Contents
- About Cisco ASR 1000 Series Aggregation Services Routers
- New Features and Important Notes
- New and Changed Information
- New Hardware Features in Cisco IOS XE Everest 16.4.1
- New Software Features in Cisco IOS XE Everest 16.4.1
- New Hardware Features in Cisco IOS XE Everest 16.4.2
- New Software Features in Cisco IOS XE Everest 16.4.2
- Important Notes
- Deferrals
- Field Notices and Bulletins
- Caveats
- Open and Resolved Bugs
- Using the Cisco Bug Search Tool
- Caveats in Cisco IOS XE Everest 16.4.1
- Open Caveats—Cisco IOS XE Everest 16.4.1
- Resolved Caveats—Cisco IOS XE Everest 16.4.1
- Caveats in Cisco IOS XE Everest 16.4.2
- Open Caveats—Cisco IOS XE Everest 16.4.2
- Resolved Caveats—Cisco IOS XE Everest 16.4.2
- Related Documentation
- Platform-Specific Documentation
- Obtaining Documentation and Submitting a Service Request
First Published:
Last Updated:
Text Part Number:
About Cisco ASR 1000 Series Aggregation Services Routers
 Note | Come to the Content Hub at content.cisco.com, where, using the Faceted Search feature, you can accurately zoom in on the content you want; create customized PDF books on the fly for ready reference; and can do so much more... So, what are you waiting for? Click content.cisco.com now! And, if you are already experiencing the Content Hub, we'd like to hear from you! Click the Feedback icon on the page and let your thoughts flow! |
Cisco ASR 1000 Series Aggregation Services Routers are Cisco routers deployed as managed service provide routers, enterprise edge routers, and service provider edge routers. These routers use an innovative and powerful hardware processor technology known as the Cisco QuantumFlow Processor.
Cisco ASR 1000 Series Aggregation Services Routers run the Cisco IOS XE software and introduce a distributed software architecture that moves many operating system responsibilities out of the IOS process. In this architecture, Cisco IOS, which was previously responsible for almost all of the internal software processes, now runs as one of many Cisco IOS XE processes while allowing other Cisco IOS XE processes to share responsibility for running the router.
New Features and Important Notes
New and Changed Information
Note | Before you dive into this release's features, we invite you to content.cisco.com to experience the features of the Cisco Content Hub. Here, you can, among other things:
And, if you are already experiencing the Content Hub, we'd like to hear from you! Click the Feedback icon on the page and let your thoughts flow! |
The following sections list the new hardware and software features that are supported on the Cisco ASR 1000 Series Aggregation Services Routers.
New Hardware Features in Cisco IOS XE Everest 16.4.1
No new hardware features were introduced for Cisco ASR 1000 Series in Cisco IOS XE Everest 16.4.1.
New Software Features in Cisco IOS XE Everest 16.4.1
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Everset Release 16.4.1.
5 Tuple Hash Support for GEC Flow-based Load Balancing
For detailed information, see the following Cisco document:
802.1X support on ISR 4K and Switch Modules
For detailed information, see the following Cisco document:
Asymmetric Routing Serviceability
This feature provides support for displaying asymmetric flows on unknown, HTTP, and SSL traffic. It introduces the show ip nbar classification auto-learn top-asymmetric-sockets command. More information about this command is available at this link: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/command/qos-cr-book/qos-s2.html.
Cisco SSL 6.0 FOM
Cisco SSL 6.0 is used to upgrade openssl to 1.0.2 g. The security updates will be available for the next three years. From Cisco IOS XE Everest 16.4.1, RC4 and DES ciphers have been blocked and will no longer be supported as they are considered vulnerable.
CLI for showing applications assigned to a specific traffic-class and business-relevancy
This feature provides support for matching two attribute/attribute-value combinations using the show ip nbar attribute command. More information about this command is available at this link: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/command/qos-cr-book/qos-s2.html.
