Table Of Contents
Release Notes for Cisco Service Control Subcriber Manager Release 3.1.5 LA
Support for VPN subscribers in MPLS L3-VPN and VLAN domains
Classification in VLAN-based environment
MPLS-VPN—Subscriber IP Removed when Moving to support-ip-range enable
System Uptime of SM Resets Every Full Hour
3.1.5 Cascade Synchronization—Subscriber Management Status is Active for Both SCEs
SCE Subscriber API, QM — Zombie Connections After API Disconnect
RADIUS Listener Fails to Initialize upon Failover in SM Cluster Setup
Sniffer LEGs—Maximum Number of SCEs is Limited to 100
QM Does Not Contain a Configuration Flag to Produce Breach Start/Stop Log Message
SM Boot Time Depends on the SM Database Capacity
Shutdown on SCE causes SM to identify both cascade SCEs as standby
Information About New Features
SM Updates Only the Active SCE
Enhanced Subscriber ID Character Support
Quota Manager—Quota Change Within Aggregation Period
Supported Operating Systems and Platforms
CLU --prefix Option does not Filter Correctly
leaseActiveReplyNoSubId Error does not Exist in the DHCP Lease Query LEG User Log
RADIUS Listener LEG Activities are not Logged into the User Log
Thread Remains Open after Disconnecting from SM/SCE Java APIs
SCE Subscriber API Readme file Indicates the API can work with Java Version 1.5
RADIUS Listener LEG is Limited to a Single CPU
SM-SCE Connection Problem may Impact Other SM-SCE Connections
The Upgrade Script Installs a New Java Without Removing Old Java
CLU Error when Extracting Support File with Output File Path
The p3subsdb --export --prefix CLU is Always Case Sensitive
SM Upgrade Causes QM Configuration Loss
Upgrade Script Might Fail when /etc/motd file is Not Empty
Executing CLU Commands as User other than pcube Throws Exception
Adding Subscriber with a Domain when aliases=* is Configured adds Subscriber with Wrong Domain
Quota Manager—No User Log for Subscriber Quota Breach
p3net CLU Truncates IP Addresses
p3subs --set CLU Does Not Add a Subscriber if it Does Not Exist
SCE Subscriber API Failover Might Cause Loss of Client Context
SCE Cascade Pair does not Exchange all Quota Information
QM Cannot Provision More Than 1 GB
PRPC Session Hangs on establishConnection
Renaming the Domain Name Causes Subscriber to Lose Domain
CLU p3sm --load-config Does Not Create a Userlog Message
PRPC User File is Overwritten on Upgrade
DHCP Lease Query LEG on the SCE—Auto Logout does not Work After Activation
Information About Removed Features
Static Subscriber Support Removed from the SM
Pull-response is Sent for Domain-less Subscribers
SCE Subscriber API—High Rate of quota-state-restore Indications Might Cause Timeouts
SM Upgrade Might Cause SCE Cascade Pair Failover
Quota Management—Problem with Remaining Quota RDRs and Quota-Status Indications
Loss of sync between the SM and the SCE when a subscriber has a high rate of logons
Subscriber who is added via the GUI is not pushed to the SCE
MPLS-VPN—Community based subscribers are not part of the show vpn subs output
Bad handling of connection failures during connection establishment
Empty log messages in the SM user log
Obtaining Technical Assistance
Contacting TAC by Using the Cisco TAC Website
Release Notes for Cisco Service Control Subcriber Manager Release 3.1.5 LA
Revised: August 10, 2007, OL-14440-01
Supports: SCMS SM 3.1.5LA, SCMS SM 3.1.1, SCMS SM 3.1.0
These release notes for the Cisco SCMS SM describe the enhancements provided in Cisco Release SCMS SM 3.1.5LA.
These release notes are updated as needed. These release notes include various fixes of bugs that were identified as part of Cisco's on-going internal testing and during our interaction with our customers.
Contents
•
Obtaining Technical Assistance
Introduction
This document outlines the resolved issues of the SM 3.1.5LA release. It assumes the reader already has a good working knowledge of the Cisco solution. For additional information, please refer to the Cisco Service Control Engine documentation.
