Release Notes for Cisco Service Control Application for Broadband (SCA BB) 3.1.6
Available Languages
Table Of Contents
Release Notes for Cisco Service Control Application for Broadband (SCA BB) 3.1.6
Changing the port of the PRPC server cause failure
Port congestion may cause inconsistent behavior
SM GUI - Remove mapping does not logout the subscriber
Can't apply service configuration when flavors with '*' in content category
FF filters ToS while the rest of the GUI is DSCP
Can't apply service configuration with flavor
Unable to install Dynamic Signature
Anonymous subscriber templates should allow virtual link configuration
'Invalid Character' while generating Subscriber Monitoring Reports
No multi-threading support when using Service Configuration API
Changing to pie chart with large number of items is slow and gives poor chart rendering
Exporting a chart sometimes fails
DSS: multiple packet deep inspection condition does not work
Failure message despite successfully importing subscribers
The SCA BB framework does not support full Protocol Pack installation
Some listed reports not supported in split flow
Invalid injected packet in MPLS Traffic Engineering mode
DSCP marking injection into tunneled traffic generates malformed injected packets
The default Transaction RDR rate is too high
Real-time SUR is always generated if 'monitor' property set to 1
CPA: Query timeout is implemented in seconds instead of milliseconds
Unexpected effect of applying an old policy on new release
Content Filtering-CPA client hangs when losing connection to the server
L7 functionality is not supported for HTTP traffic that is not browsing
Information About Functional Enhancements
Identifying Subscribers per VLAN ID and IP
Flexible Subscriber Introduction
Information About Backward Compatibility
Information About Resolved Caveats
Quota State Restore RDR should be issued at package change
Content Filtering-CPA client hangs when losing connection to the server
Protocol pack installation process is not intuitive
Remove 'lately used' setting from the Advanced settings dialog
Remove 'SW Filter tunables' from the Advanced settings dialog
Quota State Restore RDRs should not be sent for internal quota
Number of active subscribers reported to be more than total subscribers
POP3 account not inserted into INFO_String field (Thunderbird)
New service with SIP protocol and flavor does not appear in VoIP report
Oracle 10 error when running malicious traffic reports
Oracle 10 error when running Web and P2P reports
Quick forwarding filtering documentation is misleading
Malicious Traffic reports showing wrong numbers
Virtual links GC configuration pane may be shifted
Signature Editor does not limit searchable range
Service configuration is not marked as changed after certain modifications
DSCP Markers can have empty names
DSCP marking in filter rule not reflected in GUI
Bypass and Quick Forward should be mutually exclusive in Filter Rule wizard
Cannot copy/paste from Problems View
Information About Functional Enhancements
Information About Resolved Caveats
Cannot install new OS from the SCA BB console
Cannot apply service configuration created in SCA BB 3.0.6
Cannot update Global Controller parameters via console after upgrade
In pull mode, the quota for the first flow is not accounted
RDR RADIUS: no RDRs sent after PQI install or application assignment
Information About New Features
Asymmetric Routing Classification
Information About Removed Features
Generic Upload/Download Settings
Reporting of P2P File Extensions
Information About Backward Compatibility
Information About Resolved Caveats
Traffic Accounting and Reporting
Traffic Accounting and Reporting
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco Service Control Application for Broadband (SCA BB) 3.1.6
Covers: SCA BB 3.1.6, SCA BB 3.1.5, SCA BB 3.1.1, SCA BB 3.1.0
February 14, 2009These release notes for Cisco SCA BB describe the enhancements provided in Cisco SCA BB Release 3.1.6. These release notes are updated as needed.
For a list of the caveats that apply to Cisco SCA BB Release 3.1.6, see Open Caveats.
For information regarding features added and issues resolved in the 3.0.x train, please refer to:
•
Release Notes for Cisco Service Control Application for Broadband (SCA BB) 3.0.6
For further information about related products, please refer to the latest versions of the following Release Notes:
•
•
•
Contents
•
Introduction
This document describes the new functionality, enhancements, and known issues in SCA BB release 3.1.6.
It is assumed that the reader already has a good working knowledge of the Cisco Service Control solution. For additional information, please refer to the Cisco SCA BB documentation.
Note
1.
2.
3.
4.