LAN and WAN MACSec Interop
The LAN-WAN MACsec interoperability feature is supported on the following Cisco devices:
-
Cisco ASR1001-X Router
-
Cisco 4400 Intergrated Services Routers (With 2-port Wallander NIM)
-
Cisco 4300 Intergrated Services Routers (With 2-port Wallander NIM)
-
Cisco Catalyst 3850 Series Switches
-
Cisco Catalyst 4500-X Series Switch
The topology could be any two devices from the above list that are connected back-to-back (without any intermediate device). The working scenarios for this feature are as follows:
-
MKA-MACsec with pre-shared key only for the P2P-port-based deployment model.
-
MACsec Cipher Suites supported between ASR/ISR routers and C4500-X is GCM-AES-128 only.
-
MACsec cipher suites supported between Cisco ASR 1000 Series Aggregation Services Routers or Cisco 4000 Series Integrated Services Routers and Cisco Catalyst 3850 Series Switches is GCM-AES-128 only. However, Cipher Suite GCM-AES-256 can also be used on some of the Cisco Catalyst 3850 Series Switches (depending on the ASIC used in the device), which do support this interoperability.
MACSec ASR1001-HX Platform Enablement
Cisco ASR 1001-HX Router is a part of the Cisco ASR 1000 Series and offers a compact form factor that consumes less rack space and power while offering 60 Gbps forwarding throughput. Cisco ASR 1001-HX Router supports all general purpose routing and security features of Cisco ASR 1000 Series Aggregation Services Routers.
Effective with Cisco IOS XE Everest 16.4.1, MACsec is supported on Cisco ASR 1001-HX Router.
MACSec Support 10X10GE EPA For Kahuna
Cisco ASR 1002-HX Router is a part of the Cisco ASR 1000 Series and offers a compact form factor that consumes less rack space and power while offering 100 Gbps forwarding throughput. Cisco ASR 1002-HX Router supports all general purpose routing and security features of Cisco ASR 1000 Series Aggregation Services Routers.
Effective Cisco IOS XE Everest 16.4.1, MACsec is supported on Cisco ASR 1002-HX Router in the 10-Port 10 Gigabit Ethernet Port Adapter (EPA-10X10GE).
Nginx/HTTP - Web Security Features for 16.4
For detailed information, see the following Cisco document:
QoS: DMVPN per-tunnel QoS over aggregate GEC
For detailed information, see the following Cisco document:
QoS: Tunnel pre-classify uses internal address for fair-queue distribution
For detailed information, see the following Cisco document:
Security (ARP/NDP cache entries) enhancements
For detailed information, see the following Cisco document:
Site to Site IPSEC VPN for WEBUI
-
Site-to-Site VPN—A Virtual Private Network (VPN) allows you to protect traffic that travels over lines that your organization may not own or control.VPNs can encrypt traffic sent over these lines and authenticate peers before any traffic is sent. Site-to-Site VPN feature allows you to create a VPN network connecting two routers.
-
Cellular Interface—The Cellular Interface feature supports the Fourth Generation (4G) Long-Term Evolution (LTE) and its primary application is Cellular WAN connectivity, which functions as a primary or backup data link for critical data applications.
-
Configuring Application Visibility—Enhanced to include Application Signatures identifier based on NBAR engine version 28. NBAR engine version changes if you update the protocol package.
TrustSec SGACL monitor mode on routers (ASr1K, ISR4K, CSR)
For detailed information, see the following Cisco document:
Important Notes
The following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
Field Notices and Bulletins
-
Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html
-
Bulletins—You can find bulletins at the following location:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod_literature.html
Caveats
Open and Resolved Bugs
The open and resolved bugs for a release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
-
Last modified date
-
Status, such as fixed (resolved) or open
-
Severity
-
Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
Using the Cisco Bug Search Tool
For more information about how to use the Cisco Bug Search Tool, including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ.