For a list of the caveats that apply to Cisco Service Manager (SCMS SM) 3.1.5LA, see Open Caveats.
Release SCMS SM 3.1.5LA
This section describes the functional enhancements, the backward compatibility support, and resolved issues in release 3.1.5LA.
Functional Enhancements
Support for VPN subscribers in MPLS L3-VPN and VLAN domains
Release 3.1.5 LA enhances the capability of SCA BB to allow defining service in an environment where IPv4 addresses overlap.
In releases prior to 3.1.5 LA, the operator could only assign service to the entire VPN or entire VLAN. In 3.1.5 LA, service can be assigned to individual and overlapping IPv4 addresses within the VPN (VLAN or MPLS L3-VPN). The VPN/VLAN represents the way an entire enterprise is managed, while the enhancements in 3.1.5 LA allow specific service to be assigned to an individual within the enterprise, or to a branch office.
As technology varies between VLAN and MPLS-VPN, so the offering and integration models are different for the two. However, for the sake of a unified interface, whenever possible the term VPN will represent either MPLS L3-VPN or VLAN.
A VPN is a named entity, introduced in the same way that a subscriber is introduced, and containing VPN mappings. A VPN may contain several MPLS mappings or a single VLAN mapping.
A VPN-based subscriber contains a set of mappings of the form: IP@VpnName, where IP can be either a single IP address or a range of addresses.
VPN entities can be configured only via the SM. The SCE platform CLI can be used to view VPN-related information, but not to configure the VPNs.
For information on the configuration and management of VPN entities, please refer to the Cisco Service Control Management Suite Subscriber Manager User Guide, Rel 3.1.5 .
For information on the configuration and management of MPLS/VPN-based subscribers, please refer to the Cisco Service Control MPLS/VPN Solution Guide, Rel 3.1.5 .
Note
MPLS L3-VPN
MPLS L3-VPN has gained popularity with ISPs for use in supporting business intranet services.
The SCE platform can be used within an MPLS cloud to address a range of use cases such as monitoring, reporting, and control of different network entities.
The following examples illustrate the supported topologies and integrations, and clarify what can be gained through the MPLS L3-VPN integration.
Examples of MPLS L3-VPN integration
The following examples demonstrate different integration models.
•
•
•
VPN AS A SUBSCRIBER
When an entire VPN represents one enterprise and is to be managed as a single unit, the whole VPN is defined as one subscriber. In this mode, SCA BB can enforce different service rules for different organizations. SCA BB identifies all CPEs (desktops, laptops, cable modems, or any other equipment that can be identified by an IP address) that are tunneled by the same MPLS/VPN as belonging to a specific organization and therefore subject to the same rule.
For example, browsing may be blocked in the extranet for one organization (VPN) and permitted for a different organization (VPN).
BRANCH OFFICE AS A SUBSCRIBER - NEW IN 3.1.5
This capability allows the ISP to set specific services for a branch office that is a part of an organization (part of the VPN). Each branch office is identified and assigned a policy, such as setting bandwidth limitation for browsing as a percentage of the available trunk. SCA BB identifies a group of CPEs (desktops, laptops, cable modems, or any other equipment that can be identified by an IP address) that are part of a VPN as belonging to a specific branch of an organization and being subject to the same rule. In this way, each branch can be assigned a specific rule to accommodate its needs.
MPLS SKIP
The MPLS skip mode must be used to define service for individual CPEs (such as laptops, cable modems, or any other equipment that can be identified by an individual IP address).
Subscriber as CPE using MPLS skip mode is supported as long as IPv4 addresses do not overlap. In cases where the CPE needs to be individually managed, but IPv4 addresses overlap, please consult the BU roadmap for availability of this capability.
Subscriber integration
To enable MPLS L3-VPN awareness, SCA BB integrates with MPLS-L3VPN routing scheme by using the Subscriber Manager (SM). This allows SCA BB to dynamically identify IPv4 subnets being introduced into the VPN and immediately track all traffic to or from those subnets for reporting and control.
VLAN Awareness
Support for IP-VLAN aware provides customers with an additional level of subscriber introduction, coupling between the subscriber network ID and its associated VLAN.