SCA BB Release 3.1.6
This section describes functional enhancements, backward compatibility, resolved issues, and capacity of SCA BB release 3.1.6.
Functional Enhancements
The following section lists the functional enhancements in SCA BB 3.1.6. See the Cisco Service Control Application for Broadband User Guide for a complete description of this feature.
HTTP Flavors Enhancement
The console allows creating service elements with HTTP flavors for all HTTP signatures; such as, HTTP, iTunes, Video over HTTP, etc.
Protocol Support
Refer to the Protocol Pack Notes for information regarding protocol support for Protocol Pack #12 and Protocol Pack #13 (included in SCA BB 3.1.6).
Note
Backward Compatibility
This section describes backward compatibility between SCA BB release 3.1.6 and earlier releases of SCA BB.
Persistent Report Coloring
Persistent report coloring was introduced in SCA BB release 3.1.5. To preserve the persistent colors configuration when upgrading from release 3.1.5, you must export the charts colors preferences from the previous version and import them into the new version.
Resolved Caveats
This section describes caveats that are resolved in SCA BB release 3.1.6.
Changing the port of the PRPC server cause failure
•
After changing the PRPC server port in a device (SM/CM/SCE), any subsequent invocation of this device from the Console will fail
This issue is resolved in release 3.1.6. (If you change a PRPC server port in a device, you must modify a Console configuration file. This procedure is described in the Cisco Service Control Application for Broadband User Guide.)
Port congestion may cause inconsistent behavior
•
When there are many subscribers, due to the low GC values and the high congestion factors required in order to converge, subscribers connected to the low GC may be starved.
This issue is resolved in release 3.1.6.
SM GUI - Remove mapping does not logout the subscriber
•
Removing the subscriber IP mapping from the SM GUI does not remove the subscriber IP mapping from the SM and from the "Edit subscriber" dialog box.
This issue is resolved in release 3.1.6.
Can't apply service configuration when flavors with '*' in content category
•
The user is allowed to choose * for the flavor's content category and when trying to apply the service configuration it fails.
This issue is resolved in release 3.1.6.
FF filters ToS while the rest of the GUI is DSCP
•
In earlier version of the SCA BB Console the ToS was applied as the whole 8-bit ToS field, while the OS extracted only the relevant 6 DSCP bits.
SCA BB Console release 3.1.5 and higher requires setting only the 6 DSCP bits of the ToS byte.
This creates a situation that the FF and the rest of the SCA BB Console are incompatible.
This issue is resolved in release 3.1.6.
Can't apply service configuration with flavor
•
Applying a service configuration which includes an HTTP URL flavor fails with the message: "Input String have * inside, not permitted ..."
This issue is resolved in release 3.1.6.
Unable to install Dynamic Signature
•
Update dynamic signature pack fails with the messsage: "Failed to apply Dynamic Signature Pack: file newsli__.sli does not exist"
This issue is resolved in release 3.1.6.
Anonymous subscriber templates should allow virtual link configuration
•
Anonymous subscriber templates does not allow virtual link configuration
This issue is resolved in release 3.1.6.
'Invalid Character' while generating Subscriber Monitoring Reports
•
Services that are not mapped to a subscriber counter are included in subscriber monitoring reports.
Generating a report including these services generates an error: Invalid Character.
This issue is resolved in release 3.1.6.
No multi-threading support when using Service Configuration API
•
Exceptions (java.lang.NullPointerException) are thrown when applying a service configuration into multiple SCEs using a multi-threaded API program.
This issue is resolved in release 3.1.6.
Changing to pie chart with large number of items is slow and gives poor chart rendering
•
After running a report with many services, change the chart rendering to pie. This action takes more than 20 seconds and the resulting pie chart is misshaped.
This issue is resolved in release 3.1.6.
Exporting a chart sometimes fails
•
On rare occasions, exporting multiple charts will fail with an error message, and some of the exported file will not be created.
This issue is resolved in release 3.1.6.
DSS: multiple packet deep inspection condition does not work
•
When applying a user-defined signature that includes more than one Deep Inspection Condition, only the first Deep Inspection Condition in each signature is checked, while the other conditions are ignored.
For example, in a signature that looks for a string match on three packets, the top-level condition matches the first packet and the first "Deep Inspection Condition" matches the second packet. However, the classification process then stops; no more conditions are checked and the other conditions are ignored.