Before You Begin
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
| Step 1 | In your browser, navigate to the Cisco Bug Search Tool. | ||||||||||||
| Step 2 | If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In. | ||||||||||||
| Step 3 | To search for a specific bug, enter the bug ID in the Search For field and press Enter. | ||||||||||||
| Step 4 | To search for bugs related to a specific software release, do the following: | ||||||||||||
| Step 5 | To see more content about a specific bug, you can do the following:
| ||||||||||||
| Step 6 | To restrict the results of a search, choose from one or more of the following filters:
Your search results update when you choose a filter. |
Caveats in Cisco IOS XE Everest 16.4.1
Open Caveats—Cisco IOS XE Everest 16.4.1
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Caveat ID Number |
Description |
|---|---|
AVC/ezPM Incorrectly Reports PfRv3 Smart-Probe Statistics |
|
CSR crashes cpp_mma_policy_isd_free_exmem_entry |
|
AWS : CSR crashes with t2 instances running for long |
|
multicast crashed with invalid leaf pointer |
|
TC is being tried to be deleted unsucessfully from a PFR/VRF routine in a 3925 router |
|
PFR Sync Issues between MC and Border router ,active probes are missing on border router randomly |
|
Ping to ASR1k with a MTU of 10000 Bytes and record option set fails |
|
ISR 4331 + NIM-1MFT-T1/E1 + Frame-relay circuit does not come up |
|
|
cman_fp CPUHOG Traceback during FP Switchover |
|
|
add ipsla timstamping support to asr1001hx |
|
|
NBAR performance drop on Kahuna platform |
|
|
PFR continuously Path Changed due to UNREACHABLE Received |
|
|
memory leak in MPE when signature amount reaches amount using the Dynamic DB |
|
|
RP3/ESP100 and ISRs not scaling to known targets for NAT44 PAT |
|
|
ASR1001-X Polaris image PfR provisioning failed with channel-unreachable-timer for PfR MC |
|
|
PFRV3: Crashed at Segmentation fault(11), Process = CENT-MC-vrf106 |
|
|
Local Unreachable TCA not processed by master causing traffic switch on routing converge |
|
|
PFRV3: Transit MC crashed @be_cent_ipc_site_pfx_origin_delete |
|
|
Intermittent EPA-18X1GE and EPA-10x10GE repeated crash on stop/start with traffic |
|
|
rp2/rp3: fsck and format harddisk fails when rtr booted from harddisk |
|
|
ASR 1013: Imagefamily mismatching |
|
|
XE313: Incorrect Active flows showing up in flow monitor |
|
|
Polaris : ASR1k EPC PPS limit functionality not working as required. |
|
|
Reload boot time is longer than expected on GoldBeach P2 and Juno |
|
|
clear ipv6 neighbor makes stby out of sync for the ND cache entries |
|
|
Per interface ND limit stops working post RP switchover |
|
|
Getting of_irq_parse_pci() failed with rc=-22 on reloading of Argus EPA |
|
|
ASR1k: serdes bad packet count increases in "sh plat hard slot F< 0|1 > serdes stat" |
|
|
serdes bad byte counter increase in "sh plat hard slot 0|1 serdes stat" |
|
|
Traceback outputs in Standby-RP. cause:show license standby |
|
|
Core file and ping fails while configuring sonet interface |
Resolved Caveats—Cisco IOS XE Everest 16.4.1
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Caveat ID Number |
Description |
|---|---|
FTP Passive mode: NAT door limit being exceeded |
|
NATed packets are dropped by ALG_PROCESS_TOKEN_FAIL due to NAT door limit being exceeded |
|
NIM-2GE-CU-SFP : Cannot ping GLBP Gateway IP |
|
CPP crash with enchenced+None SF combination |
|
PfRv3 Channels Not Deleted Once TC is Removed |
|
PFRv3 border will learn master prefix When the package is fragments. |
|
Dual QFP Crash triggered by removing service policy from interface with mixed shaper feature enabled |
|
|
