which reinitializes itself as the active RSP, reloads all of the line cards, and restarts the system.
New Features in Cisco IOS Release 12.0(15)ST
Cisco IOS Release 12.0(15)ST was not released. See the "New Features in Cisco IOS Release 12.0(16)ST" section.
New Features in Cisco IOS Release 12.0(14)ST1
Cisco IOS Release 12.0(14)ST1 supports the following new features:
•
MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion
The MPLS traffic engineering Internet Protocol (IP) explicit address exclusion feature provides a means to exclude a link or node from the path for an MPLS traffic engineering label-switched path (LSP).
The feature is accessible via the ip explicit-path command that allows you to create an IP explicit path and enter a configuration submode for specifying the path. The feature adds to the submode commands the exclude-address command for specifying addresses to exclude from the path.
If the exclude-address for an MPLS traffic engineering LSP identifies a flooded link, the constraint-based shortest path first (CSPF) routing algorithm doesn't consider that link when computing paths for the LSP. If the exclude-address specifies a flooded MPLS traffic engineering router ID, the CSPF routing algorithm doesn't allow paths for the LSP to traverse the node identified by the router ID.
For more information, refer to the MPLS Traffic Engineering IP Explicit Address Exclusion feature in Cisco IOS Release 12.0(14)ST1.
New Features in Cisco IOS Release 12.0(14)ST
Cisco IOS Release 12.0(14)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
BGP Conditional Route Injection
Cisco IOS software provides several methods in which you can originate a prefix into the Border Gateway Protocol (BGP). The existing methods include using the network or aggregate-address commands and redistribution. These methods assume the existence of more specific routing information (matching the route to be originated) in either the routing table or the BGP table.
The BGP conditional route injection feature enables you to originate a prefix into BGP without the corresponding match. The routes are injected into the BGP table only if certain conditions are met. The most common condition is the existence of a less-specific prefix.
For more information, refer to the BGP Conditional Route Injection feature in Cisco IOS Release 12.0(14)ST.
Diff-Serv-Aware Traffic Engineering (DS-TE)
Extensions added to Multiprotocol Label Switching Traffic Engineering (MPLS TE) make it Diff-Serv aware. Specifically, the bandwidth reservable on each link for constraint-based routing (CBR) purposes can now be managed through two bandwidth pools: a global pool and a sub-pool. The sub-pool can be limited to a smaller portion of the link bandwidth. Tunnels using the sub-pool bandwidth can then be used in conjunction with MPLS Quality of Service (QoS) mechanisms to deliver guaranteed bandwidth services end-to-end across the network.
DS-TE is now available for the Cisco 7500 routers.
For more information, see Diff-Serv-Aware Traffic Engineering (DS-TE) feature in Cisco IOS Release 12.0(14)ST.
Explicit Null
With this release, Explicit Null is supported on Cisco 12000 series Internet routers Engine-2 line cards. Explicit Null labels are used where label encapsulation is needed, but no valid label is required. For example, an explicit null label might be used to retain the Exp fields for QoS purposes on the last hop of an LSP, even though no label is required by the last hop.
When the explicit null label is used, it must be the only entry in the label stack.
MPLS Quality of Service Enhancements
When a customer transmits IP packets from one site to another, the IP precedence field (the first three bits of the DSCP field in the header of an IP packet) specifies the quality of service. Based on the IP precedence marking, the packet is given the desired treatment such as the latency or the percent of bandwidth allowed for that quality of service. If the service provider network is an MPLS network, then the IP precedence bits are copied into the MPLS EXP field at the edge of the network. However, the service provider might want to set an MPLS packet's QoS to a different value determined by the service offering.
This feature allows the service provider to set the MPLS experimental field instead of overwriting the value in the customer's IP precedence field. The IP header remains available for the customer's use; the IP packet's QoS is not changed as the packet travels through the multiprotocol label switching (MPLS) network.
For more information, see the MPLS Quality of Service Enhancements feature in Cisco IOS Release 12.0(14)ST.
MPLS Label Switching Router MIB
The MPLS Label Switching Router MIB allows you to use the Simple Network Management Protocol (SNMP) to remotely monitor a label switching router (LSR) that is using the multiprotocol label switching (MPLS) technology. The MPLS LSR MIB mirrors the Cisco Label Switching sub-system, specifically, the LSR management information that is provided by the label forwarding information base (LFIB).
The MPLS LSR MIB contains managed objects that support the retrieval of label switching information from a router and is based on Revision 05 of the IEFT MPLS-LSR-MIB. This implementation enables a network administrator to get information on the status, character, and performance of the following:
•
•
•
In addition, the network manager can retrieve the status of cross-connect entries that associate MPLS segments together.
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on Cisco.com at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
MPLS Scalability Enhancements
MPLS scalability enhancements allow the prevention of label-switched paths (LSPs) from being created in an MPLS network.
Some LSPs are often unnecessary between some LERs in an MPLS network. Every time a new destination is created, LSPs are created from all LERs in the MPLS network to the new destination. You can use the tag-switching request-tags for command with an access list at an LER to restrict the destinations for which a downstream-on-demand request is issued. You specify the destination IP addresses that you want to disable from creating LSPs.
This command allows you to permit creation of some LSPs, while preventing the creation of others. Using this command reduces the number of LSPs in an MPLS network, which reduces the VC usage in the network.
For more information, refer to the MPLS Scalability Enhancements feature in Cisco IOS Release 12.0(14)ST.
MPLS Traffic Engineering MIB
The MPLS TE MIB enables a standardized, SNMP-based approach to managing the MPLS traffic engineering features in Cisco IOS software. Providing this capability requires SNMP agent code implementation of the MPLS TE MIB.
The MPLS TE MIB is based on an IETF draft MIB that includes objects describing features that support MPLS traffic engineering. The implementation of the MPLS TE MIB within Cisco IOS software closely corresponds to the features described in the IETF draft MIB.
Some slight differences between the IETF draft MIB and the actual implementation of the traffic engineering capabilities within IOS require some minor translations between the MPLS TE MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS software.
The Cisco MPLS TE MIB implementation described in this feature module tracks the following version of the IETF draft MIB: draft-ietf-mpls-te-mib-05.txt. This IETF draft document is continually being evolved toward the status of a standard and will undergo revisions from time to time. Accordingly, the Cisco implementation of the MPLS TE MIB is expected to track the evolution of the IETF draft MIB.
The SNMP objects defined in the MPLS TE MIB can be viewed by any standard SNMP management utility. All MPLS TE MIB objects are based on the IETF draft MIB; accordingly, no specific Cisco-developed applications are required to support the MPLS TE MIB
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on Cisco.com at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for (TE) Tunnels
Traffic engineering autobandwidth samples, at a user-configurable interval, the current 5-minute bandwidth average for each tunnel marked with an auto-bw flag. Traffic engineering autobandwidth then applies the highest sample to each marked tunnel at the tunnel's user-configurable time (for example, once per day).
For more information, refer to the Automatic Bandwidth Adjustment for MPLS Traffic Engineering Tunnels feature in Cisco IOS Release 12.0(14)ST.
MPLS Traffic Engineering (TE)—Scalability Enhancements
Implementation of MPLS traffic engineering scalability has been improved so that scalability performs better for large numbers of tunnels. These improvements
•
•
User-visible scalability enhancements include the following:
•
•
•
•
Pacing for RSVP Messages
A burst of RSVP traffic engineering signaling messages may overflow the input queue of a receiving router, causing some messages to be dropped. Dropped messages cause a substantial delay in completing LSP signaling.
A new mechanism controls the transmission rate for RSVP messages and lessens the likelihood of input drops on the receiving router. The transmission rate is configurable with a default rate of 200 RSVP messages per second to a given neighbor.
Signaling and Management for MPLS Traffic Engineering Tunnels
The following changes improve the responsiveness of LSP recovery when a link used by an LSP fails:
•
•
Controlling IS-IS and MPLS Traffic Engineering Topology Database Interactions
The delay between when IS-IS receives an IGP update and delivers it to the MPLS traffic engineering topology database has been reduced in most situations.
Previously, when IS-IS received a new LSP that contained traffic engineering TLVs there could be a delay of several seconds before it passed the traffic engineering TLVs to the traffic engineering database. The purpose of the delay was to provide better scalability during periods of network instability and to give the router an opportunity to receive more fragments of the LSP before passing the information to the traffic engineering database. However, this delay introduced a corresponding delay to the convergence time for the traffic engineering database.
Now IS-IS extracts traffic engineering TLVs from received LSPs and passes them to the traffic engineering database immediately, except when there are large numbers of LSPs to process and it is important to limit CPU consumption, such as during periods of network instability. The arguments that control delivery of traffic engineering TLVs by IS-IS to the traffic engineering topology database are configurable.
Improved Diagnostic Capabilities for MPLS Traffic Engineering and RSVP Signaling
The following enhancements improve diagnostic and trouble shooting capabilities for MPLS Traffic Engineering and RSVP:
•
•
For more information, see the Scalability Enhancements for MPLS Traffic Engineering feature on Cisco IOS Release 12.0(14)ST.
MPLS VPN and TE support on the Cisco 12000 series Internet routers 6CT3-SMB Line Card
In Cisco IOS Release 12.0(14)ST, the following support is added for the 6-port channelized T3 (6CT3-SMB) line card on the Cisco 12000 series Internet routers:
•
•
•
The 6CT3-SMB line card provides high-density digital signal level 3 (DS3) service through six copper T3 ports. T3 transmits DS3-formatted data at 44.736 Mbps through the telephone switching network that is used in a digital WAN carrier facility. A T3 can be channelized into 28 independent DS1 data channels or up to 35 NxDS0. A total of 168 DS1 channels are supported, or 210 NxDS0 per line card.
For more information on the Cisco 12000 series Internet routers 6CT3-SMB line card, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_chan/10318ct3.htm
MPLS VPN Carrier Supporting Carriers
Carrier supporting carrier is a term used to describe a situation where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
The carrier supporting carrier feature enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st16/csc16.htm
MPLS VPN Line Cards for Cisco 12000 Series Internet Routers (Engine 2 ATM)
MPLS VPN is supported for only customer access on the QOC-12 ATM line card. Connection to the service provider's backbone is not supported on the QOC-12 ATM. A maximum of 320 VPNs can be configured on the ATM E2 line card per Cisco 12000 series Internet router. The maximum number of VPN routes per Cisco 12000 series Internet router should be no more than 100K.
Restrictions in Cisco IOS Release 12.0(14)ST
This section describes the following:
•
•
Open Shortest Path First Restriction
Open Shortest Path First (OSPF) is not supported between customer edge (CE) to provider edge (PE) routers on Cisco 12000 series Internet routers Engine 0 and Engine 2 line cards. Only Version 2 of the Routing Information Protocol (RIP), static routers, and external BGP are supported.
PIRC and Access Lists Restriction
Cisco 12000 series Internet routers PIRC and access lists cannot be configured under VRF interfaces on a PE router.
New Features in Cisco IOS Release 12.0(11)ST
Cisco IOS Release 12.0(11)ST supports the following new features:
•
•
•
•
Diff-Serv-Aware Traffic Engineering (DS-TE)
MPLS traffic engineering allows constraint-based routing of IP traffic. One of the constraints satisfied by CBR is the availability of required bandwidth over a selected path. Diff-Serv-Aware Traffic Engineering (DS-TE) extends MPLS traffic engineering to enable you to perform constraint-based routing of "guaranteed" traffic, which satisfies a more restrictive bandwidth constraint than that satisfied by CBR for regular traffic. The more restrictive bandwidth is termed a sub-pool, while the regular TE tunnel bandwidth is called the global pool. (The sub-pool is a portion of the global pool.) This ability to satisfy a more restrictive bandwidth constraint translates into an ability to achieve higher Quality of Service performance (in terms of delay, jitter, or loss) for the guaranteed traffic.
For example, DS-TE can be used to ensure that traffic is routed over the network so that, on every link, there is never more than 40 per cent (or any assigned percentage) of the link capacity of guaranteed traffic (for example, voice), while there can be up to 100 per cent of the link capacity of regular traffic. Assuming QoS mechanisms are also used on every link to queue guaranteed traffic separately from regular traffic, it then becomes possible to enforce separate "overbooking" ratios for guaranteed and regular traffic. (In fact, for the guaranteed traffic it becomes possible to enforce no overbooking at all or even an underbooking so that very high QoS can be achieved end-to-end for that traffic, even while for the regular traffic a significant overbooking continues to be enforced.)
Also, through the ability to enforce a maximum percentage of guaranteed traffic on any link, the network administrator can directly control the end-to-end QoS performance parameters without having to rely on over-engineering or on expected shortest path routing behavior. This is essential for transport of applications that have very high QoS requirements (such as real-time voice, virtual IP leased line, and bandwidth trading), where over-engineering cannot be assumed everywhere in the network.
DS-TE involves extending OSPF (Open Shortest Path First routing protocol), so that the available sub-pool bandwidth at each preemption level is advertised in addition to the available global pool bandwidth at each preemption level. And DS-TE modifies constraint-based routing to take this more complex advertised information into account during path computation.
In this release, tight guarantees can be achieved using the Cisco 12000 series Internet routers and POS (Packet over SONET) interface, with Engine 0 line card at the edge and Engine 2 line card at the core. End-to-end guaranteed bandwidth service is achieved by applying CAR (Committed Access Rate) and MPLS QoS mechanisms in conjunction with DS-TE. QPPB (Qos Policy Propagation via BGP) is not supported with input CAR on the Cisco 12000 series Internet routers in this release.
Label-Controlled ATM Interface (LC-ATM)
The Label-Controlled ATM Interface (LC-ATM) allows Cisco 12000 series Internet routers to operate with the Cisco Label Switch Controller (LSC). The LSC must be running IOS Version 12.1(5)T or higher, and the Cisco 12000 series Internet router must be running IOS Version 12.0(11)ST1 or higher.
Label Distribution Protocol MIB
Multiprotocol label switching (MPLS) is a packet forwarding methodology that uses a short, fixed-length value (called a label) in packets to enable the determination of the next hop for transporting packets through an MPLS network. Two label switching routers (LSRs) must agree on the definition of the labels used to forward network traffic between and through them. This common understanding of labels is achieved through a set of procedures embodied in the Label Distribution Protocol (LDP). The LDP enables an LSR to inform other LSRs of the label bindings it has made, thereby distributing label binding information to peer devices for the purpose of supporting hop-by-hop forwarding along normally routed paths.
In order for LDP to be used to the best advantage in an MPLS network, the MPLS Label Distribution Protocol MIB (MPLS LDP MIB) has been implemented in conjunction with MPLS and LDP. Designed as a network management aid, the MPLS LDP MIB is based on an Internet Engineering Task Force (IETF) draft that defines objects in a structured and standardized label-switching database.
The information in the MPLS LDP MIB is accessible by means of any network management utility that supports the Simple Network Management Protocol (SNMP). The SNMP-based code in a network management utility incorporates a layered structure for supporting the MPLS LDP MIB that is similar to that built into Cisco IOS software for supporting MIBs.
New MPLS VPN Line Card for Cisco 12000 Series Internet Routers
MPLS-based VPNs on Engine 2 line cards support POS and DPT-48 technologies for customer access and for connection to the service provider's backbone. A maximum of 256 VPNs (16 x 16) can be configured on a Cisco 12000 series Internet router that is fully populated with 16xOC-3 Engine 2 line cards. A maximum of approximately 100K VPN routes can be configured on a Cisco 12000 series Internet router platform with Engine 2 line cards, when not using other MPLS applications such as QoS.
New MPLS VPN line cards supported for Cisco 12000 series Internet routers include the following:
•
•
•
•
New Features in Cisco IOS Release 12.0(10)ST
Cisco IOS Release 12.0(10)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
•
Note
AAL5 Transport over MPLS
The AAL5 Transport over MPLS (AToM) feature provides an ATM permanent virtual circuit (PVC) transport service for transporting AAL5 protocol data units (PDUs) across an IP/MPLS backbone with rate-limit policing and a configurable PVC priority value. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
Each routed PVC label stack has two levels of labels prepended to each ATM PDU: an Internal Gateway Protocol (IGP) stack consisting of zero or more labels and a PVC-based label. Label imposition and disposition are performed by routers at the edge of the MPLS backbone. The imposition router takes the ATM PDU and encapsulates it in an MPLS PDU for transport to the correct disposition router. The disposition router takes the MPLS PDU, de-encapsulates the ATM PDU, and delivers it to the correct ATM interface and virtual path identifier/virtual circuit identifier (VPI/VCI).
For more information on the ATM Adaptation Layer Type 5 Transport over MPLS feature module, see the aal5atm.pdf file at http://www.cisco.com/kobayashi/library/spc_req.shtml.
MPLS Egress NetFlow Accounting
The MPLS Egress NetFlow Accounting feature allows you to capture Internet Protocol (IP) flow information for packets undergoing MPLS label disposition - that is, packets that arrive on a router as MPLS and are transmitted as IP.
Prior to this feature, you captured NetFlow data only for flows that arrived on the packet in IP format. When an edge router performed MPLS label imposition (received an IP packet and transmitted it as an MPLS packet), NetFlow data was captured when the packet entered the network. Inside the network, the packet was switched based only on MPLS information; NetFlow information was not captured until after the last label was removed.
One common application of the MPLS Egress NetFlow Accounting feature allows you to capture the MPLS Virtual Private Network (VPN) IP flows that are traveling through a service provider backbone from one site in a VPN to another site in the same VPN.
Formerly, you captured flows only for IP packets on the ingress interface of a router. You could not capture flows for MPLS encapsulated frames, which were switched through Cisco Express Forwarding (CEF) from the input port. Therefore, in an MPLS VPN environment you captured flow information as packets were received from a customer edge (CE) router and forwarded to the backbone. However, you could not capture flow information as packets were transmitted to a CE router because those packets were received as MPLS frames.
The MPLS Egress NetFlow Accounting feature lets you capture the flows on the outgoing interfaces.
For more information, refer to the MPLS Egress NetFlow Accounting feature in Cisco IOS Release 12.0(10)ST.
MPLS Label Distribution Protocol (LDP)
The MPLS Label Distribution Protocol (LDP) is the IETF standard protocol for label distribution. LDP provides the means for label switching routers (LSRs) to request, distribute, and release label prefix binding information to peer routers in a network. LDP is a two-party protocol that provides the means for LSRs to discover potential peers in a network and to establish LDP sessions with those peers for the purpose of exchanging label binding information.
Functionally, LDP is a superset of the prestandard Tag Distribution Protocol (TDP), which also supports MPLS forwarding along normally routed paths. In addition, for those features that LDP and TDP have in common, the pattern of protocol exchanges between platforms is identical. The differences between LDP and TDP for the features that both protocols support are largely embedded in their respective implementation details, such as the encoding of protocol messages.
This release, which supports both LDP and TDP, provides the means for transitioning an existing network from a TDP switching environment to an LDP switching environment. You can run LDP and TDP simultaneously on any given platform. The protocol that you use can be configured on a per-interface basis for directly connected neighbors and on a per-target basis for nondirectly connected (targeted) neighbors. In addition, an LSP across an MPLS network can be supported by LDP on some hops and by TDP on other hops.
For more information, refer to the MPLS LDP feature in Cisco IOS Release 12.0(10)ST.
MPLS Multiprotocol Label Switching (Tag Switching)
Note
MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. MPLS enables service providers to meet the challenges of explosive growth in network utilization while providing the opportunity to differentiate services without sacrificing the existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible beyond that typically offered in today's networks.
MPLS efficiently enables the delivery of IP services over an ATM switched network. MPLS supports the creation of different routes between a source and a destination on a purely router-based Internet backbone. By incorporating MPLS into their network architecture, service providers can save money, increase revenue and productivity, provide differentiated services, and gain competitive advantages.
MPLS Quality of Service (QoS)
The MPLS Quality of Service (QoS) feature enables network administrators to provide differentiated services across an MPLS network. A range of networking requirements can be satisfied by supplying for each packet transmitted the particular QoS specified for each packet by means of its QoS precedence bit setting. QoS services are differentiated by means of the IP precedence bit setting in each transmitted IP packet.
In providing differentiated IP services, MPLS QoS supports the following services:
•
•
•
MPLS Traffic Engineering and Enhancements
MPLS traffic engineering software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks.
Traffic engineering is essential for service provider and Internet service provider (ISP) backbones. Such backbones must support the use of a high percentage of transmission capacity, and the networks must be very resilient so that they can withstand link or node failures.
MPLS traffic engineering provides an integrated approach to traffic engineering. With MPLS, traffic engineering capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given the constraints imposed by backbone capacity and topology.
For more information, refer to the MPLS Traffic Engineering and Enhancements feature in Cisco IOS Release 12.0(10)ST.
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) delivers Layer 3 protection switching for networks currently configured with MPLS label switched paths (LSPs). MPLS Traffic Engineering FRR provides temporary rerouting around a failed link (in the future, a node). This protects against physical point-to-point link failures. Upon notification (such as loss of signal or loss of frame) of a facility, a path error failure is delivered to the LSP/tunnel headend and the logical LSP is rerouted to the next hop by way of a preconfigured backup LSP/tunnel.
Regular MPLS traffic engineering automatically establishes and maintains LSPs across the backbone using RSVP. The path used by a given LSP at any point in time is determined by the LSP resource requirements and network resources, such as bandwidth.
Available resources are flooded by means of extensions to a link-state based Interior Gateway Protocol (IGP), either IS-IS or OSPF.
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, due to messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
FRR provides link protection to LSPs. This link protection enables all the traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router interfacing the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through Resource Reservation Protocol (RSVP) and completely reroutes the LSP around the failure.
Note
New MPLS VPN Line Card Support for Cisco 12000 Series Internet Routers
New line cards supported for Cisco 12000 series Internet routers include the following:
•
•
•
MPLS VPN—OSPF Provider Edge (PE)-Customer Edge (CE) Support
Setting a separate router ID for each interface or subinterface on a provider edge (PE) router attached to multiple customer edge (CE) routers within a VPN provides increased flexibility through Open Shortest Path First (OSPF) when routers exchange routing information among sites. The OSPF Provider Edge (PE)-Customer Edge (CE) feature is supported only on the Cisco 7000 family of routers (7200 and 7500).
For more information, refer to the MPLS Virtual Private Network Enhancements feature in Cisco IOS Release 12.0(7)T.
VPN-Aware PING MIB
The ping MIB supports VPNs. An attribute, VrfName, has been added to the ciscoPingEntry in MIBS/CISCO-PING_MIB.my. This attribute allows the provider-edge router to look up the appropriate VPN routing table while sending a ping packet. If this attribute is NULL (default), a ping packet uses the default VPN routing table.
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
VPN Routing/Forwarding (VRF) CLI Command
The VPN Routing/Forwarding (VRF) configuration command allows you to enter comments about your VRF configuration.
description <description string>
no description
Here is output from a configuration example:
Router(config)# ip vrf V4Router(config-vrf)# ?IP VPN Routing/Forwarding instance configuration commands:default Set a command to its defaultsdescription VRF specific descriptionexit Exit from VRF configuration modeexport VRF exportimport VRF importmaximum Set a limitno Negate a command or set its defaultsrd Specify Route Distinguisherroute-target Specify Target VPN Extended CommunitiesRouter(config-vrf)# descRouter(config-vrf)# description ?LINE Up to 80 characters describing this VRFRouter(config-vrf)# description This Is My 4th VRF ;-)Router(config-vrf)# endRouter# sh ru | beg V4ip vrf V4description This Is My 4th VRF ;-)rd 1:406route-target export 1:400route-target import 1:400VPN Routing/Forwarding (VRF) ARP Entry Support
The VPN routing/forwarding (VRF) option in the Address Resolution Protocol (ARP) command allows you to configure static ARP entries per VRF.
[no] arp [vrf name] ipaddr hardware-addr {arpa | sap | smds | snap} [{alias | interfaces}]
Here is output from a configuration example:
Router(config)# arp ?A.B.C.D IP address of ARP entryvrf Configure static ARP for a VPN Routing/Forwarding instanceRouter(config)# arp vrf V4 ?A.B.C.D IP address of ARP entryRouter(config)# arp vrf V4 20.1.1.1 0000.0000.0001 arpaVPN Slow-Path Support on Engine 2 at Deaggregation Point (Between PE-P)
You can now have an Engine 2 card in the chassis when you are running VPN. However, full support will be available in a future release.
New Features in Cisco IOS Release 12.0(9)ST
Cisco IOS Release 12.0(9)ST supports the following new features:
•
•
•
Note
MPLS Support on Dynamic Packet Transport (DPT)
Dynamic packet transport (DPT) offers the reliability and restorability typically associated with SONET/SDH transport, without adding unnecessary overhead to IP traffic.
DPT uses dual counter-rotating fiber rings that can concurrently transport data and control traffic. DPT uses the Spatial Reuse Protocol (SRP), which is the media-independent Media Access Control (MAC) layer protocol, for addressing and stripping packets, controlling bandwidth, and controlling message propagation on the packet ring.
Note
DPT (OC-12/STM4) is supported for forwarding and label distribution on the following:
•
•
•
DPT combines the bandwidth-efficient and service-rich capabilities of IP routing with the bandwidth-rich, self-healing capabilities of fiber rings to provide fundamental cost and functionality advantages over existing solutions.
MPLS Traceroute
MPLS-aware traceroute functionality has been added to the traceroute program. When you enter the traceroute user EXEC command, the display output includes the IP address of the router interface through which the traceroute packet is passing, followed by the MPLS label information and the normal trace/ping information.
The following is sample output from the traceroute command:
Router-A# traceroute 14.0.0.1Type escape sequence to abort.Tracing the route to 14.0.0.11 10.0.0.2 [MPLS: Label 138 Exp 0] 0 msec 0 msec 4 msec2 11.0.0.2 [MPLS: Label 138 Exp 0] 0 msec 0 msec 0 msec3 14.0.0.1 4 msec 0 msecMPLS Virtual Private Networks (VPN)
A Virtual Private Network (VPN) is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs make it possible to have highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption.
MPLS VPNs have the following advantages over the current IP VPN solutions that rely on Layer 2 VC, Layer 3 tunnels, or encryption:
•
•
•
•
•
•
End users do not have to modify their IP applications or support MPLS.
MPLS-based VPNs support a variety of Layer 2 technologies (ATM, Frame Relay, Packet over SONET (PoS), and multi-access) for customer access, and in the provider's backbone.
Line cards supported for Cisco 12000 series Internet routers include:
•
•
•
•
Note
Note
Multi-protocol BGP (MP-BGP)—MPLS VPN
Multi-protocol BGP (MP-BGP) provides extensions to BGP-4 as specified in IETF RFC 2283, Multiprotocol Extensions for BGP-4. T. Bates, R. Chandra, D. Katz, and Y. Rekhter. February 1998.
(Format: TXT=18946 bytes) (Status: PROPOSED STANDARD).These extensions enable MBGP to carry different address families. In Cisco IOS Release 12.0(9)ST, MBGP supports the distribution of multicast and MPLS VPN routes. In the future, these MBGP extensions will support the distribution of IPv6 routes.
Limitations and Restrictions
The following sections list limitations that apply to Cisco IOS Release 12.0 ST. These limitations can apply to the Cisco 7200 series routers, the Cisco 7500 series routers, the Cisco 10000 series edge services routers, the Cisco 10720 Internet router, and the Cisco 12000 series Internet routers.
Limitations That Apply to Cisco IOS Release 12.0(21)ST
The following limitations apply to Cisco IOS Release 12.0(21)ST.
Controlling the Rate of Logging Messages on the Cisco 10000 Series Edge Services Router
It is important that you limit the rate that system messages are logged by the Cisco 10000 series ESR. This avoids a situation where the router becomes unstable and the CPU is overloaded. Use the logging rate-limit command to control the output of messages from the system.
We recommend that you configure the logging rate-limit command as follows:
Router(config)# logging rate-limit console all 10 except critical
This command rate-limits all messages to the console to 10 per second, except for messages with critical priority (level 3) or greater.
For more information on the logging rate-limit command, see the Cisco IOS Configuration Fundamentals Command Reference.
Testing Performance of High-Speed Interfaces on the Cisco 10000 Series Edge Services Router
The Cisco 10000 series ESR has multiple queues for all classes of traffic over high-speed interfaces. The software selects a queue based on the source and destination address for the packet. This ensures that a traffic flow always uses the same queue and the packets are transmitted in order.
When the Cisco 10000 series ESR is installed in a real network, the high-speed interfaces work efficiently to spread traffic flows equally over the queues. However, using single traffic streams in a laboratory environment may result in less-than-expected performance.
Therefore, to ensure accurate test results, you should test the throughput of the gigabit Ethernet, POS, or ATM uplink with multiple source or destination addresses.
Tip
Important Notes
The following sections contain important notes about Cisco IOS Release 12.0 ST that can apply to the Cisco 7200 series routers, the Cisco 7500 series routers, the Cisco 10000 series edge services routers, the Cisco 10720 Internet router, and the Cisco 12000 series Internet routers.
Field Notices and Bulletins
•
•
•
•
Important Notes for Cisco IOS Release 12.0(21)ST
The following important notes apply to Cisco IOS Release 12.0(21)ST.
Cisco 12000 Series Internet Router Images Deferred Due to Caveats CSCdx04150, CSCdx04074, and CSCdw94910
Two images in Cisco IOS Release 12.0(21)ST were deferred due to severe defects. These defects have been assigned to Cisco caveat ID CSCdx04150, CSCdx04074, and CSCdw94910. These caveats affect the following images:
•
•
With caveat CSCdx04150, a Cisco 12000 series Internet router may not forward packets from an Engine 4 line card to an Engine 3 or Engine 4 Plus line card. With caveat CSCdx04074, a Cisco 12000 series Internet router may stop traffic forwarding after Fast Reroute has started. With caveat CSCdw94910, a Cisco 12000 series Internet router may not be able to forward traffic. The software solution for these deferred images is Cisco IOS Release 12.0(21)ST1, which is available on Cisco.com.
In order to increase network availability, Cisco recommends that you upgrade affected Cisco IOS images with the suggested replacement software images. Cisco will discontinue manufacturing shipment of affected Cisco IOS images. Any pending order will be substituted by the replacement software images.
Note
The terms and conditions that governed your rights and obligations and those of Cisco, with respect to the deferred images, will apply to the replacement images.
Cisco Discovery Protocol on the Cisco 10000 Series Edge Services Router
Unlike other Cisco routers, on the Cisco 10000 series edge services router the Cisco Discovery Protocol (CDP) is disabled by default. You can enable CDP on an interface using the cdp enable command.
Frame Relay and PPP Sessions on the Cisco 10000 Series Edge Services Router
You can run up to 4200 Frame Relay sessions or 4000 PPP sessions, and you can configure up to 800 BGP peers on the Cisco 10000 series ESR. The router also supports up to 512 Multilink PPP (MLP) protocol sessions.
Note
Limited Availability of Images for the Cisco 12000 Series Internet Routers
The images for the Cisco 12000 series Internet routers for Cisco IOS Release 12.0(21)ST are available on a limited basis. Cisco IOS Release 12.0(21)ST1 provides the generally available set of images for the Cisco 12000 series Internet routers.
show ip bgp dampened-paths and show ip bgp flap-statistics Commands Replaced by show ip bgp dampening Command
The show ip bgp dampened-paths and show ip bgp flap-statistics commands have been replaced by the show ip bgp dampening [dampened-paths | flap-statistics | parameters] command in Cisco IOS Release 12.0(21)S. See the sample output below.
Router# show ip bgp dampening ?
dampened-paths Display paths suppressed due to dampening
flap-statistics Display flap statistics of routes
parameters Display details of configured dampening parameters
The functionality of the dampened-paths and flap-statistics keywords remains the same as in the show ip bgp dampened-paths and show ip bgp flap-statistics commands.
Note
% NOTE: This command will be deprecated soon. Please use 'show ip bgp dampening [dampened-paths|flap-statistics]'The parameters keyword introduces new functionality. The parameters keyword is used to display the details of configured dampening parameters. The following is sample output for the show ip bgp dampening parameters command:
Router# show ip bgp dampening parameters
dampening 10 1590 3000 30
Half-life time : 10 mins Decay Time : 1250 secs
Max suppress penalty: 12720 Max suppress time: 30 mins
Suppress penalty : 3000 Reuse penalty : 1590
Table 13 describes the significant fields shown in the display:
VLAN Session Support on the Cisco 10000 Series Edge Services Router
In Cisco IOS Release 12.0(21)ST, the Cisco 10000 series edge services router provides session support for 4000 802.1Q VLANs.
Important Notes for Cisco IOS Release 12.0(20)ST
The following important notes apply to Cisco IOS Release 12.0(20)ST.
Performance Routing Engine on the Cisco 10000 Series Edge Services Router
Cisco IOS Release 12.0(20)ST is available in two different images for the Cisco 10000 series edge services router (ESR). The correct image to run on the ESR depends on which Performance Routing Engine, PRE or PRE1, is installed in the chassis.
If you attempt to run a Cisco IOS Release 12.0(20)ST image that is incompatible with the PRE that is installed in the chassis, the following warning message is displayed to the console:
Invalid image for this PRE version.When this happens, the Cisco 10000 series ESR is not fully operational. To return to normal operation, you need to reload the system with the appropriate image for the installed PRE.
Note
Table 14 lists the correct image to run for each PRE revision installed in the Cisco 10000 series ESR chassis.
Table 14 Cisco IOS Release 12.0(20)ST images compatible with installed PRE
PRE
c10k-p6-mz
PRE1
c10k-p10-mz
Important Notes for Cisco IOS Release 12.0(12)ST
The following important notes apply to Cisco IOS Release 12.0(12)ST.
Configurable Throttling for Integrated IS-IS
As of 12.0(12)ST, Integrated IS-IS provides configurable throttling of link-state PDU (LSP) generation, Shortest Path First (SPF) calculations, and partial route computations (PRC). For information about the lsp-gen-interval command, spf-interval command, and prc-interval command, refer to the "Integrated IS-IS Commands" chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 and the "Configuring Integrated IS-IS" chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
This section contains open and resolved caveats for Cisco IOS Release 12.0 ST.
Because Cisco IOS Release 12.0 ST and Cisco IOS Release 12.0 S are based on Cisco IOS Release 12.0, many caveats that apply to these releases apply to Cisco IOS Release 12.0 ST. For information on severity 1 and 2 caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0. This document is located on Cisco.com and the Documentation CD-ROM.
Note
Note
The caveats section consists of the following subsections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Resolved Caveats—Cisco IOS Release 12.0(21)ST7
Cisco IOS Release 12.0(21)ST7 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST7 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•
Symptoms: The no cdp run global configuration command may be deleted from the running configuration file when a subinterface is created after reloading the router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: Execute the no cdp run global configuration command again.
Miscellaneous
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A Cisco 12000 series Internet router may report incorrect environmental values, as the following environmental logs display:
%ENV_MON-2-VOLTAGE: MBUS 5V supply(slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor(slot 17) temperature has reached SHUTDOWN level at 756(C) %ENV_MON-2-VOLTAGE: Card 3.3v supply(slot 17) volts has reached CRITICAL level at 2560 m(V)
Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Multiprotocol Label Switching (MPLS) input feature (such as quality of service [QoS] classification, QoS marking, rate limiting, policing, or expression bit accounting) or output feature (such as QoS classification, QoS marking, rate limiting, policing, expression bit accounting, IP precedence accounting, egress NetFlow, MPLS multi-virtual circuit [VC], Virtual Private Network [VPN] routing/forwarding Network Address Translation [VRF-NAT], or VRF-crypto) is configured on a router interface and when MPLS packets that are received by an MPLS router from the core are switched to the customer edge (CE) router through the VRF interface or to a local loopback under a deaggregation scenario.
With certain Cisco IOS releases, the router reload may occur when certain types of Any Transport over Multiprotocol Label Switching (AToM) disposition are performed. The reload can affect any platform that performs software MPLS switching.
The features listed above may not be exhaustive. On some platforms, this software defect may cause alignment errors for MPLS packets that are switched through the deaggregation code path.
Conditions: This symptom may be observed on a router that operates in an MPLS VPN environment.
Workaround: There is no workaround. This symptom does not occur if input and output MPLS features such as the ones listed above are not configured on the PE router.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may occur when tag switching is enabled on an Engine 2 (E2) line card. Packets may be punted to the Gigabit Route Processor (GRP).
Conditions: This symptom is observed on an E2 line card when incoming traffic is through a Multiprotocol Label Switching (MPLS) interface and outgoing traffic is through an IP interface.
Workaround: Enable MPLS on the IP interface.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: On the chassis of a Cisco 12410 Internet router with the primary clock and scheduler card (CSC) located in slot 17, use of the hw-module slot 17 shut EXEC command may cause a FIA-HALT on the Engine 4 (E4) and Engine 4 Plus (E4+) line cards in the router.
Conditions: This symptom is observed on a Cisco 12410 router that is running Cisco IOS Release 12.0(21)S6.
Workaround: Do not use the hw-module slot 17 shut EXEC command.
•
Symptoms: It may take about 10 minutes before a Versatile Interface Processor (VIP) synchronizes with a Cisco Express Forwarding (CEF) table.
Conditions: This symptom is observed after you reload the VIP that has the Single Line Card Reload (SLCR) feature and distributed CEF (dCEF) enabled, when there are about 40,000 prefixes in the CEF table, and when Border Gateway Protocol (BGP) is in stable condition.
Workaround: Increase the interprocess communications (IPC) cache significantly; when there are about 40,000 prefixes, increase the IPC cache using the ipc cache command.
•
Symptoms: Frame Relay (FR) interfaces and subinterfaces may stop forwarding traffic if a packet-queueing application-specific integrated circuit (ASIC) error is detected by Cisco IOS software. Error recovery is invoked, but FR interfaces do not recover properly.
Conditions: This symptom is observed on a Cisco router that is configured with FR.
Workaround: Reload the line card.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy
check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following
error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on
slot 22
Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: The following error message may be generated often for slot 24 or 25 on a Cisco 12000 series:
%MBUS_SYS-3-NOBUFFER: Message from slot 25 in stream 0 dropped
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5 or Release 12.0(21)S6.
Workaround: There is no workaround.
•
Symptoms: A router may incorrectly encapsulate packets when Multicast Distributed Switching (MDS) is enabled. This causes traffic to be blackholed.
Conditions: This symptom is observed on a Cisco router that is configured with MDS and with a generic routing encapsulation (GRE) tunnel interface.
Workaround: There is no workaround.
•
Symptoms: Packets may be dropped by a 3-port line card for a Cisco 12000 series Internet router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with a GSR 3-port line card and that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: Remove the output ACL if possible or use Cisco IOS Release 12.0(23)S or later.
Resolved Caveats—Cisco IOS Release 12.0(21)ST6
Cisco IOS Release 12.0(21)ST6 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•
Symptoms: A Simple Network Management Protocol Version 3 (SNMPv3) user configuration is changed when a router is reloaded.
Conditions: This symptom is observed when an SNMPv3 user is created using message digest 5 (MD5) authentication by entering the following commands:
snmp-server group [group-name] v3 auth
snmp-server user [user-name] [group-name] v3 auth md5 [password]
The engine ID is then changed by entering the following command:
snmp-server engineID local 00000009020000024B0008FE
An SNMP walk is performed by entering the following command, the configuration is saved, and the router is reloaded.
Incoming SNMP packet : v3 packet security model: v3 security level:
auth username: abcdefghij
The router is reloaded, and a second SNMP walk is performed by entering the following command:
snmpwalk -v3 -u abcdefghij -A abcdefghij -a MD5 -1 AuthNoPriv device-name
After the second SNMP walk is performed, the command does not generate any output and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet : v3 packet security model: v3 security level:
no auth : username: abcdefghij
Workaround: Do not change the default engine identity (ID).
•
Symptoms: A NPE-200 network processing engine for Cisco 7200 series routers may experience memory corruption issues.
Conditions: This symptom may occur during periods of high traffic, with packet sizes greater than 1524 bytes, and may seemingly be associated with port adapter (PA) rearrangements.
Workaround: Attempt port adapter rearrangement, or upgrade to a Cisco IOS release that contains the software workaround (Release 12.0(23.03)S and later).
Interfaces and Bridging
•
Symptoms: A single-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX) on a Cisco 7206VXR router may stop receiving burst traffic packets.
Conditions: This symptom is observed on a PA-FE-TX.
Workaround: This symptom can be cleared by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-FE-TX interface.
IP Routing Protocols
•
Symptoms: A Cisco 7200 series router may experience a memory leak.
Conditions: This symptom is observed on a Cisco 7206VXR provider edge (PE) router that is running Cisco IOS Release 12.1(5a) in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network. The memory leak is caused by the Border Gateway Protocol (BGP) I/O process and occurs at the rate of 100 to 130 KB per hour (about 2.5 to 3 MB per day) after the show memory summary | incl BGP privileged EXEC command is entered. This situation occurs regardless of whether the BGP neighbor is flapping.
The show memory summary | incl BGP privileged EXEC command indicates that the "BGP (1) update" function allocates memory without deallocating it again after the process is completed.
The following is command output from the show processes memory | incl BGP privileged EXEC command:
Router# show processes memory | incl bgp
PID TTY Allocated Freed Holding Getbufs Retbufs Process ... 104 0 3522569548 2139398320 21965976 297916 5184 BGP I/O ...
The following is command output from the show memory summary | incl BGP privileged EXEC command:
Router# show memory summary | incl bgp
Alloc PC Size Blocks Bytes What ... 0x607C42E0 65496 333 21810168 BGP (1) update ....
Workaround: Stop the session by using the clear ip BGP privileged EXEC command.
•
Symptoms: After an interface is detached from a Virtual Private Network (VPN) routing/forwarding (VRF) instance using the no ip vrf forwarding vrf-name command, the adjacency information associated with the removed interface still shows up in the VRF table.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: There is no workaround.
•
Symptoms: An unusually formatted Multicast Source Discovery Protocol (MSDP) packet may cause a memory corruption to occur and a router to reload.
Conditions: This symptom is observed on a Cisco router that has a peer relationship with a vendor router.
Workaround: If this symptom is observed on a Cisco router that has a peer relationship with a vendor router, enter the ip msdp shutdown peer-address global configuration command to shut down the peer relationship with the vendor router.
•
Symptoms: Configuring OSPF (Open Shortest Path First) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.
Conditions: This symptom is observed in a MPLS-VPN environment. The area [area-id] sham-link [source-address] [destination-address] cost [number] global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The slow path (process-switched path) is broken on a Cisco 12000 series Engine 4 and Engine 4 Plus line card.
Conditions: This symptom is observed in an IP to Multiprotocol Label Switching (MPLS) environment. Note that the fast path (hardware-switching path) is not affected.
Workaround: There is no workaround.
•
Symptoms: The fix for CSCdx47695, integrated into Cisco IOS Release 12.0(21)S3, introduced a throttling mechanism that may be used when the physical layer interface module (PLIM) is congested. The throttling mechanism prevents interfaces or a bundle, or both, from flapping when bidirectional traffic with small packets is sent through either a 6-port channelized T3 line card or a 2-port channelized OC-3/STM-1 (DS1/E1) line card.
The throttling mechanism produces a severe performance impact, although no link flaps occur.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround. The fix for this caveat consists of a knob for the throttling.
•
Symptoms: A Cisco 7500 series router may reload at a packet enqueue utility.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S when all of the following conditions are met.
–
–
–
–
Workaround: Avoid the situation in which all of the above-mentioned conditions take place concurrently. For example, when a FR link is configured on a VIP interface and traffic shaping is required, use distributed FRTS, or unconfigure FRTS while user traffic is low so as not to activate the shaping function.