In the three different integration levels, the managed entity (subscriber) varies. The network architect needs to select between the three based on the use case that is required from the SCA BB.
•
•
•
VPN AS A SUBSCRIBER
This capability allows the ISP to globally manage a network entity, such as an enterprise in a VLAN environment. SCA BB can enforce different service rules as required by the different enterprises, such as blocking browsing in the extranet for one organization (VPN) while permitting browsing for a different organization (VPN).
CPE AS A SUBSCRIBER - NEW IN 3.1.5
This capability allows the ISP to set specific services for an individual who is a part of an organization (part of the VPN). Each individual is identified and assigned a policy, such as setting bandwidth limitation for browsing, reflecting their personalized service requirement.
VPN (VLAN) SKIP
This mode is a simple solution where the managed entity (subscriber) is an individual CPE in a VLAN environment. However, since this mode does not differentiate between overlapping IPs, it can be used only when there are no overlapping IPs within the network.
Subscriber integration
The information required to identify a subscriber within a specific VLAN and assign an individual policy must be provided by the Subscriber Manager (SM). Cisco enhanced the capabilities of the SM Radius listener to allow it to extract the subscriber network ID and VLAN. This information is pushed to the SCE for creating the IP-VLAN subscriber instance.
VLAN awareness constraints
•
•
Backward Compatibility
MPLS L3-VPN
Note that 3.1.5 LA configuration supports all the use cases described above. For more information, please consult the Cisco Service Control Engine (SCE) Software Configuration Guide and the Cisco Service Control MPLS/VPN Solution Guide .
Classification in VLAN-based environment
The ability of the SCE platform to import subscriber information from or export it to a CSV file is not supported in VLAN classify mode in release 3.1.5LA.
Resolved Issues
This section describes the resolved issues in release 3.1.5LA.
•
•
•
•
•
•
•
•
•
MPLS-VPN—Subscriber IP Removed when Moving to support-ip-range enable
•
If the support-ip-range configuration parameter is enabled, all IP addresses (without ranges) are deleted from the SM after restart without warning the user.
In release 3.1.5LA, a warning is logged to the user log if this configuration change takes place
SM does not handle well the fact it is initiating quarantine from within a thread of the connection to the SCE
•
The SCE goes into a quarantine state and is not able to get back to regular working state. This is caused when a CLI to remove all of the anonymous subscribers is run on the SCE while there is traffic from many anonymous subscribers. The removal CLI takes a long time to execute, which causes many anonymous subscribers to be re-spawned and many pull requests are sent to the SM. However, this operation blocks the handling of the responses from the SM and causes back-pressure to the SM which triggers the quarantine mechanism.
This issue is fixed in the SM in release 3.1.5LA.
System Uptime of SM Resets Every Full Hour
•
The p3sm --show command displays the SM uptime since last running the p3sm --start command. However, the system uptime is reset every full hour that the system remains running.
This is shown in the following output:
bash-2.05$ p3sm --show Subscriber Management Module Information: ========================================= ... Up time: 59 minutes 59 seconds ... Command terminated successfully•
bash-2.05$ p3sm --show Subscriber Management Module Information: ========================================= ... Up time: 2 seconds ... Command terminated successfully•
3.1.5 Cascade Synchronization—Subscriber Management Status is Active for Both SCEs
•
From version 3.1.0 the output of the p3net --show CLU is inaccurate for the standby box of a cascade pair. The subscriber management status is displayed as "Not Active" instead of "Active".
This issue is fixed in the SM in release 3.1.5LA.
SCE Subscriber API, QM — Zombie Connections After API Disconnect
•
If the auto-reconnect feature of the SCE subscriber API is used, and the client experiences a physical loss of connection with the SCE for a long time, several zombie connections might be created on the SCE when connectivity is restored.
This can cause the SCE to reject the client's "legal" connections due to too many client connections.
This issue is fixed in the SM in release 3.1.5LA.