This issue is resolved in release 3.1.6.
Failure message despite successfully importing subscribers
•
On rare occasions, despite successfully importing subscribers in the Subscriber Manager tool, a failure message appears.
This issue is resolved in release 3.1.6.
The SCA BB framework does not support full Protocol Pack installation
•
When installing protocol pack #12, which includes a script attachment, the CLI commands included in the script attachment are not executed.
This issue is resolved in release 3.1.6.
Some listed reports not supported in split flow
•
In split flow not all reports are supported. However, these reports appear in the list of reports launched by the wizard.
This issue is resolved in release 3.1.6.
Invalid injected packet in MPLS Traffic Engineering mode
•
When working in 'MPLS Traffic-Engineering skip' mode, a malformed packet is generated by the SCE when MPLS encapsulated flows are redirected or blocked. In the injected packet, the 'next protocol' field of the Ethernet header is 0x8847 (MPLS), but should be 0x0800 (IPv4).
This issue is resolved in release 3.1.6.
DSCP marking injection into tunneled traffic generates malformed injected packets
•
When working in DSCP-marking mode and when the application injects encapsulated traffic (VLAN/MPLS), the injected packets are malformed since the DSCP is updated at the wrong offset in the packet.
The results of this are:
–
–
–
This issue is resolved in release 3.1.6.
The default Transaction RDR rate is too high
•
Prior to release 3.1.5, the default Transaction RDR was 100/sec. In release 3.1.5, this was changed to 250/sec; this value is too high.
This issue is resolved in release 3.1.6.
Real-time SUR is always generated if 'monitor' property set to 1
•
If the value of the `monitor' subscriber property is set to '1', the real-time SUR is always generated. It is generated even when the policy is configured not to generate this RDR.
This issue is resolved in release 3.1.6.
CPA: Query timeout is implemented in seconds instead of milliseconds
•
The CPA client query time out is implemented in seconds; it should have been implemented in milliseconds. (The default timeout should be 10 milliseconds but is implemented as 10 seconds.)
As a result, if the query result from the CPA server is delayed, the CPA client will not be able to handle other queries. This also affects the accessibility of the internal RDR-server, which has a stack on the waiting call.
This issue is resolved in release 3.1.6.
Unexpected effect of applying an old policy on new release
•
Applying a PQB file that contains a protocol pack DSS from a previous version (such as 3.0.6 and protocol pack #10) on a newer installed major release (such as 3.1.5) changes the application configuration settings due to a script that is executed by default.
A possible result of such an operation is traffic misclassification.
This issue is resolved in release 3.1.6.
Content Filtering-CPA client hangs when losing connection to the server
•
Given an HTTP URL, the CPA client queries the Surf Control Server for a category that is used to map the HTTP flow to a service. If the connection to the Surf Control Server becomes unavailable, the CPA client hangs and no further queries are made.
This issue is resolved in release 3.1.6.
L7 functionality is not supported for HTTP traffic that is not browsing
•
L7 functionality is not supported for HTTP traffic that is not classified by the protocol library as HTTP browsing (for example, Flash and HTTP download protocols). The features that are not supported for these protocols are: flavors classification (including contents filtering), redirection, subscriber notification, HTTP RDRs, and reporting of URLs. This also means that flows mapped to these protocols are not included in the Top Web Hosts report.
This issue is resolved in release 3.1.6.
Compatibility Information
For information regarding compatibility between Service Control components, refer to the Cisco Service Control Application for Broadband Download Guide.
Capacity Information
SCA BB 3.1.6 supports the following flow and subscriber capacity numbers, for the two main capacity options.
SCA BB Release 3.1.5
This module describes functional enhancements, backward compatibility, resolved issues, and capacity of SCA BB release 3.1.5.
•
•
•
Information About Functional Enhancements
The following sections list the functional enhancements in SCA BB 3.1.5. See the Cisco Service Control Application for Broadband User Guide for a complete description of these features.
•
•
Protocol Support
Refer to the Protocol Pack Notes for information regarding protocol support for Protocol Pack #11 (included in SCA BB 3.1.5).
Note
DSCP Marking Enhancements
SCA BB release 3.1.5 decouples DSCP marking from the SCE platform queuing mechanism and provides a simplified GUI configuration for DSCP marking based on seven possible DSCP values. After an application is classified by the SCE, the DSCP-marking functionality can mark the relevant packets per package, service, and traffic direction.