•
Symptoms: A Cisco 12416 router, that is running Cisco IOS Release 12.0(21)ST2 does not load-balance traffic properly between two OC-48 packet-over-SONET (POS) interfaces (Engine 2 line cards).
Conditions: It has been observed that when a Cisco 12000 series Internet router has incoming traffic from an Engine 4 card and outgoing traffic toward Engine 2 parallel links, load balancing does not work properly. The symptom does not seem to occur when the incoming card has been changed to an Engine 2 card.
Workaround: There is no workaround.
•
Symptoms: Performance degradation may occur on an Engine 4 Plus line card when traffic engineering (TE) tunnel load balancing is enabled.
Conditions: This symptom is observed on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(22.3)S.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series Engine 3 line card receives a tag packet with an IP version 4 (IPv4) packet that has options underneath it or with a non-IPv4 packet such as an IP version 6 (IPv6) packet, the packet may be sent to the line card CPU for processing.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)ST2.
Workaround: There is no workaround.
•
Symptoms: Traffic is not sent through a network when an Asynchronous Transfer Mode (ATM) link is used between a Cisco customer edge (CE) router and a Cisco provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: When the loopback remote line interface configuration command is executed on a 6-port channelized T3 line card, the command may fail and may cause a T1 connection to flap.
Conditions: This symptom is observed on both American National Standards Institute (ANSI) and Bell Communications Research (Bellcore) loopbacks on networks that are sensitive to T1 framing errors.
When the loopback remote line configuration command is executed, the line card causes a brief change of frame alignment (COFA) error. Normally, this error goes unnoticed. However, some devices react to these errors with an alarm indication signal (AIS). Each time the loopback request is initiated (if the T1 connection is configured for remote loopbacks each time the T1 connection comes up), the AIS brings down the T1 connection.
The actual commands would be as follows:
t1 1 loopback remote line fdl ansi
t1 1 loopback remote line fdl bellcore
Workaround: There is no workaround.
•
Symptoms: The following error messages may be generated on a Cisco 12000 series Engine 4 Plus (E4+) OC-192 line card:
SLOT 6: %RX192-3-HINTR: status = 0x4000000, mask = 0x7EFFFF FF - Parity error on rx_pbc_mem. -Traceback= 4039CEF0 4044ECEC 400C85B0 SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108 SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108
Cisco Express Forwarding (CEF) on the E4+ OC-192 line card may become disabled, and the associated port stays in an "Up/Up" state.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S3 or the gsr-p-mz image of Cisco IOS Release 12.0(21)ST2.
Workaround: Enter the microcode reload slot- number global configuration command on the Engine 4 Plus (E4+) OC-192 line card.
•
Symptoms: A Cisco 12000 series Engine 2 line card may generate the following error messages:
SLOT 14: %LCPOS-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8001 (1000 0000 0000 00sl, s/l=TooShort/long) SLOT 14: %GSR-3-INTPROC: Process Traceback= 400CCE60 400C90F0 40010A24 -Traceback= 4033F424 4044ED54 400C88B0
Conditions: This symptom is observed when switch fabric is removed and reinserted on a Cisco 12000 series router while traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: The IP Source Tracker feature unexpectedly stops functioning on a line card, and packets for the source-tracked destination are not forwarded because the IP Source Tracker feature is stuck in the throttling mode.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 line card. To determine if the line card is in the above-mentioned condition, enable the debug line card hw-throttle command. If the following message recurs every two seconds (even when there is low CPU utilization), the IP Source Tracker feature is stuck in the throttling mode.
SLOT 0: GLC_HW: Disabled HW DOS throttling (CPU at 0%, sched skew: -1%)
Workaround: Reload the line card.
•
Symptoms: Under certain conditions, the Cisco 12000 series Internet router Engine 2 Packet-over-SONET (POS) line card can get busy collecting statistics for the locally assigned Multiple Protocol Label Switching (MPLS) label entries and lose the outgoing labels entries for those prefixes. All the prefixes show up as untagged and reachability to those prefixes can be adversely affected.
Conditions: This symptom is observed on a Cisco 12000 series Internet router Engine 2 POS line card.
Workaround: Reset the line card to recover.
•
Symptoms: A router may loop indefinitely when a Simple Network Management Protocol (SNMP) walk is performed against certain objects. (Examples of these objects are ifDescr, ifMTU, and ifInOctets, etc.) The SNMP walk will not cycle if a specific interface is specified, such as ifDescr.1.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running 12.0(21)S2. This may occur only in a situation where Multilink Frame Relay (MFR) interfaces are configured.
Workaround: Reload the router.
•
Symptoms A destination interface may not have a value in the NetFlow cache (the destination interface may be null), but it should have a value.
Conditions This symptom is observed when the egress interface is on a Cisco 12000 series Engine 0 line card and a rate limit access list is applied to the egress interface. The rate limit access list may not cause packets to be dropped, but the destination interface is null in the NetFlow cache.
Workaround Disable the rate limit on the output interface.
•
Symptoms: A memory leak may be observed on a line card.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router after Netflow is disabled on the last interface of a line card that has NetFlow enabled. This symptom is observed while there are more than 1900 flow records in the NetFlow cache of the line card.
Workaround: Keep NetFlow enabled on at least one interface on the line card.
•
Symptoms: An Engine 2 (E2) line card may reload after it reboots.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S. The E2 line card is configured with 128 line access control list (ACLs), Virtual Private Network (VPN), and has Frame Relay configured on one of the interfaces.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 line card is reloaded by a bus error after a Cisco 12000 series Internet router restarts by entering the reload command or powering off and on or after the line card is reloaded.
Conditions: Before this symptom occurs, one or both of the following messages are displayed.
%GRP-3-FABRIC_UNI: Unicast send timed out (1) %LCGE-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8002 (1000 0000 0000 00sl, s/l=TooShort/long)
Once the line card becomes stable, this symptom does not occur until the router reloads or the line card reloads. The trigger of this symptom is not clear. But this symptom is seen on a router that has the following conditions:
–
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Internet router that is configured with an output ACL applied in ingress E2 may not work. This symptom is caused by snf overriding the registers that 448 ACLs use even though enf is not configured. This caveat is introduced by the fix of CSCdy86210.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: Packet drops may occur in the Cisco Express Forwarding (CEF) and distributed Cisco Express Forwarding (dCEF) paths after a router has been reloaded and a ping is sent (through the router) to the IP address of a directly connected customer edge (CE) router.
Conditions: This symptom is observed on a Cisco 7500 series router. The CE router in this configuration is connected to a Fast Ethernet Virtual Private Network (VPN) routing/forwarding (VRF) dot1q subinterface on a provider edge (PE) router that has the mpls netflow egress interface configuration command enabled.
Workaround: On the PE router, manually ping the IP address of the directly connected CE router and enable the relevant Address Resolution Protocol (ARP) entries to be populated.
First Alternate Workaround: Disable the mpls netflow egress interface configuration command on the subinterface by using the no form of this command.
Second Alternate Workaround: Add a static ARP entry for the VRF subinterface by entering the arp vrf [vrf-name] [ip-address] [mac-address] arpa global configuration command.
Third Alternate Workaround: Enter the clear arp-cache privileged EXEC command on the destination CE router.
•
Symptoms: A line card may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and stop sending traffic. The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.
%LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0
Conditions: This symptom is observed on the 3-port Gigabit Ethernet line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: The CPU of a Versatile Interface Processor (VIP) may exhibit persistently high CPU utilization values.
Conditions: This symptom is observed on the CPU of a VIP on a Cisco 7500 series router or Cisco 12000 series line card and does not directly impact the operation of the router. This symptom is a rare race condition and may occur with parallel paths. When this symptom occurs, the output of the show mpls forwarding-table EXEC command may no longer display accurate counters.
Workaround: There is no workaround. Reload the microcode of the affected line card to restore normal operation.
•
Symptoms: "ALPHA" errors may be observed on the ingress or egress interfaces of a Cisco 12000 series 4-port OC-12c/STM-4c Packet-over-SONET (POS) Synchronous Digital Hierarchy IP Services Engine line card, and the following error messages are generated:
%EE48-3-ALPHAERRS: TX ALPHA: ALPHA_CPU_PIPELINE_CTRL_INT error 1 SLOT 2: %EE48-3-ALPHAPAIR: TX ALPHA: POP PAIR
Conditions: This symptom is observed if the shape, bandwidth, random detect, or priority value is configured and if both the set-ip-dscp-value quality of service (QoS) policy map configuration command and the set mpls experimental policy-map configuration command are disabled.
Workaround: Remove the transmit (TX) service policy and use Per Interface Rate Control (PIRC) instead.
Additional Notes: The same symptom may occur when an error recovery is performed for hardware failures such as data path parity errors. The symptom under those circumstances would be a failed recovery. There is no workaround for the occurrence of this symptom when an error recovery is performed.
•
Symptoms: Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) protocol adjacencies may be incomplete.
Conditions: This symptom is observed on a Cisco router after it is loaded with Cisco IOS Release 12.0(21)ST5. This symptom may affect connectivity across Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: After a switchover for some of the routes on a Cisco 10008 router, the tag_rewrite data structure values are zeroes, which causes packets to be dropped. This symptom is seen only for untagged entries. For aggregate entries, the values are set properly.
Conditions: This symptom is seen only when the provider edge (PE) to customer edge (CE) link is IP unnumbered.
Workaround: Use the clear adjacency EXEC command to clear the Cisco Express Forwarding (CEF) adjacency table.
•
Symptoms: Multilink adjacencies may show up as invalid.
Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S3. It may not be possible to clear this symptom by entering the clear cef linecard EXEC command or by reloading the microcode on the line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or Engine 3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.
Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.
Workaround: No workaround is necessary as the line cards will recover without user intervention.
•
Symptoms: A Cisco 12000 series Internet router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRP) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: Switch fabric cards (SFCs) may fail on a Cisco 12410 router.
Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: When a parity error occurs on an Engine 4/4P line card, the packet and byte counters may not be accurate.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: Cisco devices that run Cisco IOS software and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS software is disabled by default.
Conditions: This symptom is observed on all Cisco devices that run Cisco IOS software and contain support for the SSH server.
Workaround: Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml.
•
Symptoms: The tag forwarding counter may no longer function when parity errors occur on an Engine 4 Plus (E4+) line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A data-link switching (DLSw) peer may pause indefinitely in the AB_PEND state, and a TCP session may pause indefinitely in the SYNSENT state.
Conditions: This symptom is observed after an IP outage occurs between two DLSw routers.
Workaround: Use the show tcp brief EXEC command to determine the Transmission Control Block (TCB) of the paused TCP session. Enter the clear tcp tcb address privileged EXEC command to clear the TCB of the paused TCP session. The DLSw peers will reconnect as long as there is IP connectivity between the DLSw peers.
•
Symptoms: A Cisco 12000 series 4-port OC-48 Engine 4 Plus (E4+) line card may reset because of interprocess communications (IPC) failures.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(22)S2. Even if one increases the line card memory pool for the Cisco Express Forwarding (CEF) queuing messages by entering the ip cef linecard ipc memory 25000 global configuration command and the cache size is increased by entering the ipc cache 15000 command and the ipc cache 5000 slot all command, the symptom still occurs.
Workaround: There is no workaround.
•
Symptoms: A router may fail because of a bus error.
Conditions: This symptom is observed if the show environment all EXEC command or the show environment internals EXEC command is entered while an online insertion and removal (OIR) procedure is in process.
Workaround: Do not enter the show environment all EXEC command or the show environment internals EXEC command while an OIR is in progress.
•
Symptoms: A traceback condition exists on an Engine 2 (E2) line card of a Cisco 12000 series Internet router with VPN Routing and Forwarding (VRF) configured on a regular Frame Relay (FR) packet-over-SONET (POS) interface.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST5. With VRF configured on the same interface, traceback starts to show. It also becomes impossible to ping on this interface, and injecting traffic to this interface (FR sub VRF) causes a permanent pause.
Workaround: There is no workaround.
•
Symptoms: Traffic that is destined for certain loadsharing paths may be dropped or switched to an incorrect destination.
Conditions: This symptom is observed if the no cos gsr tx global configuration command is entered on a Cisco router that has an Engine 4 (E4) line card on the ingress side and a loadsharing or multiple path on the egress side.
Workaround: Remove the extra loadsharing paths and consolidate the extra loadsharing paths into one single outgoing path or remove the no cos gsr tx global configuration command. After the no cos gsr tx global configuration command is removed from the configuration, there may be an increase in the hardware memory requirement on all E4 line cards on the router.
•
Symptoms: In the Carrier Supporting Carrier (CSC) setup, an Engine 2 (E2) 4xOC-12 Packet-over-SONET (POS) line card may show power supply A (PSA) errors and reset after the router reloads.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST5 in a Carrier Supporting Carrier (CSC) provider edge (PE) router, after router reload.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router or a Cisco 12000 Internet series router could experience a reload of either the Versatile Interface Processor (VIP) or the line card with the following message:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = TFIB Stats Background
Conditions: Cisco IOS releases with the fix for the caveat CSCdz32988 may show these symptoms. These symptoms affect only platforms that perform distributed Multiprotocol Label Switching (MPLS) forwarding. Cisco IOS releases that may contain this symptom include 12.0(21)S, 12.0(22)S, 12.0(23)S, 12.1 and its derivatives and 12.2 mainline. Cisco IOS releases 12.2 T and the latest 12.0 S software are not susceptible to this symptom.
Workaround: Disable the stats aggregation using the no tag aggregate hidden command.
•
Symptoms: IP Multicast hardware counter memory is not freed on an Engine 4/4 Plus line card after multicast routes are cleared from the routing table.
Conditions: This symptom only occurs when the Engine 4/4 Plus line card runs out of mtrie node memory, for example when the routes in the router are more than the line card can handle.
Workaround: There is no workaround.
•
Symptoms: If a 3*GE Engine 2 (E2) line card is configured for .1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3*GE E2 line cards do not support per subinterface ACL processing.
Conditions: This symptom is seen with both normal and extended ACLs running Cisco IOS 12.0(24)S, 12.0(24.1)S, and 12.0(24.2)S. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access-list [access-list-number] global configuration command.
Workaround: There is no workaround.
•
Symptoms: When resetting the secondary gigabit route processor (GRP) with the break key on a Cisco 12000 series dual-RP router, the primary gigabit route processor pauses, then permanently pauses on watchdog timeout:
Jan 30 00:11:15.216 PST:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout
process = Fabric ping
Conditions:This occurs regardless of the redundancy mode (RPR, RPR-plus and SSO) and may impact the process of replacing a defective slave GRP hardware.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21)ST5
Cisco IOS Release 12.0(21)ST5 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
•
Symptoms The ip address negotiated interface configuration command must be applied to the configuration of an interface before any other PPP commands.
Conditions This symptom is observed when the on-demand address pool (ODAP) on-board Dynamic Host Configuration Protocol (DHCP) server is used.
Workaround There is no workaround.
•
Symptoms On a router that is configured as a provider edge (PE) router with multiple Virtual Private Network (VPN) routing/forwarding (VRF) instances, the VRF routing table may not be imported to the same PE router when routes are imported between the VRFs even when the PE router is displayed on the Border Gateway Protocol (BGP) VPN4 table.
Conditions This symptom is observed on a PE router in a Multiprotocol Label Switching (MPLS) and VPN environment.
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed during the execution of the no e1 1 channel-group 0 command on the controller of a Multi-Channel E3 port adapter on a Cisco 7200 series router that is configured for IP routing.
Workaround Shut the interface down and then remove the channel group.
•
Symptoms Packets with a valid source IP address that is reachable via tag switching are not passed through.
Conditions This symptom is observed when you have unicast Reverse Path Forwarding (uRPF) configured on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms If a peer advertises a replacement path (with the same MED as in the original path), the new path will be inserted in the original path's position. In other words, the replacement path may not be grouped with paths from the same autonomous system number (ASN) (as deterministic-med should). The ordering may result in incorrect routing, including routing loops.
Conditions This symptom is observed on a Border Gateway Protocol (BGP) router using deterministic-med.
Workaround There is no workaround. However, once the router is in the incorrect state, the situation can be corrected by disabling deterministic-med and then reenabling it.
•
Symptoms When a provider edge (PE) router must advertise a large number of Virtual Private Network version 4 (VPNv4) prefixes to another PE router, the initial convergence time may be very long (more than 20 minutes) or convergence may never occur. One symptom of this caveat is that the number of Border Gateway Protocol (BGP) messages used to propagate the VPNv4 prefixes may be greater than the number of prefixes.
Conditions This symptom is observed when a PE router must advertise a large number of VPNv4 prefixes to another PE router.
Workaround There is no workaround.
•
Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) VLAN packet switch ASIC (PSA) registry memory does not reinitialize when another PSA loads and then unloads, because higher-priority PSA features are being configured and then unconfigured. This situation prevents VRF VLAN forwarding to function.
Conditions This symptom is observed on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms Pings cannot be sent to a peer router through an interface that has VLANs configured after the router that is sending the pings reloads.
Conditions This symptom is observed on a Gigabit Ethernet line card that is installed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(19)ST4.
Workaround Enter the hw-module slot number reload EXEC command to reset the line card.
•
Symptoms A Route Processor (RP) may boot up with the boot helper image instead of the regular image, or a Cisco 12000 series line card that is configured under the primary RP may reset because of interprocess communications (IPC) failures and generate the following error message:
* UTC: %FIB-3-FIBDISABLE: Fatal error, slot 0: IPC Failure: timeout
The two above mentioned symptoms are mutually exclusive.
Conditions These symptoms are observed on a Cisco 12000 series router when the router is configured with a primary RP and a standby RP and you load the gsr-boot-mz image from Bootflash using the boot system tftp global configuration command.
The symptoms affect only the gsr-boot-mz image (the gsr-p-mz image is not affected) and may occur in the following Cisco IOS releases:
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
•
•
Symptoms Memory allocation failures occur on a Cisco router that has authentication, authorization, and accounting (AAA) configured, and "%SYS-2-MALLOCFAIL" messages are displayed. When you enter the show memory summary command, the command output shows that many small blocks are used by the AAA processes.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(15)S3.
Workaround There is no workaround.
•
Symptoms A Simple Network Management Protocol (SNMP) query for ATM OC-12 counters returns incorrect values.
Conditions This situation is observed on a Cisco 10000 series router that has an ATM line card (1-port OC12 ATM or 4-port OC3 ATM) and is running Cisco IOS Release 12.0(20)ST or Release 12.0(21)ST.
Workaround There is no workaround.
•
Symptoms Virtual Routing and Forwarding (VRF) route aggregation under Border Gateway Protocol (BGP) fails causing a loss of end-to-end connectivity between Provider Edge routers if more specific routes are not installed in the BGP VRF table.
Conditions This symptom is observed on a Cisco 12000 series Internet router under the following conditions:
–
–
–
Workaround Ensure that the more specific routes are imported into the BGP VRF table by configuring redistribution or network statements.
•
Symptoms Border Gateway Protocol (BGP) Policy Accounting counters do not increment correctly.
Conditions This symptom is observed on only the 3-port Gigabit Ethernet line card when hardware accelerated multicast is configured with BGP Policy Accounting.
Workaround Deconfigure the BGP Policy Accounting configuration from all 3-port Gigabit Ethernet line cards installed to the router and then reconfigure BGP Policy Accounting.
•
Symptoms An access control list (ACL) with an Internet Control Message Protocol (ICMP) entry may be incorrectly processed by (the packet switch ASIC [PSA] of) an Engine 2 line card.
Conditions This symptom is observed on a Cisco 12000 series Engine line card when an ACL entry matches an ICMP packet that is specifying its type but not its code.
Workaround Specify the code in all ICMP entries.
•
Symptoms An Engine 0 ATM line card may reload.
Conditions This symptom is observed under rare circumstances when a Cisco 12000 series router is booted up with Cisco IOS Release 12.0(21)ST3.
Workaround There is no workaround.
•
Symptoms The Forwarding Information Base (FIB) table on a Cisco 12000 series Gigabit Route Processor (GRP) may be missing entries for directly connected subnets.
Conditions This symptom is observed on a Cisco 12000 series router after you have removed a large number of routes.
Workaround Enter the clear ip route network for the affected prefixes. The following is an example:
Router# show ip cef 10.2.0.4 255.255.255.224
%Prefix not foundRouter# clear ip route 10.2.0.4 255.255.255.224
Router# show ip cef 10.2.0.4 255.255.255.224
10.2.0.4/30, version 285154, epoch 0, attached, connected, cached adjacency to POS1/0 0 packets, 0 bytes via POS1/0, 0 dependencies valid cached adjacency•
Symptoms A route processor (RP) may reload when you install a Flash card in slot 1 of the RP.
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround There is no workaround.
•
Symptoms Virtual Private Network version 4 (VPNv4) packet switch ASIC (PSA) traffic may be punted to a line card, which causes a CPU spike and Interior Gateway Protocol (IGP) instability.
Conditions This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN in which a Cisco 12000 series router is configured as a provider edge (PE) router, a Gigabit Ethernet link connects the customer edge (CE) router to the PE router, and the PE to provider (P) link is an Engine 2 line card. The following is also observed on the PE-P line card:
–
–
This caveat addresses the IGP instability. For more information about this symptom, refer to CSCdy31765.
Workaround There is no workaround.
•
Symptoms If an active Performance Routing Engine (PRE) fails before a standby PRP is fully configured, the standby PRP may not perform a switchover correctly.
Conditions This symptom is observed on a Cisco 10000 series router in a redundant configuration.
Workaround Do not force a switchover until the standby PRP is fully initialized. If the active PRP fails and the standby PRP does not switchover correctly, reload the standby PRP.
•
Symptoms A Cisco 10720 router may exchange labels incorrectly and rewrite a MAC header incorrectly. For example, the router is supposed to rewrite the MAC header with an Ethernet header but may rewrite the MAC header with a Packet-over-SONET header. The router may also exchange a label with one that is not consistent with the Multiprotocol Label Switching (MPLS) Tag Forwarding Information Base (TFIB).
Conditions This symptom is observed on a Cisco 10720 router that functions as an MPLS provider (P) router, when all of the following conditions are met:
–
–
A link on which these tunnel midpoints transit flaps several times, which may cause more than 64,000 MAC rewrite indices.
Workaround There is no workaround.
•
Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) may not function on a High-Speed Serial Interface (HSSI) port adapter.
Conditions This symptom is observed on a Cisco 7500 series router
Workaround Remove and reconfigure the affected subinterface on the HSSI port adapter.
•
Symptoms Cisco Parallel Express Forwarding (PXF) fails when traffic is destined for a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnel.
Conditions This symptom is observed in a back-to-back configuration between two Cisco 10000 series Internet routers with an MPLS TE tunnel configured between the two routers. PXF fails when ping is sent through the tunnel from the remote router.
Workaround There is no workaround.
•
Symptoms All layer 2 management packets are dropped on a router causing all interfaces that are dependent on keepalives to transition to a down state.
Conditions This symptom is observed on routers with large numbers of configured interfaces.
Workaround There is no workaround.
•
Symptoms A 4-port OC-12 line card configured with Multiprotocol Label Switching (MPLS) indicates that a packet switch application-specific integrated circuit (PSA) pipeline is stuck, and the line card stops processing packets.
Conditions This symptom is observed when all ATM Permanent Virtual Circuits (PVCs) are up and the ATM 0/0 interface is "up/up." The following error message may be displayed:
*%GRP-3-FABRIC_UNI: Unicast send timed out (0) SLOT 0:
*%GENERAL-3-EREVENT1: PSA pipeline stuck, status 0x812D90
-Traceback= 4036F538 403ACE60 403ACF04 4036FACC 40496378 400CC750 SLOT 0:
*%LC-3-BMAERRS: ToFab BMA BMA error status error 1 SLOT 0:
*%LC-3-BMAERRS: ToFab BMA PLIM error 2000 SLOT 0:
*%LC-3-PSAERRS: PSA PSA_CPU_IF_INT error 100 SLOT 0:
*%LC-3-PSAERR: PSA error: if_err 100 adr FC00002C cmd 5 data 0 pipe 0,fs 0,prep 0 (pc 27),pop 0 (pc 0),plu 0,tlu 0,plu sdram 0 adr 0 synd 0 check 2D00,tlu sdram 0 adr 0 synd 0 check 3000,ssdram 0 adr 0,gather 0,pl 812490,plmuxcnts 18, pludefpsr 22000, plupsr 22000, pludsr D2518FC2 SLOT 0:
*%GSR-3-INTPROC: Process Traceback= 400BAB08
-Traceback= 4035527C 4049683C 400CC750
*%SONET-4-ALARM: ATM0/0: SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI PLOP
*%SONET-4-ALARM: ATM0/0: ~SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI ~PLOPWorkaround There is no workaround.
•
Symptoms An Engine 2 line card displays a "QM-4-STUCK" error message. The line card can also stop forwarding traffic.
Conditions This symptom is observed when an adjacent router is power cycled or a line card on an adjacent router is removed and reinserted.
Workaround Perform a microcode reload on the affected Engine 2 line card.
•
Symptoms Routes in the Cisco Express Forwarding (CEF) table on a Cisco 12000 series Gigabit Route Processor (GRP) do not match the routes in a line card CEF table. The mismatched routes can be cleared with the clear cef linecard privileged EXEC command. However, this symptom reoccurs when the mismatched routes are learned again.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S4 or Release 12.0(22)S and has an access-list configured to deny Simple Network Management Protocol (SNMP).
Workaround Deconfigure the access-list that denies SNMP, or install Cisco IOS Release 12.0(21)S3 instead of Release 12.0(21)S4 or Release 12.0(22)S.
•
Symptoms Netflow stops functioning after an online insertion and removal (OIR) procedure is performed on a Switch Feature Card (SFC).
Conditions This symptom is observed on a Cisco 12000 series Internet router.
Workaround Deconfigure and reconfigure the ip route-cache flow sampled interface configuration command.
•
Symptoms An Engine 4 Packet-over-SONET (POS) line card reloads.
Conditions This symptom is observed on an Engine 4 POS line card in a Cisco 12000 series router during several online insertion and removal (OIR) procedures on a Clock Scheduler Card (CSC).
Workaround There is no workaround.
•
Symptoms A line card does not forward IP version 6 (IPv6) packets destined for some recursive routes learned from Border Gateway Protocol (BGP).
Conditions This symptom is observed when prefixes are aggregated to minimize the number of BGP routes to advertise on a Cisco 12000 series router. These prefixes are aggregated by either configuring static routes that point to "Null0" for the aggregated prefix or configuring BGP aggregation commands, which install routes to "Null0" for the aggregated prefix. The IPv6 routing table, as seen with the show ipv6 route command, displays correct information. However, the exec slot number show ipv6 cef and show ipv6 cef commands indicate that the outgoing interface for the affected routes is "Null0."
Workaround Issue the clear ipv6 route ip-address privileged EXEC command to correct the affected prefix.
•
Symptoms A Cisco 12000 series Engine 2 line card may incorrectly drop all packets that are destined for the router. This condition may result in the loss of routing protocol packets, and the protocol connectivity with neighbors may reset.
Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(18)ST or a later release, or Release 12.0(22)S or a later release when heavy utilization of the CPU of the line card occurs.
Workaround There is no workaround.
•
Symptoms A router reloads when an interface flaps.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S and multicast traffic is present on the router.
Workaround There is no workaround.
•
Symptoms An Engine 2 line card continuously reloads if an adjacent is power cycled.
Conditions This symptom is observed on an Engine 2 line card in a Cisco 12000 series Internet router that is configured to run the Border Gateway Protocol (BGP) Policy Accounting feature on the line card. This symptom occurs when accounted traffic is passing through the card.
Workaround There is no workaround.
•
Symptoms Cisco IOS software fails to set up the Gigabit Ethernet Interface Processor (GEIP) MIBs correctly on a Cisco 7500 series router.
Conditions This symptom is observed when the hierarchy on the GEIP is incorrect; the port adapter and interface are shown at the same level as the GEIP. The GEIP should be a the top of the hierarchy, followed by the port adapter, followed by the interface.
Workaround There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21)ST4
Cisco IOS Release 12.0(21)ST4 is a rebuild release for Cisco IOS Release 12.0(21)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(21)ST4 but may be open in previous Cisco IOS releases.
•
A Cisco 7500 series router may stop receiving packets on certain interfaces when a Cisco 6500 series switch that is connected through a port channel is reloaded. This symptom is observed on a Cisco 7500 router that is connected to a Cisco 6500 series switch through the port channel. This symptom does not occur if the port channel is removed.
Workaround: Run normal IP between the Cisco 7500 series router and the Cisco 6500 series switch without the port channel configuration.
•
Some clients may fail to successfully complete IP Control Protocol (IPCP) negotiations. All Layer 2 Tunneling Protocol (L2TP) sessions are established, but some client virtual access interfaces may not get a negotiated IP address. The missing IP address results in lost IP connectivity on that link.
This symptom is observed when thousands of PPP sessions are simultaneously reestablished, as is the case when an interface with many links is recycled. There is no workaround.
•
A Gigabit Ethernet Interface Processor (GEIP) reloads because of memory corruption. This symptom is observed when Inter-Switch Link (ISL) encapsulation is enabled on an interconnected Gigabit Ethernet interface and traffic is flowing between two routers that are connected or an information exchange of keepalives or of Cisco Discovery Protocol (CDP) occurs. There is no workaround.
•
Interfaces on adjacent ports of a channelized T3 (CT3) line card show their link status up but their protocol down. This symptom is observed when a Cisco 10000 series Performance Routing Engine (PRE) switchover is performed and the CT3 line card is fully configured with T1 lines.
Workaround: There is no workaround. To recover from the situation, reset the CT3 line card by entering the hw-module slot shelf-id|slot-number reload privileged EXEC command.
•
A queue may become stuck and display messages that are similar to the following:
%GRP-3-FABRIC_UNI: Unicast send timed out
%QM-4-STUCK: Port 0 Queue mask 0x1
This symptom is observed when an OC-48 Packet-over-SONET (POS) interface is flapping and when updates are received.
Workaround: Perform a microcode reload of the line card.
•
A bus error may occur on a router, and the following message may be displayed:
%ALIGN-1-FATAL: Illegal access to a low address, addr=0x1A8, pc=xxxxxxxx, ra=xxxxxxxx, sp=xxxxxxxx
This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S. There is no workaround.
•
A Versatile Interface Processor (VIP) may reload because of an error at the ct3sw_check_tx process. This symptom is observed on a Cisco 7000 series VIP that is running Cisco IOS Release 12.0(16)S4. There is no workaround.
•
If the IPv6 router rip global configuration command is issued after the ip access-list global configuration command has been issued, the entry of subsequent IPv6 redistribute router configuration commands fails. This symptom is observed after a router reloads. The redistribute router configuration command is present in the startup configuration but not in the running configuration.
Workaround: Reissue the missing redistribute router configuration command.
•
A router may reload when it is searching the Resource Reservation Protocol (RSVP) database. This symptom is observed on a Cisco router that is running in the Route Processor Redundancy Plus (RPR+) or the Stateful SwitchOver (SSO) mode. The router reloads when a tunnel is up and when Multiprotocol Label Switching-traffic engineering (MPLS-TE), Cisco Express Forwarding (CEF), and IP routing are unconfigured using the following sequence of commands:
no tag advertise-tags
no mpls ip
no mpls label protocol ldp
no ip routing
no ip cef
no mpls traffic-eng tunnels
Workaround: Issue the no mpls traffic-eng tunnels router configuration command to shut down all tunnels before issuing the no ip routing global configuration command.
•
An ATM OC-12 interface on a Cisco 7500 series port adapter shows output drops that cannot be accounted for anywhere else in the router. None of the permanent virtual connections (PVCs) show any drops, but the interface still accumulates drops. This symptom is observed when the traffic rate is very low compared to line rate of the port adapter. There is no workaround.
•
A software-forced reload may occur on a router. This symptom is observed on a Cisco router when an interface is shut down from another terminal while output from the show ip pim neighbor EXEC command is displayed. There is no workaround.
•
A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes. This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)ST1. There is no workaround.
•
From a remote provider edge (PE) router or from a customer edge (CE) router, you may not be able to ping to IP addresses other than the IP address on the Virtual Routing/Forwarding (VRF) interface on a near-end CE router. The statistics output on the PE router will show the "no_tfib_route" counter being incremented as in the following example:
Router# show hardware pxf cpu statistic drop | in tfib|drop
FP drop statistics
no_tfib_route 2762283021 0
bad_drop_code 0 0
master drop count 2923544477.This symptom is observed on a Cisco 10000 series router after a switchover, when a large number of VRF interfaces are configured and traffic is flowing. The number of routes that are affected varies. This symptom is observed on untagged routes, but not on aggregate routes.
Workaround: Enter the clear ip route vrf vpn * EXEC command.
•
A route map that has the match nlri unicast multicast command is broken into two route maps, one with the original route-map tag and the other with "_mcast" extended.
This symptom is observed on a Cisco router when an old route map format is changed to the new route map format and if a named community list or an extended community list is configured.
This translation can be automatically done or user initiated if the bgp upgrade-cli router configuration command is available.
If a startup configuration has a route map that contains the match community community name route-map configuration command or the match extcommunity extended community-list number route-map configuration command, the router may reload if the write terminal privileged EXEC command, the show running-config privileged EXEC command, or the show route-map privileged EXEC command is issued after the original route map is deleted.
Workaround: Delete the match nlri unicast multicast route-map configuration command from the startup-config file, or avoid deleting the original route map after the system is loaded.
Alternate Workaround: Do not to issue the bgp upgrade-cli router configuration command.
•
When weighted fair queueing (WFQ) is configured on a serial interface, a link may start flapping. This symptom is observed on a Cisco 7500 series router.
Workaround: Perform a microcode reload.
•
A 3-port Gigabit Ethernet (GE) line card reloads. This symptom is observed on a 3-port GE line card that is installed in a Cisco 12000 series router when a Catalyst 6500 series switch that is connected to one of the ports of the GE line card is reset. There is no workaround.
•
Cisco Express Forwarding (CEF) may be disabled on an ATM OC-3 line card after a memory leak occurs. This symptom is observed on an ATM OC-3 line card. There is no workaround.
•
A Cisco 12016 router reloads when you change the size of the maximum transmission unit (MTU) on a 1-port Gigabit Ethernet line card.
This symptom is observed on a Cisco 12016 router that is running Cisco IOS Release 12.0(21)ST1 when you change the size of the MTU to 1518 bytes by using the following sequence of commands:
Router# conf t
Router(config)# int gig 0/0
Router(config-if)# mtu 1518
There is no workaround.
•
NetFlow aggregation does not function. This symptom is observed in Cisco IOS Release 12.0 S and Release 12.0 ST when either only the mpls netflow egress interface configuration command is configured on an interface or both the ip route-cache flow and mpls netflow egress interface configuration commands are configured on the same interface or on different interfaces, but the NetFlow cache is allocated through the mpls netflow egress interface configuration command. There is no workaround.
•
A Cisco 12000 series Engine 2 OC-48 Packet-over-SONET line card that is configured as a generic routing encapsulation (GRE) tunnel-server card enters an error state and reports the following error message:
QM-4-STUCK: Port 0 Queue mask 0x1
The line card should recover from this error state but fails to do so. These symptoms are observed when the line card is overloaded with tunnel traffic.
Workaround: There is no workaround. To recover from the error state, perform a microcode reload of the line card.
•
Cisco Express Forwarding (CEF) may be disabled on one or more line cards that are installed on a router after the redundancy force-failover EXEC command is entered. This symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(17)S5 with redundant Gigabit Route Processors (GRPs). There is no workaround.
•
A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) between a provider (P) router and a provider edge (PE) router does not function. MPLS VPN deaggregation packets are dropped by the PE router. This symptom is observed when you use a Cisco 12000 series 3-port Gigabit Ethernet line card between the P and PE router. There is no workaround.
•
Spurious accesses and alignment errors may occur on a Versatile Interface Processor (VIP), which may cause routes or interfaces to go down. These symptoms are observed on a Cisco 7500 series router that has Multiprotocol Label Switching (MPLS) NetFlow enabled on the egress side through the mpls netflow egress interface configuration command.
Workaround: Configure the ip cef global configuration command or the no ip route-cache distributed interface configuration command.
•
A backup Clock Switch Card 0 (CSC 0) may enter the "going on" state. This symptom is observed when an online insertion and removal (OIR) is performed on a Cisco 12406 router with the primary clock on CSC 1 (slot 17). There is no workaround.
•
Changing a VLAN ID affects a Cisco 12000 series router but not a line card that is installed in the router. This situation causes a communication failure. This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.3)S1 and that is functioning as a provider edge (PE) router with the Ethernet over MPLS on the PE feature enabled.
Workaround: After changing the VLAN ID, enter the no mpls l2transport route interface configuration command followed by the mpls l2transport route interface configuration command.
•
NetFlow statistics may not be recorded for some packet flows. This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(20)ST3. If there are many active flows and they stop all at once, the NetFlow statistics for many of the flows may not be recorded. There is no workaround.
•
A line card may be stuck in the off-for-download state. This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S2. This symptom may be indicated in the output of the show cef linecard EXEC command. There is no workaround.
•
The value of the ciscoEnvMonTemperatureThreshold variable is incorrectly reported as 7 degrees or 65,535 degrees. This condition causes the Device Fault Manager (DFM) to send high-temperature alarms for sensors that indicate that the value of the ciscoEnvMonTemperatureThreshold variable is equal to 7 degrees. These symptoms are observed on a Cisco 12016 router. There is no workaround.
•
The following error message appears on a Cisco 12000 series router when you enable a turbo access control list (Turbo ACL):
%SYS-2-MALLOCFAIL: Memory allocation of 10980020 bytes failed from 0x400BE22C, alignment 32
Pool: Processor Free: 25912464 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool-Process= "TurboACL", ipl= 0, pid= 41
-Traceback= 400BB150 400BD4E4 400BE234 40BCDBE4 40BCDA70 40BCDAB8 40BCDAB8 40BCD97C 40BCFD00 40BD1650 400B3DFC 400B3DE8This symptom is observed on a a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.4)S2 and that is configured with an 8-port Fast Ethernet 100-Base-TX interface with 128 MB of route memory.
Workaround: Turn off compiled access lists using the no access-list compiled global configuration command.
•
In an Ethernet over Multiprotocol Label Switching environment, the virtual circuit ID (VCID) may not be signed correctly; if the VCID is larger than 231, the VCID is displayed as a negative quantity. This symptom is observed on a Cisco 12000 series router. There is no workaround.
•
A Cisco 7500 series router may fail to provide initial connectivity to a customer edge (CE) device, and an Address Resolution Protocol (ARP) packet may not be sent. These symptoms are observed on a Cisco 7500 series router that has either Cisco Express Forwarding (CEF) or distributed Cisco Express Forwarding (dCEF) configured, 802.1Q Fast Ethernet configured, and the mpls netflow egress interface configuration command enabled.
Workaround: Ping the CE device from the Cisco 7500 series router, or disable the mpls netflow egress interface configuration command.
•
A Cisco 12000 series Internet router or a Cisco 10720 Internet router reloads because of a bus error. This symptom is observed when an Ethernet over MPLS (EoMPLS) configuration file is copied from a TFTP server or from boot Flash memory to the running configuration. This symptom occurs because the parser process is interrupted during the EoMPLS virtual circuit (VC) setup process before the VC is completely setup. If the edge-facing and core-facing interfaces are both in the "Up" state with a route to the destination, a Label Distribution Protocol (LDP) label mapping request for the EoMPLS VC label causes the partially-defined VC data structure to be accessed. This situation results in illegal access to an invalid memory location.
The router may also reload when a VC is provisioned while an IP route to the destination is up.
Workaround: Do not attempt to copy configurations that create EoMPLS VCs while the core-facing interface is in the "Up" state. If the core-facing interface is left in the "Down" state, LDP messages for the EoMPLS VCs cannot come through and a partially-defined VC data structure will not be accessed.
Alternate Workaround: Shut down the edge-facing interface that is being configured before you enable the mpls l2transport route interface configuration command. This will allow the initialization process to complete before the VC transitions to the "Up" state and responds to LDP label mapping requests.
•
A 3-port Gigabit Ethernet card may reload following the configuration of Border Gateway Protocol (BGP) Policy Accounting on either the main interface or a subinterface. This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.4)S2. There is no workaround.
•
An Engine 2 line card may reload. This symptom is observed when tag switching is enabled on a Cisco 12000 series router that has Engine 2 line cards while load balancing is occurring in the Cisco Express Forwarding (CEF) path. There is no workaround.
•
The memory usage of a Cisco 12000 series Route Processor (RP) is very high. This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S1 and that is configured with an IP Services Engine (ISE) line card with v8 NetFlow enabled. There is no workaround.
•
Disassociating slots without removing ATM virtual circuits (VCs) causes the ATM VCs to go into an inactive state. This symptom is observed when the Automatic Protection System (APS) feature is enabled and you delete the ATM VCs after the slots are disassociated.
Workaround: Delete the ATM VCs before you disassociate the slots.
•
A Gigabit Route Processor (GRP) may reload after a cache parity error occurs on a 1-port Gigabit Ethernet (GE) or 8-port Fast Ethernet (FE) line card. This symptom is observed a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S3 or Release 12.0(22)S and that is configured with an Engine 1 1-port GE or Engine 1 8-port FE line card. The GRP will reload only in the rare event that the cache parity error occurs in a CPU cache line that contains a control packet.
Workaround: Deconfigure the Error-Correction Code (ECC) software feature by entering the no service cerf global configuration command.
For more information, refer to the document at the following location:
http://www.cisco.com/warp/public/770/fn16911.shtml
•
Interprocessor communication (IPC) timeout flaps may occur on a Cisco 10000 series line card. This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(21)ST2. There is no workaround.
•
When all eight ports of an 8-port unchannelized E3/T3 line card are in use, memory corruption may occur, which may cause random router reloads. These symptoms are observed on a Cisco 10000 series router.
Workaround: Use only seven ports of the line card.
•
Packets that are traversing an Engine 4 plus (E4+) OC-192 line card in a Cisco 12000 series router that has tag switching enabled may be dropped. This symptom is observed in a traffic engineering (TE) configuration and occurs when traffic is load balancing across multiple TE tunnels at the headend or when label imposition is performed over multiple paths.
Workaround: Enter the clear ip route network mask command on the ingress side of the OC-192 link. Use caution because entering the clear ip route * command may invoke the symptoms.
•
An Engine 2 3-port Gigabit Ethernet line card that receives a tag packet with a Time to Live (TTL) value of 1 may reload. This symptom is observed on a Cisco 12000 series router. There is no workaround.
•
The following symptoms may be observed on a Cisco 12000 series Engine 2 (E2) ingress line card that is installed in a provider edge (PE) router.
When traffic is destined for an IP address for which the Cisco Express Forwarding (CEF) adjacency is an Ethernet MAC address and the Address Resolution Protocol (ARP) cache is either empty or incomplete, traffic is punted to the CPU of the line card. The CPU attempts to resolve the adjacency and drops the traffic.
While the ARP cache for the Ethernet MAC address is incomplete but traffic is being received for the IP address, the CPU utilization of the line card may increase to 99 percent. This situation may lead to a loss of Interior Gateway Protocol (IGP) neighbors and fabric-unicast ping timeouts, which in turn may cause the line card to reload.