RADIUS Listener Fails to Initialize upon Failover in SM Cluster Setup
•
RADIUS messages are not processed by the SM cluster. This occurs if the standby SM process (hereafter SM1) is restarted due to a failure or manually by the user, since on SM1 the Virtual IP (VIP) does not exist because it is assigned to the active SM (SM2). When the SM restarts, the RADIUS Listener tries to init on SM1, but fails to bind to the VIP because there is no VIP on this machine. However, the RADIUS Listener assumes that it is up and running, which is incorrect.
After another failover back from SM2 to SM1 the RADIUS Listener does not work because it is actually not active.
This issue is fixed in the SM in release 3.1.5LA.
Sniffer LEGs—Maximum Number of SCEs is Limited to 100
•
The max_connections parameter in the [RDR Server] section of the p3sm.cfg SM configuration file sets the number of connections accepted by the RDR server. If you set this value higher than 100 there is no warning and additionally, when loading the configuration file there is also no warning and no log message.
Setting this value higher than 100 will cause RDR connections from the SCEs that cannot be established.
This issue is fixed in the SM in release 3.1.5LA.
QM Does Not Contain a Configuration Flag to Produce Breach Start/Stop Log Message
•
The QM currently produces breach logs and aggregation-period start events only under the log-all configuration flag. This limits the usability of this feature as using the log-all configuration flag causes excessive logging.
This issue is fixed in the SM in release 3.1.5LA using the following configuration flag:
[Quota Manager] # Logging to user-log parameters: # log_breach_events - logs only events of subscriber # bucket breach and new aggregation period # (default: false) log_breach_events=trueSM Boot Time Depends on the SM Database Capacity
•
The SM restart and failover times depend on the number of subscribers in the database. The boot time is affected when there are several millions of subscribers in the SM database.
This issue is fixed in the SM in release 3.1.5LA.
Shutdown on SCE causes SM to identify both cascade SCEs as standby
•
In some cases where the user runs the ROOT CLI shutdown on the active SCE, the SM can get into a state where it treats both of the SCEs in the cascade pair as though they are in a standby state.
This issue is fixed in the SM in release 3.1.5LA.
Release SCMS SM 3.1.0
This section describes the new features, supported operating systems and platforms, resolved issues, and removed features in release 3.1.0.
•
•
•
Information About New Features
•
•
•
Scaling Enhancements
The SM has been enhanced to support a larger number of subscribers, LEGs, and SCEs.
•
•
•
•
SM Updates Only the Active SCE
Since SCE 3.1.0 the SCEs in a cascade pair are able to replicate all of the subscriber data between them, so that the SM updates only the active SCE. The SCE configuration in the SM configuration file is changed to provide the SM with the knowledge of which SCEs are interconnected in a cascade pair. See the Cisco SCMS Subscriber Manager User Guide .
Enhanced Subscriber ID Character Support
The Subscriber ID is a string representing a subscriber that is a unique identifier for each subscriber from the customer perspective.
In previous versions of the SM, there were a number of limitations of characters that could not be used for the subscriber ID. The subscriber ID can now contain up to 64 characters. All printable characters with an ASCII code between 32 and 126 (inclusive) can be used; except for 34 ("), 39 ('), and 96 (`).
Virtual Links
The DHCP Lease Query LEG and the SCE-Sniffer DHCP LEG now both allow the user to define multiple policies including the package-Id, monitor flag, and the upstream and downstream virtual links.
The policies are configured in the dhcp_pkg.cfg configuration file of the relevant LEGs.
Quota Manager—Quota Change Within Aggregation Period
In previous versions of the Quota Manager, it was not possible to change the quota of a subscriber within an aggregation period. Two new operations have been added to the p3qm CLU to allow setting and adding to a subscriber's quota buckets within an aggregation period: --set-quota and --add-quota .
Automatic Domain Roaming
The SM API now allows subscribers to be automatically moved between domains by calling the login() method of the API for a subscriber with an updated domain parameter.
Support for Solaris 10
The Subscriber Management components can be installed on Solaris 10. See Supported Operating Systems and Platforms for further details.
Supported Operating Systems and Platforms
Note
The following table details which operating systems and platforms are supported by the SM.