PfR channels Unreachable with quick monitor and quick monitor probes to 1 in 10 secs |
|
|
SFF crashes when redirect interface on the same subnet as SF |
|
|
PfRv3: BR May Crash due to Channel Creation/Modification and Next-Hop State |
Open Caveats—Cisco IOS XE Everest 16.4.2
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Caveat ID Number |
Description |
|---|---|
kernel: fsid server error fileid changed |
|
tracelogs/punt_debug.log* missing when punt keepalive timeout / crash occurs |
|
ASR1000-6TGE: Too many "Interface TenGigabitEthernet4/0/0, link down due to local fault" logs |
|
ISSU: 16.3.4 <-> 16.5.1 Config_Sync@lacp rate fast after Loadversion in RP2 platforms |
|
Input errors on glc-ge-100fx |
|
Router crashes using show BGP commands |
|
Router crashed in afw application |
|
ISR4451-X/K9 -16.3.2 crash when configure NAT66 reason:LocalSoftADR |
|
Crash in XE3.17 in TCP-TLS B2B call scenario |
|
CSR1000v HA Checkpointing Broken for Video Calls with SDP Pass-Thru |
|
POLARIS: IPSec FlexVPN PSK does not scale on asr1013/RP2/ESP100 |
|
Behavior difference between XE3.17 and Polaris |
|
IKEV2 Default Proposal Reset After Reload |
|
IOS IKEv2 profile NVgen local auth is rejected from startup configuration upon reload |
|
IPSec Tunnel stuck in Up/Down state after shut/no-shut - VPN Interop |
|
RSP3:standby router crashes due to parser return error |
|
OSPF SR SID Conflict: two prefixes have the same sid and no conflict is detected. |
|
ASR1002-HX crash on configuring mpls-lsp-monis-lsp-monitor |
|
OSPF SID Conflict: when SR disabled on OSPF inst other inst sids affecte |
Resolved Caveats—Cisco IOS XE Everest 16.4.2
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Caveat ID Number |
Description |
|---|---|
ASR 1000 router crash while updating ogacl statistics |
|
Router crashes when RF/PPPoE link goes down |
|
Harddisk is not accessible from IOS sometimes after router reload |
|
As1k @ CFM traffic frames being sent with 2 dot1q tags |
|
ASR1000-2T+20X1GE: More than 1Gbps traffic is reported on 1GE port |
|
ASR1k-ELC- XCVR disabled after router reload and interface is down |
|
EPA-18X1GE and EPA-10x10GE reloads unexpectedly with traffic and EPA OIR |
|
IP/ARP connection failed between two direct-connected interfaces |
|
Vlan Oversubscription packets are not working. |
|
CSR crashes cpp_mma_policy_isd_free_exmem_entry |
|
Ingress Unicast traffic not received on the BDI. |
|
Platform does not trigger license release when the port moves into error disable state |
|
AN: ACP is not getting created after save & reload in some specific scenario |
|
AN: Channel/Nbr flap during bootstrap in ASR903 with standby RSP. |
|
AN: Standby reload due to config-sync failure at CISCO_AN_IPSEC_PROFILE |
|
Autonomic Networking Infrastructure Adjacency Discovery DoS Vulnerability |
|
Autonomic Networking Infrastructure Registrar Device Reload |
|
After reload route policy processing not re-evaluate with route-map using match RPKI |
|
eVPN PMSI VNI decoding / encoding as MPLS label |
|
Router crash @ IP RIB Update while deleting bgp config |
|
RP crash @ BGP router with "import l2vpn evpn re-originate" |
|
Ephone-DN remains in down state when restart all is given in telephony-service |
|
SIP CME relays out "Authorization: header" received from IP Phone. |
|
Router crash when removing EIGRP |
|
IKEV2 Tunnels are flapping, rekey request received from PD, lifetime kilobytes configured |
|
ASR1k crashed while unconfiguring Netflow |
|
Evaluation of IOS XE BinOS component for Openssl September 2016 |
|
self-generated packets sent fail over PMIP-MUDP tunnel in LMA |
|
IKEv2 IPv6 GRE IPSec fails to stabilize on asr1k on 16.3 |
|