When the CEF adjacency moves from an incomplete state to a MAC address, buffer management application-specific integrated circuit (ASIC) (BMA) errors are triggered and packet switch ASIC (PSA) pipeline stall messages may be displayed:
%LC-3-BMAERRS: ToFab BMA BMA error status error 10
%QM-3-ERROR: ToFab Register 0x40007.
-Traceback= 403F0074 4036DBF4 40498814 400CCF98
%LC-3-BMAERRS: ToFab BMA QM error 1These symptoms are observed in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) in which a Cisco 12000 series router that is functioning as a PE router is connected to a provider (P) router through an E2 line card and the connection between the PE router and the customer edge (CE) router is a Gigabit Ethernet link.
Workaround: The following sequence of commands will prevent the loss of IGP neighbors and fabric-unicast ping timeouts:
a.
b.
c.
d.
This sequence of commands will not prevent BMA errors and PSA pipeline stall messages, but will prevent the IGP neighbors from being lost and the line card from reloading. Note that these commands will no longer be enabled if the line card or router reloads.
•
The output from the Versatile Interface Processor (VIP) console show ip cache flow command and associated VIP NetFlow data may indicate null for the source interface or destination interface. This symptom is observed on a Cisco 7500 series router when the distributed Cisco Express Forwarding (dCEF) feature and the mpls netflow egress interface configuration command are enabled. There is no workaround.
•
A Cisco 12000 series router may reload because of a memory corruption. This symptom is observed during the configuration of traffic shaping. There is no workaround.
•
A Cisco router may install a suboptimal Intermediate System-to-Intermediate System (IS-IS) route into its routing table. Depending on the topology, this situation may create a routing loop.
This symptom is observed on an IS-IS Level 1 - Level 2 (L1L2) router that is running Cisco IOS Release 12.0 S or Release 12.0 ST and that has prefixes configured that are allowed to be leaked into Level 1, that is, prefixes that match the access list that is specified within the redistribute isis ip level-2 into level-1 distribute-list command. When route leaking is not configured, this condition is not observed.
Workaround: There is no workaround. The condition resolves itself when the affected route is cleared by entering the clear ip route network EXEC command.
•
A router may reload while calculating shortest path routes. This symptom is observed when you configure the metric-style wide global configuration command to enable Intermediate System-to-Intermediate System (IS-IS) in a Multiprotocol Label Switching (MPLS) traffic engineering (TE) environment. There is no workaround.
•
A Versatile Interface Processor (VIP) may reload when you enable the mpls netflow egress interface configuration command on a Dot1q interface. This symptom is observed on a VIP that is installed in a Cisco 7500 series router. There is no workaround.
•
After an application-specific integrated circuit (ASIC) resets or a line card failure occurs, interfaces may come up, but the Forwarding Information Base (FIB) is disabled, and the following error message can be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: IPC Failure: timeout
These symptoms are observed on a 2-port channelized OC-3/STM-1 (DS1/E1) line card or a 6-port channelized T3 line card that is installed in a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)ST1. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21)ST3
Cisco IOS Release 12.0(21)ST3 is a rebuild release for Cisco IOS Release 12.0(21)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(21)ST3 but may be open in previous Cisco IOS releases.
•
The logging source-interface global configuration command that is used to specify the source IP address of syslog packets has to be set in order for the command to work correctly. On certain platforms, this requirement prevents the copy run start EXEC command (which is the abbreviated form of the copy running-config startup-config EXEC command) and the write memory EXEC command from saving configurations to the system database. There is no workaround.
•
Route reflectors may have Border Gateway Protocol (BGP) tables that have multiple entries for the same route with multiple tags even though there should be only one entry. When this symptom occurs, clients of the route reflector still receive the correct BGP information. Virtual Private Network (VPN) routing and forwarding instance (VRF) interfaces on the route reflector may receive an incorrect tag.
Workaround: Clear the BGP session. The multiple tag behavior can be cleared by clearing the route. However, multiple entries on the BGP tables cannot be cleared by clearing the route.
•
A router may reload if the configuration is written directly from TFTP to NVRAM and if the syslog server and syslog source interface configuration statements are specified in the configuration file before the source interface configuration statement.
Workaround: Place the syslog server and the syslog source interface configuration statements after the source interface configuration statement.
•
Clocking problems and link instability resulting from the fact that the default transmit clock source changes to internal when a link is added to an IMA group may occur on a Cisco 7200 or Cisco 7500 router with an IMA-ATM inverse multiplexer over ATM port adapter with 8 T1 ports (PA-A3-8T1) installed and configured for Inverse Multiplexing over ATM (IMA). This can be seen by using the show controller atm EXEC command for each T1 interface that is included in the IMA group. If the txtiming field is 0xA, the link is clocking from Line. If the txtiming field is 0xE, the link is clocking from Internal.
Customers who suffer from T1 links that are part of an IMA group that flaps periodically may experience this condition. If the link is removed from the IMA group or if the workaround is applied and the link still flaps, the condition is unrelated to this caveat.
Workaround: Enter the shut down voice-port configuration command to shut down each of the ports in the IMA group. Enter the no ima-group group number interface configuration command to remove each of the ATM interfaces from the IMA group. Enter the clock source line {primary | secondary} controller configuration command to configure the clock source to be line on each of the ports. Enter the ima-group group number command to add the links back to the IMA group. Enter the no shut down voice-port configuration command on the interfaces. If the router is reloaded, the links will return to internal clocking and the workaround will have to be applied again.
•
"MUESLIX" errors that affect the capability of the router to route traffic may occur on a Cisco 7200 series router that is running Cisco IOS Release 12.0(14) S3 and that has a PA-8T-V35 serial port adapter. There is no workaround.
•
The following continuous stream of "%POT1E1-3-FWFATAL" error messages may occur on a router:
%POT1E1-3-FWFATAL: Bay 5: firmware needsresetdue to fw watchdog timeout
%POT1E1-3-FWFATAL: Bay 4: firmware needsresetdue to fatal softwareerrors
This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.1(8.04) and using an eight-port multichannel T1 port adapter (PA-MC-8T1). There is no workaround.
•
An E4+ Quad-OC48 line card in a Cisco 12000 series Internet Router running Cisco IOS 12.0(21)S2 or earlier may issue the following error message when the incoming interface of a local multicast group (e.g., 224.0.1.40) changes from one of its ports to another:
%RX192-3-HINTR: status = 0x40000000, mask = 0x7EFFFFFF - Multicast & slot mask eq 0 error (RX+ only).
Workaround: Enter clear ip mroute for the relevant local multicast group.
•
After the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on a Cisco 12000 series router, the route processor stops receiving traffic. This symptom is observed if a default route is configured over the Ethernet 0 interface for management purposes. This is not a recommended configuration as the Ethernet interface is not designed to switch traffic.
Workaround: Configure the IP address of the next hop router interface as the default IP route by entering the ip route 0.0.0.0 0.0.0.0 x.x.x.x global configuration command.
•
When one of two parallel connections is shut down between two routers, the second connection is deleted from the routing table even though it is still active. This symptom is observed when two routers are connected using the Intermediate System-to-Intermediate System (IS-IS) routing protocol and two parallel ATM (TC-ATM) links. IS-IS deletes both of the routes from the routing table.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the first of the two parallel connections.
•
An Ethernet over Multiprotocol Label Switching (EoMPLS) virtual circuit can be brought up when the Ethernet line protocol is down on the interface that is facing the edge. This symptom is observed when an EoMPLS tunnel is established between two loopback routers that are in the "up/up" state. A user should not be able to bring up the virtual circuit if the Ethernet line protocol is down on the interface that is facing the edge. This symptom may cause traffic to fall into a black hole. There is no workaround.
•
The ip cef accounting per-prefix non-recursive global configuration command may not work as expected after it is enabled on a Cisco 10000 series edge services router. Multiprotocol Label Switching (MPLS) may impose incorrect tags and cause traffic to be routed incorrectly.
Note: The ip cef accounting global configuration command should not be configured on the Cisco 10000 series edge services router because it is not a supported command on that platform.
Workaround: Do not configure Cisco Express Forwarding (CEF) commands.
•
Incoming tag packets that pass through a Packet-over-SONET (POS) or Gigabit Ethernet interface are counted double after fragmentation. This symptom is observed when packet sizes of incoming packets are larger than the maximum transmission unit (MTU) size. This symptom has no noted impact on packet forwarding. There is no workaround.
•
An Engine 4 or Engine 4+ line card may stop responding and be reset by the route processor if distributed multicast routing is enabled on a router. This symptom is observed on a Cisco 12000 series router that is running a Cisco IOS release that is earlier than Cisco IOS Release 12.0(22)S.
Workaround: Use Cisco IOS Release 12.0(22)S.
•
A memory allocation failure (MALLOCFAIL) message is displayed when a cable is unplugged from the serial interface of a router. This symptom is observed on a Cisco 7200 series router when a Cisco IOS release that contains the fix for CSCdt40038 is used. This symptom affects the PA-4T, PA-8T, PA-H, PA-E3, and PA-T3 port adapters. The occurrence of this symptom depends on the erroneous bit patterns that are received from the serial line that is down.
Workaround: Bring the line back up to enable the memory usage to return to normal.
•
When a universal transport interface (UTI) and per-packet load balancing (PPLB) are enabled on an E2 line card, the line card stops forwarding traffic. This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0 S.
Workaround: Reload the router.
•
Multiprotocol Label Switching (MPLS) packets that are switched by an Engine 3 card may become corrupted. There is no workaround.
•
When an interface card that faces the core is shut down, traffic does not always resume on the backup path and traffic may stop.
Workaround: Reconfigure the virtual connection on the peer provider edge (PE) router.
•
The E4 load-balancing hash does not distribute the source IP address between the incoming IP packet (src) and the destination IP address evenly in the incoming IP packet (dst) pairs. There is no workaround.
•
The Label Forwarding Information base (LFIB) of a label switch router (LSR) may not be populated with an output static label after the interface through which the prefix is learned is toggled. This symptom may cause forwarding to be disrupted.
Workaround: Remove and replace the output static label for the prefix in question or assign a local static label for the prefix along with the outgoing static label.
•
Service Assurance Agent (SAA) latency measurements may show unrealistic spikes. This symptom is observed on a Cisco router when the Border Gateway Protocol (BGP) is operating at full capacity.
Workaround: Enable the rtr responder global configuration command on the remote Cisco router and use the jitter probe.
•
If distributed switching is enabled on an interface, Multiprotocol Label Switching (MPLS) traffic that is destined to Virtual Private Network (VPN) prefixes cannot be forwarded over a VPN routing/forwarding (VRF) generic routing encapsulation (GRE) tunnel. The traffic is dropped at the disposition provider edge (PE) router.
Workaround: Configure the ip route-cache dist interface configuration command on the input interface or enable the ip cef global configuration command.
•
When output committed access rate (oCAR) is enabled on a 1-port Gigabit Ethernet interface, IP packets that have the do-not-fragment (DF) bit set may be forwarded incorrectly. If the packet size is between 1490 and 1500 bytes, the output frame will be seen as a giant packet. Packets that are greater than 1500 bytes in size and that have the DF bit set are incorrectly fragmented instead of being discarded.
Workaround: Set the IP maximum transmission unit (MTU) on the interface to 1512 bytes by entering the ip mtu 1512 interface configuration command.
•
A device that is running Cisco IOS software may reload when a command is entered to display a file that contains certain character patterns. This symptom occurs if the file in question has a very large line. This line may have a very large continuous set of characters without any new line characters and is most likely corrupted.
Workaround: There is no workaround.
•
Traceback messages may be displayed after the ip accounting mac-address input interface configuration command is configured on VLANs that have an input access control list (ACL) present. The counters that are based on the source and destination MAC address stop incrementing after the traceback messages are observed. These symptoms are observed on a 3-port Gigabit Ethernet line card when VLAN traffic is coming in. Workaround: Remove the input ACL from the VLAN interface.
•
Certain IP Services Engine (ISE) optical carrier (OC-3) concatenated line cards may fail to initialize and pause indefinitely at the IOS_STRT process when startup occurs. This symptom is observed only on 16-port line cards that are shipped with optical modules when releases prior to Cisco IOS Release 12.0(22)S are used. The 16-port line cards that are affected by this symptom have optical modules that are silver and grey in color. The 16-port line cards that are not affected by this symptom have optical modules that are light blue in color.
Workaround: Use Cisco IOS Release 12.0(21)ST3, 12.0(22)S, 12.0(21)S4, a later Cisco IOS release.
Alternate Workaround: Install fibers to the affected ports after entering the no shutdown interface configuration command on ports that are in the "shut" state.
•
When a IP Services Engine 3 (ISE) forwarding hardware is restarted because of an error, the sampled NetFlow may not work anymore.
Workaround: Reconfigure the sampling interval by entering the ip flow-sampling-mode packet-interval value global configuration command.
•
When the 6-port channelized T3 line card or the 2-port OC-3 channelized E1/T1 line card is used under stress conditions, a physical layer interface module (PLIM) reset may occur. A message may indicate that the line card has reloaded. This symptom is observed if the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the line card that is on the remote side while there is large amount of ingress traffic. Either one of the line cards may loose or delay PLIM keepalive packets and reset. The PLIM keepalive packets check the sanity of the PLIM data path by going through three loopback channels. There is no workaround.
•
If the bit error rate tester (BERT) that is used on a T1 line is stopped or allowed to run to completion, a subsequent online insertion and removal (OIR) of the line card may cause all channel groups on the T1 line to be disabled.
Workaround: Reconfigure the affected channel groups.
•
A router may reload because of a bus error and display the following message:
System returned to ROM by bus error at PC 0x5037FD38, address 0x34303A41
These symptoms are observed on a Cisco 12008 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST1 if the show mpls forwarding EXEC command and the show tag forwarding EXEC command are entered repeatedly. The reload is caused by a string overflow. The string overflow occurs because the Virtual Private Network version 4 (VPN) prefixes in the Autonomous System Boundary Router (ASBR) use the complete IP address to distinguish the route instead of the shorter autonomous system number when the show tag forwarding EXEC command is entered.
Workaround: Define the route distinguishers using autonomous system numbers instead of IP addresses.
•
A 4-port OC-12/STM-4 ATM multimode, signaling controller connector line card (4OC12/ATM-MM-SC) may reload because of a bus error exception when a standard output access control list (ACL) that has 127 lines is configured on another Engine-2-based line card. There is no workaround.
•
If the ssh router EXEC command is entered on a Cisco router, the router does not recognize that the user is not on the router and that the user does not have an associated vty for user input, and the router sets the terminal length to 0 automatically. There is no workaround.
•
An Engine 0 line card may reload. This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S or Release 12.0(21)ST when IP multicast traffic is present. The following error message may be displayed when this symptom occurs:
%LC-4-UNEXPECTED_INP_INFO: Unexpected info in buffer header, input info 0x0
Workaround: Disable IP multicast or use Cisco IOS Release 12.0(21)ST3.
•
The 8xOC3 and 4xOC12 E2-based line cards on the Cisco 12000 router are performing load balancing incorrectly. The load balancing is done on the basis of the top tag instead of the underlying source and destination IP address. Some form of load sharing occurs when there is a separate tag for each prefix, but load balancing is not done, and all traffic flows through only one link when the top tag is the same for a wide range of source and destination IP addresses. There is no workaround.
•
An 802.1q interface that is configured on a Cisco 10000 router may stop sending traffic if dot1q encapsulation commands are entered repeatedly on the router.
Workaround: Delete and recreate the subinterfaces if 802.1q interfaces have to be configured. Entering the shutdown interface configuration command followed by the no shutdown interface configuration command may correct this symptom.
•
A Cisco router may reload when a cache parity exception occurs. This symptom is observed when the CPU register space is read while a partial write to synchronous dynamic random-access memory (SDRAM) is executed from one of the write buffers.
Workaround: Ensure that all write buffers are flushed before the CPU register space is read.
•
The police bps burst-normal burst-max policy map configuration command cannot be configured and takes on only the default value (which is the same as the normal burst size). This symptom is observed on a Cisco 7500 router that is running Cisco IOS Release 12.0(21)S1. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0 S does not forward bootp requests when the bootp requests originate from a vendor-specific device across a High-Level Data Link Control (HDLC) encapsulation. The vendor-specific device sends bootp packet as broadcasts but does not set the broadcast bit in the HDLC header. Packets are dropped because of this behavior.
Workaround: Use Cisco IOS Release 12.0(21)ST3, Release 12.0(22)S, or a later release.
•
Performance degradation may be observed on a Cisco OC-12 Packet over SONET (POS) line card that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST when standard access control lists (ACLs) are used. When this symptom occurs, a 68-percent decrease in performance from baseline numbers may be observed. This symptom is also observed on the Cisco 4xOC-3 POS line card. There is no workaround.
•
When a bit error rate tester (BERT) is performed on a T1 line that is not in the "up" state, spurious reports of T1 BERT data may be seen and the line card may reload. There is no workaround.
•
A microcode reload may occur on a router. This symptom is observed on a Cisco 10000 router that is acting as a provider edge (PE) router when traffic is sent through a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel. There is no workaround.
•
A router may reload. This symptom is observed when an extended Border Gateway Protocol (BGP) community list statement with an illegal regular expression is written into the global configuration on a Cisco router that is running Cisco IOS Release 12.0(19.1)S3 or a later release. The following is an example of a community list statement that may cause the router to reload:
ip community-list expanded test permit (6327:[1_)
Workaround: Do not enter an extended BGP community list statement that contains an illegal regular expression pattern. This symptom is not observed in Cisco IOS Release 12.0(19.1)S or earlier releases and is not platform-specific.
•
Internal loopback does not work on Engine 2 line cards that are installed on a Cisco 12000 router. There is no workaround.
•
On line cards for the Cisco 12000 router, the SALSA_RD address error is treated as an ASIC_FATAL error. There is no workaround.
•
When the redundancy force-failover main-cpu EXEC command is entered, some channelized users may be left down. These devices can be viewed by using the Cisco Discovery Protocol (CDP).
Workaround: A temporary workaround is to reconfigure the correct controller details.
•
The Ring Access Controller (RAC) watchdog timer expires and forces the RAC to enter the passthrough mode. Typically, this symptom occurs when the CPU utilization remains at 100 percent for more than 90 seconds. There is no workaround.
•
With ports that are enabled for automatic protection switching (APS), the working or the protect status—or both the working and the protect status of the ports—display incorrectly the message "Port stat (w,p): (Signal Fail, Signal Fail)" when you enter the show aps or show controllers atm command.
This symptom is observed when virtual circuits (VCs) are up and active, ports are able to perform a cutover upon failure, traffic is passing, and you associate slots in APS redundancy mode before you configure permanent virtual connections (PVCs) on the APS-enabled ports. This situation will typically happen only when you use TFTP to copy the configuration in.
Workaround: Configure the VCs before you associate the slots for APS.
Alternate Workaround: If you need to associate slots for APS before you create VCs, enter the commands manually or use cut-and-paste to copy the command in.
•
A trace route that is sent through a generic routing encapsulation (GRE) tunnel on a Multiprotocol Label Switching (MPLS) core does not work as expected. The GRE tunnel ends but does not send an unreachable message to the source.
Workaround: Avoid performing a trace route on an MPLS core through a GRE tunnel.
•
Small packets that require padding may be corrupted in the last byte of the packet payload. This symptom is observed on a Cisco 10720 router and is observed only with packets that are 35 and 39 bytes in IP length. There is no workaround.
•
A router may reload when a sham-link is configured.
There is no workaround.
•
When sampled NetFlow is configured on an IP Services Engine (ISE) line card on a Cisco 12416 router, some export datagrams that are generated by NetFlow may not reach the collector because the line card failed to export the datagrams. There is no workaround.
•
Spurious accesses occur on a per-packet basis on a Versatile Interface Processor (VIP). In addition, interfaces and routing protocols on the affected VIP and other interfaces on the router may flap. This symptom is observed on a Cisco 7500 series router when Multiprotocol Label Switching (MPLS) is enabled on one of the VIP interfaces. There is no workaround.
•
The following caveat describes two symptoms, two conditions, and two workarounds.
Symptom 1:
An access control list (ACL) does not operate correctly to match Layer 4 Operation (L4Op) entries. The ACL clears the logical operator unit (LOU) while it is still being used by other interfaces. This symptom is observed when an ACL is removed from one interface after the ACL is applied to multiple interfaces.
Workaround: Remove the ACL from all interfaces to which the ACL has been applied, and reapply the ACL to the interfaces as needed.
Symptom 2:
A ternary content addressable memory (TCAM) LOU capacity error may occur even though the number of used LOUs in the existing ACLs is less than the set limit. This symptom is observed when two different ACLs are applied to two different interfaces (ACL A on interface A and ACL B on interface B). When ACL A is applied to interface B, the LOU from ACL B is not cleared. This behavior causes LOUs to be wasted in TCAM.
Workaround: First remove ACL B from the interface, and then reapply ACL A to that interface.
•
If an online insertion and removal (OIR) is performed on a line card while a Cisco Express Forwarding (CEF) table is downloaded, the remaining line cards may pause indefinitely in the "request-reload" state as the remaining line cards wait for the line card on which the OIR has been performed to complete the download of the CEF table.
Workaround: Reinstall the line card that has been inserted and removed (using OIR) into the out slot.
Resolved Caveats—Cisco IOS Release 12.0(21)ST2
Cisco IOS Release 12.0(21)ST2 is a rebuild of Cisco IOS Release 12.0(21)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(21)ST2 but may be open in previous releases.
•
A Cisco router that has a Route Switch Processor (RSP) may pause indefinitely at the rsp_fs_free_memd_pak process and display the following message on the console:
%RSP-3-BADBUFHDR: freeing MEMD pak, address 0 -Traceback= 60367710 60373AA4
602D30B8 600DA700 602413E0 602416D8 60FCE4D8 60FCC CD0
602223C8 602224F4 6036A260 60378E70 60331290
There is no workaround.
•
In Cisco IOS Release 12.1 and Release 12.1 T, when a Multilink PPP (MLP)/Multiprotocol Label Switching (MPLS) virtual routing/forwarding (VRF) instance and Cisco Express Forwarding (CEF) or a dialer interface is used with MLP, packets may be lost when a single link is contained in an MLP or dialer interface. Interleaving does not work, and most or all voice packets will be lost.
Workaround: Use a fragmentation delay of 10 ms or 20 ms on dialer interfaces that use MLP encapsulation with MPLS or with CEF, or add a dialer load threshold of 1 to the dialer interface.
•
If a router receives an Address Resolution Protocol (ARP) packet that has the router's own interface address but with a different MAC address, the ARP packet can overwrite the router's own MAC address in the ARP table, causing that interface to stop sending and receiving traffic. This attack is successful only against interfaces on the Ethernet segment that is local to the attacking host.
Workaround: Hard code the interface's ARP table entry by using the arp ip-address hardware- address type [alias] global configuration command. This entry will remain in the ARP table until the no arp ip-address hardware- address type [alias] global configuration command is issued. Please refer to the advisory at the following URL:
http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
Note
•
On a Cisco 7200 router, Intermediate System-to-Intermediate System (IS-IS) hellos and PPP keepalives are treated like nonpriority packets and dropped by Selective Packet Dropping (SPD) in situations of congestion. In consequence, the router might loose its IS-IS adjacency or the Layer 2 connectivity and the effect of SPD may fail. In theory, such a situation may occur only if the router is heavily loaded at the process level or if Cisco Express Forwarding (CEF) is disabled.
Workaround: Avoid using SPD if the input queue fills.
•
On a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with a PA-2FE port adapter, after you have reloaded the microcode while the router was forwarding traffic, the router may stop sending traffic. Entering the shutdown interface configuration command followed by the no shutdown interface configuration command solves the condition only temporarily.
Workaround: Reload the microcode while there is no egress traffic on the router.
•
With some RSP-PV software images for a Cisco 7500 router that has a Versatile Interface Processor (VIP), certain X.25 commands such as the show x25 EXEC command cannot be used. This condition applies only to images that belong to the service provider feature set. This condition does not affect the overall functionality for the X.25 signaling type or X.25 configuration commands.
Workaround: Use another feature set.
•
When you perform a test loop on a Very Short Reach (VSR) OC-192 line card that is installed in a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(19)S, the line card may reload with an error message that indicates that the program counter is corrupt. There is no workaround.
•
On a Cisco 12000 series Internet router that is configured with an Engine Quad OC-48 line card that is functioning as an ingress line card and that is performing outbound load sharing with an egress Engine 2 line card, the load sharing per source and destination is not performed, and only one path is utilized, which results in one path being overutilized and the other path being underutilized. There is no workaround.
•
A Cisco router may reload when a probe is configured to operate at a frequency of 0 seconds and then is scheduled to run.
Workaround: The probe frequency of 0 seconds is illegal and must not be used.
•
With large numbers (4000 or more) of permanent virtual circuits (PVCs) that are running at the line rate, a reassembly interface may stop working and drop all input traffic as input errors. This condition does not clear up when the input traffic stops; the line card must be reset. This behavior may occur on OC-12 and 4-port OC-3 ATM line cards.
Workaround: Lower the receiving bandwidth to 99 percent of the full line rate.
•
Misaligned or spurious memory accesses may be detected on a Versatile Interface Processor (VIP) at the hqf_get_policymap() process. There is no workaround.
•
On a Cisco 12000 series Internet router, a microcode error (Tofab BMA) may occur on a 4-port OC12 ATM line card that is being used in a tag disposition role in which it has to pop a single tag off both a 2 tag stack and a 1 tag stack in which the top tag can be the same (for example, a P router in a VPN setup). The microcode error resets the line card when the egress port is flapped. There is no workaround.
•
If authentication is enabled on a member link of a Multilink PPP (MLP) bundle, the member link may go down after a certain time.
Workaround: Disable authentication.
•
Reload information may be found in a Cisco Gigabit Switch Router (GSR) boot flash memory with the following message:
UTC: %SYS-3-BADBLOCK: Bad block pointer 63E980C0
UTC: %SYS-6-MTRACE: mallocfree: addr, pc
UTC: %SYS-6-MTRACE: mallocfree: addr, pc
UTC: %SYS-6-BLKINFO: Corrupted next pointer blk 63E980C0, words 18, alloc 60403DF4, Free, deal loc D0D0D0D, rfcnt 0
There is no workaround.
•
When Random Early Detection (RED) is enabled, TCP throughput is degraded. This condition causes the throughput of traffic classes that have bandwidth guarantees to remain below the configured rate and affects only the subdigital signal level 1 (DS-1) interface processor. There is no workaround.
•
A Cisco Internet router that is running an experimental code may reload with a bus error after issuing the show ip bgp regexp regular-expression EXEC command. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) environment, packets are dropped in a Versatile Interface Processor (VIP) with no Cisco Express Forwarding (CEF) entry for the remote VPN routing/forwarding (VRF) route. This behavior is noticed for Cisco 7500 routers that are configured as provider edges (PEs). The failure happens when VRF is deleted after Border Gateway Protocol (BGP) and CEF are disabled from any previous MPLS/VPN configuration.
Workaround: Disable the ip cef [distributed] global configuration command and enable the ip cef global configuration command on the Cisco 7500 router. End-to-end connectivity is restored. Reenable the ip cef [distributed] global configuration command and all packets pass successfully.
•
Two routers that are running Cisco IOS Release 12.0(18)S may fail to reestablish a Connectionless Network Service (CLNS) relationship after a Packet-over-SONET (POS) outage has occurred between them.
Workaround: Enter the clear isis *command on the routers.
•
A Cisco router boots the boot image in boot flash memory instead of booting the full Cisco IOS image from the disk if all of the following conditions are met:
–
–
–
- There is a complete and bootable Cisco IOS image on the disk, and there is a boot image in boot flash memory.
Workaround: Set the router to boot the image from the disk using the boot system global configuration command.
•
In Cisco IOS Release 12.0(21)S, when the number of interfaces is greater than the value of maxroutes, the excessive interfaces can still be configured in a subnet. There is no workaround.
•
If an Engine 4 or Engine 4 plus line card that is installed in a Cisco 12400 series Internet router that is running Cisco IOS Release 12.0(21)S receives a large amount of multicast traffic, the line card may stop responding and be reset by the route processor because of a fabric ping timeout. The stack trace in the line card reload context may point to the "lc_mbus_interrupt_handler()" function, whereas the process level traceback may point to the "gen67_tdl_request_hash_search()" function. There is no workaround.
•
When a PA-MC-STM1 port-adaptor is configured for framed or unframed mode, you may see several aborts in some channels.
Workaround: Follow the steps below:
1. Configure the network payload loopback on the E1 channel on which you are seeing the condition.
2. Configure another E1 channel on another synchronous payload envelope (SPE).
3. Unconfigure the payload loopback.
•
If you reload a 4-port OC-3 line card on a Cisco 12000 series Internet router, a burst of cyclic redundancy check (CRC) errors may be received at the other end of the OC-3 link. If the remote router is software-based (such as a Cisco 7200 series router), this burst of CRC errors may cause high CPU utilization.
Workaround: Shut down the interface at the remote router before you reload the 4-port OC-3 line card.
Note: To activate the workaround, configure "service download" before reloading the new image. After reloading the new image, execute the upgrade fabric-downloader command.
•
Spurious memory accesses are observed at the dsx3_controller_t1_framing process when extended super frame (ESF) framing is configured on a Channelized T3 Interface Processor (CT3IP) controller. Spurious memory accesses may also occur if the router is rebooted while framing is set to ESF. There is no workaround.
•
An Cisco IOS router may issue a spurious access in rsvp_update_explicit_route. This happens on a router that is running Cisco IOS Release 12.0ST and Release 12.0S with Multiprotocol Label Switching (MPLS) TE tunnels and the Resource Reservation Protocol (RSVP), but only when memory allocation failures are occurring on the router. There is no workaround.
•
When "snmp ifindex persist" is configured for each interface on a Cisco Internet router and "snmp-server ifindex persist" is also configured correctly and a copy EXEC command is used to save the ifindex in NVRAM (persistent-data), when a card is removed with a reload, the ifindex values change. There is no workaround.
•
After a Cisco 12000 series Internet router has reloaded, multicast traffic may not go through an Engine 2 line card if multicast hardware switching is enabled.
Workaround: After the router has reloaded, unconfigure and then reconfigure multicast hardware switching.
•
On a Cisco Internet router that is running the gsr-p-mz.120-20.4.ST.0206 image, if an interface on a 2-port OC3 Channelized to DS1/E1 LC is removed from a multilink group, the following message will appear:
Feb 7 17:32:22.751: %GRP-3-ENCAP: Failure to Update (mac length non-0), slot 4294967295 (info 0x4)
-Traceback= 5029E8DC 5029F1DC 50101C7C 501022D4 500F8E24 500F9B80 500F9C04 501A6F9C 5019C6D0 5019C780 5019D400 501BE90C 501BE8F8
There is no workaround.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.04)ST2, if you configure Multilink Frame Relay (MRF) on a 6-port channelized T3 line card or a 2-port STM-1/OC-3 channelized E-1/T-1 line card and you perform an online insertion and removal (OIR) of the line card, the MFR interfaces do not recover. There is no workaround.
•
On a Cisco 12000 series Internet router that is configured with a 6-port channelized T3 (6CT3) line card that has a large number of routes in the network, Multilink PPP (MLP) interfaces may appear in an "up/up" state after the router has reloaded but traffic will not pass over the multilink interfaces.
Workaround: Enter the hw-module slot shelf-id/slot-number reload privileged EXEC console command on the 6CT3 line card. This workaround ensures that the Forwarding Information Base (FIB) table on the line card is updated with the information from the FIB table on the Route Processor (RP).
Alternate workaround: If there are only a few MLP bundles configured on the 6CT3 line card, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on all serial interfaces in the multilink bundle on the router that is configured with the 6CT3 line card and on the router at the receiving end. This workaround ensures that the FIB table on the line card is updated with the information from the FIB table on the RP of the router that is configured with the 6CT3 line card.
•
On a Cisco 12000 series Gigabit Ethernet (GE) line card that has outbound committed access rate (CAR) configured, pings may fail for packets with a size that exceeds 1530 bytes.
Workaround: Disable CAR on the GE line card.
•
When configuring distributed Cisco Express Forwarding (dCEF) on a Cisco 7500 series router that is running tag-switching or Multiprotocol Label Switching (MPLS) and functioning as a provider edge (PE) router, some IP connectivity can be broken. This situation occurs only when the PE router is running both cell-based and frame-based tag switching simultaneously. There is no workaround other than disabling dCEF, which is unacceptable.
•
A channelized T3 Interface Processor (CT3IP-50) that is installed in a router that is running
Cisco IOS Release 12.0(21)S1 may reload with an error message that is very similar to the following:$0 : 00000000, AT : 30037FE0, v0 : 00000000, v1 : 3802F3BE a0 : 60A6FEA0, a1 : 60A07EA0, a2 : 00000007, a3 : 00000020 t0 : 00008000, t1 : 4E90424C, t2 : 00000001, t3 : 601824C8 t4 : 600C8040, t5 : 000000F8, t6 : 00000000, t7 : 611F7BAC s0 : 60A07EA0, s1 : 0000000A, s2 : 00000030, s3 : 60A71880 s4 : 00006000, s5 : 60A6FEA0, s6 : 00000033, s7 : 60A49660 t8 : 8E07F138, t9 : 00000000, k0 : 00000000, k1 : 00000004 gp : 606DBFC0, sp : 6086C380, s8 : 00000003, ra : 6017DFB0 EPC : 00000000, ErrorEPC : 800086B8, SREG : 3400E103 Cause 00000008 (Code 0x2): TLB (load or instruction fetch) exception
-Traceback= 0x6017DFB0 0x601805FC 0x601825A4
There is no workaround.
•
A Cisco 10000 series router cannot act as the head or tail of a generic routing encapsulation (GRE) tunnel that carries Multiprotocol Label Switching (MPLS) encapsulated traffic. There is no workaround.
•
This caveat refers to a network configuration that has the following characteristics:
–
–
–
The routers function in an interautonomous system Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment. After a multiprotocol external Border Gateway Protocol (MP-eBGP) update, if you enter the show mpls forwarding-table EXEC command, the VPN labels that are shown do not match the VPN labels that are shown if you enter the show ip bgp vpnv4 all EXEC command.
Workaround: Enter the clear ip bgp * EXEC command on the router that functions as the PE ASBR.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S1 and that is configured with a 6-port channelized T3 (6CT3-SMB) line card that has Multilink Frame Relay (MLFR) enabled, MLFR bundle flaps may occur because of degradation on one link in the MLFR bundle or because of one link in the MLFR bundle being shut. Traffic may no longer be sent over the link that is shut, but the rest of the links should be able to transmit without interruption. There is no workaround.
•
When using peer groups under the address-family ipv4 [unicast] vrf vrf-name address family configuration submode command, the Border Gateway Protocol (BGP) updates from the provider edge (PE) to the customer edge (CE) might get corrupted, and on the CE, you will get a message similar to the following:
BGP-6-NEXTHOP: Invalid next hop (0.0.0.0) received from x.x.x.x: martian next hop
BGP(0): x.x.x.x rcv UPDATE w/ attr: nexthop 0.0.0.0, origin ?, metric 0, originator 0.0.0.0, path YYYY, community , extended community
20.1.1.0/24 -- DENIED due to: martian NEXTHOP;
Where x.x.x.x is the PE ip address and YYYY is the AS number
This situation will lead to loss of BGP routes on the CE routers even though the BGP neighbors stay up.
Workaround: Take off the peer group configuration from the address-family ipv4 [unicast] vrf vrf-name address family configuration submode command.
•
If the microcode on a Cisco10000 series router is reloaded repeatedly (hundreds or thousands of times), eventually the router will reload the Cisco IOS software. The microcode should only be reloaded in the case of a PFX reload, which is rare. There is no workaround.
•
A Cisco 12008 series router that is running Cisco IOS Release 12.0(21)S1 does not initialize or periodically update the Switch Fabric Card (SFC) status LEDs. This causes the LEDs to appear to be nonfunctional. The switching functions of the SFCs are not affected, but the SFCs, as seen from the front panel, appear to be nonfunctional. There is no workaround.
•
After a 6-port channelized T3 (6CT3-SMB) line card that is configured for Multi Frame (MFR) and that is installed in a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S1 has reloaded, an associated MFR bundle may not recover.
Workaround: Reload microcode onto the line card.
•
On a Cisco 12008 Internet router with an oc48/POS-SM line card, the following error message occurs each time an access control list (ACL) is applied inbound when a sampled NetFlow is also present on the interface:
SLOT 2:Feb 22 05:42:28.160 MET: %LC-3-BMACMDRPLY: Problem in BMA reply to command type 128 ToFab BMA sequence no=1
Workaround: Disable either the sampled netflow or the ACLs on the interface.
•
On a Cisco 12000 series Internet router, the switchover to the backup Clock and Scheduler Card (CSC) may not be generated when loss of signal (LOS) or cyclic redundancy check (CRC) errors are detected.
Workaround: Replace the CSC that has the hardware failure.
•
On a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST1 or Release 12.0(20)ST2, the Frame Relay (FR) functionality on an OC-3 Packet over SONET (POS) and OC-12 POS interface may not work. The loopback (LP) may not come up, and Local Management Interface (LMI) "enq" and "stat" messages may not be exchanged between the FR data terminal equipment (DTE) and data communications equipment (DCE).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the main POS interface on the FR DTE side, causing the router on the DTE side to start sending LMI "enq" messages and, subsequently, causing the router on the DCE side to start sending LMI "stat" messages.
•
On a 6-port channelized T3 line card in channelized mode with a connected channel group, if you enter the shutdown controller configuration command on the controller, perform an online insertion and removal (OIR) of the line card, and then enter the no shutdown controller configuration command on the controller, the T1 interface and its channel or channels may fail to come back up.
Workaround: Perform an additional OIR of the line card.
•
Border Gateway Protocol (BGP) peering between two or more links on a 10K via serial/T1 will not load balance correctly if configured for per-packet load balancing (PPLB). Using the BGP configuration with external BGP (eBGP) multihop and a configured number of host static routes, the PPLB function fails.
Workaround: Configure static routes for the networks that a customer is advertising via BGP to the router's next-hop links.
•
Serial interfaces on 1Choc12 line cards remain in a "down/down" state following a reload with interfaces defined in the startup configuration. This situation occurs if the startup configuration contains a large number of serial interfaces that are defined on multiple 1Choc12 line cards.
Workaround: Delete and recreate the affected interfaces.
•
With multiple Multiprotocol Label Switching (MPLS) traffic engineering tunnels peered to the same destination, an incorrect load-balancing algorithm is observed after the bandwidth of one of the tunnels is changed.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the tunnel in which the bandwidth change occurred.
•
Sampled NetFlow may stop functioning during a normal traffic flow on a Cisco 12000 series Internet router.
Workaround: Remove the ip route-cache flow interface configuration command from the interface configuration, and then reapply the command.
•
If you enable the Multiprotocol Label Switching (MPLS) Traffic Engineering feature on a
Cisco 7500 series router that is running Cisco IOS Release 12.0(20.4)ST, all router interfaces may come down and the router may produce an error message that starts in the following way:%RSP-2-QAERROR: reused or zero link error, write at addr 1AA0
(QA) log 221AA000, data FCF00000 00000000
QA-3-DIAG: Approximate stack backtrace prior to interrupt:
QA-3-DIAG:
-Traceback= 60A6AC68 601E0B14 603639D8 60311680
QA-3-DIAG: No NULL terminator for queue 0x28
Note
There is no workaround.
•
An enhanced 4-port OC-12 Packet-over-SONET (POS) line card that is installed in a
Cisco 12000 series Internet router that is running Cisco IOS Release 12.0 (19)S1 may repeatedly report the following error message:SLOT 6:Mar 14 09:49:23 MET: %LCPOS-3-SOP: RX:UnexpectedSop. Source=0x4
(Framer), halt_minor0=0x8000
SLOT 6:Mar 14 09:49:23 MET: %GSR-3-INTPROC: Process Traceback= 400C8E08
400C4730 40010A24
-Traceback= 402EF7E4 40620744 400C3F0C
A SONET synchronization difficulty may precede the error message. The line protocol goes down on the affected interface, and if the affected interface is not shut down, the line card will eventually be reloaded by the router because of internal ping timeouts and the following error message will appear:
%GRP-3-COREDUMP: Core dump incident on slot 6, error: Fabric ping failure
(seq:502605)
There is no workaround.
•
A Cisco router that is running Cisco IOS Release 2.1(13) or another Cisco IOS release may reload with a bus error that is related to Open Shortest Path First (OSPF). There is no workaround.
•
A Cisco 7500 router that is running Cisco IOS Release rsp-pv-mz.120-16.ST.bin image and has Multiprotocol Label Switching (MPLS) enabled may experience spurious memory accesses and reload with a bus error. There is no workaround.
•
When a Cisco Internet router is running IPv6 on an 8-port ATM OC-3, subinterfaces configured using pvc 0/1 encapsulation aal5snap style will loose v6 addresses after a Route Processor (RP) reload. There is no known workaround.
•
If E1s on a CHSTM1 card are set to no-crc4 framing, then the show running output will not display this configuration for some E1s. This situation causes failures when the router reloads or PRE cuts over. This will not happen if all E1s are configured with no-crc4 framing. There is no workaround.
•
When a Cisco 10720 series router that is running Cisco IOS Release 12.0(21)ST or Release 12.0(20)SP is subjected to a heavy traffic load, network control traffic may be dropped. Any configuration in which network control traffic can be sourced by a Cisco 10720 series router can exhibit this problem. There is no workaround.
•
The system reloads whenever "card slot#/1 full_hight_card_name" is entered twice back-to-back, where 1 denotes the lower half slot on the Edge Service Router (ESR). This is a negative test in exercising command-line interface (CLI) commands. While in a production environment, it is not physically possible to insert a full height ESR card into the lower half slot. There is no workaround.
•
"Match nlri multicast" is broken for both inbound and outbound route maps.
Workaround: Use "match ip address" under "route-map".
•
E4 cannot forward traffic to a one hop tunnel when the tag ip is enabled. There is no workaround.
•
A software-forced reload may occur on a Cisco 12008 router after the shutdown interface configuration command followed by the no shutdown interface configuration command is issued on a tunnel interface and when the Multiprotocol Label Switching (MPLS) TE tunnel is configured with an absolute metric and the tunnel is used with Open Shortest Path First (OSPF). This can trigger a watchdog timer event, which causes a reload. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Fast ReRoute (FRR) configuration, if a Cisco router that is functioning as a TE headend router is running a Cisco IOS release earlier than Cisco IOS Release 12.0(22)S, for example, Release 2.0(17)ST,and the Cisco router that is functioning as a midpoint router is running Cisco IOS Release 12.0(22)S or a later release, the headend router may tear down link-state packets (LSPs) that are rerouted by the midpoint router. There is no workaround.
•
A Cisco 12000 series Engine 3 line card that is configured with Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF) as the Interior Gateway Protocol (IGP), that has many (10,000) IS-IS or OSPF routes configured, and that has load balancing enabled may reload. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.0(18)ST an 1OC12/Packet-over-SONET (POS)-MM line card reloads repeatedly after tag switching is configured on the POS interface.
Workaround: Disable tag switching.
•
On a Gigabit Ethernet (GE) interface of a Cisco 12000 series 3-port GE line card, Sampled NetFlow (SNF) accounting may be inaccurate if you apply an access control list (ACL) to the interface.
Workaround: Do not apply an ACL to the interface.
•
Redistributed static with route-map under address-family multicast does not work correctly when the prefix is also advertised by address-family unicast. There is no workaround.