Resolved Issues
This section describes the resolved issues in release 3.1.0.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
CLU --prefix Option does not Filter Correctly
•
When using the --prefix option, the CLU correctly recognizes the option. However, when trying to insert --pre, the following error is displayed:
unknown option '--pre' use '--help' for more information.This issue is fixed in the SM in release 3.1.0.
leaseActiveReplyNoSubId Error does not Exist in the DHCP Lease Query LEG User Log
•
When the subscriber ID is missing - because the configured attribute for the association is missing - there is no user log message.
This issue is fixed in the SM in release 3.1.0.
RADIUS Listener LEG Activities are not Logged into the User Log
•
Some of the RADIUS Listener LEG activities are not logged; such as, decoding failures, and the reason for discarding incoming RADIUS packets.
This issue is fixed in the SM in release 3.1.0.
Thread Remains Open after Disconnecting from SM/SCE Java APIs
•
The main() function of an application that uses the SM/SCE API might not return due to the existence of a thread that handles resiliency to time changes during the life of the API.
This issue is fixed in the SM in release 3.1.0.
SCE Subscriber API Readme file Indicates the API can work with Java Version 1.5
•
The readme file of the SCE Subscriber API states that the API can be installed on any platform that supports Java version 1.4/1.5; however, the API works only with Java 1.4.
This issue is fixed in the SM in release 3.1.0.
RADIUS Listener LEG is Limited to a Single CPU
•
There is a lock between the RADIUS packet handlers that allows only one handler to work at a time. This prevents the LEG from scaling its performance on machines with multiple CPUs.
This issue is fixed in the SM in release 3.1.0 and performance is improved.
SM-SCE Connection Problem may Impact Other SM-SCE Connections
•
If the PRPC connection to the SCE stays up, but the subscriber logon rate significantly decreases, the output queue from the SM to the SCE fills up and every additional message in the queue is delayed.
The logon process to the SM updates the SM DB and in some cases - depending on logon operations and on the introduction mode - updates one SCE or more.
The ability to automatically quarantine the SCE if a logon message to it fails to execute due to a timeout in putting a message into the queue to the SCE was added to SM 3.1.0.
The following algorithm is implemented:
1.
2.
–
–
Note
The Upgrade Script Installs a New Java Without Removing Old Java
•
When upgrading the SM, the upgrade script installs the new version of the Java Runtime Environment (JRE). However, it does not remove the old version of the JRE.
This issue is fixed in the SM in release 3.1.0.
CLU Error when Extracting Support File with Output File Path
•
When using the CLU to extract a support file with an absolute path, an error occurs. For example:
–
-bash-3.00$ p3sm --extract-support-file -o ~pcube/1.zip Error - Operation buildInformationFile failed null–
-bash-3.00$ p3sm --extract-support-file -o /export/home/pcube/3.zip Error - Operation buildInformationFile failed nullThis issue is fixed in the SM in release 3.1.0.
The p3subsdb --export --prefix CLU is Always Case Sensitive
•
When using the p3subsdb --export CLU with the --prefix option, the prefix is always case sensitive regardless of the subscriber_id_case_sensitivityparameter.
This issue is fixed in the SM in release 3.1.0.
SM Upgrade Causes QM Configuration Loss
•
The QM configuration file is overridden during the SM upgrade process.
This issue is fixed in the SM in release 3.1.0.
Upgrade Script Might Fail when /etc/motd file is Not Empty
•
When upgrading the SM with the upgrade script, if the /etc/motd file is not empty, the upgrade may fail.
This issue is fixed in the SM in release 3.1.0.
Executing CLU Commands as User other than pcube Throws Exception
•
Running any CLU command as a user other than 'pcube' causes an exception instead of printing a suitable error message to the log.
This issue is fixed in the SM in release 3.1.0.
Adding Subscriber with a Domain when aliases=* is Configured adds Subscriber with Wrong Domain
•
When running the CLU p3subs --add -s w --domain=subscribers the subscriber is logged in with the correct domain.
When the domain section of the SM configuration file contains aliases=* and running the same command, the subscriber is logged into the wrong domain.
This issue is fixed in the SM in release 3.1.0.
Quota Manager—No User Log for Subscriber Quota Breach
•
In the case of a subscriber quota breach, there is no user log entry to indicate that this has occurred. These messages are logged under the log_all configuration parameter.