Managing MPLS-VPN Branches
SCA BB release 3.1.5 extends the functionality of managing an MPLS-VPN encapsulation as a managed subscriber by supporting the ability to define a branch or site as the managed subscriber. The solution provides DPI usage analysis and control per branch of an enterprise in an MPLS-VPN encapsulation.
Identifying Subscribers per VLAN ID and IP
SCA BB release 3.1.5 adds the ability to define a subscriber through a combination of VLAN ID and IP address range (subnet).
Flexible Subscriber Introduction
With the introduction of SCA BB release 3.1.5, the Radius Listener LEG component of the Subscriber Manager infrastructure can now leverage a Regular Expressions infrastructure for extracting and manipulating VSA attributes.
Configuration Wizards
SCA BB release 3.1.5 includes several configuration wizards for the SCA-BB policy client that enable the configuration of predefined use cases while hiding the configuration complexity of these use cases. This is achieved by walking the end user through the configuration steps and simplifying the configuration process, while making sure that all system elements are properly configured. At the end of the process, the device (SCE, CM, and so on) is configured and ready to go.
Report Coloring
SCA BB release 3.1.5 enhances the SCA BB Reporter by providing a coloring scheme that is persistent between different sessions of the Reporter. The release also provides the capability for a user to define colors for the datasets of the entities.
Information About Backward Compatibility
This section describes backward compatibility between SCA BB release 3.1.5 and earlier releases of SCA BB.
MPLSL3-VPN Encapsulation
SCOS 3.1.5 has improved the definition and context of a subscriber in an MPLSL3-VPN domain. While in previous releases a subscriber referred to all the traffic of a specific VPN mapped to a specific PE, in release 3.1.5 the MPLSL3-VPN subscriber can be defined as all the traffic from a specific CE. This is achieved by using the detailed subnet information of each CE and integrating it with the subscriber definition.
This change imposes backward compatibility issues and the definition of new interfaces for the specification of the CE as a subscriber in the MPLSL3-VPN domain. This new concept and mode of operation is the only one that is supported in release 3.1.5.
DSCP Marking
The concept of mapping traffic portions to a specific DSCP value has changed in release 3.1.5.
In previous versions of the SCA BB solution, the mapping was only possible based on the CoS (Diffserv Class of Service) to which the service was mapped. Starting with 3.1.5, it is possible to map each service to one of seven configurable DSCP values independently.
The old DSCP marking mode is no longer supported.
Information About Resolved Caveats
This section describes caveats that are resolved in SCA BB release 3.1.5.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Quota State Restore RDR should be issued at package change
•
The previous product behavior was to issue a Quota State Restore RDR only at login. The Quota State Restore RDR should be issued also when there is a package change (when the quota is managed externally).
This issue is resolved in release 3.1.5.
Content Filtering-CPA client hangs when losing connection to the server
•
Given an HTTP URL, the CPA client queries the Surf Control Server for a category that is used to map the HTTP flow to a service. If the connection to the Surf Control Server becomes unavailable, the CPA client hangs and no succeeding queries are made.
This issue is resolved in release 3.1.5.
Protocol pack installation process is not intuitive
•
After installing a protocol pack, the user must perform immediately a retrieve policy operation. The protocol pack installation process should prevent the user from applying a policy before the retrieve policy operation, as doing this results in unpredictable damage to the classification process.
This issue is resolved in release 3.1.5.
Remove 'lately used' setting from the Advanced settings dialog
•
The "Classification based on recent classification history enabled" option in the SCA-BB GUI 'Advanced settings' dialog is now obsolete and should be removed.
This issue is resolved in release 3.1.5.
Remove 'SW Filter tunables' from the Advanced settings dialog
•
The SW Filter tunables should not appear in the SCA-BB GUI 'Advanced settings' dialog.
This issue is resolved in release 3.1.5.
Quota State Restore RDRs should not be sent for internal quota
•
Quota State Restore RDRs are being generated for all subscribers who are logged in, irrespective of whether those subscribers have external quota management or internal quota management enabled. The expected behavior is that Quota State Restore RDRs should only be generated for subscribers who have external quota management enabled.
This issue is resolved in release 3.1.5.