•
If an Engine 2, 16-port OC3 line card is configured with 16 different input ACLs, Cisco Express Forwarding (CEF) may get disabled on the line card when about 100K Border Gateway Protocol (BGP) routes are present. There is no workaround.
•
On a Cisco 12000 series Internet router, if you ping the loopback address from the west-end to the east-end router, datagrams are dropped. The first packet-size ranges to fail are the packets between 77 and 80 and between 605 and 608. Only these packet ranges are being dropped; all other packets get through. There is no workaround.
•
On a Cisco 10720 series router that is running Cisco IOS Release 12.0(21)ST, if explicit-null labels are configured to be received from the Multiprotocol Label Switching (MPLS) cloud and if an input service policy is defined, the Toaster Cisco Express Forwarding (CEF) engine will restart with the message "Complex restart". This problem is present only if there is a glean adjacency for the IP address found in the packet after the null MPLS label is discarded.
Workaround: Do not use an explicit null configuration and an input service policy configuration simultaneously.
•
The Cisco Internet router reloads if a Clock and Scheduler Card (CSC) is inserted in slot:16 at runtime and a Simple Network Management Protocol (SNMP) query is done on CISCO-PROCESS-MIB.
Workaround: Configure an SNMP view excluding CISCO-PROCESS-MIB.
•
On an OC-3 Packet over SONET (POS) line card that has PPP encapsulation enabled, an alarm indication signal (AIS) count may be detected on the far end of the link if the Rx fiber is removed on the near end. In fixing this caveat, the OC-12 POS portion of the code was properly corrected, but the OC-3 POS portion of the code was missing a change to a function. As a result, the AIS count may not show up (or it may show up), but the AIS may not be transmitted properly when the port is in the "admin down" or "loopback" state. There is no workaround.
•
On a Cisco 12000 series 12E3-SMB line card that is running Cisco IOS Release 12.0(21)ST1, after reloading the neighbor router connecting to the 12E3-SMB, Loss of Frame errors occur, and the interface and line protocol are down.
Workaround: Issue the hw-module shelfnum/slotnum {start | stop} EXEC console command for the 12E3-SMB line card.
•
When the MQC police command is combined with MQC bandwidth, priority or shape command on an output ISE interface, traffic stops completely on that interface. The configuration must be removed and the card reloaded to clear the loss of packet buffers. There is no workaround.
•
When a suspended Telnet session is "resumed" using the resume EXEC command, with or without arguments, the system will unexpectedly reload with an ALIGN-1-FATAL error at address 0x0.
Workaround: Do not use the resume EXEC command to restore the Telnet session. Just press Enter on your keyboard.
•
After a policy map is reconfigured, a Cisco c10000 series router that is running Cisco IOS
Release 12.0(21)SX stops forwarding traffic but there is no Parallel Express Forwarding (PXF) reload.This condition can occur when:
–
–
–
–
This condition does not always occur.
Workaround: Remove the policy map from the interfaces before modifying it.
•
If a Cisco 12000 Route Processor runs out of memory, it may soon reload. There is no workaround.
•
When large Internet Control Message Protocol (ICMP) (v6) packets (greater than 1024 bytes) are sent out of a Packet over SONET(POS)-interface to the other end, there is a 75 percent or less response. Whereas using ICMP(v4), there is a 100 percent response. There is no workaround.
•
Configuring virtual routing/forwarding (VRF) on the Frame Relay (FR) subinterface breaks the provider edge (PE) router to customer edge (CE) router connectivity. PE cannot ping the directly connected CE.
Workaround: Remove the subinterface completely and reconfigure it.
•
The symptoms described in this caveat occur when you upgrade your Cisco IOS software release, especially if the previous version is pre-Cisco IOS Release 12.0(21)ST. There are different symptoms that may occur. Messages may be displayed about "unknown events" or "events out of range," such as the following:
00:00:25: %IPCGRP-3-EVENTOP: Event 4 from slot7/0: unknown event
-Traceback= 603A8ECC 603A8E00 6033736C 60337358
Sometimes the router may reload.
Workaround: Powercycle the chassis before loading the new Cisco IOS software release version.
•
If you add new interfaces on a line card that is installed in a Cisco 12000 series Internet router, the Multicast Distributed Fast Switching (MDFS) functions on other line cards of the same router do not recognize the newly added interfaces until multicast is enabled on the newly added interfaces.
Workaround: Turn on a multicast function, such as the Protocol Independent Multicast (PIM) mode.
•
A Cisco 12000 series Internet router may encounter the following error messages on an Engine 2 line card:
00: 22:20: %FIB-3-FIBDISABLE: Fatal error, slot 0: No window message, LC to RP
IPC is non-operational.
This message indicates that Cisco Express Forwarding (CEF) has been disabled on the Engine 2 line card. This situation occurs under the following circumstances:
–
–
–
In Cisco IOS Release 12.0(21)S1, the behavior of CEF was modified in such a way that no single line card enables CEF until all line cards are rebooted. In addition, if a line card requests a CEF reload while BGP is in the process of using system resources aggressively, this reload is suspended until BGP signals that it is safe to do so. These modifications were made to prevent CEF and BGP from contending for system resources at the same time. (See CSCdw54825 for details). In the situation described in this DDTS, some or all Engine 2 line cards actually request a second CEF reload just after CEF is enabled. When this second request occurs, the line card is placed in a waiting state until BGP signals to proceed with the reload (as documented in CSCdw54825). However, BGP does not give that signal until a peer comes up or until 6 minutes have passed (whichever comes first).
While the line card is in this waiting state, the Route Processor (RP) ignores its CEF keepalives. After 6 minutes (a predefined timer), if the line card is still in the waiting state, the RP disables CEF on this line card because the RP does not register any keepalives.
Workaround: Configure the nonenhanced BGP convergence mode by entering the bgp normal command. You can enter this command under the "bgp router <x> section" of the configuration file. Note that this command is available only in Cisco IOS Release 12.0(21)S1.
The workaround for this DDTS serves two purposes:
–
–
2.5 minutes.Resolved Caveats—Cisco IOS Release 12.0(21)ST1
Cisco IOS Release 12.0(21)ST1 is a rebuild of Cisco IOS Release 12.0(21)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(21)ST1 but may be open in previous releases.
•
In Cisco IOS software that is running Multiprotocol Label Switching (MPLS) Traffic Engineering (TE), packets that are traveling through a tunnel that is protected using Fast Reroute (FRR) may be lost while the tunnel recovers from a link failure. There is no workaround.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.3)ST1 and that is configured with an Engine 2 Packet over SONET line card in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) routing/forwarding (VRF) environment, if you change the configuration from a Frame Relay subinterface-based VRF to a high-level data link control (HDLC)-based VRF, packet switch ASIC (PSA) tracebacks may get stuck in the pipeline on a provider edge (PE) router and traffic may be interrupted.
Workaround: Enter the hw-module slot shelf-id/slot-number on the Engine 2 line card. Traffic will resume after the line card has reloaded.
•
If you use a quality of services (QoS) service policy with class-based fair queue or priority queue features on a Multilink PPP (MLP) interface and you enter the service-policy command before all PPP links come up in an MLP bundle, the traffic classes that should receive fair or priority treatment may fail to receive such services.
Workaround: Manually apply the service policy command after you have ensured that the multilink bundle is fully connected.
•
An erroneous Cisco Express Forwarding (CEF) entry that points to a Gigabit Ethernet interface as a next hop is created for a route that is not in the routing table. This condition is caused by the Address Resolution Protocol (ARP) when ARP looks up a request during multicast processing.
Workaround: Disable proxy ARP on the interface and on all routers that are connected to the same segment using the no ip proxy arp interface configuration command.
•
On a line card in a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)ST with Interface Under Test (IUT) configured as the Border Gateway Protocol (BGP) neighbor link to the traffic source, if you configure unicast Reverse Path Forwarding (uRPF) strict check on the IUT, traffic will be blocked for both valid and invalid source addresses.
Workaround: Remove uRPF from all interfaces on the affected line card and then add uRPF again.
•
On a Cisco 12000 series Internet router, a one-hop Traffic Engineering (TE) tunnel may not be able to forward traffic if the traffic comes in over an Engine 4 Plus line card. There is no workaround.
•
On a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(20.4)ST1, a ping may fail within a Virtual Private Network (VPN) if a customer edge (CE)-provider edge (PE) link is configured as a Frame Relay link. There is no workaround
•
If you reoptimize the multi-hop tunnels on a Cisco 12000 series Internet router that has 400 Multiprotocol Label Switching (MPLS) multi-hop tunnels configured and an Engine 3 line card that forms one of the links in the path, the first Rx port on the Engine 3 line card may become stuck. There is no workaround.
•
A Cisco 12000 series Internet router may reload if a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnel is configured with the following sequence of commands:
sam4(config)# no int tunnel200
sam4(config)# interface Tunnel200
sam4(config-if)# ip unnumbered Loopback0
sam4(config-if)# tunnel destination 1.1.1.1
sam4(config-if)# tunnel mode mpls traffic-eng
sam4(config-if)# no tunnel mpls traffic-eng autoroute announce
sam4(config-if)# tunnel mpls traffic-eng priority 0 0
sam4(config-if)# tunnel mpls traffic-eng bandwidth 300
sam4(config-if)# tunnel mpls traffic-eng fast-reroute
sam4(config-if)# tunnel mpls traffic-eng path-option 1 explicit name sam1
sam4(config-if)# no shutThere is no workaround.
•
If you configure Per Interface Rate Control (PIRC) on one port of a Cisco 12000 series Engine 2 line card, any packet that has an IP precedence higher than zero, that is directed to the router itself, and that is arriving at any other port of the same Engine 2 line card will be dropped because of an "ip.checksum error."
Workaround: Remove PIRC.
•
In a Multiprotocol Label Switching Fast Reroute (MPLS FRR) Traffic Engineering (TE) configuration that has a one-hop primary TE tunnel with a two-hop FRR backup tunnel, if you use a Cisco 12000 series Engine 4 line card at the egress side of the Penultimate Hop Popping (PHP) in the MPLS FRR TE path, traffic forwarding may stop after FRR has started. There is no workaround.
•
On a Cisco 12000 series Internet router, if you configure an output access control list (ACL) on an Engine 3 or Engine 4 Plus line card, packets may not be forwarded from an Engine 4 line card to an Engine 3 or Engine 4 Plus line card. There is no workaround.
•
If Ethernet interface 0 on a Cisco 12000 series Route Processor (RP) is included in the Open Shortest Path First (OSPF) database and in the Interior Gateway Protocol (IGP), an error message very similar to the following message may occur:
%GENERAL-3-EREVENT: Error: update adjacency with mtu<=MAX_MTU_INDEX.
This error message does not affect the operation of the line card. There is no workaround.
Open Caveats—Cisco IOS Release 12.0(21)ST
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(21)ST. This section describes only severity 1, severity 2, and select severity 3 and severity 4 caveats.
IP Routing Protocols
•
If you establish a one-hop traffic engineering (TE) tunnel on a Cisco 12000 series Internet router and through this tunnel you configure a "/32" static route to the physical interface of the tunnel tailend, the tunnel may flap at intervals of 60 to 70 seconds and "Tunnel head label withdrawal" error messages may be displayed. There is no workaround.
•
If a Cisco 12000 series Internet router sends a default-information originate command via Border Gateway Protocol (BGP), the default route is learned correctly but entered incorrectly as "0.0.0.0/7" in the BGP routing table. This behavior may cause a problem in another router because that other router does not have a correct default route.
Workaround: Enter a static default route.
Miscellaneous
•
If you configure Routing Information Protocol (RIP) on a Cisco 10000 series edge services router, the CPU utilization will increase to a high level.
Workaround: If RIP is a necessary protocol, try to minimize the number of interfaces that run on RIP.
Alternative workaround: Use another routing protocol, such as the Open Shortest Path First (OSPF) protocol or Border Gateway Protocol (BGP).
•
On a Cisco 10000 series edge services router configured with multiple permanent virtual path (PVP) tunnels, if the aggregate traffic received by one or more of the PVP tunnels is heavily oversubscribed (starting at about 110% of the tunnel's Peak Cell Rate), the traffic on the companion PVP tunnels on that interface may experience throughput that is lower than expected. There is no workaround.
•
If a Cisco 10000 series edge services router (ESR) functioning as a customer edge (CE) router connects to two provider edge (PE) routers, the PPP encapsulation may fail if all of the following conditions are present:
–
–
–
There is no workaround. Note that this problem does not occur in a configuration in which one Cisco 10000 series ESR functioning as a CE router connects to only one PE router.
•
On a Cisco 10000 series edge services router that is running multicast traffic, a memory allocation failure (MALLOCFAIL) may occur if a high rate of multicast traffic is sent out before the multicast routing entries have been updated. There is no workaround. However, after the routing entries have been updated, the problem disappears.
•
On a Cisco 10000 series edge services router that is configured with a channelized OC-12 line card as an uplink to a Multiprotocol Label Switching (MPLS) cloud, the MPLS/Routing with Resource Reservation (RRR) feature fails. There is no workaround.
•
When two Packet over SONET (PoS) interfaces are associated for automatic protection switching (APS) redundancy under a heavy load, the Parallel Express Forwarding (PXF) engine may reload.
Workaround: Enter the shutdown interface configuration command to shut down the interfaces before performing the association and enter the no shutdown interface configuration command to reenable the interfaces after the association is complete.
•
When a Multilink PPP (MPPP) bundle is overloaded (at several times its normal bandwidth) for an extended duration (about 20 minutes), Parallel Express Forwarding (PXF) may stall. The message "PXF DMA Toaster Stall Error occurred" is displayed, and the microcode is automatically reloaded by the Cisco IOS software to recover from this error. There is no workaround.
•
On a four-port channelized STM-1 SDH single-mode line card that is installed in a Cisco 10000 series edge services router, if you set the SONET loopback on the SONET controller and then remove the loopback through a script, the loopback may not be cleared properly from the line card. This situation may result in alarm messages and data not getting past the SONET framer.
Workaround: Configure the SONET loopback manually and then remove the loopback manually.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(19)ST may experience memory allocation failures (MALLOCFAIL) soon after a reload. There is no workaround.
•
In recent images of Cisco IOS Release 12.0 SL for the Cisco 10000 edge services router, some T1 lines may encounter full transmission queues even if no data is sent through the router. This condition does not occur in Cisco IOS Release 12.0(15)SL but may occur in later software releases.
Workaround: Unconfigure and reconfigure the channels on the affected T1 line.
•
A Cisco 7500 series that is running Cisco IOS Release 12.0(19)ST with tunneling configured over the interfaces that are created on a channelized E3 port adapter may experience a Versatile Interface Processor (VIP) reload. There is no workaround.
•
Bit error rate test (BERT) synchronization is not seen when the 2^15 pattern is set after a 2^11 pattern is set.
Workaround: To run BERT with a pattern that is set to 2^15 after successfully running a pattern that is set to 2^11, delete and recreate the T1 channel and run the BERT test with the 2^15 pattern.
•
When an Alarm Indication Signal (AIS) is inserted onto a T1 virtual template controller, the software reports a loss of frame (LoF) rather than an AIS alarm. There is no workaround.
•
A T1 channel that is configured under a Virtual Tributary level 1.5 (VT1.5) stream on a Cisco 10000 series edge services router (ESR) 1COC12-SMI line card that is installed on a Cisco 10000 ESR may report an incorrect digital service 1 (DS1) alarm condition. This condition was observed only in a test lab setup. There is no workaround.
•
On a Cisco 10000 series edge services router (ESR), pattern loss may occur on a T1 channel that is configured under a Virtual Tributary level 1.5 (VT1.5) stream on a Cisco ESR-1COC12-SMI line card using the clock source internal controller configuration command.
Workaround: Use the clock source line controller configuration command.
•
A Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(18)ST may create the following error in the log:
Sep 6 22:57:07: %GENERAL-2-CRITEVENT: Bad RP 2 XCM address conversion
- Traceback= 60096614 600942F8 60094A38 60094E94 6072EC40 6072CDA0 60728E30 6072913C 6072B640 601BD684 601BDEC0 601BFA78 601BFB80 601BFDC8 601C2D98 60295FF4The error does not seem to affect traffic.
There is no workaround.
•
On a Cisco 10000 series edge services router configured with a label- controlled (LC)-ATM line card with more than 1000 label switched controlled virtual circuits (LVCs), a network topology change may cause all LVCs to be deleted. In turn, this may overflow the interprocess communications (IPC) queue. The following types of messages may appear:
–
–
–
Workaround: Reload the LC-ATM line card to synchronize the line card with the Cisco IOS software.
•
A Cisco 10000 series edge services router will experience ping failures after you issue a clear ip bgp command. The following two actions and commands will cause the ping failures:
–
clear ip bgp neighbor IP vrf VPN soft in
clear ip bgp neighbor IP vrf VPN ipv4 unicast soft
–
clear ip bgp neighbor IP vrf VPN ipv4 unicast soft
There is no workaround.
•
If the SONET controller on a CHOC-12 line card that is installed in a Cisco 10000 series edge services router is not in an administrative down state and you enter the no shutdown command followed by the clock source internal command on the SONET controller, the line card may fail to execute the clock source internal command.
Workaround: Enter the clock source internal command manually to configure the clock in the SONET controller as "internal."
•
If the clock in the SONET controller on a CHOC-12 line card that is installed in a Cisco 10000 series edge services router is configured as "line" and there are extreme hot or cold temperature conditions, the SONET controller remains in a down state.
Workaround: Enter the clock source internal command manually to configure the clock in the SONET controller as "internal."
•
If the clock in the SONET controller on a CHOC-12 line card that is installed in a Cisco 10000 series edge services router is configured as "line" and Loss of Signal (LOS) is detected, the SONET framer on the line card does not switch to "internal" clock, causing the SONET framer be to unable to transmit valid SONET frames.
Workaround: Enter the clock source internal command manually to configure the clock in the SONET controller as "internal."
•
The SONET, T3, and T1 link-status information on a CHOC-12 line card that is installed in a Cisco 10000 series edge services router may not show the correct state of the line card. Also, if you enter the show controller command, the link-status information may not show the correct state of the line card.
Workaround: Reload the line card by issuing the hardware-module slot slot-number reset command, in which the slot-number range is 1 to 8.
•
On a Cisco 10000 series edge services router that is configured with a Performance Routing Engine (PRE)—as opposed to a PRE-1, to which this caveat does not apply—and that has Automatic Protection System (APS) enabled on 4- port STM-1 line cards, the state of the secondary controller may not get updated after resetting both the primary and the secondary line cards. However, this condition does not appear to affect the traffic flow.
Workaround: On each port of each STM-1 line card, enter the aps force SONET slot#/subslot#/port# from working command, which will force the APS signal state of the controller to be updated.
•
If a CHOC-12 line card that is installed in a Cisco 10000 series edge services router is configured with T1 and T3 lines, T1 lines may not come up after the router has reloaded.
Workaround: Enter the shutdown command followed by no shutdown command on the SONET controller in the line card.
•
If a Performance Routing Engine (PRE) cutover occurs on a Cisco 10000 series edge services router that is configured for Multiprotocol Label Switching (MPLS) in a Virtual Private Network (VPN), the router may reload. If this condition occurs, the following message (with the date and time changed to the date and time of the event) will appear:
Nov 19 20:48:18: %TOASTER-2-FAULT: T1 SW Exception: CPU[t1r3c3] 0x00000080 at 0x0C49 LR 0x0C34 Nov 19 20:48:18: %TOASTER-2-FAULT: T1 Exception summary: CPU [t1r3c3] Stat=0x00000003 HW=0x00000000 LB=0x00000000 SW=0x00000080
There is no workaround.
•
If multiple ports are in use on an 8-port T3 line card that is installed in a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST, the router may not be able to achieve line rate with packet sizes of 50 bytes or less. There is no workaround.
•
With a very high numbers (4000 or more) of variable bit rate nonreal-time (VBR-nrt) permanent virtual circuits (PVCs) that are running very close to line rate (96 percent or higher), individual PVCs may exhibit an erratic shaping performance (to as low as 75 percent of the expected rate) and may also drop output buffers. This behavior may occur on OC-12 and 4-port OC-3 ATM line cards.
Workaround: Drop the PVC count to 4000 or run PVCs at 95 percent of the total line throughput.
•
With large numbers (4000 or more) of permanent virtual circuits (PVCs) that are running at line rate, a reassembly interface may stop working and drop all input traffic as input errors. This condition does not clear up when the input traffic stops; the line card must be reset. This behavior may occur on OC-12 and 4-port OC-3 ATM line cards.
Workaround: Lower the receiving bandwidth to 99 percent of the full line rate.
•
A Cisco 10000 series edge services router (ESR) that is configured with a single performance routing engine (PRE) and that is connected back to back to another ESR that is configured with dual PREs may experience a memory leak under the following conditions:
–
–
There is no workaround.
•
When traffic is flowing on channelized interfaces under a channelized T3 port on a 6-port CT3 line card and you perform an online insertion and removal (OIR) of the 6-port CT3 line card, the line card will not bring up one or two of the channelized T3 ports (that is, all interfaces on the ports remain in a down/down state).
Workaround: Enter the shutdown command followed by the no shutdown command on the interfaces under the affected channelized T3 ports.
•
Attempting to enable the ip cef accounting per-prefix non-recursive global configuration command on a Cisco 10000 series edge services router may cause problems. For example, Multiprotocol Label Switching (MPLS) may start to impose incorrect tags and therefore route traffic incorrectly.
Note
Workaround: Do not configure Cisco Express Forwarding (CEF) commands.
•
This caveats refers to a Virtual Private Network (VPN) environment that has one customer edge (CE) router connected to a provider edge (PE) router. This PE router is connected to another PE router that is, in turn, connected to another CE router. For this caveat to occur, the following configuration conditions need to be present:
–
–
–
–
In the above-mentioned configuration, if you enter the no tag ip command followed by the tag ip command on one of the PE routers and you repeat this a few times, traffic between the two CE routers will drop from Frame Relay subinterfaces that are configured on Engine 3 links between the PE router and the CE router that have eBGP protocol running between them. This occurs because of an incorrect entry in the Engine 3 ingress line card.
Workaround: Reload the PE router with the incorrect entry in the Engine 3 ingress line card.
•
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) route-scalability testing scenario, the load information table of a Cisco 10000 series performance routing engine (PRE) may be overrun, even though there are only 64000 dual-pathed routes populated via the two provider edge-customer edge (PE-CE) links. This situation results in memory allocation failures and the disabling of Cisco Express Forwarding (CEF). There is no workaround.
•
In extremely complex and large configurations, the CPU of a Cisco 10000 series edge services router may be too busy to bring up all the interfaces and protocols. This situation may cause link flaps to occur, which will create more delays and causes the chassis not to stabilize. There is no workaround.
•
After you have added and deleted E1 lines on a Cisco 12000 series 2-port STM-1/OC-3 channelized E-1/T-1 line card, some E1 lines may end up with Extended Superframe (ESF) framing and 24 time slots. These E1 lines may go down. To remove these E1 lines, you must change the AU group (AUG) mapping from AU-4 to AU-3. However, this change will cause all E1 lines that are defined under the line card to be deleted. There is no workaround.
•
After a Cisco 12000 series Internet router has reloaded, multicast traffic may not go through an Engine 2 line card if multicast hardware switching is enabled.
Workaround: After the router has reloaded, unconfigure and then reconfigure multicast hardware switching.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.04)ST2, if you configure Multilink Frame Relay (MRF) on a 6-port channelized T3 line card or a 2-port STM-1/OC-3 channelized E-1/T-1 line card and you perform an online insertion and removal (OIR) of the line card, the MFR interfaces do not recover. There is no workaround.
•
In a network configuration in which "Host A" is connected to "Destination B" through a Cisco 12410 Internet router that is running Cisco IOS Release 12.0(17)ST4 and that is configured with a 3-port Gigabit Ethernet line card in slot 0, "Host A" may not be able to ping to "Destination B" (although "Destination B" is reachable via a default route) and traffic may drop.
In addition, "Host A" cannot ping to another host that is also reachable via a default route, but "Host A" can ping to a host via a Gigabit Ethernet port (on the Cisco 12410 Internet router) for which there is a Cisco Express Forwarding (CEF) entry.
Workaround: Enter the clear cef linecard 0 command on the Cisco 12410 Internet router.
•
On a Cisco 10008 edge services router (ESR) and a Cisco 10005 ESR that are connected back to back through 4-port channelized STM-1 line cards and that have the clock source line command configured on both ends, if you configure E1 interfaces on one of the STM-1 line cards, the other STM-1 line card may reset.
This situation appears to happen only on the -04 and -05 revisions of the 4-port channelized STM-1 line card. (Use the show diag slot command in privileged EXEC mode to show the part number of the line card.)
Workaround: Configure the clock source internal command on both ends.
•
This caveat refers to a network configuration with the following characteristics:
–
–
–
–
After a multiprotocol external Border Gateway Protocol (MP-eBGP) update, if you enter the show mpls forwarding-table command, the VPN labels that are shown do not match the VPN labels that are shown if you enter the show ip bgp vpnv4 all command.
Workaround: Enter the clear ip bgp * command on the router that functions as the PE-ASBR.
•
A Cisco 10000 series edge services router that is configured for NetFlow export may reload with the following message:
*Feb 23 07:49:00.208 CET: %TOASTER-2-FAULT: T0 ICM1 Address Error: R3
*Feb 23 07:49:00.208 CET: %TOASTER-2-FAULT: T0 Local Bus Exception: CPU[t0r3c1] TBBA at 0x0C7F LR 0x0DD3
*Feb 23 07:49:00.208 CET: %TOASTER-2-FAULT: T0 Exception summary: CPU[t0r3c1] Stat=0x00000003 HW=0x00000000 LB=0x00000001 SW=0x00000000Workaround: Deconfigure NetFlow.
•
A Cisco 7500 series router may experience a spurious memory access at "tagsw_encapsulate_ip" if Virtual Private Network (VPN) pings come through. There is no workaround.
•
When Multiprotocol Label Switching (MPLS) is configured on Fast EtherChannel (FEC), label packets that are coming into any interface that is destined for FEC will be dropped. If you enter the show interface command on the ingress interface, the command returns "ignore" for those label packets. There is no workaround.
•
On a Cisco 10000 series edge services router that has a large PPP configuration, PPP sessions may remain in the "Listen" state. There is no workaround.
•
On a Cisco 10000 series edge services router that has a configuration with many multilink bundles, if you copy the configuration to the running configuration using the TFTP, not all of the multilink bundles may transition into the "Up" state. There is no workaround.
•
On a Cisco 10000 series edge services router that has a startup configuration with many Multilink PPP (MLP) bundles, the bundle link interfaces may not recognize incoming link control protocol (LCP) packets and the bundles may not come up. There is no workaround.
•
On a Cisco 12416 Internet router that is running Cisco IOS Release 12.0(19)ST, an Engine 4 OC-192 line card may drop incoming traffic that has a packet size that is larger than 88 bytes.
Workaround: Enter the hw-module slot slot-number reload command.
•
On a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST1 or Release 12.0(20)ST2, the Frame Relay (FR) functionality on an OC-3 Packet over SONET (POS) and OC-12 POS interface may not work: the loopback (LP) may not come up, and Local Management Interface (LMI) "enq" and "stat" messages may not be exchanged between the FR DTE and DCE.
Workaround: Enter the shutdown command followed by the no shutdown command on the main POS interface on the FR DTE side, which causes the router on the DTE side to start sending LMI "enq" messages and, subsequently, causes the router on the DCE side to start sending LMI "stat" messages.
•
On a Cisco 10000 series edge services router that is configured with the SONET Automatic Protection System (APS) feature, after both a loss of signal (for example, because of a pulled or cut cable) and a cutover from the working port to the protect port occur, the APS feature may perform a cutover back from the protect port to the working port without the signal having been restored, causing the working port to enter a "down/down" state from which it does not recover until the signal is really restored. There is no workaround.
•
On a Cisco 10000 series edge services router that is configured with the SONET Automatic Protection System (APS) feature, an APS cutover that is caused by a signal degrade bit error rate (BER) threshold being broached may bring the affected port down. Once the port is in the down state, it does not recover until the link integrity has been restored. There is no workaround.
•
On a Cisco 10000 series edge services router that is configured with the SONET Automatic Protection System (APS) feature, an OC-3 APS cutover that is caused by an online insertion and removal (OIR) of a line card that is receiving traffic may cause the traffic on the affected ports to cease flowing on the protect card. Traffic on the affected ports will resume after the working card has been reinserted. There is no workaround.
•
A Cisco 10000 series edge services router may show the following message after a Parallel Express Forwarding (PXF) engine has reloaded unexpectedly:
%C10KEVENTMGR-1-MAJOR_FAULT: PXF DMA PCI Master Abort, Restarting PXF
CET: Downloading Microcode: file=system:pxf/c10k-10-ucode.5.0.1, version=5.0.1, description=Release Software created Tue 05-Feb-02 11:23There is no workaround.
•
On a 6-port channelized T3 line card in channelized mode with a connected channel group, if you enter the shutdown command on the controller, perform an online insertion and removal (OIR) of the line card, and then enter the no shutdown command on the controller, the T1 interface and its channel or channels may fail to come back up.
Workaround: Perform an additional OIR of the line card.
•
On a Cisco 12000 series Internet router, a one-hop Traffic Engineering (TE) tunnel may not be able to forward traffic if the traffic comes in over an Engine 4 Plus line card. There is no workaround.
•
On a Cisco 10000 series edge services router that is configured with the SONET Automatic Protection System (APS) feature, after both a loss of signal (for example, because of a pulled or cut cable) and a successful cutover from the working port to the protect port occur, Line Remote Defect Indicator (LRDI) and Path Remote Defect Indicator (PRDI) messages are generated for the remote adjacent working port. When the signal is restored, the alarms may not clear, causing the nonactive working port to remain in an APS "signal failed" state.
Workaround: Reload the line card that has the port that remained in the "signal failed" state.
•
On a Cisco 10000 series edge services router that has a configuration with many multilink bundles, if you copy the configuration to the running configuration using the TFTP, not all of the multilink bundles may transition into the "Up" state. There is no workaround.
•
On a Cisco 10000 series edge services router that has a large PPP configuration, PPP sessions may remain in the "Listen" state. There is no workaround.
•
Sampled NetFlow may stop functioning during a normal traffic flow on a Cisco 12000 series Internet router.
Workaround: Remove the ip route-cache flow command from the interface configuration and then reapply the command.
•
If you configure a large number of subinterfaces and Virtual Private Networks (VPNs) on a Cisco 12000 series Internet router, an Engine 3 line card may reload with a bus error exception. There is no workaround.
•
On a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST1 and that is configured with a 6-port channelized T3 line card, if you configure loopback local on the channel group of one T1 interface, the configuration of the channel group of another T1 interface on the same line card may also change to loopback local. There is no workaround.
•
On a Cisco 12000 series Engine 4 Plus line card, after you have changed the state of the Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnels, the counter of the show tag-switching forwarding-table command may not show correct values in the "Bytes tag switched" column. There is no workaround.
•
In a Multiprotocol Label Switching Fast Reroute (MPLS FRR) Traffic Engineering (TE) configuration that has a one-hop primary TE tunnel with a two-hop FRR backup tunnel, if you use a Cisco 12000 series Engine 4 line card at the egress side of the Penultimate Hop Popping (PHP) in the MPLS FRR TE path, traffic forwarding may stop after FRR has started. There is no workaround.
•
On a Cisco 12000 series Internet router, if you configure an output access control list (ACL) on an Engine 3 or Engine 4 Plus line card, packets may not be forwarded from an Engine 4 line card to an Engine 3 or Engine 4 Plus line card. There is no workaround.
•
If you configure 800 Virtual Private Networks (VPNs) on a provider edge (PE) router and each VPN has 100 routes, a Cisco 12000 series Engine 4 Plus line card may show many Mtrie error messages. There is no workaround.
•
If you globally enable the ip cef distributed command, non-Versatile Interface Processor (VIP) interfaces will come up with the ip route-cache distributed command enabled by default, causing some features to fail.
Workaround: Configure the no ip route-cache distributed command on non-VIP interfaces.
Wide-Area Networking
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.0(19.6)ST or Release 12.0(20.3)ST1, that is functioning as a provider edge (PE) router, and that is configured with a Versatile Interface Processor 4-80 (VIP4-80) into which a PA-2FE-TX port adapter is installed, if you connect a new customer edge (CE) router to a Virtual Private Network routing/forwarding (VRF) instance on an Inter-Switch Link (ISL) subinterface and a Border Gateway Protocol (BGP) session comes up, the VIP4-80 may reload because of a memory corruption and show the following error message:
%VIP-3-MVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
CYASIC Error Interrupt register 0x2000000
DMA Receive Error
CYASIC Other Interrupt register 0x80
QE TX HIGH Priority Interrupt
CYBUS Error Cmd/Addr 0x8000068
MPUIntfc/PacketBus Error register 0x0
00:02:22: IOBUS Error Interrupt Status register 0x0There is no a workaround.
•
If you enable the Multiprotocol Label Switching (MPLS) Traffic Engineering feature on a Cisco 7500 series router that is running Cisco IOS Release 12.0(20.4)ST, all router interfaces may come down and the router may produce an error message that starts in the following way:
Mar 9 17:41:28: %RSP-2-QAERROR: reused or zero link error, write at addr 1AA0 (QA) log 221AA000, data FCF00000 00000000
Mar 9 17:41:28: %QA-3-DIAG: Failed to enqueue buffer header 0xFCF0
Mar 9 17:41:28: %QA-3-DIAG: Approximate stack backtrace prior to interrupt:
Mar 9 17:41:28: %QA-3-DIAG:
-Traceback= 60A6AC68 601E0B14 603639D8 60311680
Mar 9 17:41:28: %QA-3-DIAG: No NULL terminator for queue 0x28
Note
There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST. This section describes only severity 1, severity 2, and select severity 3 and severity 4 caveats.
Basic System Services
•
On a Cisco 7513 router that has two Route Switch Processors (RSPs) and that is running Cisco IOS Release 12.0(16)ST and operating in the High System Availability (HSA) mode, the slave RSP may pause indefinitely or reload if an online insertion and removal (OIR) is performed on the Versatile Interface Processor (VIP) module.
Workaround: Configure Route Processor Redundancy (RPR).
Interfaces and Bridging
•
A Cisco 2600, 7200, 7500, or 12000 series router that is running a Cisco IOS release other than Cisco IOS Release 12.1 E that contains the fix for CSCdp70087 may experience spurious memory access. There is no workaround.
•
A router uses Cisco Express Forwarding (CEF) to switch IP packets that enter an Inter-Switch Link (ISL) subinterface, regardless of the (interior) destination MAC address. There is no workaround.
IP Routing Protocols
•
Redistribution may not work as expected when it is configured under the multicast family for the Border Gateway Protocol (BGP). Some autosummarization may take place instead. There is no workaround.
•
A Border Gateway Protocol (BGP) route reflector is not advertising locally sourced Multicast Border Gateway Protocol (MBGP) routes correctly.
Workaround: Enter the clear ip bgp * EXEC command on the route reflector.
Alternate Workaround: Remove the route map and enter the clear ip bgp * EXEC command, replace the route map, and enter the clear ip bgp * EXEC command once again.
The suggested workarounds are effective until the periodic BGP scanner process is ran. The BGP scanner process will invalidate the routes again.
•
A weight value is changed after the clear ip bgp {* | address | peer-group-name} [soft [in | out]] EXEC command is issued. This condition occurred when soft reconfiguration inbound feature is configured.
Workaround: Set the weight value as part of the inbound route map.
•
The bidirectional flag is not reset on a multicast route (mroute) entry when the group status changes from the bidirectional state to the dense state. There is no workaround.
•
On a Cisco router that is running Multiprotocol Label Switching (MPLS) on an outbound interface that is connected to the MPLS network core, if you establish a Border Gateway Protocol (BGP) session with a maximum segment size (MSS) that is computed from the maximum transmission unit (MTU) of the router's next-hop interface and issue the ip tcp path-mtu-discovery command, the BGP session times out and the router displays the following message:
%BGP-3-NOTIFICATION: received from neighbor x.x.x.x x/x (hold time expired) 0 bytes
Workaround: Adjust the IP MTU on one of the BGP routers using the ip mtu value command.
For example, to enforce a BGP session with a Transmission Control Protocol (TCP) MSS of 4426, issue the following command:
Router(config-if)#ip mtu 4466
The MTU and the shim header add up in the following way: an MSS of 4426 bytes plus a 40-byte TCP/IP header plus a 4-byte shim header equals 4470 (Packet over SONET [POS] link).
•
A Cisco router may reload after the aggregate-address command is configured within a Multicast Border Gateway Protocol (MBGP) address family. There is no workaround.
•
In a Protocol Independent Multicast (PIM) dense, sparse, bidirectional, or single source multicast (SSM) mode, prunes that are received may be processed incorrectly, leading to unpredictable behavior in stopping unwanted data flows. There is no workaround.
•
An Open Shortest Path First (OSPF) packet may become wedged in an interface input queue if the interface is configured as a passive OSPF interface. There is no workaround.
•
A Cisco 12000 series Internet router may reboot because of a memory allocation (MALLOC) error in the Border Gateway Protocol (BGP) router process. There is no workaround.
•
Routes that exist in the Cisco Express Forwarding (CEF) table and the route table may not exist in the tag forwarding table.
Workaround: Reload the router.
ISO CLNS
•
With Multiprotocol Label Switching (MPLS) traffic engineering, when a link on a tunnel headend is protected with Fast Reroute (FRR), 40 to 120 ms of traffic may be lost for traffic with destinations that go through the tunnel and that are learned using autoroute. The loss of traffic occurs after the FRR process has taken place. This condition occurs because the prefix is removed from the routing table after the first Shortest Path First (SPF) trigger is received. The prefix is readded after the SPF calculation is completed.
Workaround: Implement one of the following workarounds:
–
–
•
When Intermediate System-to-Intermediate System (IS-IS) Message Digest 5 (MD5) is used to connect to a vendor router, a Cisco router may change some of the link-state packets (LSPs) and reflood them back to the network. This behavior may cause the receiving router to fail the MD5 authentication check of the LSP. There is no workaround.
•
If you deconfigure the Intermediate System-to-Intermediate System (IS-IS) protocol with the no router isis command and one of the interfaces is configured with the ipv6 router isis command, the router may reload.
Workaround: Remove the ipv6 router isis command from the interface before you enter the no router isis command.
Miscellaneous
•
A route will be suppressed only if an update is received while the penalty value is above the suppression limit. This condition will cause the software to flag a route as suppressed when the withdraw that causes the penalty to go above the suppress limit is received. There is no workaround.
•
If a recursive route, for example from Border Gateway Protocol (BGP), is resolved using the default route and if a route that is more specific to the recursive prefix should subsequently be inserted into the database, Cisco Express Forwarding (CEF) may fail to reresolve the recursive route to use this new route rather than the default route. This situation may occur during route flaps in which the original route that a recursive route resolves to temporarily disappears. The recursive route is then left permanently resolved through the default route even after the original route reappears.
Workaround: Clear the recursive route using the clear ip route {network [mask]} EXEC command. This will force the rediscovery and reresolution of the recursive route.
•
A Cisco 7500 series router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may drop VPN traffic when there are multiple links going into the provider network and the links have configurations that force packets to be punted to the Route Switch Processor (RSP). An example of such a configuration occurs when the router is configured for RSP-based weighted fair queueing (WFQ).
To check if packets need to be punted to the RSP, enter the show ip cef network [mask [longer-prefix] [detail] EXEC command on the Versatile Interface Processor (VIP). The command output will show the punt adjacency for a given entry.
To check if RSP-based WFQ is enabled, check the output of the show interface EXEC command.
Workaround: If this condition occurs because RSP-based WFQ is enabled, perform any of the following:
–
–
–
•
A Cisco 10000 series Performance Routing Engine (PRE) may reload with the following tracebacks in the reload information message:
%TOASTER-2-FAULT: T1 SW Exception:CPU[t1r3c1] 0x00000680 at 0x0DFD LR 0x0934
%TOASTER-2-FAULT: T1 Exception summary:CPU[t1r3c1] Stat=0x00000003 HW=0x00000000 LB=0x00000000 SW=0x00000680There is no workaround.
•
A Cisco IOS router that is running Cisco IOS Release 12.0(16.6)ST may reload when you enter the clear ip bgp * command repeatedly. There is no workaround.
•
If a Per-Packet Load Balancing (PPLB) group contains three, five, or six links, packets are not equally balanced among links in the PPLB group. This condition may also occur in lab testing, where two or more equally sized groups are configured and tested with deterministic traffic streams. There is no workaround.
•
Multiprotocol Label Switching (MPLS) forwarding structures on line cards may not be fully cleared during a Route Processor Redundancy Plus (RPR+) cutover. When this condition occurs, MPLS traffic may be forwarded incorrectly because of stale forwarding entries on the line card.
Workaround: If MPLS is configured on the router, set the operating mode to Route Processor Redundancy (RPR) instead of RPR+.
•
On a provider edge (PE) router, the Engine 2 line card switching scheme may not load-balance Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) traffic traversing from a customer edge (CE) router that is connected to the Engine 2 line card toward the core provider routers. There is no workaround.
•
After you have configured a distributed access control list (ACL) on a Cisco 7500 series router, a spurious access may occur at the "t_acl_list_modified" function in a Versatile Interface Processor (VIP) slot.
Workaround: Configure a centralized ACL.
•
If you toggle Multiprotocol Label Switching (MPLS) on a Cisco 7500 series router, a Versatile Interface Processor (VIP) may reload with a stack trace to location vip_feature_tagswitch().
Workaround: Do not toggle MPLS.
•
On a Cisco 12000 series Internet router, a two-tagged packet with an Explicit Null Tag on top and a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) tag at the bottom results in a corrupted packet. There is no workaround.
•
When you enter the clear ip route * command, the Forwarding Information Base (FIB) tables on a distributed Cisco Express Forwarding (dCEF) line card are not cleared. The clear ip route command on a specific route will still work.
Workaround: Shut down all interfaces on the dCEF line card to remove all routes.
•
A Cisco Route Switch Processor (RSP) that is running Cisco IOS Release 12.0(18.6)ST1 may reload unexpectedly at the hwacc_set process. There is no workaround.
•
A Cisco router may reload if the show ip vrf EXEC command is issued for Virtual Private Network (VPN) routing/forwarding (VRF) instances, which are being unconfigured using a no ip vrf command script. This condition affects releases that contain the Multiprotocol Label Switching (MPLS) VPN feature.
Workaround: Do not issue the show ip vrf EXEC command for VRF instances that are being processed by the no ip vrf command script.
•
The Cisco Express Forwarding (CEF) "receive" entry may not be created in the Virtual Private Network routing/forwarding (VRF) instance for an imported secondary IP address, causing difficulties in pinging this secondary IP address in the VRF instance. There is no workaround.
•
Any Transport over Multiprotocol Label Switching (MPLS) (AToM) tunnels cannot be established using Cisco 12000 Engine 0 line cards. The tunnels may fail to come up, and connectivity cannot be established through the tunnels. There is no workaround.
•
A Cisco 12000 series Internet router may experience ping failures after a Route Processor Redundancy (RPR) switchover. This problem occurs mainly when both route processors (RPs) come up at the same time in RPR mode.
Workaround: First bring up the active RP and then bring up the standby RP.