This issue is fixed in the SM in release 3.1.0.
p3net CLU Truncates IP Addresses
•
When using the p3net --show-all --detailCLU, if an SCE has an IP address with values larger than 100 in each of the octets, the last octet is truncated.
For example, the IP address 211.183.122.225 is truncated to 211.183.122.22.
This issue is fixed in the SM in release 3.1.0.
p3subs --set CLU Does Not Add a Subscriber if it Does Not Exist
•
The p3subs --help CLU states that the --set option can be used to add or update a subscriber. However, --set does not add a subscriber and returns an error if the subscriber does not exist. For example:
-bash-3.00$ p3subs --set -s s1 Error - Failed to update the subscriber 's1' Subscriber 's1' does not exist in the subscriber databaseThis issue is fixed in the SM in release 3.1.0.
SCE Subscriber API Failover Might Cause Loss of Client Context
•
After an API client failover, login-pull-requests and quota-events may stop after a few minutes.
This is caused when there is an SCE Subscriber API failover between two clients that use the same client name. If the first client fails and does not disconnect correctly, a context in the server which is used for the APIs with this client name is removed after a timeout and the SCE will stop producing login-pull-requests.
This issue is fixed in the SM in release 3.1.0.
SCE Cascade Pair does not Exchange all Quota Information
•
The SCE cascade pair exchanged only a portion of the quota information, this caused the failover in the SCE cascade topology to be stateless with regard to quota.
On SCE failover, all of the subscribers went into an immediate breach state, which is the same as the use-case for a first subscriber login. As a result of the subscribers being in a breach state, the external server must provide quota to all active subscribers immediately after the failover.
The first quota notification after failover also contains an incorrect quota report which must be ignored. Ignoring the quota report means that there is quota leakage of the quota used since the last periodic update.
After an SCE failover there may be many breach notifications which can cause performance issues in the quota manager and the APIs.
This issue is fixed in the SM in release 3.1.0.
QM Cannot Provision More Than 1 GB
•
When the dosage size is configured to a value greater than 1 GB, the QM does not give any validation error, but it fails to update the SCE.
Also, when the SCE requests more than 1 GB of quota, the QM fails to provide the requested quota.
This issue is fixed in the SM in release 3.1.0.
PRPC Session Hangs on establishConnection
•
In some cases when the connection is established at the PRPC Server side, the session gets stuck in an infinite loop.
If you run the p3sm --sm-status CLU, the following error will be displayed:
Could not connect to SM Error - The operation cannot be performedThis issue is fixed in the SM in release 3.1.0.
Renaming the Domain Name Causes Subscriber to Lose Domain
•
If a subscriber has been added to domain X and the name is changed to domain Y, after performing a load-config operation, the subscriber moves to a domain-less domain.
This issue is fixed in the SM in release 3.1.0.
CLU p3sm --load-config Does Not Create a Userlog Message
•
When running the p3sm --load-config CLU, there is no user log message for the command.
This issue is fixed in the SM in release 3.1.0.
PRPC User File is Overwritten on Upgrade
•
The PRPC user file is overwritten when upgrading the SM. Any users that the SCA BB Console uses are lost.
This issue is fixed in the SM in release 3.1.0.
DHCP Lease Query LEG on the SCE—Auto Logout does not Work After Activation
•
When the DHCP Lease Query LEG is installed on the SCE, the LEG does not query the DHCP server before logging a subscriber out when the previous lease time has expired. If the subscriber is still active, an anonymous subscriber is created and a lease query is sent to the DHCP Server. The subscriber service might be interrupted during the logout and re-login.
This issue is fixed in the SM in release 3.1.0.
Information About Removed Features
This section describes the removed features in release 3.1.0.
•
Static Subscriber Support Removed from the SM
•
The subscriber's SCE persistent support configuration in the SM causes a number of problems when it is used; such as, low performance and large amounts of writing into files on the SCE. Superior functionality is provided by importing the subscribers directly to the SCE or by disabling this feature.
This feature is removed from the SM in 3.1.0.
Support for Solaris 8
From version 3.1.0 of the SM, Solaris 8 is no longer supported by the SM, LEGs, and APIs.