Number of active subscribers reported to be more than total subscribers
•
The "Package usage RDRs" may sometimes report the number of active subscribers on a service to be more than the total number of subscribers active in the package.
This issue is resolved in release 3.1.5.
POP3 account not inserted into INFO_String field (Thunderbird)
•
When Thunderbird is used as the mail user agent, POP3 account is not inserted into the INFO_String field on Transaction RDR, even though Thunderbird successfully sends the POP3 account to the mail server.
This issue is resolved in release 3.1.5.
New service with SIP protocol and flavor does not appear in VoIP report
•
When a new service is created with SIP protocol and SIP flavor as service elements and assigned to a dedicated global counter, the new global counter does not appear with the VoIP services list under the VoIP reports.
This issue is resolved in release 3.1.5.
Oracle 10 error when running malicious traffic reports
•
When using Oracle 10, running one of the following reports produces only a 'Not a GROUP BY expression' error message and no report:
–
–
This issue is resolved in release 3.1.5.
Oracle 10 error when running Web and P2P reports
•
When using Oracle 10, running one of the following reports produces only an 'Invalid Identifier' error message and no report:
–
–
–
This issue is resolved in release 3.1.5.
Quick forwarding filtering documentation is misleading
•
The description of the Filtered-Traffic / Quick-Forwarding functionality in the Cisco Service Control Application for Broadband (SCA-BB) User Guide is misleading. The following improvements are suggested:
–
–
This issue is resolved in release 3.1.5.
Malicious Traffic reports showing wrong numbers
•
Malicious Traffic reports show wrong numbers when the action is set to 'Block'. The following reports are affected and show extreme numbers:
–
–
This issue is resolved in release 3.1.5.
Virtual links GC configuration pane may be shifted
•
On the pane displaying the GC configuration of the virtual links, the upstream and downstream GCs may not be available and may be shifted far to the right and almost not visible.
This issue is resolved in release 3.1.5.
Signature Editor does not limit searchable range
•
The Signature Editor must not allow users to configure substring search that searches a string in a range that exceeds 100 bytes. Searching a specific string within a wide range delays packet processing significantly which may trigger a traversal watchdog.
This issue is resolved in release 3.1.5.
Service configuration is not marked as changed after certain modifications
•
When a service configuration is modified in the console, its name is marked with an asterisk (*). For some changes the asterisk is not added.
This issue is resolved in release 3.1.5.
DSCP Markers can have empty names
•
A DSCP Marker can be assigned an empty name
This issue is resolved in release 3.1.5.
DSCP marking in filter rule not reflected in GUI
•
If DSCP marking is selected for a filter rule, this is not shown in the summary on the final page of the Add Filter Rule Wizard, nor in the summary of the filter rule list.
This issue is resolved in release 3.1.5.
Bypass and Quick Forward should be mutually exclusive in Filter Rule wizard
•
Bypass and Quick Forward should be mutually exclusive, but they are both checkboxes and so both can be selected.
This issue is resolved in release 3.1.5.
Cannot copy/paste from Problems View
•
This issue is resolved in release 3.1.5.
Compatibility Information
For information regarding compatibility between Service Control components, refer to the Cisco Service Control Application for Broadband Download Guide.
Capacity Information
SCA BB 3.1.5 supports the following flow and subscriber capacity numbers, for the two main capacity options.
SCA BB Release 3.1.1
This section describes functional enhancements, resolved issues, capacity, and known caveats of SCA BB release 3.1.1.
•
•
Information About Functional Enhancements
The following sections list the functional enhancements in SCA BB 3.1.1. See the Cisco Service Control Application for Broadband User Guide for a complete description of these features.
Protocol Support
The following table lists the new protocols that were added in SCA BB 3.1.1. These protocols are also available in Protocol Pack 10. (See the Cisco Service Control Protocol Pack download page for links to Protocol Pack 10 files and information.)
Note
Protocol Updates
The following table lists the protocols that were updated in SCA BB 3.1.1. These updated protocols are also available in Protocol Pack 10. (See the Cisco Service Control Protocol Pack download page for links to Protocol Pack 10 files and information.)
Information About Resolved Caveats
This section describes caveats that are resolved in SCA BB release 3.1.1.
•
•
•
•
•
Cannot install new OS from the SCA BB console
•
This issue is resolved in release 3.1.1.