•
A Border Gateway Protocol (BGP) session may time out and receive a "BGP-3- NOTIFICATION: received from neighbor x.x.x.x x/x (hold time expired) 0 bytes" message if the tcp path-mtu-discovery command is enabled and if the router that is configured with BGP is connected to a Multiprotocol Label Switching (MPLS) network.
Workaround: Adjust the IP maximum transmission unit (MTU) of the BGP router using the ip mtu value interface configuration command. For example, to enforce a Maximum Segment Size (MSS) of 4426, enter 4466 (MSS 4426 bytes + 40 bytes TCP/IP header + 4 bytes shim header = 4470 (PoS link)) into the value variable of the ip mtu value interface configuration command.
•
Traffic forwarding from an IP Services Engine (ISE) OC-48 Packet over SONET line card to a 3-port Gigabit Ethernet line card that is installed in a router that is running Cisco IOS Release 12.0(20.3)ST may be negatively impacted when hundreds of Multiprotocol Label Switching (MPLS) tunnels are flapped.
Workaround: Reload microcode onto the 3-port Gigabit Ethernet line card.
•
An IP packet that is generated on a provider edge (PE) router that is functioning in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment and that is forwarded into the MPLS traffic engineered (TE) tunnel may not get to its destination, while the packet may go out with multiple copies of the tunnel encapsulation. This situation occurs if all of the following conditions are present:
–
–
–
Note that transit traffic is not affected.
Workaround: Avoid load sharing in the core.
Alternative workaround: Do not run the VPN/TE feature.
•
A 6-port Channelized T3 (6CT3-SMB) line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(19.6)ST may fail if the line card is configured with both Internet Engineering Task Force (IETF) Frame Relay and Cisco Frame Relay. There is no workaround.
•
When a virtual connection (VC) is managed by Operation, Administration, and Maintenance (OAM), the VC may go up and down if the VC is oversubscribed.
Workaround: Do not use OAM management.
•
If you configure the Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) on a one-hop tunnel and also on a physical link between two label switching routers, the explicit null labels may disappear from the Tag Forwarding Information Base (TFIB) after you enter the no tag ip global configuration command followed by the tag ip global configuration command.
Workaround: Execute the clear ip route ip address command, in which ip address is the IP address of the TFIB entry with the explicit null labels that disappeared.
•
Shutting down an interface on a Cisco 12000 series Internet router while Multiprotocol Label Switching (MPLS) is active, with or without Routing with Resource Reservation (RRR) or a Virtual Private Network (VPN), produces an error message. This condition may cause a line card to reload. There is no workaround.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST or an earlier release and that is configured as an ATM over Multiprotocol Label Switching (AToM) Label Edge Router (LER) may experience a reload when you enter the show mpls forwarding-table command. The router usually reloads when you take one or more AToM virtual circuits (VCs) down.
Workaround: Do not configure the AToM feature.
•
If a Cisco 7200 series router that is configured with IPv6 addresses reassembles an IP packet that is larger than the largest buffer size, the router may reload because of a bus error. If you enter the show version command, the following message is displayed:
System returned to ROM by bus error at PC 0x60638374, address 0xD0D0D0D at 09:20:54 UTC Sun Oct 21 2001
Workaround: Avoid pinging the router with IPv6 packets that are larger than 18024 bytes.
•
Multicast groups need to be recreated because multicast with multiple uplinks over ATM may time out every 3 minutes.
Workaround: Configure only one reverse path forwarding (RPF) back to the multicast source address.
•
A Cisco 12000 series router that is running Cisco IOS Release 12.0(19.6)ST may fail to identify Cisco 12000 OC-48 spatial reuse protocol (SRP) line cards when the router boots up. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.0(19.3)ST2 through Release 12.0(19.6)ST or Release 12.2(6.4) through Release 12.2(7) and that is running Multiprotocol Label Switching (MPLS) Traffic Engineering (TE), the link management module may fail to advertise an administrative metric for an advertised link.
This condition may occur on any MPLS TE interface that is not a subinterface. This condition occurs if the interface is explicitly configured in NVRAM and is administratively disabled using the shutdown interface configuration command. This condition may also occur if the interface is not configured at all in the NVRAM configuration because the device setup will automatically place the interface in the shutdown state. When the interface is subsequently administratively enabled, it may be flooded by the link management module without an administrative metric.
This condition will not occur if a user-specified administrative weight is configured on the interface using the mpls traffic-eng administrative-weight interface configuration command.
Workaround: After the interface is administratively enabled using the no shutdown interface configuration command, this condition can be corrected by performing any one of the following steps:
a.
b.
•
The Address Resolution Protocol (ARP) does not work properly for packets that meet all of the following conditions:
a.
b.
c.
Packets that meet all of the above-mentioned criteria may be dropped.
Workaround: For packets that meet all of the above-mentioned criteria, set a static route to the PBR next-hop address of the route map.
•
In provider edge (PE) routers that are running the gsr-p-mz.120-19.6.ST image of Cisco IOS Release 12.0(19.06)ST, Any Transport over Multiprotocol Label Switching (MPLS) (AToM) (ATM adaptation layer 5 (AAL5) over MPLS) PE routers cannot reach each other. There is no workaround.
•
On a Cisco 10000 series edge services router that is configured for Border Gateway Protocol (BGP) traffic, if you enable the as- override command for a peer group and then at a later point add members to that peer group, the as-override command does not take effect for the new members.
Workaround: Disable and then reenable the as-override command for the peer group.
Alternative workaround: Individually enable the as- override command for each member of the peer group.
•
A Cisco 12000 series Internet router reloads if you change the encapsulation from PPP to High-Level Data Link Control (HDLC) on a Packet over SONET interface that has the mpls traffic-eng autoroute command enabled and for which the autorouting first has occurred and then has cleared. There is no workaround.
•
When you enable the Cisco Discovery Protocol (CDP) on an interface of a Cisco 10000 series edge services router, the interface may bounce. There is no workaround.
•
You may be unable to ping through a Multiprotocol Label Switching (MPLS) tunnel on a Cisco 10000 series edge services router. There is no workaround.
•
If you configure the crypto key generate rsa command on a Cisco 10000 series edge services router with dual performance routing engines (PREs), the command fails to synchronize to the secondary PRE. There is no workaround.
•
A Cisco 10000 series router that is running Cisco IOS Release 12.0(19)SL or Release 12.0(20)ST may stop using Frame Relay fair data-link connection identifier (DLCI) queues and direct all permanent virtual circuit (PVC) traffic to the default queue on the interface. This condition occurs with certain Frame Relay Real-Time Transport Protocol (RTP) priority queue configurations. There is no workaround.
•
When an output access control list (OACL) on an imposition line card (3x Gigabit Ethernet) that is running the Ethernet over Multiprotocol Label Switching (EoMPLS) bundle is configured, the disposition line card (POS-OC-48) may generate ToFab Buffer Management application-specific integrated circuit (ASIC) (BMA) errors, physical layer interface module (PLIM) errors, and eventually reload.
Workaround: Do not configure an OACL while the EoMPLS bundle is running on the imposition line card. Note that OACL is not supported with the EoMPLS bundle and that the OACL bundle has a lower priority than the EoMPLS bundle. Unload the EoMPLS bundle before configuring OACLs for the OACL bundle.
•
On a Cisco 10000 series edge services router, if a buddy queue is not fully utilized, a VLAN on a Gigabit Ethernet interface may not pass data at line rate.
The buddy queue usage depends on the Multiprotocol Label Switching (MPLS) label number. Even MPLS label numbers use one buddy queue, and odd MPLS label numbers use the other queue. It is difficult to distribute the traffic evenly over two buddy queues, because MPLS label assignment cannot be controlled completely by the traffic. If a buddy queue is not fully utilized, the performance of MPLS in a VLAN on a Gigabit Ethernet interface will be greatly affected.
Workaround: Inject routes that cause the routes for traffic generation to be distributed evenly with even and odd MPLS labels, and then generate traffic.
•
The traffic shaping feature does not work after a switchover on a Cisco 12000 series Internet router. There is no workaround.
•
On a Cisco 7500 series router with distributed Cisco Express Forwarding (CEF) enabled and with an output service policy that sets the Cell Loss Priority (CLP) bit in the ATM header via the Modular Quality of Service command-line interface (MQC) set atm clp command without any form of output queueing, the CLP bit does not get marked. There is no workaround.
•
A Cisco Router Route Processor (GRP, RSP or NPE) may reload when a traffic engineering (TE) tunnel interface is disabled and reenabled immediately using the shutdown interface configuration command followed by the no shutdown interface configuration command. The router may also exhibit this behavior either when tag switching is enabled and disabled using the no tag-switching ip interface configuration command followed in quick succession by the tag-switching ip interface configuration command or when a loopback interface is disabled and reenabled using the shutdown interface configuration command followed immediately by the no shutdown interface configuration command. This behavior may also occur when a file is copied to the running configuration to change the state of a tunnel.
Workaround: Wait for at least a minute after the shutdown interface configuration command is issued before entering the no shutdown interface configuration command on a tunnel interface or its associated loopback interface. Wait for at least a minute after the no tag-switching ip interface configuration command is issued before entering the tag-switching ip interface configuration command. Shut down all tunnel interfaces before copying a file to the running configuration.
•
After a Cisco 12000 series Internet router has reloaded or was forced to switch over to the standby route processor (RP) through the command-line interface (CLI), if a 4-port OC-12 Packet over SONET line card is removed from the chassis while the new standby RP is booting up, the standby RP will reload. There is no workaround.
•
A Cisco 12000 series Engine 2 line card may impose an incorrect Virtual Private Network routing/forwarding (VRF) label on a provider edge (PE) router. There is no workaround.
•
On a Cisco 12000 series Engine 2 line card, Multiprotocol Label Switching (MPLS) class of service (CoS) for Virtual Private Network routing/forwarding (VRF) routes may not work after MPLS CoS has been configured.
Workaround: Clear the Interior Gateway Protocol (IGP) routing table. If this action does not correct the situation, make sure that the configurations are saved and reload the router.
•
A Cisco 10000 series edge services router will reload after the following sequence of events:
a.
b.
c.
d.
There is no workaround.
•
When you shut down the primary link between two Cisco 12000 series Internet routers that also have a backup connection, the receiving interface of an Engine 4 line card on the backup router that is serving as the tunnel headend will get stuck, causing all of the protocols on the Engine 4 line card interfaces to go down. There is no workaround.
•
On a Cisco 12008 Internet router with a dual router processor (RP) and that has the Route Processor Redundancy Plus (RPR+) mode enabled, the modified part of the running configuration will be lost if you go through the following steps:
a.
b.
c.
In Step c, the router does not ask you to save the configuration, so after reloading, the modified part of the running configuration is lost.
Workaround: Save the configuration before the switchover whether you perform the switchover using the redundancy force-switchover command or whether the switchover is caused by either a failure of the active RP or the removal of the active RP.
•
IPv6 packets may not be switched out of an interface from a Cisco 12000 series Engine 4 plus OC-192 Packet over SONET line card. There is no workaround.
•
A Cisco router may experience a bus error and reload when the clear ip bgp * command is entered at the console and a large number of routes have been imported. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) and Gigabit Ethernet environment on a Cisco 12000 series Internet router or a Cisco 10000 series edge services router, the forwarding table may not be populated with the complete layer 2 outgoing information, and packet loss may occur.
Workaround: Enter the clear ip route command for the affected prefix.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.3)ST1 and that is configured with an Engine 2 Packet over SONET line card in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) routing/forwarding (VRF) environment, if you change the configuration from a Frame Relay subinterface-based VRF to a high-level data link control (HDLC)-based VRF, packet switch ASIC (PSA) tracebacks may get stuck in the pipeline on a provider edge (PE) router and traffic may be interrupted.
Workaround: Enter the hw-module slot shelf-id/slot-number on the Engine 2 line card. Traffic will resume after the line card has reloaded.
•
If you apply an Engine 2 unicast Reverse Path Forwarding (uRPF) strict check to an interface of a line card that performs an IP-to-tag imposition, the interface stops forwarding traffic. There is no workaround.
•
A Cisco 12016 Internet router that is configured with an R5000 processor (revision 0x05) with 262144K bytes of memory and a dual Gigabit Route Processor (GRP) and that is running a gsr-k4p-m image of Cisco IOS Release 12.0(17)ST2 may reload with an address error exception. There is no workaround.
•
In unchannelized T3 mode, the only clock source referenced is for the internal clock. The command to set the clock does not work. There is no workaround.
•
If you save the interface level Automatic Protection System (APS) aps signal-degrade command and aps signal-fail command to the startup configuration, the commands are no longer in the startup configuration when the router boots up. There is no workaround.
•
When running Cisco IOS Release 12.0(20)ST, following a software reload or card removal/reinsertion, unchannelized T3 interfaces with Frame Relay encapsulation on a CT3 line card do not come up. There is no workaround.
•
The following warning message—or a very similar message—may appear when you try to unchannelize or rechannelize an Engine 3 interface on a Cisco 12000 series Internet router:
%EERP-2-UIDB_ERR: Unable to allocate resources, invalid index free-1
This message does not seem to impact traffic or any feature functionality. There is no workaround.
•
On a Cisco 10000 series edge services router, a 4-port channelized STM-1 line card does not produce a SONET line Remote Error Indicator (REI) alarm if "B2" bit interleaved parity (BIP) errors are present. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, if the ingress line card of a provider router is an Engine 4 plus line card, all of the incoming packets will be punted to the line card CPU. This condition causes most of the traffic to be dropped because of the limited processing capability of the line card CPU. There is no workaround.
•
If you apply the tx-cos name command on a 2-port STM-1/OC-3 channelized E-1/T-1 line card that is configured for Multilink PPP (MLP) and traffic is passing through the line card at line rate, the Forwarding Information Base (FIB) may become disabled.
Workaround: Reload microcode onto the line card.
•
Multicast hardware forwarding is not supported on an Engine 2 Gigabit Ethernet line card that is installed in a Cisco 12000 series Internet router that is running any Cisco IOS 12.0 ST release. Configuring the hw slot slot-number ip multicast hw-accelerate command on any interfaces of an Engine 2 Gigabit Ethernet line card will cause problems. There is no workaround.
•
A Cisco 12000 series Internet router may experience a spurious memory access in bfrp_encap.c after the router has been reloaded. There is no workaround.
•
If you enter the shutdown command followed by the no shutdown command on a 2-port STM-1/OC-3 Channelized E-1/T-1 line card that is configured for Multilink PPP (MLP) and that has traffic flowing through it, the line card may reload. There is no workaround.
•
A disabled Engine 2 ATM line card may reload after the packet switch ASIC (PSA) output access control list (ACL) microcode is loaded or unloaded. There is no workaround.
•
When Border Gateway Protocol (BGP) Virtual Private Network (VPN) and global routes are withdrawn, the Route Processor (RP) on provider edge (PE) routers should release all memory that is held by the BGP process under an identical and symmetrical configuration scenario on both PE routers. However, one PE router may not release all the memory that is held by the BGP process. An additional 40 MB of memory may be lost from the free memory space of one of the PE routers even though the routes have been completely withdrawn. This behavior may degrade the scalability numbers for VPN significantly. There is no workaround.
•
–
Workaround: Do not configure the Egress NetFlow feature on any MPLS core interface. If the feature is enabled on any MPLS core interface, enter the no mpls netflow egress command to disable the feature.
–
•
On a router that is running Cisco IOS Release 12.0(20.3)ST3, Release 12.0(20.4)ST, Release 12.2(7.6), or Release 12.2(7.4)T, outgoing labels may become untagged in the Tag Forwarding Information Base (TFIB) when a traffic engineering (TE) tunnel goes down.
This situation may occur between two label switching routers that have the Label Distribution Protocol (LDP) / Tag Distribution Protocol (TDP) configured on a 1-hop tunnel and also on a physical link. When the tunnel goes down, the outgoing label for a prefix that is reachable via a physical link may become untagged.
Workaround: Enter the clear ip route network command, where the network argument is the IP address of the TFIB entry that became untagged.
•
A Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20.3)ST2 or a later release and that is configured as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may experience a missing entry in its label forwarding table for a prefix that belongs to a VPN routing/forwarding (VRF) instance.
If you enter the show tag-switching forwarding-table command for the missing entry, no label is shown. However, if you enter the show ip cef detail command for the prefix, the correct label is shown.
There is no workaround. However, if you enter the clear ip route command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•
–
Workaround: The Egress NetFlow feature is not a feature that should be used on core MPLS interfaces. This feature should be enabled only on interfaces that support MPLS Virtual Private Network routing/forwarding (VRF) instances. Enabling it on any other interface should be considered a misconfiguration. Remove the CLI configuration by entering the no mpls netflow egress command on the offending core MPLS interface.
–
Workaround: Enable distributed CEF using the ip cef distributed CLI command.
•
If you use the bgp-policy destination ip-prec-map command and the bgp-policy destination ip-qos-map command to enable Quality of Service (QoS) Policy Propagation via Border Gateway Protocol (QPPB) on an IP Services Engine (ISE) interface, the Border Gateway Protocol (BGP) session may be dropped from the ISE interface because of a TCP sequence error. There is no workaround.
•
On a Cisco 12000 series Internet router, 100 kpps IPv6 traffic with packet sizes larger than 500 bytes cannot pass through a 4-port OC-48 Packet over SONET or enhanced 4-port OC-48 POS line card. There is no workaround.
•
A label switch controller (LSC) may reload if an interface on a downstream router is shut down. This condition occurs when LSCs are configured to use the Tag Distribution Protocol (TDP). The output label switched controlled virtual circuit (LVC) is torn down after the downstream interface is shutdown. If the routing protocol has not converged, a new output LVC request is sent to the downstream router using the same interface. When the routing update occurs, the requested output LVC is deleted and the input LVC is released. After the input LVC is released, the LSC will reload if it attempts to delete the output LVC. There is no workaround.
•
If you enter the no ip vrf vrf-name command on a provider edge (PE) router, the deleted Virtual Private Network routing/forwarding (VRF) table may not get removed from the router. If you enter the show ip vrf command, the VRF table may show up as "being deleted." This situation prevents you from configuring a VRF table with same route distinguisher. There is no workaround.
•
A Cisco 10720 router that is running Cisco IOS 12.0(21)ST may show DIAG memory size of 32 MB in column 2. This display is a minor cosmetic display error only. The correct configuration of memory is 128 MB. There is no workaround.
•
The following Simple Network Management Protocol (SNMP) MIB components do not accurately reflect the interface state on an Engine 3 1-port channelized OC-48 Packet over SONET line card:
–
–
–
There is no workaround.
•
If a Cisco 10720 Internet router loads a large routing table, the following error message may appear:
%GENERAL-3-EREVENT: HWCEF: Failed to alloc Mtrie HW node
This error message occurs if a full Internet table of approximately 100,000 or more sparsely distributed routes is entered into the hardware forwarding table. There is no workaround.
•
Tag switching advertise tags do not work when Tag Distribution Protocol (TDP) is toggled between the tag-switching advertise-tags global configuration command and the no tag-switching advertise-tags global configuration command. This condition is observed when Cisco IOS Release 12.2(7.6)T or Release 12.0(20.3)ST3 is used and does not occur when the Label Distribution Protocol (LDP) is used.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that has the TDP session configured.
•
If the Label Distribution Protocol (LDP)-based Carrier supporting Carrier (CsC) feature is configured on a Virtual Private Network routing/forwarding (VRF) interface of a provider edge (PE) router and the Border Gateway Protocol (BGP) reallocates a new label for a Virtual Private Network (VPN) prefix, the LDP does not advertise the changed label to the customer edge (CE) routers. The CE routers will still have the old label for the prefix. If you enter the show mpls forwarding-table command on the CE and PE routers, the old label will be returned:
–
–
Workaround: Clear the LDP session between the PE router and the CE routers by entering the shutdown command followed by no shutdown command on the VRF interface of the PE router.
•
If you first configure sampled NetFlow and multicast hardware switching on the same line card and then disable multicast hardware switching, sampled NetFlow stops functioning.
Workaround: Reload microcode onto the line card.
•
If Tag Distribution Protocol (TDP) is configured between a router running that is Cisco IOS Release 12.2(7.6)T, Release 12.0(20.3)ST3, or Release 12.0(20.4)ST and another router and the mpls ldp explicit-null command is also configured, the explicit-null label is not advertised by TDP.
Workaround: Use Label Distribution Protocol (LDP) instead of TDP.
Alternative workaround: Reset the TDP session after you have configured the mpls ldp explicit-null command. Whenever you change the explicit-null label configuration, you will need to reset the TDP session. To reset the TDP session, enter the shutdown command followed by no shutdown command on the link that is running TDP.
•
A Multiprotocol Label Switching (MPLS) committed access rate (CAR) rule may limit the rate of multicast packets. There is no workaround.
•
A Virtual Private Network routing/forwarding (VRF) ping may not work with an Engine 0 line card. There is no workaround.
•
On a OC-12 Packet over SONET (POS) or OC-3 POS line card that has PPP encapsulation enabled, an alarm indication signal (AIS) count may be detected on the far end of a PPP encapsulated link if you remove the Rx fiber on the near end. There is no workaround.
•
If you run Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) along with Intermediate System-to-Intermediate System (IS-IS) and use the clear isis * EXEC command, IS-IS may not use some tunnels that have autoroute enabled in its shortest path first (SPF) and next hop calculations. This situation occurs only for tunnels for which fast-reroute has been enabled using the tunnel mpls traffic-eng fast-reroute command.
Workaround: Administratively disable and then reenable the tunnel by entering the shutdown command followed by the no shutdown command on the tunnel interface.
•
Cisco 10000 series Performance Routing Engine (PRE) software may reload if you apply a service-policy command to a multilink interface under the following conditions:
–
–
Workaround: Apply the service-policy command after you have ensured that the multilink interface has at least one active link.
•
On a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(20.4)ST with a large number of Virtual Private Network (VPN) prefixes and traffic, an Engine 4 Plus line card may reload with a logical unit (LU) overrun error message. There is no workaround.
•
On a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(20.4)ST, the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) feature may not function. There is no workaround.
•
In Cisco IOS Release 12.2(7.6)T, Release 12.0(20.3)ST3, or Release 12.0(20.4)ST, if Tag Distribution Protocol (TDP) is running between two routers and the state of a Tag Information Base (TIB) entry changes quickly from "withdrawn" to "assigned," TDP may not advertise a tag. This situation may occur under stress when a large routing change takes place.
Workaround: Reset the TDP session by entering the shutdown command followed by the no shutdown command on the interface on which the TDP session is configured.
Alternative workaround: Use Label Distribution Protocol (LDP) instead of TDP.
•
On a channelized IP Services Engine (ISE) line card, if a Packet over SONET (POS) interface that has subinterfaces configured is rechannelized to a serial interface, the subinterfaces on the new serial interface will have incorrect subinterface names. The same situation occurs when a serial interface that has subinterfaces configured is rechannelized to a POS interface. There is no workaround.
•
An implicit-null label over a Border Gateway Protocol (BGP) RFC 3107 session may be distributed as a "1" rather than as a "0". There is no workaround.
•
An incorrect label may be observed for Interior Gateway Protocol (IGP) routes in packet switch ASIC (PSA) Cisco Express Forwarding on a provider edge (PE) router. However, this situation does not impact the end-to-end traffic. There is no workaround.
•
On an Engine 2 line card in a Cisco 12000 series Internet router that is running an interautonomous system Virtual Private Network (VPN) with traffic across Multiprotocol Label Switching (MPLS) links that are load-balanced, if external Border Gateway Protocol (eBGP) routes start to enter across the interautonomous system VPN, the Engine 2 line card may reload unexpectedly or experience alignment errors. There is no workaround.
•
A line card may be stuck in an off-for-download state on a Cisco 7500 router or a Cisco 12000 router. This condition is indicated by the output of the show cef linecard EXEC command. This condition is caused by an Inter-Processor Communication (IPC) error with another line card during the Forwarding Information Base (FIB) table download process. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(20)ST6
Cisco IOS Release 12.0(20)ST6 is a rebuild release for Cisco IOS Release 12.0(20)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(20)ST6 but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(20)ST5
Cisco IOS Release 12.0(20)ST5 is a rebuild release for Cisco IOS Release 12.0(20)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(20)ST5 but may be open in previous Cisco IOS releases.
•
The ip address negotiated interface configuration command must be applied to the configuration of an interface before any other PPP commands. This symptom is observed when the on-demand address pool (ODAP) on-board Dynamic Host Configuration Protocol (DHCP) server is used. There is no workaround.
•
A bus error may occur on a router, and the following message may be displayed:
%ALIGN-1-FATAL: Illegal access to a low address, addr=0x1A8, pc=xxxxxxxx, ra=xxxxxxxx, sp=xxxxxxxx
This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S. There is no workaround.
•
A router may encounter a missing entry in its label forwarding table for a prefix that belongs to a Virtual Private Network (VPN) routing/forwarding (VRF) instance.
This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20.3)ST2 or a later release and that is configured as a Multiprotocol Label Switching (MPLS) VPN provider edge (PE) router. If the show tag-switching forwarding-table EXEC command is entered for the missing entry, no label is shown. However, if the show ip cef detail EXEC command is entered for the prefix, the correct label is shown.
There is no workaround. However, the prefix is reinstalled in the label forwarding table if the clear ip route EXEC command is entered.
•
Routes may not exist in the tag forwarding table. This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.3)ST on routes that exist both in the Cisco Express Forwarding (CEF) table and in the route table.
Workaround Reload the router.
Resolved Caveats—Cisco IOS Release 12.0(20)ST4
Cisco IOS Release 12.0(20)ST4 is a rebuild of Cisco IOS Release 12.0(20)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(20)ST4 but may be open in previous releases.
•
Some clients may fail to successfully complete IP Control Protocol (IPCP) negotiations when thousands of PPP sessions are simultaneously reestablished, as is the case when an interface with many links is recycled. All Layer 2 Tunneling Protocol (L2TP) sessions are established, but some client virtual access interfaces may not get a negotiated IP address. The missing IP address results in lost IP connectivity on that link. There is no workaround.
•
On a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST1 or Release 12.0(20)ST2, the Frame Relay (FR) functionality on an OC-3 Packet-over-SONET (POS) and OC-12 POS interface may not work; the loopback (LP) may not come up, and Local Management Interface (LMI) "enq" and "stat" messages may not be exchanged between the FR data terminal equipment (DTE) and data circuit-terminating equipment (DCE).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the main POS interface on the FR DTE side. This causes the router on the DTE side to start sending LMI "enq" messages and, subsequently, causes the router on the DCE side to start sending LMI "stat" messages.
•
In a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Fast ReRoute (FRR) configuration, if a Cisco router that is functioning as a TE headend router is running a Cisco IOS release earlier than Cisco IOS Release 12.0(22)S—like, for example, Release 12.0(17)ST—and the Cisco router that is functioning as a midpoint router is running Cisco IOS Release 12.0(22)S or a later release, the headend router may tear down link-state packets (LSPs) that are rerouted by the midpoint router. There is no workaround.
Cisco IOS Release 12.0(22)S contains the standard version of FRR. All 12.0 S releases prior to Cisco IOS Release 12.0(22)S contain a nonstandard version of FRR. The nonstandard version of FRR is not fully interoperable with the standard version of FRR.
The fix for this caveat enables a headend router to run a nonstandard version of FRR, and a midpoint router and a router that is functioning as a point of local repair to run a standard version of FRR.
•
On an OC-3 Packet-over-SONET (POS) line card that has PPP encapsulation enabled, an alarm indication signal (AIS) count may be detected on the far end of the link if the Rx fiber is removed on the near end. In fixing this caveat, the OC-12 POS portion of the code was properly corrected, but the OC-3 POS portion of the code was missing a change to a function. As a result, the AIS count may not show up (or it may show up), but the AIS may not be transmitted properly when the port is in the "admin down" or "loopback" state. There is no workaround.
•
With NetFlow enabled, a Cisco 10000 series edge services router (ESR) may encounter a parallel express forwarding (PXF) microcode reload. The error logged at the time of the reload may be one of the following:
%TOASTER-2-FAULT
T1 SW Exception
CPU[t1rXc1] 0x00000780 PXF CPU Toaster Stall Error PXF DMA FTC Bad Address
This can occur when NetFlow is enabled and there are many active flows, and when there is a high traffic rate in the router.
Workaround: Disable NetFlow. After the PXF reload, the Cisco IOS software will reload the PXF microcode and packet forwarding will resume.
•
If the bit error rate tester (BERT) is run on a T1 and is either stopped or allowed to run to completion, a subsequent online insertion and removal (OIR) of the line card will result in all channel groups on that T1 being disabled.
Workaround: Reconfigure the affected channel groups.
•
After a policy map is reconfigured, a Cisco 10000 series router that is running Cisco IOS Release 12.0(21)SX stops forwarding traffic but there is no Parallel Express Forwarding (PXF) reload.
This condition can occur when:
–
–
–
–
Workaround: Remove the policy map from the interfaces before modifying the policy map.
•
After a switchover, sometimes from the remote provider edge (PE) router or form the customer edge (CE) router, you may not be able to ping to ip addresses other than the ip address on the virtual routing/forwarding (VRF) interface on the near end CE. Also, if you look into the toaster stats drop you will see the "no_tfib_route" counter being incremented as in the following example.
ESR-1-PE#sh hardware pxf cpu statistic drop | in tfib|drop
FP drop statistics
no_tfib_route 2762283021 0 <====
bad_drop_code 0 0
master drop count 2923544477.
This symptom has been seen happening at the time of switchovers with large numbers of VRFs and traffic flowing conditions, but not always. Also, the number of routes getting affected varies. This symptom seems to happen only for untagged routes and it has not been seen happening on aggregate routes.
Workaround: Enter the clear ip route vrf vpn * EXEC command.
•
When bit error rate tester (BERT) runs on a T1 on which the line state is not "Up", spurious reporting of T1 BERT data and even possible LCDOS reloads can occur on the line card. There is no workaround.
•
In some situations, a pattern synch lost/found interrupt storm that could, in rare situations, cause the line card to reload may occur on the near end line card (LC) when a far end reset is carried out during a bit error rate tester (BERT). The far end reset adds a throttle mechanism to keep any type of interrupt storm from taking up too much space on the LC processor, depleting buffer pools, or causing the line card to reload.
•
When using the redundancy force-failover main-cpu command, some channelized users may be left down and, via Cisco Discovery Protocol (CDP), you can see these devices connected via different E1's and timeslots. A temporary workaround is to re-configure the correct controller details or reload. Otherwise, there is no workaround.
•
NetFlow statistics may not be recorded for some packet flows. This can occur on a Cisco 10000 series router running IOS Release 12.0(20)ST3. If there are many active flows and they stop all at once, the NetFlow statistics for many of the flows may not be recorded.
Workaround: Stop the flows gradually, for example, over a 5 second period.
Resolved Caveats—Cisco IOS Release 12.0(20)ST3
Cisco IOS Release 12.0(20)ST3 is a rebuild of Cisco IOS Release 12.0(20)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(20)ST3 but may be open in previous releases.
•
In Cisco IOS Release 12.1 and Release 12.1 T, when a Multilink PPP (MLP)/Multiprotocol Label Switching (MPLS) virtual routing/forwarding (VRF) instance and Cisco Express Forwarding (CEF) or a dialer interface is used with MLP, packets may be lost when a single link is contained in a MLP or dialer interface. Interleaving does not work, and most or all voice packets will be lost.
Workaround: Use a fragmentation delay of 10 ms or 20 ms on dialer interfaces that use MLP encapsulation with MPLS or with CEF or add a dialer load threshold of 1 to the dialer interface.
•
In a configuration with a large number of Virtual Private Network version 4 (VPNv4) routes that are forwarded recursively via Traffic Engineering (TE) tunnels, the VPN connectivity between provider edge (PE) routers may become lost because of a Tag Forwarding Information Base (TFIB) scanner reresolution failure.
Workaround: Enter the shutdown command followed by the no shutdown command on any tunnel interface. This workaround will cause the TFIB scanner reresolution to start again.
•
If you perform an online insertion and removal (OIR) of a Versatile Interface Processor (VIP) in a Cisco 7500 series router or use the Single Line Card Reload (SLCR) feature after a VIP has reloaded unexpectedly, and if there are static routes defined that use the interfaces on the failed VIP, traffic that is using those static routes may fail. The static routes include those that are defined within a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Routing and Forwarding (VRF) instance.
Workaround: Enter the clear cef linecard slot-number adjacency command on the affected VIP.
•
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) and Gigabit Ethernet environment on a Cisco 12000 series Internet router or a Cisco 10000 series edge services router, the forwarding table may not be populated with the complete layer 2 outgoing information, and packet loss may occur.
Workaround: Enter the clear ip route command for the affected prefix.
•
An Open Shortest Path First (OSPF) packet may become wedged in an interface input queue if the interface is configured as a passive OSPF interface. There is no workaround.
•
On an OC-3 or OC-12 Packet over SONET (POS) line card, a Line Remote Defect Indicator (LRDI) condition may not manifest itself as an alarm. There is no workaround.
•
On a OC-12 Packet over SONET (POS) or OC-3 POS line card that has PPP encapsulation enabled, an alarm indication signal (AIS) count may be detected on the far end of a PPP encapsulated link if you remove the Rx fiber on the near end. There is no workaround.
•
Cisco 10000 series Performance Routing Engine (PRE) software may reload if you apply a service-policy command to a multilink interface under the following conditions:
–
–
Workaround: Apply the service-policy command after you have ensured that the multilink interface has at least one active link.
•
If you use a quality of services (QoS) service policy with class-based fair queue or priority queue features on a Multilink PPP (MLP) interface and you enter the service-policy command before all PPP links come up in an MLP bundle, the traffic classes that should receive fair or priority treatment may fail to receive such services.
Workaround: Manually apply the service policy command after you have ensured that the multilink bundle is fully connected.
•
On a 6-port channelized T3 line card in channelized mode with a connected channel group, if you enter the shutdown command on the controller, perform an online insertion and removal (OIR) of the line card, and then enter the no shutdown command on the controller, the T1 interface and its channel or channels may fail to come back up.
Workaround: Perform an additional OIR of the line card.
Resolved Caveats—Cisco IOS Release 12.0(20)ST2
Cisco IOS Release 12.0(20)ST2 is a rebuild of Cisco IOS Release 12.0(20)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(20)ST2 but may be open in previous releases.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(20)ST1
Cisco IOS Release 12.0(20)ST1 is a rebuild release for Cisco IOS Release 12.0(20)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(20)ST1 but may be open in previous Cisco IOS releases.
Miscellaneous
•
A Cisco router may experience a bus error and reload when the clear ip bgp * command is entered at the console and a large number of routes have been imported. There is no workaround.
•
When two Cisco 10000 series edge services routers are connected back-to-back with APS/MSP enabled on a 4-Port Channelized OC-3 line card, pulling the cable from the protection port causes an APS switch to the working port, and traffic continues. But, when pulling the cable from the working port, an APS switch appears to work, but traffic stops. There is no workaround.
•
When executing the show hardware pxf cpu context command twice in quick succession, a Cisco 10000 series edge services router may reload with an arithmetic exception. The following message will be displayed:
Queued messages:^M
*** System received an arithmetic exception ***^M
signal= 0x5, code= 0x34, context= 0x61548770^M
PC = 0x602f19a4, Cause = 0xc20, Status Reg = 0x34008002^M
Workaround: Wait a few seconds before entering the show hardware pxf cpu context command again.
•
A Mtrie Level 3 node memory leak may occur when some specific routes are added and deleted repeatedly. This condition occurs when enabling the clear ip bgp * command repeatedly or when certain routes are added and deleted repeatedly. The rate of leak depends on the number of routes that will be deleted and added when issuing the clear ip bgp * command. A prefix with 24 bits of mask will have this condition.
Workaround: Do not execute the clear ip bgp * command.
•
In unchannelized T3 mode, the only clock source referenced is for the internal clock. The command to set the clock does not work. There is no workaround.
•
When running Cisco IOS Release 12.0(20)ST, following a software reload or card removal/reinsertion, unchannelized T3 interfaces with Frame Relay encapsulation on a CT3 line card do not come up. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(20)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(20)ST. This section describes severity 1 and 2 caveats only.
Miscellaneous
•
A Cisco router might experience a bus error restart when it is booted with the Ethernet interfaces connected and is running Cisco Express Forwarding (CEF) and Distance Vector Multicast Routing Protocol (DVMRP). Replacing the hardware does not solve the problem.
Enabling Protocol Independent Multicast (PIM) and the ip verify unicast reverse-path command on the same interface might cause the bus error at boot.
Workaround: Disable either PIM or the Reverse-Path Forwarding (RPF) check.
•
Traffic Engineering over ATM Multiprotocol Label Switching (MPLS) networks is not a supported feature in Cisco IOS Release 12.0 ST. There is no workaround.
•
Under certain conditions, if the available space on the NVRAM memory is less than the size of a file that is copied to it, the copy appears to complete successfully, but the original NVRAM file is actually unchanged.
In particular, if the running configuration file does not employ the service compress-config command but the desired configuration file does employ this command, and the desired configuration file is larger than the available space on the NVRAM memory, the copy aborts silently and leaves the startup configuration unchanged.
Workaround: If the running configuration file does not employ the service compress-config command but the desired configuration file does employ this command, enable the service compress-config command in the running configuration file and issue the copy running-config startup-config command. Then copy the desired configuration file to the startup configuration file.
•
If you enable NetFlow accounting on an interface that imposes labels on arriving packets, the packets will not be forwarded properly. The label stack may become corrupt, and the downstream neighbor may drop the packets.
Workaround: Turn off NetFlow accounting on interfaces where incoming traffic is likely to have labels imposed, or disable MPLS.
•
On a Cisco router that has Multiprotocol Label Switching (MPLS) enabled, you may see the following warning message on the console:
% Command "tag-switching tag-range ..." obsolete; use "mpls label range...". % (Command accepted for backward compatibility.)There is no workaround. This message is informational and does not cause any functional problems.
•
While reloading, a Cisco router may unexpectedly reload again because of an incorrect order of initialization. There is no workaround.
•
If you add or delete serial links from the Multi-Link Point-to Point Protocol (MLPPP) bundle on a Cisco 10000 series edge services router, the MLPPP interface shows erroneous input statistics. There is no workaround.
•
After a few seconds of passing ATM traffic on a line card in a Cisco 10000 edge services router, the interface may report all packets as ignored input errors. If you reset the line card, the problem resolves for only a couple of seconds before it starts again. There is no workaround.
•
The software that is running on a Cisco 10000 line card may occasionally fail to read the contents of the onboard identification programmable read-only memory (ID PROM) correctly. This condition may cause the system to display incorrect version number or serial number information. In some cases, the line card may fail to come up correctly because it is not recognized by Cisco IOS software.
Workaround: Reset the line card.
•
When a virtual connection (VC) is managed by Operation, Administration, and Maintenance (OAM), the VC may go up and down if the VC is oversubscribed.
Workaround: Do not use OAM management.
•
Multicast groups need to be recreated because multicast with multiple uplinks over ATM may time out every 3 minutes.
Workaround: Configure only one reverse path forwarding (RPF) back to the multicast source address.
•
The Cisco Discovery Protocol (CDP) is disabled by default on a Cisco 10000 series edge services router. You can enable the CDP by entering the cdp run global configuration command and on each interface the cdp enable command.
After you have saved the configuration and reloaded the router, the cdp run global configuration command is saved in the configuration, but the CDP commands on the interfaces are not saved in the configuration and you have to manually reenter the cdp enable command on each interface. There is no workaround.
•
A Cisco 1000 series router that is running Cisco IOS Release 12.0(19)SL or Release 12.0(20)ST may stop using Frame Relay fair data-link connection identifier (DLCI) queues and direct all permanent virtual circuit (PVC) traffic to the default queue on the interface. This condition occurs with certain Frame Relay Real-Time Transport Protocol (RTP) priority queue configurations. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(19)ST5
Cisco IOS Release 12.0(19)ST5 is a rebuild release for Cisco IOS Release 12.0(19)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(19)ST5 but may be open in previous Cisco IOS releases.
•
In a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Fast ReRoute (FRR) configuration, if a Cisco router that is functioning as a TE headend router is running a Cisco IOS release earlier than Cisco IOS Release 12.0(22)S—like, for example, Release 12.0(17)ST—and the Cisco router that is functioning as a midpoint router is running Cisco IOS Release 12.0(22)S or a later release, the headend router may tear down link-state packets (LSPs) that are rerouted by the midpoint router. There is no workaround.
Cisco IOS Release 12.0(22)S contains the standard version of FRR. All 12.0 S releases prior to Cisco IOS Release 12.0(22)S contain a nonstandard version of FRR. The nonstandard version of FRR is not fully interoperable with the standard version of FRR.
The fix for this caveat enables a headend router to run a nonstandard version of FRR, and a midpoint router and a router that is functioning as a point of local repair to run a standard version of FRR.
•
Pings cannot be sent to a peer router through an interface that has VLANs configured after the router that is sending the pings reloads. This symptom is observed on a Gigabit Ethernet line card that is installed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(19)ST4.
Workaround: Enter the hw-module {slot number} reload EXEC command to reset the line card.
Resolved Caveats—Cisco IOS Release 12.0(19)ST6
Cisco IOS Release 12.0(19)ST6 is a rebuild of Cisco IOS Release 12.0(19)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(19)ST6 but may be open in previous releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(19)ST4
Cisco IOS Release 12.0(19)ST4 is a rebuild of Cisco IOS Release 12.0(19)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(19)ST4 but may be open in previous releases.
•
If there are a large number of interfaces, Border Gateway Protocol (BGP) neighbors will intermittently fail to establish a session with members of the peer group or individual peers.
Workaround: Reset the session or use the update-source global configuration command.
•
A Cisco Gigabit Switch Router (GSR) that is running IPv6 on 8-port ATM OC-3 with subinterfaces configured using permanent virtual circuit (PVC) 0/1 encapsulation aal5snap style looses v6 addresses after the route processor (RP) reloads. There is no workaround.
•
When sending large Internet Control Message Protocol (ICMP) (v6) packets (greater than 1024 bytes) out of a Packet over SONET(POS) interface to the other end, there is a 75 percent or less response. Whereas using ICMP(v4) there is a 100 percent response. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(19)ST3
Cisco IOS Release 12.0(19)ST3 is a rebuild of Cisco IOS Release 12.0(19)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(19)ST3 but may be open in previous releases.
•
A Cisco 10000 series edge services router may not produce a Parallel Express Forwarding (PXF) error message after a PXF engine has reloaded unexpectedly. There is no workaround.
•
If a router has Intermediate System-to-Intermediate System (IS-IS) configured and a primary route goes down while there is a backup route present, the router may reload when it is attempting to look up an IPv6 route in the routing table. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(19)ST2
Cisco IOS Release 12.0(19)ST2 is a rebuild of Cisco IOS Release 12.0(19)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(19)ST2 but may be open in previous releases.
•
Upgrading the fabric downloader on an 8-port Fast Ethernet line card, OC-12 Spatial Reuse Protocol (SRP) line card, or 6 and 12 port DS3 line card has no effect on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(19)S. The upgrade will appear to be successful on the line card, however the upgrade does not occur. The line card will continue to show the "downrev fabric downloader" messages when the show version command is entered. There is no workaround.
•
A Cisco 12016 Internet router that is running Cisco IOS Release 12.0(15)S, Release 12.0(19)S, or any release in between these two releases may not correctly switch over to the backup Clock Scheduler Card (CSC) in the event of a CSC failure because of a "grant parity" or "request parity" error. If one of these errors occurs, the following message may be seen in the output of the show log command:
Sep 22 03:00:56.674 JST: %FABRIC-3-PARITYERR: To Fabric parity error was detected. Grant parity error Data = 0x2.