Modifying crypto ACL leads to a removal of crypto map config |
|
IKEv2 Aggregate-auth Timing Issue |
|
IKEv2 tunnel fails to come up b/w Cisco routers post upgrading one router to 15.5(3)S5, 15.5(3)M5 |
|
IKEv2: Unable to initiate IKE session to a specific peer due to 'in-neg' SA Leak |
|
csr1000v is not able to poll CISCO-IPSEC-FLOW-MONITOR-MIB |
|
ISIS route oscillation due to ldp sync and interface max metric |
|
LDP NSR : Remote Side VCs stays up even with local access interface shut after SSO |
|
VFI is down after provisioning a new new VFI to the existing |
|
MK51-UCI, Mcast trafic is blackholing on ISSU CV while upgrading from FC5 to FC6 |
|
complete traffic drop with DATA MDTs with latest polaris_dev |
|
Accounting Stop not sent for PMIPv6 tunnel in LMA |
|
Ignore home address is broken in MAG/LMA |
|
MAG crash with traffic on and home interface config is removed |
|
SSH / Telnet / Console freezes while bringing up PMIPv6 tunnel interface |
|
ASR903:ISIS routes are set with Max Metric due to IGP LDP Sync |
|
ASR 1K Running IOS-XE 3.16S w/ MPLS Crashes on 'clear ip route *' |
|
MRCP V2 logging tag support |
|
ASR 1k NHS Fallback fails for NHRP on secondary path |
|
ISR4331 crash due to NHRP running 03.16.03.S |
|
VA stuck in protocol down state after failing to establish IPSec session |
|
Old Constrained Node Sid not getting deleted from MPLS forwarding table on changing SID |
|
OSPF SR SID Conflict: SID is not installed for route via virtual-link |
|
OSPF SRTE: CSTR path is not installed in some cases properly. |
|
SID conflict: Even after an area is removed from topology, SID database does not remove the area. |
|
SRTE: Single hope tunnel doesn't install any repair path. |
|
SRTE: when i/f address is removed, traceback is seen and adj-sids not destroyed. |
|
Tunnel & repair path continuously flapping on disabling SR on next node from head-end. |
|
Client auth and enroll to subca fails |
|
crash after multiple renew |
|
During PKI enrollment, Cisco router rejects CA/RA reply containing HTTP 500 "Internal Server Error" |
|
PKI: Cannot import RSA SubCA signed by ECDSA |
|
16.6: ASR1K: RP crash seen @cpp_bqs_rm_yoda_init_or_save_child. |
|
ASR1K ESP100 - Both ESP crashing due to cpp_bqs_srt_yoda_place_child_internal: failed to grow tree |
|
ASR1K ESP100 - Both ESP crashing due to cpp_bqs_srt_yoda_place_child_internal: failed to grow tree |
|
BQS unable to resume processing leading to pending objects constantly increasing |
|
cpp_cp process crashes due to sw wdog expiring while creating a queue |
|
Crash when bandwidth remaining percent <#> is removed then re-added to a class-map |
|
Crash when interface with multiple tunnels sourced comes up |
|
Dual QFP Crash triggered by removing service policy from interface with mixed shaper feature enabled |
|
Dual QFP Crash triggered by removing service policy from interface with mixed shaper feature enabled |
|
Multiple Parent Events Per Node lead to a crash |
|
Secondary SUP keep crashing @ CPP Client process failed |
|
Ping to ASR1k with a MTU of 10000 Bytes and record option set fails |
|
SR:RSP2:Object download failure(EOS object)error seen randomly |
|
CTS/SGT across GRE p2p tunnel broken when doing inline tagging |
|
ASR crashes when attempting SRTP/TLS call |
|
Evaluation of all for Openssl September 2016 |
Related Documentation
Platform-Specific Documentation
For information about associated services and modules in Cisco ASR 1000 Series Aggregation Services Routers, see: Documentation Roadmap for Cisco ASR 1000 Series, Cisco IOS XE 16.x Releases.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Copyright © 2016-2017, Cisco Systems, Inc. All rights reserved.