Cannot apply service configuration created in SCA BB 3.0.6
•
Apply Protocol Pack pp08 in SCA BB 3.0.6, and create and save a service configuration.
Open the saved service configuration in SCA BB 3.1.0 console, and apply the service configuration. An error is returned.
This issue is resolved in release 3.1.1.
Cannot update Global Controller parameters via console after upgrade
•
After upgrading from SCA BB 3.0.6 to SCA BB 3.1.0, if any of the Global Controller parameters had nonintegral values, then all Global Controller parameters are not accessible through the SCA BB console. Clicking on the "Global Controller" menu option results in no action.
This issue is resolved in release 3.1.1.
In pull mode, the quota for the first flow is not accounted
•
When working in pull mode, the first flow of a subscriber is initially classified under the default package. Then, upon login, it is assigned to the proper package. The quota consumed during the time that the subscriber was assigned to the default package is lost.
This issue is resolved in release 3.1.1.
RDR RADIUS: no RDRs sent after PQI install or application assignment
•
IF RADIUS RDRs are being generated, and the RADIUS transaction rate is high, installing and applying a PQI means that no further RADIUS RDRs are generated.
This issue is resolved in release 3.1.1.
Compatibility Information
SCA BB 3.1.1 should be used with the following components:
For more information regarding compatibility between Service Control components, refer to the Cisco Service Control Application for Broadband Download Guide.
Capacity Information
SCA BB 3.1.1 supports the following flow and subscriber capacity numbers, for the two main capacity options.
SCA BB Release 3.1.0
•
•
•
•
Information About New Features
The following sections list the major new features in SCA BB 3.1.0. See the Cisco Service Control Application for Broadband User Guide for a complete description of these features.
•
Asymmetric Routing Classification
Routing protocols allow the creation of different routes for the upstream and downstream traffic of a flow. The result is that in some topologies the two directions of a flow do not pass through the same links and, therefore, not through the same SCE platform, which limits the ability to classify traffic. (This is most likely to occur when the insertion point for service control is at the peering point.) SCA BB 3.1.0 introduces the first step toward supporting classification when only one side of a flow traverses a specific SCE platform.
When the Cisco Service Control solution is deployed in an asymmetric routing environment and unidirectional classification is enabled, SCA BB classifies unidirectional flows more accurately while the classification accuracy of bidirectional flows is preserved. The SCE platform handles unidirectional flows independently, with no synchronization with other SCE platforms that might handle the flows in the opposite direction. Sizing should be performed when planning for deployment in such environments, since the transactions length is expected to be lower, reducing the effective SCE performance envelope.
In release 3.1.0, SCA BB can identify 56 distinct protocols based on only one flow direction, including the network's most common protocols, for example, HTTP, and P2P application protocols including BitTorrent, eDonkey, Encrypted eMule, Gnutella, Warez, POCO, PPStream, and PPLive.
Behavioral P2P
SCA BB release 3.1.0 introduces a new classification mechanism that identifies P2P application traffic according to networking characteristics common to all P2P applications.
The Behavioral P2P mechanism tracks events in subscriber traffic that may indicate the existence of a P2P application. These events are stored in an internal, stateful database and if a flow is not classified using any other protocol signature, the database is consulted. If the flow appears to match the characteristics of P2P traffic, it is classified to the Behavioral P2P protocol signature.
Classification to a specific P2P protocol signature has a higher precedence than Behavioral P2P classification. This allows the service provider to set specific actions to known P2P protocols, if required.
The Behavioral P2P mechanism allows the correct classification of flows from new P2P applications or new version of applications that do not yet have a protocol signature defined in SCA BB.
Virtual Links
Virtual Links is a new global bandwidth control model. In Virtual Links mode, the physical link is divided into a set of smaller "virtual" links, which are separately monitored and controlled. Each Virtual Link has its own set of global controllers, which are initially defined by a Virtual Link "Template". These global controllers can later be tuned dynamically according to need. The SCA Reporter provides per Virtual Link report capabilities similar to the per package capabilities.
A typical use case of this feature applies to cable modem operators, allowing them to enforce service tier policy per physical cable. Each physical cable can be managed and monitored as a virtual link within the SCE platform's physical link.