SLOT 1:Sep 22 03:00:56.674 JST: %FABRIC-3-PARITYERR: To Fabric parity error was detected. Grant parity error Data = 0x1
The output of the show controller fia command may look as follows:
Fabric configuration: Full bandwidth redundant
Master Scheduler: Slot 16From Fabric FIA Errors
------------------------redund fifo parity 0 redund overflow 0 cell drops 116
crc32 lkup parity 0 cell parity 0 crc32 0
Switch cards present 0x001F Slots 16 17 18 19 20
Switch cards monitored 0x001F Slots 16 17 18 19 20
Slot: 16 17 18 19 20
Name: csc0 csc1 sfc0 sfc1 sfc2
-------- -------- -------- -------- -------- --------
los 0 1 0 0 0state Off Off Off Off Off
crc16 1167 402 1167 1167 1167
To Fabric FIA Errors
----------------------sca not pres 0 req error xx uni fifo overflow 0
grant parity xx multi req 0 uni fifo undrflow 0
cntrl parity 0 uni req 0 crc32 lkup parity 0
multi fifo 0 empty dst req 0 handshake error 0
cell parity 0
For further information, refer to the Fabric Parity Error on GSR CSC16 Card Field Notice at the following location: http://www.cisco.com/warp/public/770/fn16872.shtml
There is no workaround.
•
A spurious memory error has been observed on an Engine-4 line card that is running Cisco IOS Release 12.0(19)ST1. This memory error is not reproducible at will.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(19)ST1
Cisco IOS Release 12.0(19)ST1 is a rebuild release for Cisco IOS Release 12.0(19)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(19)ST1 but may be open in previous Cisco IOS releases.
IP Routing Protocols
•
After failover, a Cisco 7500 router does not recognize its Protocol Independent Multicast (PIM) neighbors, stops forwarding traffic, and prunes all its entries. There is no workaround.
Miscellaneous
•
A Cisco 1605-R router might experience a bus error restart when it is booted with the Ethernet interfaces connected and is running Cisco Express Forwarding (CEF) and Distance Vector Multicast Routing Protocol (DVMRP). Replacing the hardware does not solve the problem.
Enabling Protocol Independent Multicast (PIM) and the ip verify unicast reverse-path command on the same interface might cause the bus error at boot.
Workaround: Disable either PIM or the Reverse-Path Forwarding (RPF) check.
•
A Cisco router that is running Cisco IOS Release 12.2 may encounter packet corruption when routing packets from IP to Multiprotocol Label Switching (MPLS) when packets that are entering a Generic Routing Encapsulation (GRE) tunnel require fragmentation. If this condition occurs, the packets cannot be reassembled at the tunnel tail.
Workaround: Disable tag switching at the tunnel head.
•
The Tag Distribution Protocol (TDP) uses TCP port 711 for communication between TDP peers. This is enabled on a router by default in Cisco IOS Release 12.1. The port becomes active once tag-switching is enabled on a single interface. The TCP port will remain open even after tag-switching is disabled on the router, both at the interface level and the global level.
Workaround: Reload the router to close the TCP port.
•
A Cisco 7500 router that is running Cisco IOS Release 12.0(16)ST and that has Multiprotocol Label Switching (MPLS) enabled in a Virtual Private Network (VPN) environment may experience spurious memory access and reload with a bus error. There is no workaround.
•
On a Cisco 10000 series edge services router that is configured for Border Gateway Protocol (BGP) traffic, if you enable the as-override command for a peer group and then at a later point add members to that peer group, the as-override command does not take effect for the new members.
Workaround: Disable and then reenable the as-override command for the peer-group.
Alternative workaround: Individually enable the as-override command for each member of the peer group.
•
When you enable the Cisco Discovery Protocol (CDP) on an interface of a Cisco 10000 series edge services router, the interface may bounce. There is no workaround.
•
In some Frame Relay Real-Time Transport Protocol (RTP) priority-queue configurations on a Cisco 10000 series edge services router, the router may stop using Frame Relay fair data link connection identifier (DLCI) queues and directs all permanent virtual circuit (PVC) traffic to the interface default queue. There is no workaround.
•
When the Versatile Interface Processor (VIP) runs out of memory and memory allocation failure (MALLOCFAIL), the VIP may reload.
The following error message may be displayed:
0:04:46: %SYS-2-MALLOCFAIL: Memory allocation of 65556 bytes failed from 0x600A7F14, pool Processor, alignment 16 -Process= "CEF IPC Background", ipl= 2, pid= 8 -Traceback= 600AB18C 600AC958 600A7F1C 600A8868 602BEABC 602BF444 602BF6E4 60296B5C 6029C498 6029F674 602A7C90 602B2A74 602B0AAC 602B0D1C 602B0E94 602B15BC 00:04:46: %FIB-4-RADIXINSERT: Error trying to insert prefix entry for 162.2.2.24/32 %ALIGN-1-FATAL: Illegal access to a low address addr=0x66, pc=0x60299DC0, ra=0x60299DB4, sp=0x60F514D8
There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(19)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(19)ST. This section describes severity 1 and 2 caveats only.
Basic System Services
•
A Cisco router that has a configuration register of 0x2 may pause indefinitely during an initial boot-up. There is no workaround.
IP Routing Protocols
•
Border Gateway Protocol (BGP) Virtual Private Network version 4 (VPNv4) address family routes are not being aggregated even though route aggregation is configured. The more specific routes that are supposed to be aggregated are advertised and the less specific aggregate route is not being generated and is not advertised. There is no workaround.
•
A provider edge (PE) router may fail to generate a type-3 link-state advertisement (LSA) for the corresponding Border Gateway Protocol (BGP) route that is presented in the routing table associated with the Virtual Private Network (VPN). This condition occurs if the PE router is connected to multiple Open Shortest Path First (OSPF) areas and if a backdoor intra-area connection exists between two VPN sites in one of these areas. The clear ip route vrf vrf-name EXEC command forces the LSA generation. There is no workaround.
Miscellaneous
•
Recent changes in Cisco IOS software introduced a process suspend allowing context switching where it should not be allowed. This opens up the possibility for a race condition. There is no known workaround.
•
A Cisco router reports an alignment correction traceback message when the Border Gateway Protocol (BGP) neighbor that is connected through Packet over SONET (POS) and Gigabit Ethernet links goes down and comes back up. There is no workaround.
•
A Cisco 10000 series edge services router (ESR) and Cisco ONS 15454 interoperability may fail when fiber is pulled. There is no workaround.
•
ATM adaptation layer 5 (AAL5) disposition over Multiprotocol Label Switching (MPLS) for the 3-Port Gigabit Ethernet line card enables the line card to be used at the disposition provider edge (PE) router facing the MPLS cloud to transport plain AAL5 frames to the customer edge (CE) router. There is no workaround.
•
After a link-state change or after a chassis is booted up, the show facility-alarm status EXEC command continues to show an alarm from the channelized OC-12 SONET controller. This condition occurs even when the actual SONET controller is not showing an active alarm. The LED alarm on the faceplate is lit, but data transfer is not affected when this condition occurs. There is no workaround.
•
When an incoming or outgoing access control list (ACL) is used over a dot1Q subinterface that belongs to an Enhanced Gigabit Ethernet Interface Processor (GEIP+), the packets that are received on the interface are not labeled when the packets are forwarded out of a different interface that is running Multiprotocol Label Switching (MPLS). This condition affects both Cisco Express Forwarding (CEF) and distributed CEF (dCEF). There is no workaround.
•
A memory leak may occur on the Label Distribution Protocol (LDP) MIB if the MIB is "walked" continuously. This condition can be verified using the show proc mem | include IP SNMP privileged EXEC command after a get or get-next operation is performed on the mplsLdpHelloAdjacencyObjects object. The Holding field of the show proc mem | include IP SNMP privileged EXEC command output indicates the amount of memory that is allocated by the process that is currently in use. The Holding field increases by about 100 bytes each time the LDP MIB is queried.
Workaround: Do not perform the get or get-next operation repeatedly with the mplsLdpHelloAdjacencyObjects object because the router may eventually exhaust its free memory pool.
•
A Cisco router that is running Cisco IOS Release 12.0(17)ST with the label distribution protocol (LDP) may experience a memory leak and a subsequent reload because of a watchdog timeout.
Workaround: Use the tag distribution protocol (TDP) instead of LDP when a router is running Cisco IOS Release 12.0(17)ST. Do not use LDP when running Cisco IOS Release 12.0(17)ST.
•
A Cisco router may lose memory resources when lines are flapping and tag-switching ip is enabled. This condition is the most severe when there are multiple adjacencies to the same peer. There is no workaround.
•
If a traffic engineering (TE) tunnel is configured between two Provider Edge (PE) routers and Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) is configured in the tunnel, Virtual Private Network (VPN) connectivity through the two PE routers will not function. There is no workaround.
•
Two Customer Edge (CE) routers may experience an end-to-end connectivity failure with each other when they are configured to transmit data through an external BGP (eBGP) Multiprotocol Label Switching Virtual Private Network (VPN) in an interautonomous system configuration between two autonomous system boundary routers (ASBRs). The Tag forwarding Information Base (TFIB) entries for the eBGP VPNv4 neighbors on the DMZ link are not installed in the MPLS forwarding table, which causes the connectivity failure. There is no workaround.
•
A Cisco router that is running Multi Protocol Label Switching (MPLS) and label distribution protocol (LDP) may fail to operate correctly when there are more than 32 active LDP sessions or when the no mpls ip command is used to terminate the ongoing LDP sessions. Applications that depend on the notifications when an LDP session is created may fail to operate correctly. Such applications may include the LDP MIB, label-controlled ATM (LCATM), and Any Transport over MPLS (AToM) such as Ethernet over MPLS. The operation of LDP for packet interfaces is not affected by this condition.
Workaround: To correct the condition, toggle a suspect LDP session by entering the shut command followed by the no shut command on all interfaces that support the LDP session.
•
If a traffic engineering (TE) tunnel is configured between two Provider Edge (PE) routers, Virtual Private Network (VPN) connectivity through the two PE routers will not function. All PE to PE traffic should be normally routed through the tunnel.
Workaround: Run Cisco IOS 12.0(17)ST3 or earlier on the PE router or remove the auto route announce statement of the tunnel interface and configure a static route through the tunnel.
•
The current implementation of Cisco IOS software is not fully compliant with RFC 2547bis. RFC 2547bis describes the procedures that must be implemented to specific extended communities when route attributes are passed from a customer edge (CE) router to a provider edge (PE) router. This DDTS enforces those procedures. The CE router may suggest a particular route target for each route from the route targets that the PE router is authorized to attach to the route. The PE router would then attach only the suggested route target rather than the full set. This situation gives the CE administrator some dynamic control of the distribution of routes from the CE.
With the current Cisco IOS software, the PE router allows the CE router to attach route targets in an update without verifying that they are a subset of route targets to which the virtual routing and forwarding instance (VRF) attaches. This condition causes the routes to end up in a VRF instance when they are not supposed to.
Workaround: Configure the VRF route map on the PE router to overwrite the extended community attribute to avoid the leakage of routes to other VRFs.
•
When enabling the show controller command for the DSX-3 controller, the line card may not send proper Message Data Link (MDL) information to Cisco IOS software. There is no workaround.
•
A Cisco router that is running the rsp-pv-mz image on Cisco IOS Release 12.0(18.05)ST may reload. There is no workaround.
•
Under rare situations, entering the sh mpls forwarding command may cause the system to reload. There is no workaround.
•
Toggling the no ip cef distributed and the no tag ip configuration commands on the provider edge (PE) while there is Virtual Private Network (VPN) traffic may cause the Versatile Interface Processor (VIP) to reload on that PE. There is no workaround.
•
If labels are applied to NetFlow export records before they are sent, the router may reload unexpectedly.
Workaround: Specify only export destinations not requiring tagging.
•
A Cisco 10000 series edge services router may encounter spurious memory access messages reading 0x14 when adding a Virtual Private Network (VPN). There is no workaround.
•
Input packet switch application-specific integrated circuit (ASIC) (PSA) access control lists (ACLs) may not work when virtual routing and forwarding (VRF) is configured globally.
Workaround: Remove the VRF configuration and reload the line card.
•
A Cisco 10000 series edge services router may reload unexpectedly when NetFlow Accounting is enabled and large amounts of traffic are flowing. There is no workaround.
•
Parallel Express Forwarding (PXF) faults on a Performance Routing Engine (PRE1) may cause a PXF processor to reload without generating a pxf-crashinfo file. There is no workaround.
•
All multicast traffic slows down when Protocol Independent Multicast (PIM) is disabled on one egress. This condition occurs because all multicast packets are punted to the Route Processor (RP) after the PIM is disabled on one egress card. There is no workaround.
•
When FDL packets of invalid length are received by a Channelized OC-12 line card, the contents of the packet are printed on the line card console. In the case of a large size Facilities Data Link (FDL) packet, excessive printing on the line card console may cause the line card to reset.
Workaround: Disable the FDL on the remote end.
•
Pings from a Cisco 10000 provider edge (PE) router to a customer edge (CE) router may fail over Multilink Point-to-Point Protocol (MPPP) bundles. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(18)ST1
Cisco IOS Release 12.0(18)ST1 is a rebuild of Cisco IOS Release 12.0(18)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(18)ST but may be open in previous releases.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(18)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(18)ST. This section describes severity 1 and 2 caveats only.
Interfaces and Bridging
•
The Ethernet 10 Mbps line protocol goes down after the cable is disconnected and remains in that state even after the cable is reattached. There is no workaround.
IP Routing Protocols
•
A Cisco router that is using Multiprotocol Label Switching (MPLS) traffic engineering may reload in or near rsvp_rrr_path_query. Sometimes this reload is accompanied by a SYS-6-STACKLOW message. There is no workaround.
•
When redistributing internal Border Gateway Protocol (iBGP) into an IGP you may experience the route not getting placed into the IGP. This has been seen with Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway Routing Protocol (IGRP), and Open Shortest Path First (OSPF).
Primary workaround: Reload the router.
Secondary workaround: Enter the clear ip bgp * command and the clear ip route * command.
Alternate workaround: Remove the neighbor statements and place them back in BGP.
•
On Cisco routers that are running Border Gateway Protocol (BGP) (on Cisco IOS Releases 12.1(4.4)PI3, 12.2T, 12.2(0.19)PI, and later releases) with the aggregate-address address mask advertise-map map-name command configured, the advertise-map may deny some components for AS-path generation. The AS-path information may not be consistent with the advertise-map. There is no workaround.
•
After adding a route to a VPN routing/forwarding instance (VRF), the associated locally sourced VPNv4 path may appear in the Border Gateway Protocol (BGP) table, but the path may disappear within 15 seconds. The path may disappear whether the route is advertised by BGP because of a network statement or a redistribution. There is no workaround.
•
Multicast Border Gateway Protocol (MBGP) prefixes may show up in the IP routing table. There is no workaround.
•
Under some conditions after a power failure, a reload may cause session commands, such as description and password, to disappear from the running configuration.
Workaround: Do not configure peer groups. Put the password statement in the peer group definition.
•
On a Cisco router that is running Cisco IOS Release 12.0(17.3)ST and later releases, community-list filtering may break and not allow any routes.
Workaround: Do not use community-list for the filtering.
•
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, a provider edge (PE) router that is running Open Shortest Path First (OSPF) should consider only Type-3 link state advertisements (LSAs) that are coming from the backbone area (area 0). In some situations a PE router may mistakenly consider Type-3 LSA that are coming from a nonbackbone area and install the prefix advertised by the Type-3 LSA in the VPN routing/forwarding instance (VRF) routing table.
Workaround: Force the full shortest path first (SPF) algorithm by entering the clear ip ospf {process} executive command.
ISO CLNS
•
Entering the router isis command followed by the distance 10 ip command may cause a Cisco router to reload.
Workaround: Enter the net xx.xxxx.xxxx.xxxx.xx command before the distance 10 ip command.
•
A Cisco 7500 series router may display the following alignment error when it is configuring Intermediate System-to-Intermediate System (IS-IS):
%ALIGN-3-CORRECT: Alignment correction made at 0x6035FD74 reading 0x61C67F17 %ALIGN-3-TRACE: -Traceback= 6035FD74 602B4C7C 607C4634 607C54D4 607C58BC 607C5E78 602DAFAC 602DAF98
There is no workaround.
Miscellaneous
•
The route-map command has an existing subcommand called set interface interface. If interface was a Multiprotocol Label Switching (MPLS) traffic engineering tunnel, packets dropped.
Policy routing is supported on traffic engineering tunnels. Refer to the "Enable Policy Routing" section of the Cisco IOS Release 12.0 Network Protocols Configuration Guide, Part 1.
There is no workaround.
•
A Loopback route on a Virtual Private Network (VPN) routing/forwarding instance (VRF) is not removed from the Cisco Express Forwarding (CEF) table after the import map command is used.
Workaround: Use the clear ip route vrf vrf-name {*} EXEC command to remove the /32 receive entry from CEF.
•
Ping traffic does not resume after switching from an explicit path to a dynamic path. There is no workaround.
•
Engine 2 Packet over SONET (PoS) line cards on a Cisco 12000 series Internet router may be severely affected and may be reset if hundreds of multiprotocol label switching (MPLS) tunnel interfaces are unconfigured simultaneously during heavy stress conditions with several thousand Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) routes and line rate traffic. This is most likely to happen if the Interior Gateway Protocol (IGP) is Intermediate System-to-Intermediate System (IS-IS). There is no workaround.
•
A Cisco 7500 series router that is equipped with Versatile Interface Processor (VIP) modules capable of distributed switching and configured with label-controlled ATM interfaces in multi-virtual circuit mode stops forwarding traffic to the multi-VC destinations after toggling distributed Cisco Express Forwarding (dCEF) off and on with the no ip cef, ip cef distributed command sequence.
Workaround: Use CEF instead of dCEF.
Alternate workaround: Clear the IP routing table using the clear ip route EXEC command.
•
A 1500-byte IP packet with three Multiprotocol Label Switching (MPLS) labels mat not be received on a Fast Ethernet or Gigabit Ethernet interface. The packet is counted as a giant and dropped. There is no workaround.
•
With subinterfaces and multiple Virtual Private Network (VPN) routing/forwarding instances (VRFs), using the ip verify unicast reverse-path command may incorrectly drop a fraction of traffic being process switched. There is no workaround.
•
The T1/E1 MIB tables on channelized line cards in a Cisco 10000 system may not be set correctly. The problem may occur with the assignment of the ifIndex associated with a given T1. It takes the same value as the ifIndex of the latest channel group created in that T1. As new channel groups are created, the value of the ifIndex associated with that T1 keeps changing. Several of the values associated with the T1 MIB instance may be false. Since the T1/E1 takes the ifIndex of the latest channel group created on that virtual controller, if that channel group is deleted, the T1/E1 tables disappear altogether.One way to minimize the problem is to have no more than one channel group associated with a given T1/E1. There is no workaround.
•
Output CAR configurations on non-VIP interfaces may not discard packets with Cisco 7500 series routers. Packets are counted as dropped, but they are actually sent. There is no workaround.
•
If you configure Multilink Point-to-Point protocol (MLPPP) on the channelized T3 line card, and there is a Performance Routing Engine (PRE) switch-over from the primary PRE to the secondary PRE, some of the MLPPP bundles may not come up after the switch-over. All the Point-to-Point Protocol (PPP) interfaces will be up, but some MLPPP interfaces will be down.
To see if the problem has occurred, issue the show ip int brief | include Multilink command. If the output displayed for the secondary PRE does not show a line with the information ppp chap hostname, the problem has occurred.
Workaround: Before performing switch-over from Primary PRE to Secondary PRE, reset the secondary PRE so that all the information is synchronized between both PREs.
•
A Cisco 12000 series Internet router may experience a memory leak in buffer memory, which can be characterized by the display of Interprocess Communication (IPC) error messages from failed communication between the Route Processor (RP) and any line card. A buffer leak may be recognized by comparing the amount of total buffers and the number of buffers in the free list for each buffer pool in the output of the show buffers command and seeing that the delta between these two numbers continues to increase and never returns to a reasonable difference.
The problem may be observed by entering the show controller csar queue command on the RP. If there is a constant number higher than one in the length column, the condition may be present. See the following example:
Router # show controller csar queue
1118 Free QSlot Length Max Length 0 2 2 1 70 70 <=== ** RP is in this condition 2 0 0 3 0 1 4 0 0 5 0 0 6 0 0 7 0 1 Multicast 0 0
This particular buffer leak is also characterized by a log message similar to the following on the POS OC48 linecard:
SLOT 1:014776: Apr 23 21:53:29: %IPCLC-3-EVENTSYS: Event (13) system call ipc_send_message_blocked error (cause: timeout) -Traceback= 400EA148 4013B8BC 4013BCB0 4013CFB8 401139D8 400B5FFC 4007F118 4009DB74 4009DB60 035279: Apr 23 21:54:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to down 035280: Apr 23 21:54:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to up
Workaround: Enter the microcode reload slot global configuration command on the line card that is displaying the message.
•
If a channelized T3 goes down when BERT is running on a T1, the T3 displays its status as down while the T1 displays its status as up. There is no workaround.
•
The "SCHED-3-THRASHING" error message is displayed when removing several multilink interfaces one after each other when using a script. Some interfaces may not be removed, usually the last ones.
Workaround: Manually remove multilink interfaces one by one.
•
On Cisco 10000 series edge services routers (ESRs) that are running Cisco IOS Release 12.0 ST or 12.0 SL and using 6CT3, ChOC12, or ChSTM1 line cards, DS3 and DS1 MIB interval statistics are not correctly recorded after the initial 24-hour period. There is no workaround.
•
Packets that are originated locally by a router are not correctly classified by class-based weighted fair queueing (CBWFQ) (policy out) when the packets are either labelled or tagged and when the outgoing interface has Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP), or Tag Distribution Protocol (TDP) configured. CBWFQ puts those packets into the class-default class instead of their proper configured class. The problem does not occur if MPLS or TDP is removed from the interface where the policy map is applied. In such a setup, the coloring and matching are both correct. There is no workaround.
•
The maximum load sharing paths are reduced from eight to six. There is no workaround.
•
When Carrier Supporting Carrier (CSC) Virtual Private Network (VPN) is configured and Routing Information Protocol (RIP) is used as the routing protocol between CSC-PE&CSC-CE, the CSC VPN does not work. There is no workaround.
•
When the last channel on a T1, on which bit-error-rate-testing (BERT) is running, is deleted, the BERT process is not deconfigured correctly. The next time a channel is created on this T1, BERT cannot be started correctly.
Workaround: Stop BERT before removing the T1 channel.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST with Engine 2 POS line cards, running the Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Fast Reroute (FRR) feature may cause a problem when primary tunnels are link protected by a multihop backup tunnel. About two minutes after the primary tunnels are fast rerouted over the backup tunnels, the primary tunnels go down. There is no workaround.
•
If you configure a channelized T3 port with the encapsulation frame-relay interface configuration command on a Cisco 10000 series edge services router (ESR), and there is a Performance Routing Engine (PRE) switch over from the primary PRE to the secondary PRE, some of the traffic may not get forwarded through some of the Frame Relay interfaces.
Workaround: Reset the primary PRE and the secondary PRE.
•
On Cisco 10000 series edge services routers with Channelized OC12 line cards that are running Cisco IOS Release 12.0(18)ST, Bellcore loopback functionality is not available for T1 under T3 controllers. There is no workaround.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17.5)ST may have Engine 0 OC12 Packet over SONET (PoS) line cards reload if the tx-cos name interface configuration command is configured on them.
Workaround: Remove the tx-cos assignment or load Cisco IOS Release 12.0(17.3)ST.
•
On a Cisco 10000 series edge services router (ESR) that is running Cisco IOS Release 12.0(17.5)ST, packets are not marked as they should be when using the bgp-policy command.
Workaround: Reload the microcode (recommended only if the system is not live on a network).
•
When walking the Label Distribution Protocol (LDP) MIB on a Cisco router, the router may reload. There is no workaround.
•
While trying to configure T1s on a CHOC12 line card, a Cisco 10000 series edge services router (ESR) was reporting the interface information under an incorrect interface. This condition occurs with the creation of new channels under a channelized T3 which already contains some channels while BERT is running (on any T1 within the same T3). To prevent the problem, do not create channels while Bert is running. There is no workaround.
•
Boot images cannot be built for the Cisco 10000 series edge services routers, the Cisco 12000 series Internet routers, the Cisco 7500 series routers, and the Cisco 7200 series routers after the maximum load sharing paths are reduced from 8 to 6. There is no workaround.
•
On a Cisco 10000 series edge services router, the host name may get truncated when executing the controller configuration as follows:
a12345678901234567890(config)#contr t3 6/0/0.1 a123456789(config-controller)#
There is no workaround.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0 S may reload when booted up. The failure logs as follows:
> === Flushing messages (08:14:53 UTC Thu Jul 12 2001) === > > > > Buffered messages: > > Queued messages: > > 00:00:50: %SYS-3-LOGGER_FLUSHING: System pausing to ensure > console debugging output. > > > > 00:00:47: %SYS-5-CONFIG_I: Configured from memory by console > > 00:00:50: %SYS-2-INTSCHED: 'suspend' at level 2 > > -Process= "Init", ipl= 2, pid= 2 > > -Traceback= 602FBD80 602E6C40 602E6D58 60058250 60381264 6036E79C > 6036EB60 6036ED58 6025B0A4 602D4C0C 602D4BF8 > > No fault history 0xFFFFFFFF. Need 11.1 (2) or higher ROM > > Free space check for bootflash:crashinfo_20010712-081453 failed > (1/9556) > > > > *** System received a Software forced crash *** > > signal= 0x17, code= 0x24, context= 0x615579d0 > > PC = 0x602f98ec, Cause = 0x2020, Status Reg = 0x34008802 > > DCL Masked Interrupt Register = 0x00000000 > > DCL Interrupt Value Register = 0x00000000 > > MEMD Int 6 Status Register = 0x00000000
There is no workaround.
•
If a Cisco 10000 series edge services router (ESR) is configured with large numbers of routes, clearing the entire routing table may cause high CPU use. In rare cases, the line cards or Cisco IOS software may reboot. There is no workaround.
•
When an Simple Network Management Protocol (SNMP) query is made of a Border Gateway Protocol (BGP) route where the route is advertised with two differing masks, an SNMP-get request of the higher mask will return the lower mask. An SNMP-get request of the lower mask will get the higher mask. This effectively creates a loop. There is no workaround.
effectively creates a loop. There is no workaround.
•
On Cisco systems that are running Cisco IOS Release 12.0(18.3)ST, Engine 2 line cards may reload.
Workaround: Use a later version of Cisco IOS Release 12.0 ST.
Resolved Caveats—Cisco IOS Release 12.0(17)ST8
Cisco IOS Release 12.0(17)ST8 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST8 but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(17)ST7
Cisco IOS Release 12.0(17)ST7 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST7 but may be open in previous Cisco IOS releases.
•
After a router has booted up, label release failure messages are displayed on the Route Processor (RP) console. The label release failure messages continue to be displayed for more than 30 minutes. The Switch Processor (SP) continues to loose heartbeat messages when this symptom occurs. This symptom is observed on a Cisco 7600 series router when there is no traffic. There is no workaround.
•
A provider edge (PE) router may not release all the memory that is held by the Border Gateway Protocol (BGP) process. This symptom is observed in a network that has two PE routers that have identical and symmetrical configurations when BGP Virtual Private Network (VPN) and global routes are withdrawn. The Route Processor (RP) on the PE routers should release all memory that is held by the BGP process.
An additional 40 MB of memory may be lost from the free memory space of one of the two PE routers even if the routes are completely withdrawn. This behavior may significantly degrade the scalability numbers for VPN. There is no workaround.
•
A Cisco Express Forwarding (CEF) inconsistency may occur between a Gigabit Route Processor (GRP) and an Engine 2 line card. This inconsistency may cause flapping. This symptom is observed when there are recursive prefixes and when the line quality is suboptimal.
Workaround: Clear the CEF line card.
•
A Cisco 12000 series Internet router may reload when the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on a multilink bundle that is connected to a Cisco 7200 series router.
This symptom is observed on a Cisco 12000 series Internet router that has a 2-port CHOC3/STM1 T1/E1 line card that is connected through an Add-Drop Multiplexor (ADM) to a Cisco 7200 series router that has a channelized E1 PRI port adapter. This symptom is observed in Cisco IOS Release 12.0(17)ST6 and Release 12.0(21)ST2. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17)ST6
Cisco IOS Release 12.0(17)ST6 is a rebuild of Cisco IOS Release 12.0(17)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(17)ST6 but may be open in previous releases.
•
If Network Control Protocol (NCP) is configured on a Cisco router and an additional NCP is configured on an interface that is not shut if one peer receives the configuration more than 30 seconds after another peer, NCP negotiation may fail.
If you enter the show interface command, the command output shows that the protocol is not negotiated and that it is in the "Listen" or "REQsent" state. In the case of Connectionless Network Service (CLNS), this situation terminates the CLNS adjacency and causes Intermediate System-to-Intermediate System (IS-IS) to fail. Other NCPs are affected in a similar way.
Workaround: Enter the shutdown command followed by the no shutdown command on the interface that is encapsulated with PPP.
Alternate workaround: Use another interface encapsulation, such as High-Level Data Link Control (HDLC).
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST5 or another interim Cisco IOS release, the slave processor may reload during the bootup process because of a software error. There is no workaround.
•
On a Cisco 7513 router that has two Route Switch Processors (RSPs) and that is running Cisco IOS Release 12.0(16)ST and operating in the High System Availability (HSA) mode, the slave RSP may pause indefinitely or reload if an online insertion and removal (OIR) is performed on the Versatile Interface Processor (VIP) module.
Workaround: Configure Route Processor Redundancy (RPR).
•
A Cisco router that has a configuration register of 0x2 may pause indefinitely during an initial boot-up. There is no workaround.
•
Selective packet discard (SPD) ensures that high priority packets are not dropped when the input queue fills. On a Cisco router, Intermediate System-to-Intermediate System (IS-IS) hellos and Point-to-Point Protocol (PPP) keepalives were treated like non priority packets and were dropped by SPD when there was congestion. The router may lose its IS-IS adjacency or the Layer 2 connectivity, and SPD may fail. This problem may occur if the router is heavily loaded at the process level or if Cisco Express Forwarding (CEF) is disabled. There is no workaround.
•
In Cisco IOS software that is running Multiprotocol Label Switching (MPLS) Traffic Engineering (TE), packets that are traveling through a tunnel that is protected using Fast Reroute (FRR) may be lost while the tunnel recovers from a link failure. There is no workaround.
•
If you configure an output access control list (ACL) on a Cisco 12000 series Engine 2 line card, the line card may reload. There is no workaround.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)S, Release 12.0(18)S, Release 12.0(19)S, or a rebuilt release that is based on one of these three releases and that is configured with one or more 3-port Gigabit Ethernet line cards may show the following two symptoms:
–
–
This situation is caused by a very rare event in the Address Resolution Protocol (ARP) code that may cause data structure corruption, which results in system instability. Because of the rare nature of this event, the affected router may pause intermittently at intervals of hours up to several months. There is no workaround. (Upgrade a susceptible router to a Cisco IOS software release in which this caveat has been resolved.)
Note
•
A Cisco Router Route Processor (GRP, RSP or NPE) may reload when a traffic engineering (TE) tunnel interface is disabled and reenabled immediately using the shutdown interface configuration command followed by the no shutdown interface configuration command. The router may also exhibit this behavior either when tag switching is enabled and disabled using the no tag-switching ip interface configuration command followed in quick succession by the tag-switching ip interface configuration command or when a loopback interface is disabled and reenabled using the shutdown interface configuration command followed immediately by the no shutdown interface configuration command. This behavior may also occur when a file is copied to the running configuration to change the state of a tunnel.
Workaround: Wait for at least a minute after the shutdown interface configuration command is issued before entering the no shutdown interface configuration command on a tunnel interface or its associated loopback interface. Wait for at least a minute after the no tag-switching ip interface configuration command is issued before entering the tag-switching ip interface configuration command. Shut down all tunnel interfaces before copying a file to the running configuration.
•
If you perform an online insertion and removal (OIR) of a Versatile Interface Processor (VIP) in a Cisco 7500 series router or use the Single Line Card Reload (SLCR) feature after a VIP has reloaded unexpectedly, and if there are static routes defined that use the interfaces on the failed VIP, traffic that is using those static routes may fail. The static routes include those that are defined within a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Routing and Forwarding (VRF) instance.
Workaround: Enter the clear cef linecard slot-number adjacency command on the affected VIP.
•
If authentication is enabled on a member link of a Multilink PPP (MLP) bundle, the member link may go down after a certain time.
Workaround: Disable authentication.
•
A Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20.3)ST2 or a later release and that is configured as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may experience a missing entry in its label forwarding table for a prefix that belongs to a VPN routing/forwarding (VRF) instance.
If you enter the show tag-switching forwarding-table command for the missing entry, no label is shown. However, if you enter the show ip cef detail command for the prefix, the correct label is shown.
There is no workaround. However, if you enter the clear ip route command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•
In a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Fast ReRoute (FRR) configuration, if a Cisco router that is functioning as a TE headend router is running a Cisco IOS release earlier than Cisco IOS Release 12.0(22)S—like, for example, Release 12.0(17)ST—and the Cisco router that is functioning as a midpoint router is running Cisco IOS Release 12.0(22)S or a later release, the headend router may tear down link-state packets (LSPs) that are rerouted by the midpoint router. There is no workaround.
Cisco IOS Release 12.0(22)S contains the standard version of FRR. All 12.0 S releases prior to Cisco IOS Release 12.0(22)S contain a nonstandard version of FRR. The nonstandard version of FRR is not fully interoperable with the standard version of FRR.
The fix for this caveat enables a headend router to run a nonstandard version of FRR, and a midpoint router and a router that is functioning as a point of local repair to run a standard version of FRR.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(16)ST, Release 12.0(17)ST, Release 12.0(18)ST, or a rebuilt release that is based on one of these three releases and that is configured with a 3-port Gigabit Ethernet line card that is set up for 802.1q encapsulation may not identify Multiprotocol Label Switching (MPLS) labels correctly. The router may ignore some bits of the label and forward labeled frames using the wrong Cisco Express Forwarding (CEF) entry. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17)ST5
Cisco IOS Release 12.0(17)ST5 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST5 but may be open in previous Cisco IOS releases.
•
When IP Cisco Express Forwarding (CEF) is enabled on a route switch module (RSM) and you reload the RSM, the interfaces show that the no ip route-cache cef interface configuration command is enabled, which causes the CPU to run at 99 percent.
Workaround: Manually change the configuration.
•
On a Cisco 12000 series Internet router, the one-minute input rate statistics in the output of the show interfaces privileged EXEC command may not accurately reflect the traffic load on the interface. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS) traffic engineering (TE) engineering environment with a link on a tunnel headend that is protected with Fast Reroute (FRR), 40 to 120 milliseconds of traffic may be lost for traffic with destinations that go through the tunnel and that are learned using autoroute. The loss of traffic occurs after the FRR process has taken place. This condition occurs because the prefix is removed from the routing table after the first Shortest Path First (SPF) trigger has been received. The prefix is readded after the SPF calculation is completed.
Workaround: Use one of the following workarounds:
–
–
•
The switching path changes from distributed Cisco Express Forwarding (dCEF) to Cisco Express Forwarding (CEF) after 40 online insertion and removal (OIR) events. This condition affects quality of services (QoS) functionality and the performance of the router, which requires a dCEF path. There is no workaround.
•
A Cisco 7200 series router may reload when it is passing a heavy traffic of large packets through a PA-A1 port adapter. The reload does not occur under normal traffic conditions.
Possible workaround: Reduce the maximum transmission unit (MTU) size of the ATM interface so that the interface never has to pass a packet of more than 4500 bytes.
•
Explicit null labels may disappear from the Tag Forwarding Information Base (TFIB) after entering the no tag ip and then the tag ip global configuration commands on a label switching router that is configured with Label Distribution Protocol (LDP) and Tag Distribution Protocol (TDP) through a 1 hop tunnel on a physical link to another label switching router.
Workaround: Enter the clear ip route ip-address command using the IP address of TFIB entry that has the problem.
•
A Cisco 12000 series Internet router may reload if you change the encapsulation from PPP to High-Level Data Link Control (HDLC) on a Packet over SONET interface that has the mpls traffic-eng autoroute command enabled and autorouting first has occurred and then has cleared. There is no workaround.
•
A line card may reload when the same access control list (ACL) is applied to two o r more main interfaces and then an ACL (any ACL) is applied to a subinterface on one or more of the same main interfaces. There is no workaround.
•
A Cisco 12016 series Internet router with dual Gigabit Route Processors (R5000, revision 0x05) that is running Cisco IOS 12.0(17)ST2 (GSR-K4P-M) and has 262144K bytes of memory may reload with an address error exception (load or instruction fetch). There is no workaround.
•
Applying an input Access Control List (ACL) on an Engine-2 Packet-over-SONET (PoS) OC-48 line card in Cisco router that running Cisco IOS Release 12.0(17)ST3 may cause the PoS interface to go down. The following traceback has been observed after removing the ACL:
SLOT 8:*Jan 10 02:36:37: %LCPOS-3-SOP: RX:RsvdBitsUsed. Source=0x1 (Plim), halt_minor0=0x0 SLOT 8:*Jan 10 02:36:37: %GSR-3-INTPROC: Process Traceback= 401B75B0 40206BBC 401C449C 40206D60 40209E60 4020C9E0 4020D678 400A33F4 400A33E0 -Traceback= 401A06DC 40692824 400C54BC
There is no workaround.
•
If you configure an output access control list (ACL) with 448 lines on a Cisco 12000 series Internet router and the ingress line card for the traffic that needs to be filtered is an 8-port or 16-port OC-3 Packet-over-SONET (POS) line card, the output ACL will not filter traffic.
Workaround: Do not configure an ACL with more than 128 lines on any interface of a Cisco 12000 series Internet router that is configured with an 8-port or 16-port OC-3 POS line card.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
•
Entering the show ip cef EXEC command may cause a Cisco router to reload if load-shared paths change while the command running. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17)ST4
Cisco IOS Release 12.0(17)ST4 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST4 but may be open in previous Cisco IOS releases.
•
Redistribution may not work as expected when it is configured under the Multicast family for the Border Gateway Protocol (BGP). Some autosummarization may take place instead. There is no workaround
•
Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary command into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key.
The affected product lines are as follows:
–
–
–
No other Cisco products are vulnerable.
It is possible to mitigate this vulnerability by preventing, or having a control over, interception of SSH traffic. Refer to the advisory at the following URL:
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html
•
Selective packet discard (SPD) does not function on Gigabit Ethernet line cards (Engine 1 and Engine 2) and Fast Ethernet line cards that are installed in a Cisco 12000 series Internet router.
Workaround: Increase the input hold queue to store the excess packets.
•
Selective packet discard (SPD) does not function on Gigabit Ethernet line cards (Engine 1 and Engine 2) and Fast Ethernet line cards that are installed in a Cisco 12000 series Internet router.
Workaround: Increase the input hold queue to store the excess packets.
•
Six vulnerabilities involving the access control list (ACL) have been discovered in multiple releases of Cisco IOS software for the Cisco 12000 series Internet router. Not all vulnerabilities are present in all Cisco IOS releases, and only line cards based on the Engine 2 are affected by them. No other Cisco product is vulnerable.
The workarounds are described in the "Workarounds" section of the advisory that is available at the following URL: http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Workaround: Use the shut command followed by the no shut command to flap the interface.
•
Six vulnerabilities involving the access control list (ACL) have been discovered in multiple releases of Cisco IOS software for the Cisco 12000 series Internet router. Not all vulnerabilities are present in all Cisco IOS releases, and only line cards based on the Engine 2 are affected by them. No other Cisco product is vulnerable.
The workarounds are described in the "Workarounds" section of the advisory that is available at the following URL: http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Workaround: Use the shut command followed by the no shut command to flap the interface.
•
The Cisco Express Forwarding (CEF) table is not updated properly when the IP address of an interface changes. The new IP address is added to the CEF table but the old one is not removed. If subinterfaces are used, the old ones remain in the CEF table even after the subinterfaces are removed.
Workaround: When you issue the shut command on the subinterface before changing the address, the IP address is correctly deleted from the CEF tables.
•
If a router receives an Address Resolution Protocol (ARP) packet that has the router's own interface address but with a different MAC address, the ARP packet can overwrite the router's own MAC address in the ARP table, causing that interface to stop sending and receiving traffic. This attack is successful only against interfaces on the Ethernet segment that is local to the attacking host.
Workaround: Hard-code the interface's ARP table entry by using the arp ip-address hardware-address type [alias] command. This entry will remain in the ARP table until the clear arp command is issued. Refer to the advisory at the following URL:
http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
•
On a provider edge (PE) router, the Engine 2 line card switching scheme may not load-balance Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) traffic traversing from a customer edge (CE) router that is connected to the Engine 2 line card toward the core provider routers. There is no workaround.
•
Under heavy traffic conditions, a Versatile Interface Processor (VIP), Gigabit Ethernet Interface Processor (GEIP), GEIP+, or Packet OC-3 Interface Processor (POSIP) that is installed in a Cisco 7500 series router may reload. The VIP reload information contains the following error message:
%DMA-1-DRQ_STALLED: DRQ stalled. Dumping DRQ.
There is no workaround.
•
A Border Gateway Protocol (BGP) route reflector is not advertising locally sourced Multicast Border Gateway Protocol (MBGP) routes correctly.
Workaround: Enter the clear ip bgp * EXEC command on the route reflector.
Alternate workaround: Remove the route map, enter the clear ip bgp * EXEC command, replace the route map, and enter the clear ip bgp * EXEC command again.
•
A Cisco 7500 router that is running Cisco IOS Release 12.0(16)ST and that has Multiprotocol Label Switching (MPLS) enabled in a Virtual Private Network (VPN) environment may experience spurious memory access and reload with a bus error. There is no workaround.
•
If the first entry in the Multicast Border Gateway Protocol (MBGP) routing table is a supernet of the destination IP address or if the MBGP route exists but does not have the best path, Reverse Path Forwarding (RPF) lookup will fail or return a unicast Border Gateway Protocol (BGP) route if a unicast BGP route exists.
Workaround: Remove the first entry or add a dummy route that is smaller than the first entry. In the case of a MBGP route without a best path, change the network configuration to ensure that the specified destination address has the best path.
•
A Cisco router may experience problems with the Address Resolution Protocol (ARP) when Cisco Express Forwarding (CEF) is enabled.
Workaround: Disable CEF.
•
An OC-12 Packet-over-ONET (POS) line card in a Cisco 12000 series Internet router may experience performance degradation when 46-byte packets are processed over turbo-extended access control lists (ACLs). There is no workaround.
•
A Border Gateway Protocol (BGP) session may time out and receive a "BGP-3-NOTIFICATION: received from neighbor x.x.x.x x/x (hold time expired) 0 bytes" message if the
tcp path-mtu-discovery command is enabled and if the router that is configured with BGP is connected to a Multiprotocol Label Switching (MPLS) network.Workaround: Adjust the IP maximum transmission unit (MTU) of the BGP router using the ip mtu value interface configuration command. For example, to enforce a Maximum Segment Size (MSS) of 4426, enter 4466 (MSS 4426 bytes + 40 bytes TCP/IP header + 4 bytes shim header = 4470 (PoS link)) into the value variable of the ip mtu value interface configuration command.