Open Caveats
This section describes the open caveats in SCMS SM release 3.1.5LA.
•
•
•
•
•
•
•
•
•
Pull-response is Sent for Domain-less Subscribers
•
If a domain-less subscriber is created on the SM and an anonymous-subscriber is created in the SCE with the same IP address, the SM replies with a pull-response to the SCE.
If the same scenario is performed with a subscriber that is different to the SCE's domain, the SM does not send the pull-response.
SCE Subscriber API—High Rate of quota-state-restore Indications Might Cause Timeouts
•
In cases where the user code performs subscriber login operations at a very high rate, and most of the subscribers have an external quota policy, the quota-state-restore indication replies might be blocked by the login operations. The login rate needs to remain very high for a significant period of time to cause this behavior.
This can cause:
–
–
•
–
–
SM Upgrade Might Cause SCE Cascade Pair Failover
•
During the upgrade of the SM from a 3.0.x system to 3.1.5LA, prior to the SCE upgrade, if the SCEs are part of a cascade setup, the SCEs might do a failover even though the sm-connection-failure action is set to none.
The reason for the failover is because the SM connection to the standby SCE is up while in the peer SCE the connection is down.
Quota Management—Problem with Remaining Quota RDRs and Quota-Status Indications
•
The remaining quota RDRs in release 3.0.x of the SM contain an incorrect value for quota buckets that are not controlled by the subscriber's package. In release 3.1.0 it provides zero for these buckets.
The SCE subscriber API exposes the remaining quota RDR in the quotaStatusIndication method of the QuotaListenerEx interface. Implementers of this interface must ignore the buckets that are not controlled.
The Quota Manager provides configuration for consecutive quota-buckets only, starting with the first bucket. Therefore, if the controlled-buckets for a certain package are not consecutive beginning with the first bucket or are not configured as in the policy applied to the SCE, the QM will attempt to update these buckets for every event received from the SCE.
Workaround:
Configure all of the external-quota packages to use consecutive buckets starting from the first bucket and configure the QM to control these same buckets.
Loss of sync between the SM and the SCE when a subscriber has a high rate of logons
•
In pull mode when a certain subscriber repeatedly logs in and logs out, the SM and SCE might loose synchronization on this subscriber. When the synchronization is lost the SM is unaware that the subscriber is being handled by the SCE.
Workaround:
Run the following CLU to re-sync the SCE.
p3sm --resync -n SCE-NAMESubscriber who is added via the GUI is not pushed to the SCE
•
In push mode when a subscriber is added via the SM GUI, the subscriber is added to the SM correctly but is not pushed to the SCE.
Workaround:
Use the CLU to manage the subscriber and run the following CLU command after adding the subscriber.
p3sm --resync-allMPLS-VPN—Community based subscribers are not part of the show vpn subs output
•
After adding a number of VPNs and adding a number of community based subscribers to each VPN the p3vpn --show-subs CLU command should display the subscribers. However, the following message is shown:
No subscribers are defined for VPN <VPN Name >When attempting to remove the VPN, the VPN is removed without any warnings even though subscribers with a community belong to it.
Bad handling of connection failures during connection establishment
•
If the link goes down during the estabilshment of the connection between the SM and the SCE, the connection remains in an inconsistent state. This causes the following symptoms:
–
–
–
•
1.
2.
Empty log messages in the SM user log
•
If the log_all configuration parameter is set to true in the MPLS-VPN section of the p3sm.cfg configuration file, the user log file is filled with empty log messages for each BGP route of a VPN that is not configured in the SM.
Workaround:
Set the log_all configuration parameter to false, which is also the default value.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at any time, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com , you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to http://www.cisco.com.
Technical Assistance Center
The Cisco Technical Assistance Center (TAC) website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website http://www.cisco.com/tac.
P3 and P4 level problems are defined as follows:
•
•
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to http://tools.cisco.com/RPF/register/register.do.
If you cannot resolve your technical issue by using the TAC online resources, Cisco.comregistered users can open a case online by using the TAC Case Open tool at http://www.cisco.com/tac/caseopen.
Contacting TAC by Telephone
If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
P1 and P2 level problems are defined as follows:
•
•