•
On a Cisco 12000 series Internet router, when you connect and disconnect the Rx cable between Engine 4 Packet-over-SONET line cards and a Cisco ONS platform, continuous ping failures may occur, although the line cards are in an up/up state.
Workaround: Issue the hw-module slot x reload command on the line cards.
•
When a virtual connection (VC) is managed by Operation, Administration, and Maintenance (OAM), the VC may go up and down if the VC is oversubscribed.
Workaround: Do not use OAM management.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST or an earlier release and that is configured as an ATM over Multiprotocol Label Switching (AToM) Label Edge Router (LER) may experience a reload when you issue the show mpls forwarding command. The router usually reloads when you take one or more AToM virtual circuits (VCs) down.
Workaround: Do not configure the AToM feature.
•
An rsp-pv Service Provider Feature Set software image that is installed on a Cisco 7500 series Versatile Interface Processor (VIP) does not include some "x25" commands, such as the show x25 command. There is no workaround.
•
A Cisco 12000 series Internet router that is configured with an Engine 4 plus card may generate tracebacks, causing Cisco Express Forwarding (CEF) to be disabled. There is no workaround.
•
A 3-port Gigabit Ethernet line card that is installed in a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(16)S2 or Release 12.0(16)S3 may reload when packet switch ASIC (PSA) errors or bus errors cause changes in the configuration of the output access control lists (ACLs). The reload may be preceded by "FIB-4-RADIX" insert messages and may affect several line cards in a short period of time.
Workaround: Reload the router.
•
An E4 line card that is running Cisco IOS Release 12.0(17)ST3 may reload repeatedly and enter the REQ DUMP state. There is no workaround.
•
When you configure a Packet-over-SONET 8xOC-3 line card in a Cisco 12000 series Internet router as an Automatic Protection Switching (APS) working or protecting line card, the line card may accept input traffic even while it is deselected by APS. This condition causes duplicated packets.
Workaround: When the error condition occurs, enter the shut command followed by the no shut command on the line card that is deselected by APS.
•
When you send Tag packets to an Engine-4 line card that is not Multiprotocol Label Switching (MPLS) enabled and that is installed in a Cisco 12000 series Internet router, the line protocol of the Engine-4 line card goes down after about 200 packets. There is no workaround.
•
On a Cisco 12000 series Internet router that is configured with an Engine 4 line card with 256 MB of CPU memory, the show proc mem command may show more than 4 GB of used memory. When the counter reaches 4.2 GB, it may reset to 0, which causes the line card to think it has run out of memory and to disable Cisco Express Forwarding (CEF). Issuing the clear cef linecard [slot-number] command will bring the line card back up, but there is no workaround for the memory problem or to prevent the counter from resetting to 0.
•
Configuring the aggregate-address command within a Multicast BGP (MBGP) address family causes a router to reload. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17)ST3
Cisco IOS Release 12.0(17)ST3 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST3 but may be open in previous Cisco IOS releases.
•
A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems (ASes) in the segment. The path segment value contains the list of ASes (each AS is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of ASes in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of ASes (without having to use the extended length bit) is 126 [= (255-2)/2]. If the UPDATE is propagated across an AS boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The caveat was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a NOTIFICATION message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 ASes, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.
•
If three Cisco 12000 series Internet routers that are using Frame Relay encapsulation connect to each other, and the middle router is configured with access lists, pings between the routers fail. There is no workaround.
•
Traffic Engineering over ATM Multiprotocol Label Switching (MPLS) networks is not a supported feature in Cisco IOS Release 12.1(4)T. There is no workaround.
•
A memory leak may occur on Cisco IOS Release 12.0(17)ST3 when Simple Network Management Protocol (SNMP) get-requests are done on dot3StatsTable (more specifically on dot3StatsEtherChipset object).
Workaround: Do not perform SNMP get-request, get-next-request operations on dot3StatsTable.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T may experience spurious accesses at atmVcIEntry_get. There is no workaround.
•
When the internal Border Gateway Protocol (iBGP) is redistributed into the Interior Gateway Protocol (IGP), the routes are not advertised by IGP. This problem occurs with Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway Routing Protocol (IGRP), and Open Shortest Path First (OSPF).
Workaround: Enter the clear ip bgp {* | address | peer-group name} [soft [in | out]] and clear ip route {network [mask] | *} EXEC commands to clear this problem.
Alternate workaround: Remove and reenter the neighbor statements in BGP or reload the router.
•
Recent changes in Cisco IOS introduced a process suspend allowing context switching where it should not be allowed. This opened up the possibility for a race condition. There is no known workaround.
•
If two routers are linked by multiple links and if you use the no tag-switching ip interface configuration command on some of the interfaces, while the tag-switching ip interface configuration command is still configured on the other links, then tagged packets continue to be forwarded through the untagged interfaces.
Workaround: Enter the no tag-switching ip interface configuration command followed by the tag-switching ip interface configuration command on all the interfaces.
•
A Cisco 7500 series router may use invalid Cisco Express Forwarding (CEF) entries on Versatile Interface Processors (VIPs) to switch traffic when distributed Cisco Express Forwarding (dCEF) is disabled. The CEF entry on the RSP is valid while the entry on the VIP is invalid.
Workaround: Reboot the VIP and use the clear cef line slot command to clear the lines for each VIP until all the VIPs become visible synchronized in the output when the show cef linecard command is entered.
•
Under certain conditions on a Cisco 12000 series Internet router, Engine 4 line cards may update Cisco Express Forwarding (CEF) entries slower than Engine 2 line cards. There is no workaround.
•
Creating new channel-groups or subinterfaces on a PA-A3 port adapter may cause the corruption of an existing subinterface on the same controller. When this situation occurs, the corrupted subinterface changes its status to down/down and triggers an "output frozen" condition that results in "cbus complex" restarts on all Versatile Interface Processors (VIPs). Sometimes it is possible to bring the corrupted interface back into service by undoing the channel-group change and clearing the E3 controller. There is no workaround.
•
When large or jumbo frames are received on an Ethernet, Fast Ethernet or Gigabit Ethernet interface that uses the i82543 Medium Access Controller (MAC), the MAC will continue to write descriptors back past the end of the descriptor ring, which causes memory corruption. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) interautonomous system environment, if a Cisco router is configured as a VPN-IPv4 (vpnv4) Autonomous System Boundary Router (ASBR) and a provider edge (PE) router at the same time and if the VPN routing/forwarding instance (VRF) is removed from the ASBR configuration, tag-switching may fail for all prefixes in the VRF that have the same route distinguisher (RD) as the VRF that was removed. This condition occurs when all the PE routers use the same route distinguished (RD) for a VRF.
Workaround: Use different RDs.
Alternate workaround: Clear the Border Gateway Protocol (BGP) sessions after disabling the VRF.
•
After debug sanity is enabled on Cisco routers that support particles, the routers may experience a memory leak and reload. The amount of time that it takes for the memory leak to surface and the reload to occur varies. There is no workaround.
•
Running Sampled NetFlow to collect the traffic from a 3-port Gigabit Ethernet line card on a Cisco 12016 Internet router may only collect traffic on the first Gigabit interface. There is no workaround.
•
On Cisco 12000 series Internet routers that have tag switching configured, an OC-192 line card may reload when the network mask is changed from /30 to /24. This condition has been observed in Cisco IOS Release 12.0(17)S, 12.0(18)S, and 12.0(19)S.
Workaround: Do not change the network mask.
•
Bridged-style permanent virtual circuits (BPVCs) half-bridging commands are not implemented with the new group of ATM commands. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.2(3.5) may experience a software-forced reload at ip_arp_refresh_adj after the no shutdown command is entered on a multipoint subinterface in LAN Emulation (LANE) testing. There is no workaround.
•
A Cisco router may reload when it is attempting to generate an Open Shortest Path First (OSPF) summary or external Link-State Advertisements (LSAs) in low memory conditions. There is no workaround.
•
Line cards on Cisco routers that are running distributed Cisco Express Forwarding (CEF) with Cisco IOS Release 12.0(19)S or later may be missing interfaces and interface-related configuration, such as access lists, after a boot or enabling of distributed CEF. There is no workaround.
•
Shutting down and restarting a Clock Scheduler Card on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)S or 12.0(17)ST with the hw-module command might cause the router to appear to pause indefinitely. There is no workaround.
•
Multicast packets that are sent from an Engine 2 line card to a Dynamic Packet Transport (DPT) OC-48 node in dense mode might not be switched for some groups. This condition occurs because of inconsistencies in the (*,G) and (S,G) tables on the Engine 2 line card. For some groups, the DPT48 node is in the (*,G) table and not in the (S,G) table. There is no workaround.
•
A network of Cisco 12000 series Internet routers that is running Multiprotocol Label Switching (MPLS) traffic engineering (TE) with TE tunnel reoptimization enabled on the routers acting as TE tunnel headend routers may drop packets as the tunnel traffic is switched from the old line-state packet (LSP) to the new, reoptimized LSP.
Workaround: The impact of the packet drops can be lessened by reducing the frequency with which reoptimization occurs using the global configuration command mpls traffic-eng reoptimization timers. The default is to reoptimize tunnel LSPs every hour. Alternatively this command can be used to disable reoptimization entirely.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(18)ST may appear to continuously receive "Null adjacency pointer" messages with a QOC-48 Packet over SONET (PoS) line card installed. This condition may occur in the case of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the Interior Gateway Protocol (IGP) label is missing, which may take place during router loading or error condition. There is no workaround.
•
OC-3 and SRP-12 line cards might show incorrect traffic output statistics when traffic travels through an OC-192 interface and exits through a non-OC-192 interface.
Correct traffic output statistics are displayed when the OC-3 line card is configured with Committed Access Rate (CAR).
Workaround: Configure the OC-3 line card with CAR.
•
When a user attaches a Frame Relay map class to an interface, subinterface, or data-link connection identifier (DLCI), the quality of service (QoS) service policy and Frame Relay fragmentation commands (FRF. 12) inside the map class may not be configured.
Workaround: Re-apply the service policy and the Frame Relay fragmentation commands to the map class after the map class has been attached to the interface.
•
Packets coming in on a POS OC48 Engine 2 line card in a Cisco 12000 series Internet router from a Multiprotocol Label Switching (MPLS) network and destined out a VPN routing/forward instance (VRF) interface, which is also on an Engine 2 line card, will not be switched. No counters will be incremented to show the lost packets. This only occurs when the router is a Provider Edge (PE) router in an MPLS Virtual Private Network (VPN). There is no workaround.
•
A memory leak may occur on the Label Distribution Protocol (LDP) MIB if the MIB is walked continuously. This condition can be verified using the show proc mem | include IP SNMP privileged EXEC command after a get or get-next operation is performed on mplsLdpHelloAdjacencyObjects object. The Holding field of the show proc mem | include IP SNMP privileged EXEC command output indicates the amount of memory that is allocated by the process that is currently in use. The Holding field increases by about 100 bytes each time the LDP MIB is queried.
Workaround: Do not perform the get or get-next operation repeatedly with the mplsLdpHelloAdjacencyObjects object because the router may eventually exhaust its free memory pool.
•
A Cisco router that is running Cisco IOS Release 12.0(17)ST with the Label Distribution Protocol (LDP) may experience a memory leak and a subsequent reload because of a watchdog timeout.
Workaround: Use the Tag Distribution Protocol (TDP) instead of the LDP when a router is running Cisco IOS Release 12.0(17)ST.
•
A Cisco 12000 series Internet router equipped with Engine 4 line cards may experience traffic loss in the Multiprotocol Label Switching (MPLS) IP path when there are multiple outgoing links. Some loopback addresses across load-shared Engine 4 links will be unreachable. There is no workaround. Using the clear ip route* command may temporarily alleviate the problem.
•
If a traffic engineering (TE) tunnel is configured between two Provider Edge (PE) routers and Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) is configured in the tunnel, Virtual Private Network (VPN) connectivity through the two PE routers will not function. There is no workaround.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST1 may exhibit tracebacks with the following message:
%GRP-3-ENCAP: Failure to free (invalid slot), slot 4294967295 (info 0x0)
-Traceback= 60269084 60269B08 600E6CFC 600F3600 600F375C 600F3AA8 601A2504 601A24F0
There is no impact on the operation of the router. There is no workaround.
•
In an interautonomous system setup, the Tag Forwarding Information Base (TFIB) entry for the external Border Gateway Protocol (eBGP) Virtual Private Network version 4 (VPNv4) neighbor on the demilitarized zone (DMZ) link does not get installed in the Multiprotocol Label Switching (MPLS) forwarding table. This condition will cause a loss of connectivity for VPN traffic between the two customer edge (CE) routers. There is no workaround.
•
When a Cisco 7200 series router that is configured with an ATM-PA-A3 port adapter receives packets with a multicast MAC address on a virtual circuit (VC) that has been configured for 1483-bridged mode, all packets with the multicast MAC address are dropped. There is no workaround.
•
A Cisco router that is running the Multiprotocol Label Switching (MPLS) and the Label Distribution Protocol (LDP) may fail to operate correctly when there are more than 32 active LDP sessions or when the no mpls ip command is used to terminate the ongoing LDP sessions. Applications that depend on notifications when an LDP session is created may fail to operate correctly. Such applications include the LDP MIB, Label-Controlled ATM (LC-ATM), or Any Transport over MPLS (AToM), such as Ethernet over MPLS. The operation of LDP for packet interfaces is not affected by this condition.
Workaround: Toggle a suspect LDP session by entering the shut command followed by the no shut command on all interfaces that support the LDP session.
•
A Cisco 12000 series Internet router may exhibit any of the following symptoms:
–
–
There might be other symptoms that have not been observed yet. The easiest way to determine the existence of this problem is to enter the show gsr encapsulation command; if the output of the Output Info record is empty even though there are point-to-point interfaces in the system that are up and running, you have encountered this problem.
Workaround: For the cases with invalid MAC headers because of a single-hop TE tunnel present, bring down a physical interface that has no tunnels on it and that is on the same linecard, wait a few seconds, and bring it back up. If the TE tunnel goes down and comes back up, the router will experience the same situation, and a physical interface that is not being used by the tunnel will need to be flapped again. For the cases where traffic is not sent out at all, there is no known workaround.
•
The unconfiguration of an ATM interface on a Cisco 12000 series Internet router may cause the router to reload. There is no workaround.
•
End-to-end Virtual Private Network connectivity does not work when a traffic engineering (TE) tunnel is configured between two provider edge (PE) routers. This caveat entry corrects the setup that does not have the Tag Distribution Protocol (TDP) or the Label Distribution Protocol (TDP) configured on the tunnel.
Workaround: Use an earlier image such as the gsr-p-mz.120-17.ST3 of Cisco IOS Release 12.0(17)ST3 on the PE router or remove the tunnel mpls traffic-eng autoroute announce interface configuration command from the tunnel interface and use a static route through the tunnel instead.
•
A Cisco router may reload with the following software error:
System returned to ROM by error - a Software forced crash, PC 0x602E7660 at 21:1
The following message will also be displayed on the console log:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout
This condition will occur if a network of routers is configured in a mesh, such that the routers are configured with rtr jitter probes and overlapping source and destination ports.
Workaround: Change every source port to be unique, and change every destination port so that it does not overlap with any source port (the destination ports need not be unique).
•
The current implementation of Cisco IOS software is not fully compliant with RFC 2547bis. RFC 2547bis describes the procedures that must be implemented to specific extended communities when route attributes are passed from a customer edge (CE) router to a provider edge (PE) router. This DDTS enforces those procedures. The CE router may suggest a particular route target for each route from the route targets that the PE router is authorized to attach to the route. The PE router would then attach only the suggested route target rather than the full set. This situation gives the CE administrator some dynamic control of the distribution of routes from the CE.
With the current Cisco IOS software, the PE router allows the CE router to attach route targets in an update without verifying that they are a subset of route targets to which the virtual routing and forwarding instance (VRF) attaches. This condition causes the routes to end up in a VRF instance when they are not supposed to.
Workaround: Configure the VRF route map on the PE router to overwrite the extended community attribute to avoid the leakage of routes to other VRFs.
•
Multiprotocol Label Switching (MPLS) forwarding entry may not be created for a recursive static route. The router should be configured with a recursive static route, using MPLS forwarding to that destination. This condition occurs when the label distribution protocol (LDP) remote binding from the resolved-next-hop router is received after the static route is installed in Cisco Express Forwarding (CEF).
Workaround: Enter the clear ip route static-route-prefix command.
•
A Cisco router may restart when configuring the no tag-switching ip command on an interface configured with subinterfaces with the tag-switching ip command enabled. There is no workaround.
•
Multilink Point-to-Point Protocol (MLPPP) for Channelized T3 to DS1 or Channelized OC-3 to DS1/E1 may not forward traffic. The interface shows as UP/UP, but no routes through the interface are reachable (cannot be pinged), and the directly connected interface cannot be pinged. This condition occurs in releases following Cisco IOS Release 12.0(15.6)STST.
Workaround: Where the multilink interface in question is multilink x:
1- no multilink-group x (on all interfaces in the multilink bundle x).
2- shut of every physical interfaces and of Multilink x.
3- re-configure multilink-group x on every interface
4- no shut of physical interfaces
5- no shut of multilink x
•
A Cisco router that is running Cisco IOS Release 12.0(19)ST with Border Gateway Protocol (BGP) configured will not mark the ASPATHS exceeding the maxas-limit as configured by the bgp maxas-limit command as invalid. There is no workaround.
•
Online insertion and removal (OIR) of Versatile Interface Processor (VIP) on a Cisco 7500 router may cause Cisco Express Forwarding (CEF) to become disabled on VIP cards in other slots.
Workaround: Enter the microcode reload command after any failed OIR.
•
A Cisco 10000 series edge services router with a Channelized OC-12 line card may experience that all the interfaces (channel groups) associated with a given Channelized T3 are in an UP/DOWN state.
Workaround: Perform a hardware reset on the Channelized OC-12 line card.
•
On a 6xCT3 line card of a Cisco 12000 series Internet router, if Multilink Point-to-Point Protocol (MLPPP) is configured, and the multilink interface is configured with tx-cos, the tx-cos configuration is not applied to the interface. There is no workaround.
•
Two Customer Edge (CE) routers may experience an end-to-end connectivity failure with each other when they are configured to transmit data through an external BGP (eBGP) Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) in an interautonomous system configuration between two autonomous system boundary routers (ASBRs). The Tag Forwarding Information Base (TFIB) entries for the eBGP VPNv4 neighbors on the DMZ link are not installed in the MPLS forwarding table, which causes the connectivity failure. There is no workaround.
•
When large FDL packets of invalid length are received by the Channelized OC-12 line card, the contents of the packet are printed on the line card console. In the case of a large FDL packet, excessive printing on the line card console causes the line card to reset.
Workaround: Disable the FDL on the remote end.
•
The Multiprotocol Label Switching (MPLS) tags associated with a Virtual Private Network (VPN) (vrf x.y.z.w) default route (0.0.0.0) may be inconsistent between the main Cisco Express Forwarding (CEF) table and the distributed CEF table on the outbound Versatile Interface Processor (VIP) card. There is no workaround.
•
QOC-48 Engine 4 Packet over SONET (PoS) line card may reload under Multiprotocol Label Switching (MPLS) traffic engineering (TE) traffic. There is no workaround.
•
If Engine 4 is the ingress line card at a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel, on reroute the egress line card, if Engine 0, may reload. There is no workaround.
•
Any Transport over Multiprotocol Label Switching (MPLS) (AToM) tunnels cannot be established using Cisco 12000 Engine 0 line cards. The tunnels may fail to come up, and connectivity cannot be established through the tunnels. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17)ST2
Cisco IOS Release 12.0(17)ST2 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST2 but may be open in previous Cisco IOS releases.
•
On Cisco 12000 series Internet routers running Engine 2 line cards, this fix lifts the restriction regarding CE and P connections, within the same VPN, connected to the same line card. It is now possible to have multiple CEs and the P connection, all within the same VPN, connected to the same line card in the PE router. There is no workaround.
•
With certain ATM subinterfaces, the ip verify unicast reverse-path interface configuration command may incorrectly drop a fraction of incoming traffic. There is no workaround.
•
On a Cisco 7513 router that has a Route Switch Processor 4 (RSP4) that is configured with 128 MB DRAM and is carrying 11,000 routes, entering the clear cef linecard EXEC command may cause all available memory to be consumed.
Workaround: Enter the clear ip bgp {*} EXEC command before entering the clear ip cef EXEC command.
•
The Open Shortest Path First (OSPF) database may not create the necessary entries to resubmit an OSPF interarea route.
Workaround: Clear the OSPF process.
•
When the isis circuit-type level-x command is configured, where level-x does not equal to level-1-2, the ip router isis command and subsequently no ip router isis command may trigger the router to rebuild all levels of LSP. Some old prefixes may not be removed from the Label Switched Path (LSP).
Workaround: Issue the clear isis * command.
•
A Cisco 12000 series Internet router that is running Cisco IOS 12.0(16.6)S may experience 100 percent route processor utilization when Multiprotocol Label Switching (MPLS) fragmentation is configured.
Workaround: Do not change the size of the default maximum transmission unit (MTU) on the interfaces when running MPLS.
•
An Engine 4 line card may display the following messages when it encounters certain non-IP packets:
SLOT 3:*May 10 10:46:59 UTC: BHdr->len-8 < IP->tot_len
Workaround: Reload the line card.
•
A 3-port Gigabit Ethernet line card may reload with a bus error exception. There is no workaround.
•
A Cisco 7500 series router may reload by bus error when sending an Intermediate System-to-Intermediate System (IS-IS) complete sequence number PDU (CSNP) packet over an Ethernet interface. There is no workaround.
•
A Cisco 12000 series Internet Router that is running Cisco IOS Release 12.0(14)ST may experience a Border Gateway Protocol (BGP) filter list that may fail to deny all the prefixes that are received from a peer that has a matching as-path attribute on the regular expression. This condition only occurs only when as-path filter lists and route-maps are used for inbound filtering for the same BGP peer.
Workaround: Do not configure an as-path access list to be applied to the BGP neighbor using the neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} command.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)S might generate the following error message:
%GRP-3-ENCAP: Failure to allocate encap table entry, exceeded max number of entries, slot 3 (info 0x8000) -Traceback= 602555E0 60255AC4 602560E0 600F783C 600F7914 600F71C4 600F7288 605690C4 6056C0DC 60569C74 605697A0 603544B4 603537A0 6035397C 60353AF0 6019254C
There is no workaround.
•
Under some conditions after a power failure, a reload may cause session commands, such as description and password, to disappear from the running configuration.
Workaround: Do not configure peer groups. Put the password statement in the peer group definition.
•
When a Cisco router receives confederation information from an eBGP neighbor that is not a Cisco router, the connection may not be dropped or updated.
Workaround: Configure an AS-PATH filter "(*)" with the eBGP neighbor.
•
Multicast output interfaces (OIFs) are missing from certain groups causing multicast traffic to get affected. This condition normally occurs during startup because of the varying speeds in which the cards are turned on.
Workaround: Reload the microcode on the card that contains the missing OIFs. Note that reloading the microcode may lead to issues that are related to caveat CSCuk22826.
•
Multicast Distributed Fast Switching (MDFS) for IP Multicast on a Cisco 12000 series Internet router may fail to add a particular interface to the OIF list of certain multicast static routes (mroutes) on a line card. If that line card is the Reverse Path Forwarding (RPF) interface for that mroute, this situation will result in forwarding to that OIF interface to fail.
Diagnosis: If a Cisco 12000 Internet router is not correctly forwarding IP multicast traffic out a particular interface but the output of the show ip mroute EXEC command shows that interface in the OIF list of that route, verify that the interface also shows up in the OIF list on the line card that has the incoming interface of the route. Enter the attach slot-number privileged EXEC command, where slot-number is the number of the line card and then enter the show ip mds forwarding EXEC command to determine the actual MDFS forwarding state of the mroute. If the outgoing interface in question does not show "ip" in this output then this caveat applies.
Workaround: Disable MDFS on the incoming interface by configuring no ip mroute-cache on the interface. Do not try to use this workaround if more than a very low amount of multicast traffic is arriving on that interface or else you will compromise the stability of the router because the workaround will make the packets switched through the Gigabit Route Processor instead of the switching fabric.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(16.3)ST and later releases, ATM over Multiprotocol Label Switching (MPLS) tunnels may stop forwarding packets if Engine 2 line cards are used at disposition.
Workaround: Use Engine 0 line cards at the disposition.
•
The ip helper-address address interface configuration command does not work when it is configured on a Cisco 12000 series Internet router. There is no workaround.
•
A QOC48 line card may reload in some complicated test cases on a Cisco 12000 series Internet router.
Workaround: Use Cisco IOS Release 12.0(17)ST.
•
A Cisco 12000 series Internet router may reload when Label Distribution Protocol (LDP) sessions are added or removed. This condition is caused by accessing and freeing bad pointer values. There is no workaround.
•
A Multiprotocol Label Switching (MPLS) router that is performing label imposition (in the non-Virtual Private Network [VPN] context) may not loadshare correctly between labeled and unlabeled links. There is no workaround.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(17)ST1.0807 may display the following error message for the Engine 4 line cards:
%ALIGN-3-SPURIOUS
Traffic may only be forwarded partially on Engine 4 line cards. There is no workaround.
•
A Cisco 10000 series edge services router may reload while loading, or immediately after loading, Cisco IOS Release 12.0(17)ST1.0810. There is no workaround.
•
A reload may result from running Label Distributor Protocol (LDP). The reload may be exacerbated when walking the Label Distribution Protocol (LDP) MIB on a Cisco router. The reload usually manifests itself when the first LDP session comes up, but the reload may also occur when the session goes down. There is no workaround.
•
On a Cisco 12000 series Internet router, the configuration of the ip route-cache cef command on the Ethernet 0 interface results in the following error message:
%CEF not supported for ARPA
CEF cannot be enabled on the Ethernet 0 interface.
Note
Resolved Caveats—Cisco IOS Release 12.0(17)ST1
Cisco IOS Release 12.0(17)ST1 is a rebuild release for Cisco IOS Release 12.0(17)ST. The caveats in this section are resolved in Cisco IOS Release 12.0(17)ST1 but may be open in previous Cisco IOS releases.
•
A configuration that involves an ingress access control list (ACL) on one Engine 2 line card, combined with an output ACL and output Committed Access Rate (CAR) on another Engine 0, line card, may result in a line card reload when traffic is passed through the Engine 0 line card path. There is no workaround.
•
On a Cisco router, a Simple Network Management Protocol (SNMP) agent does not allow the packet size to be greater than 2048 bytes, even though the configurable packet size is from 484 bytes to 17940 bytes.
Workaround: If the SNMP GET request message is used with multiple variable BINDs, the request message size can be reduced by dividing the variable BINDs in to more than one GET request message. If the SNMP GET-BULK request message is used, the non-repeats and max-repetitions can be adjusted to have a reply packet size of less than 2048 bytes.
•
Upgrading to Cisco IOS Release 12.0(12.5)S may cause the Open Shortest Path First (OSPF) routing process to run with 99 percent CPU utilization and cause low memory problems.
Possible workaround: Remove and reconfigure the OSPF routing process using the router ospf global configuration command.
•
A Cisco 2016 series Internet router with two clock switched cards (CSCs) may display the following error messaged during a cold boot (the second CSC is installed for redundancy):
MBUS-3-BADCLK: Slot 0 does not see fabric clock from CSC_0 Card will not operate on fabric using this clock
Possible workarounds: Perform one of the following actions:
–
–
•
For Cisco 12000 series Internet routers that have 6-port channelized T3 (CT3) line cards and that are running Cisco IOS Release 12.0(14)S to 12.0(17)S, the state of T3s or T1s may be reported incorrectly, and CT3 interfaces may remain down even though the corresponding T1s are up but reported as down. The output of the show ipc status EXEC commands on the router processor indicate that some interprocess communication (IPC) messages have timed out.
Workaround: Reset the line card.
•
A PA-E3 controller installed on a Cisco 7206VRX router that is running Cisco IOS Release 12.0(13)S, 12.0(14)S, or 12.1(5) may reset itself frequently. One carrier transition is registered for each interface reset. The output of the show controllers privileged EXEC command shows that the tx_fullring value increases in proportion to the interface resets. Under this condition, a memory leak in the I/O-2 pool reloads the router. There is no workaround.
•
A Cisco router may not propagate an updated Border Gateway Protocol (BGP) best path to other BGP peer routers. This condition occurs under rare circumstances.
Workaround: Enter the clear ip bgp * out EXEC command to update BGP peer routers with the current best path attributes.
•
An Ethernet interface on a PA-8E port adapter may enter a down state and not respond to the configuration of the no shutdown command. There is no workaround.
•
There is a forwarding problem specific to the Cisco 12000 series Internet router for Multiprotocol Label Switching (MPLS) over Frame Relay. The platform independent control plane works. Forwarding works on other platforms. There is no workaround.
•
Under certain circumstances, Rivest, Shamir, and Adelman (RSA) keys generated in Cisco IOS software are not recognized when a Cisco router reloads. Error messages about Secure Shell (SSH) configuration commands, which rely on RSA keys to exist may occur. When the RSA keys are not read, the SSH configuration cannot be read. Error messages about the SSH commands are displayed on the console after bootup. This situation is caused by a bad default value in the hardware clock of the router (the value appears as 1917).
Workaround: Set the value of the hardware clock to a reasonable value using the clock set EXEC command followed by the clock update-calendar EXEC command before regenerating the RSA keys.
•
Firmware needs to be reset because of a firmware directory (FW) watchdog timeout when Frame Relay is configured. There is no workaround.
•
A Cisco router reloads when you add the 25th subnet mask to a variably subnetted network.
Workaround: Do not add the 25th subnet mask to a variably subnetted network.
•
A Cisco 12000 series router that has multiple Engine 2 line cards installed may experience a situation whereby multiple line cards may run out of memory simultaneously. Cisco Express Forwarding (CEF) becomes disabled on the affected cards after the following error message is displayed:
%SYS-4-EXMALLOCFAIL: External memory allocation of 768000 bytes failed from EXMEM 1
There is no workaround.
•
If the neighbor soft-reconfiguration command is entered, the injected route does not go through the neighbor route map. The injected route receives the values of the original route, instead of the best path that went through the neighbor route-map and had its values changed.
Workaround: Do not enable the neighbor soft-reconfiguration command inbound on the Border Gateway Protocol (BGP) peer. This condition allows route refresh to affect the change in the configured policy.
•
Committed Access Rate (CAR) limits will not function properly when Cisco Express Forwarding (CEF) is enabled on a router. When CEF is disabled on a router, CAR limits function properly. (This configuration is not supported.) This behavior has been observed on routers that use the same interface for input and output traffic. There is no workaround.
•
A Versatile Interface Processor (VIP) may reload with distributed Cisco Express Forwarding (dCEF) and Multiprotocol Label Switching (MPLS) configured on a tunnel interface after the following sequence of commands:
no interface tunnel x
interface tunnel x
microcode type sys slot
There is no workaround.
•
Under some circumstances, inserting routes into a routing table may cause memory to become fragmented.
Temporary workaround: Configure the memory free-list 65488 command.
•
When Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) is configured on Cisco 12000 EO/E2 line cards, the packet fragmentation function does not work properly. A ping with any packets larger than a maximum transmission unit (MTU) size of 4470 bytes does not get through the network. There is no workaround.
•
Inconsistent behavior has been observed on a Cisco router when Cisco Express Forwarding (CEF) is configured with routing protocols that use holddown to protect against suboptimal routing. Process switching prevents packets from being forwarded when the route is in a holddown state. However, CEF removes the forwarding information from the Forwarding Information Base (FIB) when a route enters a holddown state. This configuration causes a condition in which CEF switching black holes traffic. This condition has been observed in routers that are configured with CEF and Route Information Protocol (RIP), RIP version 2, and Interior Gateway Routing Protocol (IGRP). There is no workaround.
•
When a HTTP server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device. In that case, the user will be able to exercise complete control over the device. All commands will be executed with the highest privilege (level 15).
All releases of Cisco IOS® software, starting with the release 11.3 and later, are vulnerable. Virtually, all mainstream Cisco routers and switches running Cisco IOS are affected by this vulnerability.
Products that are not running Cisco IOS software are not vulnerable.
The workaround for this vulnerability is to disable HTTP server on the router or to use Terminal Access Controller Access Control System (TACACS+) or Radius for authentication.
This advisory will be posted at: http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(15.6)ST1 or 12.0(17)ST may reload when executing a write memory command. There is no workaround.
•
A Cisco router that is running Cisco IOS Software Release 12.0(13)S2 may reload because of a bus error when receiving a Border Gateway Protocol (BGP) update with an extended as_path length. There is no workaround.
•
A Cisco 2611 router that is running Cisco IOS Release 12.1(7) may fail to forward generic routing encapsulation (GRE) and Cisco Express Forwarding (CEF) Address Resolution Protocol (ARP) requests.
Workaround: Disable CEF on the tunnel interface.
•
When an Egress port is oversubscribed with multicast traffic, Engine 4 (E4) line cards on the egress side may assert back pressure on ingress line cards before all available buffers are used. This causes multicast packets to be dropped on the ingress line cards. This symptom does not occur when unicast traffic is present.
Workaround: Configure Weighted Random Early Detection (WRED) or use the tx-queue-limit number interface configuration command on the Egress ports.
•
A Cisco 12000 series router that is running Cisco IOS Software Release 12.0(16)S with a Gigabit Ethernet adapter may occasionally fail to detect remote failure on a connected router. There is no workaround.
•
When a Cisco 12008 router is booted up, both of its Gigabit Route Processors (GRPs) may contend for primary status, which causes the router to enter into a reboot cycle.
Workaround: Have only one GRP present when the router is booted up, and insert the second GRP only after the router has booted up. The first GRP will be assigned the primary status while the second GRP will assume the secondary status.
•
A Label Edge Router (LER) that is running the c7200-p-mz.122-0.18 or the rsp-pv-mz.122-0.18 image of Cisco IOS Release 12.2(18) may experience tagged virtual circuits (TVCs) that are held in the "bindwait" state if router flapping occurs on the paths from the LER to some destinations that have TVCs configured. This problem occurs even when alternate paths exist.
Workaround: Enter the shut command followed by the no shut command on the interfaces on the LER.
•
A Cisco 7500 series router or Cisco 12000 series Internet router may experience a memory leak under any of the following conditions:
–
–
–
–
–
At some point, the prefix is resolved to go over two paths. One path is over a physical interface, and the other path is to Null0. For example, ip route x/y next hop1 ip route x/y next hop2. The route to nexthop1 points to a physical interface, and the route to next hop 2 points (at any time) to Null0.
This condition can be detected by entering the entering the following show commands:
–
–
Workaround: If any of the following actions are performed, the messages will
eventually drain off (releasing memory):
–
–
–
•
A Cisco 12000 series Internet router with an OC-192 Engine 4 line card may run out of memory when the router receives more than 200,000 Border Gateway Protocol (BGP) and 4,000 Intermediate System-to-Intermediate System (IS-IS) routes simultaneously. There is no workaround.
•
The tailend of a tagged virtual circuit (TVC) may remain active while the headend of a TVC becomes missing. This problem is triggered when TVCs are reestablished when better routes become available due to change of topology. The new TVCs are set up normally, but the old TVCs are not cleaned up properly. There is no workaround.
•
When running cell-mode Multiprotocol Label Switching (MPLS) on a network of Cisco Catalyst 8500 series switches with redundant paths, conversion to MPLS after a routing change may take up to 4.5 minutes. Open Shortest Path First (OSPF) converges normally. There is no workaround.
•
A Cisco 7204 router with a Network Processing Engine (NPE-200) and a PA-A2-4E1XC-E3ATM ATM-Circuit Emulation Services (ATM-CES) port adapter that is running Cisco IOS Software Release 12.1(5) may display the following error message:
No space for tbdP1: mp->data_block
There is no workaround.
•
After loading the gsr-p-mz.120-170ST.0504 image into a Cisco 12000 series Internet router, some frame- relay commands will be automatically loaded to OC-48 line cards. This condition can be verified by entering the show running-config command or the show startup-config command for the affected OC-48 line card.
The following output is from the show running-config command:
interface POS1/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
crc 32
pos threshold sf-ber 4
frame-relay lmi-type ansi
The following output is from the show startup-config command:
interface POS1/0
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
crc 32
Workaround: Manually remove the frame-relay commands after loading the gsr-p-mz.120-170ST.0504 image.
•
A Cisco 7200 series Internet Router that is running Cisco IOS Release 12.1, 12.0S or 12.2(1) with a Dual-port Fast Ethernet 100BASE-TX (PA-2FE-TX) or a Cisco 7200 Input/Output Controller with 2 10/100 Auto-sensing Fast Ethernet Ports (C7200-I/O-2FE/E) may experience link flaps (link line status goes up and down) when certain protocols are running on an interface. The known triggers for the link flaps are: IP address configurations/modifications, the addition of subinterfaces, the modification of line speeds and line states (duplex/half-duplex), and other protocol-dependent configurations. There is no workaround.
•
A Cisco router that is running Open Shortest Path First (OSPF) as the routing protocol may experience a software forced reload and display the following error messages under normal operation:
%SYS-3-BADBLOCK: Bad block pointer %SYS-6-BLKINFO: Freespace does not end at end of the pool blk
This problem occurs only when the router receives a corrupted link-state advertisement (LSA). There is no workaround.
•
When a line card experiences a high CPU processing load, some route processor to line card messages may be lost, causing interface flaps. When the CPU spike returns to normal, the situation should stabilize by itself. There is no workaround.
•
If there are multiple traffic engineering (TE) tunnels starting from the same router "R" and ending on the different routers that are all on the shortest path from "R" to the router that advertise the multicast source S, Reverse-Path Forwarding (RPF) check will fail on "R" and all multicast traffic from source S will be dropped on "R".
Workaround: Configure static mroute to the native interface.
•
A Cisco router that resides on a network with Intermediate System-to- Intermediate System (IS-IS) and Open Shortest Path First (OSPF) running concurrently with default administrative distances configured may reload when the clear ip route * EXEC command or the router ospf process-id global configuration command is entered and when a subnet prefix is shared by both IS-IS and OSPF.
Workaround: Change the administrative distance under the router isis [tag] global configuration command.
•
When entering a clear counters or clear counters interface EXEC command on an OC12 interface, the output drops may clear and then reappear about 10 seconds later. This condition has no impact on shaping performance and does not affect traffic flow, but it is a case in which the drop counter is not cleared in the microcode and is subsequently refreshed. There is no workaround.
•
A Cisco 2600 series router configured with Service Assurance Agent (SAA) may display the following error message:
%SYS-2-MALLOCFAIL: Memory allocation of -2132490248 bytes failed from 0x8064BDBC, pool Processor, alignment
The memory allocation failure error message is generated when the system is repeatedly Simple Network Management Protocol (SNMP) polled for the rttMonJitterStats table. Because of the memory allocation error, SAA (Service Assurance Agent) data may also be unreliable. There is no workaround.
•
When issuing the shutdown command on the primary link for Multiprotocol Label Switching (MPLS) traffic engineering (TE), fast reroute (FRR) may successfully let the backup tunnel take over forwarding. But when issuing the restore command on the primary link for FRR, the ingress line card of the tunnel head is core dumped. There is no workaround.
•
When attempting to disable Cisco Express Forwarding (CEF) with the no ip route-cache cef interface configuration command on a Gigabit Route Processor (GRP) with CEF enabled on interface Ethernet 0, the following error message may be displayed:
%Disabling CEF not supported for Ethernet0
There is no workaround.
•
On a Cisco 12000 series Internet router, a 12-E3 output byte counters may be incorrect when there is an output drop (similar to using a subrate) because an average packet size is used to calculate the output drops. The counters are correct when there is no output drop, and the input counters are not affected by this condition. This condition displays two incorrect output statistics:
–
–
Incorrect output rates have been observed during packet size testing. The rates are calculated by polling Simple Network Management Protocol (SNMP) octets. Under normal traffic conditions, the difference is minimal. There is no workaround.
•
When a Cisco router that is running Cisco IOS software based on Cisco IOS Release 12.0(15)S2 is upgraded to Cisco IOS Release 12.0(16.6)S3.0516, some line cards may experience problems booting. The following error messages may be displayed:
%MBUS-0-DOWNREV: MBUS agent in slot 1 running from ROM
%MBUS-2-DNLDFAIL: MBUS Agent RAM download to slot 1
After the line cards have not been up for 6 minutes, the line card may end up in an FIB disabled state (dCEF not running). The following error message may be displayed:
%FIB-3-FIBDISABLE: Fatal error, slot 7: No window message, LC to RP IPC is non-operational
Workaround: It has been observed that a microcode reload or complete software reload may resolve this problem.
•
A Cisco 12410 series Internet router or a Cisco 12406 series Internet router may not report a five volt power supply alarm. There is no workaround.
•
If the startup configuration is missing on a Cisco router that is running Cisco IOS Software Release 12.0(16)S or Cisco IOS Software Release 12.0(17)S, entering the redundancy force-failover command may change the host name from "Router" to "GRP-SlotX" (X is the slot number of the affected GRP). This condition has not been observed with Cisco IOS Software Release 12.0(14)S. There is no workaround.
•
Disabling Cisco Express Forwarding (CEF) inconsistency checkers with the no ip cef table command may result in CEF being disabled. To reenable CEF, globally configure the ip cef command or ip cef distributed command. There is no workaround.
•
When a router interface is administratively shut down the switch or other connecting device will still show the router as connected when it is not. This problem exists only on certain port adapters (PA-2FE-TX, PA-2FE-FX, and PA-4E).
Workaround: Physically disconnect and reconnect the cable between the devices to force both sides of the link down.
•
It may not be possible to configure the speed of a PA-2FE-TX on a Cisco 7500 series router that is running Cisco IOS Software Release 12.0 S or 12.0 ST. There is no workaround.
•
A Spacial Reuse Protocol (SRP) port adapter may not recover gracefully from a data parity error on the PCI bus. This condition may cause the SRP port adapter to remain unstable until an online insertion and removal (OIR) or a router reload is performed.
Workaround: Perform an OIR or reload the router.
•
When configuring or deconfiguring Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) tag-switching on a Cisco router, the router may reboot when configuring the no mpls ip command or the mpls ip command globally for the router. There is no workaround.
•
A Cisco 10000 series edge services router may reload when executing the traffic-shape rate interface configuration command with a value of less than 1000. The traffic-shape rate interface configuration command is not supported on the Cisco 10000 series edge services router. There is no workaround.
•
An output Access Control List (ACL) that is configured on an Engine 2 line card will not filter traffic for ACL lines that specify a protocol other than TCP, User Data Protocol (UDP), Internet Control Message Protocol (ICMP), Internet Group Management Protocol (IGMP), or IP. There is no workaround.
•
When operating at low frequency, a Cisco 10720 series router may report some of the Fast Ethernet (FE) ports as down while the ports are connected and really up.
Workaround: Increase frequency to marginal value
•
A Cisco 12000 series Internet router with an Engine 4 line card may stop forwarding traffic and reload under certain circumstances. There is no workaround.
•
A Cisco router may reload if the Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel has a very large topology, for example, too many downstream nodes behind the tail-end tunnel.
Workaround: Configure the mpls traffic-eng max-child 0 command under the router isis command to disable the autoroute optimization.
•
In a configuration with multiple T1 through T3 interfaces, it may not be possible to query for Simple Network Management Protocol (SNMP) statistics because the snmpwalk and snmpget functions do not display data for some interfaces. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(16)ST and Border Gateway Protocol (BGP) may reload due to a bus error in rare situations when the BGP maximum-paths command is configured.
Workaround: Remove maximum paths.
•
All interfaces of a QUAD OC3 Packet over SONET (PoS) line card may go down on the provider edge (PE) Cisco 12000 series Internet router. Reloading of the line card may temporarily solve the problem. There is no workaround.
•
If a Cisco router has the same IP address configured on two interfaces where one of the interfaces is in shutdown state and is configured to run a Tag Distribution Protocol (TDP)/Label Distribution Protocol (LDP) session, then its peer may have TFIB entries which are untagged.
Workaround: Remove the duplicate IP address from the shutdown interface.
•
In redundant Performance Routing Engine configurations, incorrect channel assignments may be caused when both the channelized OC12 and STM1 line cards are in the system.
Workaround: Do not run both of these line cards in a redundant PRE system.
•
A Cisco 7200, 7500/RSP or 12000 series router may reload when the dir slot0: EXEC command is entered with too many characters between "slot" and ":". The proper command syntax should be used. There is no workaround.
•
A Cisco router may reload when configuring a subinterface with the mpls label protocol ldp command when the interface is tag-switching enabled and running with the mpls label protocol tdp command enabled. This condition occurs when the tag-switching ip command is enabled on the router with the default mpls label protocol tdp command enabled on the interfaces.
Workaround: Configure the no tag-switching ip command globally on the router before changing the tag switching protocol between Label Distribution Protocol (LDP) and Tag Distribution Protocol (TDP) in either direction.
•
Access Control List (ACL) on 3-Port Gigabit Ethernet line cards on Cisco 12000 series Internet routers that are running Cisco IOS Release 12.0(17.6)ST may cause the line cards to fail forwarding traffic.
Workaround: Do not configure ingress ACL on 3-Port Gigabit Ethernet line cards.
•
On Engine 2 line cards, when packet switch ASIC (PSA) access control lists (ACLs) are configured and then subsequently removed, the correct feature microcode may not be loaded.
Workaround: Issue the microcode reload command on the line card.
•
A Fast Ethernet (FE) or Gigabit Ethernet (GE) Engine 1 line card on a Cisco 12000 series Internet router does not switch Multiprotocol Label Switching (MPLS) packets that are received on its interfaces. Regular IP traffic and MPLS traffic work when coming on a different interface that is switched to the Fast Ethernet or Gigabit Ethernet interface. There is no workaround.
•
Packet over SONET (PoS) encapsulation strings for IP are used for labelled packets, causing the other end of the connection to discard traffic. As a result, some destinations are not forwarded through the system. This behavior is caused by configuring the unsupported Multicast Tag Switching feature. This configuration corrupts the rewrite table for Tag Switching on the line card where the port it is configured on resides.
Workaround: Do not configure this feature by using the no ip multicast tagswitch command and reloading the router.
•
A Cisco 12000 series Internet router that is running Multiprotocol Label Switching (MPLS) with Engine 2 line cards may experience some packets not getting passed through the router. This condition occurs if the following are all true:
–
–
–
–
show ip route x.x.x.x <---- Learned via BGP, has next hop of y.y.y.y
show ip route y.y.y.y <---- Learned via BGP, has next hop of z.z.z.z
show ip route z.z.z.z <---- Learned via IGP (ISIS, OSPF, EIGRP, etc.).
You will experience the problem only with the x.x.x.x route.
Workaround: Change the Border Gateway Protocol (BGP) next-hop of the x.x.x.x route with the neighbor a.a.a.a. next-hop-self router configuration command on the router learning the external BGP (eBGP) routes. This command would be used on all your iBGP neighbors.
•
The QOC48 line card may reload if Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels are configured on it. There is no workaround.
•
Engine 4 line cards in a Cisco 12000 series Internet router may reload while running IP multicast when the IP prefix counter memory is exhausted. There is no workaround.
•
Configuring IP coloring (IP marking) on an interface with input Access Control List (ACL), or if any interface on the Cisco 12000 series Internet router has an output ACL, then IP coloring may fail to mark the packet. ACL will still function as normal. This condition only occurs if IP coloring is configured on an E2 line card. There is no workaround.
•
Under rare conditions, the Route Processor (RP) in a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(15)S3 may reload when you attach a line card. There is no workaround.
•
Policy-based routing (PBR) is configured on the interface of a Cisco 12000 series Internet router where generated traffic is to be received. PBR forwards all the traffic received on this interface to the Multiprotocol Label Switching (MPLS) tunnel. As soon as traffic is received on the interface, the line card supporting both the incoming traffic interface and the interface of the tunnel reloads. There is no workaround.
•
When loading Cisco IOS Release 12.0(17)ST on a Cisco 12000 series Internet router, the Engine 4 line cards may reload. There is no workaround.
•
In a Border Gateway Protocol (BGP) export map, the match tag number statement may not take effect and set the extended community. There is no workaround.
•
On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(16.3)ST and later releases, ATM over Multiprotocol Label Switching (MPLS) tunnels may stop forwarding packets if Engine 2 line cards are used at disposition.
Workaround: Use Engine 0 line cards at the disposition.
Resolved Caveats—Cisco IOS Release 12.0(17)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(17)ST. This section describes severity 1 and 2 caveats only.
IP Routing Protocols
•
When redistributing internal Border Gateway Protocol (iBGP) into an IGP you may experience the route not getting placed into the IGP. This has been seen with Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway Routing Protocol (IGRP), and Open Shortest Path First (OSPF).
Primary workaround: Reload the router.
Secondary workaround: Enter the clear ip bgp * command and the clear ip route * command.
Alternate workaround: Remove the neighbor statements and place them back in BGP.
•
If the neighbor soft-reconfiguration command is entered, the injected route does not go through the neighbor route map. The injected route receives the values of the original route, instead of the best path that went through the neighbor route-map and had its values changed.
Workaround: Do not enable the neighbor soft-reconfiguration command inbound on the Border Gateway Protocol (BGP) peer. This condition allows route refresh to affect the change in the configured policy.
ISO CLNS
•
Entering the router isis command followed by the distance 10 ip command may cause a Cisco router to reload.
Workaround: Enter the net xx.xxxx.xxxx.xxxx.xx command before the distance 10 ip command.
Miscellaneous
•
Engine 2 Packet over SONET (PoS) line cards on a Cisco 12000 series Internet router may be severely affected and may be reset if hundreds of multiprotocol label switching (MPLS) tunnel interfaces are unconfigured simultaneously during heavy stress conditions with several thousand Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) routes and line rate traffic. This is most likely to happen if the Interior Gateway Protocol (IGP) is Intermediate System-to-Intermediate System (IS-IS). There is no workaround.
•
A 1500-byte IP packet with three Multiprotocol Label Switching (MPLS) labels mat not be received on a Fast Ethernet or Gigabit Ethernet interface. The packet is counted as a giant and dropped. There is no workaround.
•
When a TU-AIS alarm indication signal is received at a particular tributary unit (TU) in TUG3#3, the next TU at the T1 or E1 level contains data corruption as well. There is no workaround.
•
The T1/E1 MIB tables on channelized line cards in a Cisco 10000 system may not be set correctly. The problem may occur with the assignment of the ifIndex associated with a given T1. It takes the same value as the ifIndex of the latest channel group created in that T1. As new channel groups are created, the value of the ifIndex associated with that T1 keeps changing. Several of the values associated with the T1 MIB instance may be false. Since the T1/E1 takes the ifIndex of the latest channel group created on that virtual controller, if that channel group is deleted, the T1/E1 tables disappear altogether.One way to minimize the problem is to have no more than one channel group associated with a given T1/E1. There is no workaround.
•
Output CAR configurations on non-Versatile Interface Processor (interfaces may not discard packets with Cisco 7500 series routers. Packets are counted as dropped, but they are actually sent. There is no workaround.
•
A Cisco 12000 series Internet router may experience a memory leak in buffer memory, which can be characterized by the display of Interprocess Communication (IPC) error messages from failed communication between the Route Processor (RP) and any line card. A buffer leak may be recognized by comparing the amount of total buffers and the number of buffers in the free list for each buffer pool in the output of the show buffers command and seeing that the delta between these two numbers continues to increase and never returns to a reasonable difference.
The problem may be observed by entering the show controller csar queue command on the RP. If there is a constant number higher than one in the length column, the condition may be present. See the following example:
Router# show controller csar queue
1118 Free QSlot Length Max Length 0 2 2 1 70 70 <=== ** RP is in this condition 2 0 0 3 0 1 4 0 0 5 0 0 6 0 0 7 0 1 Multicast 0 0
This particular buffer leak is also characterized by a log message similar to the following on the POS OC48 linecard:
SLOT 1:014776: Apr 23 21:53:29: %IPCLC-3-EVENTSYS: Event (13) system call ipc_send_message_blocked error (cause: timeout) -Traceback= 400EA148 4013B8BC 4013BCB0 4013CFB8 401139D8 400B5FFC 4007F118 4009DB74 4009DB60 035279: Apr 23 21:54:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to down 035280: Apr 23 21:54:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to up
Workaround: Enter the microcode reload slot global configuration command on the line card that is displaying the message.
•
Entering the show ip psa x.x.x.x command may cause the Engine 2 line card, such as the OC48 to reload. There is no workaround.
•
If a channelized T3 goes down when BERT is running on a T1, the T3 displays its status as down while the T1 displays its status as up. There is no workaround.
•
With Route Processor Redundancy (RPR) mode and Route Processor Redundancy+ (RPR+) mode, after a switchover event to the redundant Route Processor (RP), Automatic Protection System (APS) state information is lost on the RP. There is no workaround.
•
On Cisco 10000 series edge services routers (ESRs) that are running Cisco IOS Release 12.0 ST or 12.0 SL and using 6CT3, ChOC12, or ChSTM1 line cards, DS3 and DS1 MIB interval statistics are not correctly recorded after the initial 24-hour period. There is no workaround.
•
Packets locally originated by a router and colored using policy-based routing (PBR) set IP precedence are then not correctly classified by class-based weighted fair queueing (CBWFQ) (policy out) when on the outgoing interface Multiprotocol Label Switching (MPLS) (tdp) is also configured. CBWFQ then puts those packets into the class-default class instead to their proper configured one.
The problem does not happen if MPLS is removed from the interface where the policy-map is applied. Coloring and matching are then both correct. There is no workaround.
•
In Route Processor Redundancy (RPR) mode and Route Processor Redundancy+ (RPR+), enabling exception coredump facility on the Route Processor (RP) to get the coredump may not work. There is no workaround.
•
When the last channel on a T1, on which bit-error-rate-testing (BERT) is running, is deleted, the BERT process is not deconfigured correctly. The next time a channel is created on this T1, BERT cannot be started correctly.
Workaround: Stop BERT before removing the T1 channel.
•
Cisco 12000 series Internet routers that are running Cisco IOS Release 12.0(14)ST code or later ST versions may reload when a labeled packet comes in a Multiprotocol Label Switch (MPLS) enabled interface and the Ethernet interface 0. The following message and traceback may occur:
May 4 15:30:54: %SYS-2-BADSHARE: Bad refcount in pool_getbuffer, ptr=6352FA44, count=FFFFFD06 -Traceback= 6016AC20 6016C928 600EBD68 6077E3C4 6077EF2C 6077F4B0 6077F63C 6019A 6E4 6019A6D0
There is no workaround.
•
When one out of 20 Cisco 10000 series edge services routers (ESRs) reloads, a Gigabit Ethernet Interface fails to initialize and is left in a down state.
Workaround: Enter the configurator, select the Gigabit Ethernet Interface, and the no shut command.
Wide-Area Networking
•
When the set srp-priority command is used in a policy map attached to the output of the Spatial Reuse Protocol (SRP) interface, if the queue associated with that command is removed with "no bandwidth", "no priority" or "no shape" then the code tries to remove the set srp-priority command as well since the command can only be used when a queue is there.
Workaround: Remove the set srp-priority command first using no set srp-priority x, then remove the queue.
Resolved Caveats—Cisco IOS Release 12.0(16)ST1
Cisco IOS Release 12.0(16)ST1 is a rebuild of Cisco IOS Release 12.0(16)ST. All caveats in this section have been resolved in Cisco IOS Release 12.0(16)ST1 but may be open in previous releases.
•
A Cisco router may reload when you configure mpls ip or no mpls ip globally. This situation occurs when configuring or deconfiguring Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) tag switching. There is no workaround.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(16)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(16)ST. This section describes severity 1 and 2 caveats only.
Basic System Services
•
This solution makes the slave sign-in much more robust than previous versions. The sign-in failures are IPC failures such as timeouts. These failures may be caused by transient conditions such as heavy IPC traffic and CPU load as the result of doing a fib download at the exact same time the slave is trying to sign in. This may happen if a Cisco router is passing a lot of traffic and has several line flaps at the time slave sign-in occurs. There is now retry logic around the various slave sign-in operations. The code gets 10 retries to complete an operation, and it sleeps a minute between retries. If it runs out of retries on an operation (10 tries<=>10 minutes), it sets its dbus status register to indicate a WCSCTRLRERR which may cause the master to reload. There is no workaround.
IP Routing Protocols
•
When using the conditional route injection feature, the show ip bgp x.x.x.x/m shorter-prefixes [mask-length] command does not display the parent routes of the routes listed under the show ip bgp injected-paths command. The shorter-prefixes [mask-length] should display the learned prefixes that have a longer mask than the max-length, but shorter than the specified mask for the prefix.
Workaround: Do not enable the conditional route injection feature.
•
Open Shortest Path First (OSPF) may fail to install the default route in some rare cases. The default route will automatically be installed during next shortest path first algorithm (SPF).
Primary Workaround: Add a static default route with a higher administrative distance than OSPF and redistribute it through OSPF by entering the following commands:
(config) # ip route 0.0.0.0 0.0.0.0 if-name 200
(config) # router ospf 1
(router config) # default-information-originate
(router config) # redistribute static subnetSecondary Workaround: Add a fake loopback to OSPF net statements, and flap the loopback.
ISO CLNS
•
The command sequence router isis distance 10 ip may cause a Cisco router to reload.
Workaround: Enter the command net xx.xxxx.xxxx.xxxx.xx before the command distance 10 ip.
Miscellaneous
•
A Cisco multichannel T1/E1 port adapter does not support switching of Multiprotocol Label Switching (MPLS) packets. There is no workaround.
•
When a large number of VBR-nrt VCs are configured (200 and above) and the link transitions DOWN the host software running on the OC12 ATM line card, the line card may take a SW Watchdog timeout forcing the line card firmware to reload. This condition is caused by excessive flowbit allocation processing. There is no workaround
•
IP/MPLS packets that arrive on an old style interface processor and exit by way of a Versatile Interface Processor (VIP) do not match the output Committed Access Rate (CAR). There is no workaround.
•
Multiprotocol Label Switching (MPLS) packets received on the routing/forwarding instances (VRF) interface may get forwarded even though MPLS is not enabled on that interface. This condition occurs only on the provider edge (PE) routers which have VRFs configured. There is no workaround.
•
The Internet Control Message Protocol (ICMP) Type 3 Code 4 "Fragmentation required but DF bit set" message is generated by a router when it realizes that a packet received on one interface is too large to be transmitted on a subsequent interface. The normal course of action would be for the router to fragment that packet into two or more pieces and send each one. However, with the DF bit set, the router cannot do this. Instead, the router sends back a "Fragmentation required but DF bit set" message to the transmitter. Ideally, the transmitter will use this message, which contains the maximum packet size that can be transmitted without fragmentation, to reduce its packet size so that unfragmented end-end communications take place. In the case of traffic sent across an Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN), an additional overhead of 8 bytes (2 labels) is imposed by the provider edge (PE) router. Hence for traffic generated from Ethernet (or default on T1 link) that is normally a maximum MTU of 1500 bytes, this is reduced to a maximum of 1492 bytes without fragmentation. So the ICMP message generated by the PE router should show 1492 bytes as the largest supportable frame size within the ICMP message. This issue was found in Cisco IOS Release 12.1(3a)T3. There is no workaround.
•
Configuring output access control lists (ACLs) on any interface on Cisco 12000 series Internet routers that are running Cisco IOS Release 12.0(14)ST may cause Engine 2 line cards to fail.
Workaround: Do not configure output ACLs.
•
A Label Switch Router that pushes or pops label entries onto or off of the label stack of a received Multiprotocol Label Switching (MPLS) packet that is the size of the label stack in the transmitted MPLS packet is different than the size of the label stack in the received MPLS packet. Therefore, the size of the label stack in the received MPLS packet will not perform output features based on the top-most label entry of the transmitted MPLS packet as it should. There is no workaround.
•
Multicast traffic may be dropped on Cisco IOS Release 12.0(15.6)ST1. There is no workaround.
•
If a rate-limit {input} command is configured on a Gigabit Ethernet Interface, it may not take effect unless it is written to show startup-config command, and the router is rebooted. There is no workaround.
•
Internet access by the use of a "global" keyword does not work. Cisco Express Forwarding (CEF) does not impose any labels to packets going to a destination on the Internet. CEF may pass them as pure IP packets. There is no workaround.
•
A Cisco Gigabit Switch Router (GSR) may experience a memory leak in buffer memory, which can be characterized by the display of Interprocess Communication (IPC) error messages from failed communication between the Route Processor (RP) and any line card. A buffer leak may be recognized by comparing the amount of total buffers and the number of buffers in the free list for each buffer pool in the output of the show buffers command that shows the delta between these two numbers continues to increase and never returns to a reasonable difference.
The problem may be observed by entering the show controller csar queue command on the RP. If there is a constant number higher than one in the length column, the condition may be present. See the following example:
Router # show controller csar queue 1118 Free Q
Slot Length Max Length 0 2 2 1 70 70 <=== ** RP is in this condition 2 0 0 3 0 1 4 0 0 5 0 0 6 0 0 7 0 1 Multicast 0 0
This particular buffer leak is also characterized by a log message similar to the following on the POS OC48 linecard:
SLOT 1:014776: Apr 23 21:53:29: %IPCLC-3-EVENTSYS: Event (13) system call ipc_send_message_blocked error (cause: timeout) -Traceback= 400EA148 4013B8BC 4013BCB0 4013CFB8 401139D8 400B5FFC 4007F118 4009DB74 4009DB60 035279: Apr 23 21:54:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to down 035280: Apr 23 21:54:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface POS1/0, changed state to up
Workaround: Enter the microcode reload slot global configuration command of the line card displaying the message.
•
Open Shortest Path First (OSPF) neighbors may not come up over 802.1q subinterfaces when using 3-port Gigabit Ethernet line cards on Cisco 12000 series Internet routers. There is no workaround.
•
Configuring turbo standard access control lists (without applying the access list to any interfaces) at the command line may cause all line cards in a Cisco router to reload. This condition occurs on Cisco IOS Release 12.0(16.3)ST and 12.0(16.5)ST. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(15)ST
There was no Cisco IOS Release 12.0(15)ST. See the "Resolved Caveats—Cisco IOS Release 12.0(16)ST" section.
Resolved Caveats—Cisco IOS Release 12.0(14)ST3
Cisco IOS Release 12.0(14)ST3 is a rebuild of Cisco IOS Release 12.0(14)ST. All the caveats listed in this section are resolved in Cisco IOS Release 12.0(14)ST3. This section describes only severity 1 and 2 caveats.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(14)ST1
All caveats listed in this section are resolved in Cisco IOS Release 12.0(14)ST1. This section describes only severity 1 and 2 caveats.
IP Routing Protocols
•
MPLS-TE Tunnels may not come up on slow interfaces (less than 2 megabits per second). This is because fair queueing is automatically enabled on such interfaces, which can artificially reduce the bandwidth reservable by TE tunnels.
Workaround: Disable fair-queueing on the interface using the no fair-queue command.
•
A Cisco router may reload while trying to change an interface IP address or during startup when overlapping network statements exist in an Open Shortest Path First (OSPF) configuration.
Workaround: Remove the extra network statement
Miscellaneous
•
When Routing Information Protocol (RIP) is running on an interface and the IP address is deconfigured, RIP stops running on the correct interface. After this situation occurs, if a new IP address is configured that falls under the RIP network statements, RIP will not start running on the interface again.
Workaround: Deconfigure RIP, and reconfigure it again.
•
This occurs in any MPLS VPN PE router running Cisco IOS Release 12.1(5)T image that contains the MPLS InterProvider feature. The MPLS forwarding table displays entries for all the VRF prefixes that are learned from remote PE routers, even if the user is not running Interprovider. This does not break any forwarding path, it just increases the MPLS forwarding table display output.
Workaround: There is no workaround.
•
Symptoms: MPLS packets received on the VRF interface can be forwarded even though MPLS is not enabled on that interface.
Conditions: This happens only on the PE routers that have VRFs configured.
Workaround: There is no workaround.
•
Reloading a router with CEF disabled (no ip cef) may cause a "SYS-3-MGDTIMER: Uninitialized timer" error. There is no impact to packet forwarding.
•
An MPLS router might reload if it is sending traffic out an interface configured with Inter Switch Link (ISL) encapsulation and the ISL is deconfigured on that interface.
Workaround: Do not deconfigure ISL. Or, to avoid the crash while changing the encapsulation, first: should shut down the main interface, second: change the encapsulation, and third: bring up the interface.
•
In n MPLS/VPN environment, BGP aggregate route on PE routers appears in a VRF/CEF table, but do not appear in the tag forwarding table. It prevents access to all networks covered by this aggregate address from other PE/CE routers in the same VPN.
Workaround: There is no workaround. It is possible to get around this problem by defining a VRF Loopback interface with an IP address that aggregates all the IP addresses that were intended to be aggregates using the aggregate address command.
•
Distributed CEF can be disabled on Cisco 12000 routers due to the low memory condition during massive routing updates (for example during booting up).
Workaround: Reduce maximum-path in BGP to reduce amount of information that CEF has to propagate to line cards. Or reduce tcp window size to reduce speed of incoming BGP updates.
•
This is a forwarding problem that occurs occasionally when the no mpls ip command is issued in the router level. This reload happens on a PE router that has load-sharing in the core with other PE router. The PE router reloads during MPLS forwarding table clean-up.
This problem is observed only with Carrier's Carrier MPLS VPN configuration.
Workaround: There is no workaround.
•
During a large routing table update (for example, clear ip bgp *), the CPU utilization can increase dramatically. This is caused by a Cisco Express Forwarding (CEF) event logger feature.
Workaround: Turn off part of the feature using the configuration command, ip cef table event-log traceback depth 0.
•
When a large number of VBR-nrt VCs are configured (200 and above), and the link transitions is DOWN, the host software running on the OC12 ATM line card may take a SW Watchdog timeout forcing the line card firmware to reload. This is caused by excessive flowbit allocation processing.
Workaround: There is no workaround
•
A Cisco 12000 series router line card may reload if Policy Based Routing is configured on an interface, and a specific type of packet is sent through the interface.
Workaround: There is no known workaround.
•
To enable BGP Policy Accounting, the set traffic-index <bucket_number> command needs to be enabled on route-maps. However, this command is not supported. Therefore, BGP Policy Accounting is not supported on the Cisco IOS ST releases.
Workaround: There is no workaround.
•
Reloading a router with CEF disabled (no ip cef) may cause a "SYS-3-MGDTIMER: Uninitialized timer" error. There's no impact to packet forwarding.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(14)ST
All caveats listed in this section are resolved in Cisco IOS Release 12.0(14)ST. This section describes only severity 1 and 2 caveats.
IP Routing Protocols
•
A Cisco 2500 or 4000 series router might reload when you unconfigure virtual subinterfaces on X.25 or Frame Relay networks from a partial mesh topology for Enhanced Interior Gateway Routing Protocol (EIGRP) after you use the no ip routing global configuration command for some images such as the js image.
Workaround: Remove the subinterfaces before you use the no ip routing global configuration command.
Alternate workaround: Remove the EIGRP process with the no router eigrp global configuration command before using the no ip routing global configuration command.
•
The topology looks as the following:
/-- RR1 --\
net_A -- CE1 -- PE1 PE2--CE2
\-- RR2 --/
CE1 is connected to PE1 via interface in VRF1, RD-1, exports RT-1. CE2 is connected to PE2 via interface in VRF2, RD-2, imports RT-1
Net_A is exported from PE1 and imported from PE2. PE2 receives the updates from PE1 via RR1. Then the following events happen:
–
–
•
The provider edge (PE) router does not put a network prefix in its VPN routing/forwarding instance (VRF) routing table when this prefix is received from a Route Reflector (RR) client.
Workaround: There are no known workarounds.
•
Excessive BGP flapping in Catalyst 6000 running IOS 12.1(4)E causes network instability.
ISO Connectionless Network Service
•
When an IP router is configured with IS-IS on an interface, an uninitialized timer might cause the router to crash with the following:
0x6018D644:mgd_timer_set_exptime_internal(0x6018d390)+0x2b4
0x6018D968:mgd_timer_set_exptime(0x6018d930)+0x38
0x6018DA5C:mgd_timer_start(0x6018da38)+0x24
0x605DC3E0:isis_trigger_throttled_event(0x605dc20c)+0x1d4
0x605DC8E8:isis_mark_L1_dr_changed(0x605dc884)+0x64
0x605C4E6C:isis_track_interface_state(0x605c4df0)+0x7c
0x605C4F48:isis_update_interface_state(0x605c4f24)+0x24
0x605CDD50:isis_start_interface(0x605cdb10)+0x240
0x605B1448:clns_add_intfc_router(0x605b1224)+0x224
0x605C1E60:ip_router_command(0x605c1cdc)+0x184
0x6012F6D4:parse_cmd(0x6012ec74)+0xa60
Workaround: There is no workaround.
•
IS-IS does not inject Loopback 0 into the IGP with 12.0(14.3)S using passive loopback 0 under router isis. Same commands work fine in 12.1 M.
Workaround: Do a redist connected under router isis instead.
Miscellaneous
•
In a hub and spoke model, where customer edge routers (CEs) of different Virtual Private Networks (VPNs) are connected to the same provider edge router (PE), an import route that is not connected might be installed as connected. This situation results in a loss of connectivity from the other connected VPN routing/forwarding instances (VRFs) if proxy ARP is disabled on the CE.
Workaround: There is no workaround.
•
IPC blocking error messages may appear under heavy traffic conditions or physical interfaces flapping.
•
MPLS-TE does not work on the Gigabit Ethernet single port cards. When a single MPLS-TE Tunnel is set up, Traffic is dropped at the Tunnel midpoint or the Tunnel tail.
Workaround: There is no workaround.
•
Symptom: When recreating a previously deleted MPLS TE tunnel interface, traffic flow through the tunnel is disrupted.
Conditions: This behavior is seen with Gigabit Ethernet cards on the Cisco 12000 series Internet routers platform. It is triggered by reconfiguring a previously deleted interface with the "no interface tunnel NNN" where NNN is the tunnel interface number.
Workaround: If all that is wanted is to disable the tunnel interface, shutdown the interface instead of deleting it. If it is already deleted, then recreate it, wait until the tunnel comes up and reissue the path-option description for the tunnel. For example, for dynamic TE tunnels, issue the command tunnel mpls traffic path-option <N> dynamic again. Another alternative is to create the tunnel under a different name (like Tunnel2 instead of Tunnel1).
•
When a Cisco router is configured as an ASBR router in an Interprovider VPN configuration, it does not reinstall EBGP vpnv4 neighbor routes after the routes are cleaned using a clear ip route command.
Workaround: Restart the session to the affected neighbor with a clear ip bgp command.
•
A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router may have problems forwarding VPN traffic because of missing or incorrect entries in the Tag Forwarding Information Base (TFIB) table for the peer PE Border Gateway Protocol (BGP) router ID. The output of the show tag bgp router id command does not show an entry. This situation occurs only if all of the following conditions are met:
–
–
Workaround: Clear the IP routing table entry for the peer PE BGP router ID prefix.
Alternate workaround: Avoid having the same IP address both be the BGP router ID and be advertised by that same router as part of a VRF.
•
A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router that is running Cisco IOS Release 12.0(10.6)ST, 12.1(2.6), 12.1(3.1), 12.1(3.3)T, 12.1(2.3)T1, or later releases exhibits faulty behavior when forwarding customer traffic. When there are multiple paths to get to the remote PE and one of the paths to the PE goes down or comes up, traffic to all customer prefixes going over any of those multiple paths is dropped until the Cisco Express Forwarding (CEF) entries for those prefixes is reresolved (about 15 seconds).
Workaround: There is no workaround.
•
When packets are received as IP packets and should be transmitted as MPLS packets and input rate-limit is configured to match on MPLS packets, then no packets are forwarded by the router. The router freezes upon receiving an IP packet that is to be transmitted as an MPLS packet.
Workaround: Reload the router manually either by cycling the power or by sending a "break" to the router console port, if the router is configured to respond to "break".
•
A Cisco router that is acting as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) may show an incorrect tag value for some VPN routing/forwarding instance (VRF) routes. This situation breaks connectivity between the local and remote VPN networks. The problem may occasionally appear under specific timing conditions in networks with unstable (flapping) VRF links and redundant Route Reflectors (RR) that are at
different geographical locations (different network connection speed). The recovery method is to use the clear ip route vrf vrf-name {ip-address} EXEC command, where vrf-name is the VRF that includes the route and the corresponding IP address.
Workaround: Use a single RR.
•
Symptoms: The output of show tag-switching forwarding on the P router shows incorrect outgoing labels for some prefixes.Specifically, for prefixes whose next hop address is A, the output shows the label advertised by PE for the outgoing label instead of the label advertised by the next hop router.
Conditions: This problem can occur:
–
–
Workaround: Configure provider core routers so that none have addresses that are used as addresses for interfaces bound to customer VRFs on PE routers.
•
When running MPLS/tag-switching on ATM interfaces it is possible that a bind request may be received from an upstream neighbor for a prefix that is not found in the forwarding table. Under this condition TDP/LDP would send a `downstream no route' notification to the requesting upstream neighbor.
Until the introduction of LDP, TDP did not used to respond with this notification. Other versions of code may not be able to handle this notification properly when using TDP and bindings on the upstream neighbor may transition into the RetryWait state where they will remain indefinitely.
Workaround: Upgrade to Cisco IOS Releases 2.0(11)ST, 12.0(14)S, or 12.2T or later. Then, devices can correctly handle receiving the `no route' notification.
•
BGP neighbor flaps when more than 1 vrf per port on Inuit configured.
•
Conditions: This problem may occur when running TDP on an ATM point to point sub-interface between two routers. It has been observed only with OS version 12.1(5a).
Symptoms: The TDP session for the sub-interface disappears for no apparent reason and cannot be re-established. This behavior has been seen twice on the same two routers and cannot be reproduced despite repeated attempts to do so.
Workaround: No workaround has been tested and verified since the behavior has to been reproduced. However, the following sequence of commands executed on both routers may correct the situation.
configure terminal interface interface-name shutdown
Wait 10-15 seconds...
no shutdown
•
The output of the show ip bgp vpnv4 vrf <name> summary EXEC command shows all Border Gateway Protocol (BGP) peer routers including those that are not related to a specific Virtual Private Network (VPN) routing/forwarding instance (VRF).
•
With Image gsr-p-mz.12.0(14)ST, when MPLS VPN is configured, PE router at the imposition side cannot map the VPN label properly for each VRF that is configured on this PE Router. The basic VPN end-to-end connectivity does not work.
•
When the Cisco 12000 series Internet router is used with both MPLS VPN & Tag switching functionality, Engine 0 cards did not properly forward some MPLS packets.
Workaround: There is no workaround.
•
Symptoms: The output of show tag-switching tdp neighbor on neighbor routers shows that the IP address(es) of down sub-interfaces are bound to router R
In addition, the output of show tag-switching forwarding on neighbor routers may show the incorrect outgoing labels for prefixes whose next hops are one of these incorrectly bound IP addresses.
Conditions: This condition may occur on a router (R) that has IP addresses configured for sub-interfaces when running LDP (or TDP). The condition may occur when the configuration of the physical interface is changed from shutdown to no shutdown if any of the sub-interfaces themselves are administratively down or if any of the sub-interface line protocols remain down after the physical interface comes up.
Workaround: The following sequence of configuration commands executed on router R for each sub-interface may correct the problem:
If the sub-interface is administratively down:
interface sub-interface no shutdown shutdown
If sub-interface is administratively up, but it's line protocol is down:
interface sub-interface shutdown no shutdown
•
Symptom: With two copper Fast Ethernet cards connected back to back, IP connectivity cannot be achieved. The cards do boot up and get to the up state, but pings or traffic do not pass.
Conditions: This occurs on Cisco 12000 running the Cisco IOS ST release and equipped with two copper Fast Ethernet cards.
Workaround: There is no workaround
•
When DWFQ is enabled on channelized interfaces on a VIP, many interfaces do not come up after reboot.
Workaround: There is no workaround.
•
Double-counting occurs on CAR input rate limiting for both tagged and IP packets. For example example config:
int h0/1/0 rate-limit input
50000 20000 100000 conform transmit exceed transmit
In this case the command which shows the double-counting is:
show int h0/1/0 rate
•
Symptoms: After a reload, a Cisco router does not forward packets to an interface that is not running IP tag switching. Pinging from the router works, but a ping that needs to cross the router fails.
Conditions: The problem is present in topologies which involve:
–
–
Workaround: Ensure that the route flaps. If the route flaps, the Multiprotocol Label Switching (MPLS)/Cisco Express Forwarding (CEF) is installed correctly.
•
Cisco 7500 router output service-policies does not match for DCEF IP to IP switching.
•
Symptom: Executing the show mpls forwarding-table command can cause the device's CPU utilization to approach 100%, which may lead to various performance-related problems.
Conditions: The symptom only occurs if the Multiprotocol Label Switching (MPLS) forwarding table contains several thousand forwarding entries for traffic engineering (TE) tunnels. When the CPU load gets that high, some of TE tunnels may flap.
Workaround: The problem can be greatly alleviated by running the command with automore enabled.
•
The MPLS VPN feature does not work on Blizzard in Cisco IOS Release 14 ST.
•
This applies only to Cisco 12000 series Internet routers running Engine 2 line cards. This fix lifts the restriction regarding CE and P connections, within the same VPN, connected to the same linecard. It is now possible to have multiple CEs and the P connection, all within the same VPN, connected to the same linecard in the PE router.
•
For Cisco 12000 series Internet routers engine 0 line cards running 12.0(14)ST, transmit WRED queues are selected incorrectly when popping to IP.
Workaround: There is no workaround.
•
Conditions: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS) traffic engineering (TE) using software that is not based on Cisco IOS Release 12.0 S, a system reload may result if you attempt to de-configure TE tunnels while simultaneously displaying TE tunnels using the show mpls traffic-eng tunnels command.
Symptoms: If you remove TE-related configuration state for one or more TE tunnels while displaying the TE tunnels, an error message may be generated reporting a spurious memory access, or in very rare circumstances a system reload may occur.
Workaround: There is no workaround for this problem.
•
In the QOS CLI, the set mpls experimental command fails to mark and count packets. Additionally, the show policy interface command shows the MPLS experimental value multiplied by 32 instead of the configured value.
•
The service-policy cannot be configured on ATM PVCs.
•
For Cisco IOS versions 12.0(14)ST, 12.0(14)S3 and earlier, and 12.0(15)S, changes in COS configuration are not applied to a Cisco 12000 series Internet router 6 port CT3 card after any CT3 channel group on the card is deleted.
Workaround: Reload the CT3 card.
•
An MPLS VPN provider edge router running 12.0(9.6)ST6 or later might crash while performing label imposition on the vpn traffic, if its TDP/LDP session with the downstream router ever flaps.
Workaround: There is no known workaround.
•
A Cisco 12000 series Internet router configured for IP multicast switching may crash with a bus error (sig=10) under specific conditions.
Workaround: There is no known workaround other than to disable multicast.
•
RP-switched IP->MPLS packets are dropped if there is an MQC output service policy on the egress interface.
•
Cisco 12000 series Internet routers running one of 12.0(14)S1, 12.0(14)S2, 12.0(13.6)ST1, 12.0(14.3)S might reload with various error messages.
The following error messages have been associated with this fault:
(1) Error: primary data cache, fields: data, SysAD
virtual addr 0x2809100E, physical addr(21:3) 0x091008, vAddr(14:12) 0x1000
virtual address corresponds to unknown, cache word 1
Address: 0x28091000 not in L1 Cache
Address: 0x2809100E Can not be loaded into L1 Cache
(2) Bus errors at various addresses
(3) Signal = 10, Code = 0x10
(4) %GRP-3-ADDRERROR: Bad access to fabric-buffers: invalid address
(5) %SYS-2-BADSHARE: Bad refcount in pool_getbuffer, ptr=A49E78F8, count=FFFFA51C
(6) %IPC-5-NULL: Recd. msg Dest Port=0x8
(7) %ALIGN-1-FATAL: Illegal access to a low address
Routers are more likely to encounter this problem in one or more of the following scenarios:
–
–
–
–
Workaround: Upgrade to 12.0(15)S, 12.0(14)S3, or 12.0(14)ST.
•
The HDLC header is corrupted after microcode reload with traffic engineering on the Cisco 12000 series Internet router.
•
Basic IP connectivity is lost when MPLS is enabled on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
An MPLS router having a lot of BGP routes (VPNv4 or ipv4) could experience a memory leak if the route to the BGP neighbor flaps. The memory leak is about 100 bytes per BGP route for each route flap. The leak can be detected by an unusually large consumption of memory by TFIB tag rewrites (as seen in the output of show mem sum | i TFIB).
Workaround: There is no workaround.
•
A Cisco 12000 series Internet router can, when under heavy load conditions, with several thousands of BGP routes and line rate traffic, suffer from extended traffic disruption. This seems more likely to happen when the router contains hundreds of MPLS traffic engineering tunnel heads.
Workaround: If this condition surfaces, ease up incoming traffic into the router significantly. When traffic flow is reestablished, restart full traffic flow. It might be necessary in extreme cases, to reload a linecard with the microcode reload <slot> command.
•
MPLS->IP Packets are corrupted if they match an input or output CAR rule for which the action is to set the IP precedence field or the IP DSCP field.
•
When a CE router sends a packet which requires fragmentation, the PE router sends an ICMP frag. required but DF set message. When there are multiple CE routers, the PE router drops the ICMP message as unroutable to some CE routers, even though the CE routers are directly connected and a route appears in the routing table.
Workaround: There is no workaround.
•
The Scepter card may crash when doing negative testing under traffic. The negative testing commands include: (1)no tag-switching ip (globally) and turn it on, (2)test mbus power slot 5 off /on, etc.
•
In a configuration with an input CAR rule placed on a Cisco 12000 series Internet router interface with the conform-action set-mpls-exp-transmit 5, if the traffic is routed over an MPLS tunnel interface the MPLS experimental bits do not set on transmit as specified.
Workaround: There is no workaround.
•
Forwarding MPLS traffic over a GRE tunnel does not work. Traffic is dropped at the imposition router.
Workaround: There is no workaround.
•
A router running BGP may crash, if 'aggregate-address' is configured with as-set.
Workaround: There is no workaround.
•
Condition: A Cisco router configured for TDP (tag distribution protocol) and operating with very little free memory.
Symptom: The router crashes.
Workaround: There is no workaround.
•
With Cisco 7500 router distributed switching, the set mpls experimental command does not result in the MPLS experimental bit actually being set.
Workaround: There is no workaround, except to disable DCEF for the line cards of interest (no ip route-cache distributed), or to disable DCEF globally by using the ip cef configuration command.
Resolved Caveats—Cisco IOS Release 12.0(11)ST4
Cisco IOS Release 12.0(11)ST4 is a rebuild of Cisco IOS Release 12.0(11)ST. All the caveats listed in this section are resolved in Cisco IOS Release 12.0(11)ST4. This section describes only severity 1 and 2 caveats.
•
An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Related Documentation
The following sections describe the documentation available for the Cisco 7000 family, Cisco 10000 series edge services routers, and Cisco 12000 series Internet routers. These documents consist of hardware and software installation guides, Cisco IOS configuration and command reference publications, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents except for feature modules, which are available online on Cisco.com and the Documentation CD-ROM.
Use these release notes with the following documents:
•
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.0 and are located on Cisco.com and the Documentation CD-ROM:
•
On Cisco.com at
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
On the Documentation CD-ROM at
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Release Notes: Cross-Platform Release Notes
•
Technical Documents
•
As a supplement to the caveats listed in the "Caveats" section in these release notes, refer to Caveats for Cisco IOS Release 12.0, which contains caveats applicable to all platforms for all maintenance releases of Cisco IOS Release 12.0.
On Cisco.com at
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.0: Caveats
On the Documentation CD-ROM at
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Caveats
Note
Platform-Specific Documents
These documents are available for the Cisco 7000 family, Cisco 10000 series edge services routers, Cisco 10720 Internet router, and Cisco 12000 series Internet routers on Cisco.com and the Documentation CD-ROM:
•
•
•
•
•
On Cisco.com at:
Technical Documents: Product Documentation: All Core Routers
On the Documentation CD-ROM at:
Cisco Product Documentation: Core/High-End Routers
Feature Modules
Feature modules describe new features supported by Cisco IOS Release 12.0 S and Release 12.0 ST; they are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only. Feature module information is incorporated in the next printing of the Cisco IOS documentation set.
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.0: New Feature Documentation: New Features in 12.0-Based Limited Lifetime Releases: New Features in Cisco IOS Release 12.0 ST
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: New Feature Documentation: New Features in 12.0-Based Limited Lifetime Releases: New Features in Cisco IOS Release 12.0 ST
Cisco Feature Navigator
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
Cisco Feature Navigator is available 24 hours a day, 7 days a week. To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Table 15 describes the contents of the feature modules for Cisco IOS Release 12.0 S.
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command reference publications, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and they contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On Cisco.com and the Documentation CD-ROM, two master hot-linked documents provide information for the Cisco IOS software documentation set.
You can access these documents on Cisco.com at:
Technical Documents: Documentation Home Page: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
You can access these documents on the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0: Configuration Guides and Command References
Cisco IOS Release 12.0 Documentation Set
Table 16 describes the contents of the software documentation fset for Cisco IOS Release 12.0, which is available in electronic form and in printed form upon request.
Note
On Cisco.com at:
Technical Documents: Cisco IOS Software: Cisco IOS Release 12.0
On the Documentation CD-ROM at:
Cisco Product Documentation: Cisco IOS Software Configuration: Cisco IOS Release 12.0
Note
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at this URL:
Translated documentation is available at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Ordering Documentation
You can order Cisco documentation in these ways:
•
http://www.cisco.com/cgi-bin/order/order_root.pl
•
http://www.cisco.com/go/subscription
•
Documentation Feedback
You can submit comments electronically on Cisco.com. In the Cisco Documentation home page, click the Fax or Email option in the "Leave Feedback" section at the bottom of the page.
You can e-mail your comments to bug-doc@cisco.com.
You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you with these tasks:
•
•
•
•
•
If you want to obtain customized information and service, you can self-register on Cisco.com. To access Cisco.com, go to this URL:
Technical Assistance Center
The Cisco Technical Assistance Center (TAC) is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Cisco TAC inquiries are categorized according to the urgency of the issue:
•
•
•
•
The Cisco TAC resource that you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
You can use the Cisco TAC Web Site to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to this URL:
All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:
http://www.cisco.com/register/
If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC Web Site, you can open a case online by using the TAC Case Open tool at this URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.