Each physical link (that is, sub-interface representing an aggregation point, such as VLAN, VC, or CableModem) can be managed and monitored as a virtual link within the SCE platform's physical link.
Protocol Support
The following table lists the protocols that were added in SCA BB 3.1.0. The table includes protocols that are also available in Protocol Pack 08. (See the Cisco Service Control Protocol Pack download page for links to Protocol Pack 08 files and information.)
Note
Protocol Updates
The following table lists the protocols that were updated in SCA BB 3.1.0.
Note
Information About Removed Features
This section describes the features removed in SCA BB release 3.1.0.
•
•
Generic Upload/Download Settings
Configuration of the Generic Upload/Download protocol has been removed from the GUI. Any non-default configuration of this protocol is lost.
Reporting of P2P File Extensions
The capability to extract and report file extensions of P2P download was removed. Hence, the Top P2P File Extensions report, which was produced based on this information, is no longer supported.
Information About Backward Compatibility
This section describes backward compatibility between SCA BB release 3.1.0 and earlier releases of SCA BB.
Layer 7 Filtering
Layer 7 filtering can be used to extend the operating envelope of the SCE platform. It allows the DHT, Gnutella, Gnutella 2 Networking, and Warez protocols to be filtered according to their Layer 7 characteristics. Like all other filtered flows, Layer 7 filtered flows are neither classified, controlled, nor reported. The flows of the filtered protocols are typically short and their overall volume is negligible, which means that filtering these protocols has little effect on network bandwidth and on the accuracy of the SCA BB reports.
The Layer 7 filters are enabled by default. Disable specific filters in the Advanced Options dialog box.
Information About Resolved Caveats
This section describes caveats that are resolved in SCA BB release 3.1.0.
•
Traffic Processing
This subsection describes caveats relating to traffic processing that are resolved in SCA BB release 3.1.0.
•
•
•
NTPv2 is misclassified as Skype
•
NTP captures taken by customer's NTP server contain UDP traffic sequence that match one of the Skype signature.
This issue is resolved in release 3.1.0.
Redirect not working immediately when trying same URL again
•
The first time a browser is redirected from a web address, the redirect works as expected. If at this point the subscriber enters the same address at the browser's address bar, the browser will display a blank page for approximately one minute.
This issue is resolved in release 3.1.0.
DSS may cause SCE to reboot
•
Dynamically loaded signatures (DSS) that contain a deep inspection clause for substring search may cause SCE vulnerability by triggering the internal protection mechanism (watchdog).
This issue is resolved in release 3.1.0.
HTTP URL extraction should be limited in size
•
Extraction of extremely long URLs may cause SCE vulnerability by triggering the internal protection mechanism (watchdog) due to timeout for HTTP URL parsing.
This issue is resolved in release 3.1.0.
Traffic Accounting and Reporting
This subsection describes caveats relating to traffic accounting and reporting that are resolved in SCA BB release 3.1.0.
•
•
•
Counting problem for protocols with different measurement method
•
SCA BB tracks sessions' time duration of VoIP protocols in two modes. The first accounting mode is for VoIP protocols where a single voice session runs over a single flow carrying both media and control data. In this case, SCA BB accounts and reports the flow's time duration. The other accounting mode is for VoIP protocols where a single voice session runs over multiple flows: a control channel and one or more media channels. The SIP protocol is one example of this type of VoIP protocol. For these VoIP protocols, SCA BB accounts and reports the time duration of the media channels only.
Service counters' accounting mode can be one of the two types described above. This means that a service counter can count the time duration of only one type of VoIP protocol. If a service counter is assigned VoIP protocols of different types, it will operate in the mode determined by the majority of protocols. The time duration of protocols not matching the assigned service counter mode is not accounted for.
In SCA BB 3.1.0, the VoIP services hierarchy and service counters assignment were restructured to obtain accurate VoIP call duration accounting and reporting. This change was applied to the default service configuration only. To correct the accounting of an existing service configuration, amend the service configuration using the service configuration editor.
The VoIP protocols that have sessions with separate flows for the control channel and media data are: SIP, H323, MGCP, Skinny, Yahoo VoIP over SIP, ICQ VoIP, Primus, and PTT Winphoria SIP. These protocols should not be assigned service counters with other protocols, including other VoIP protocols.
This issue is resolved in release 3.1.0.
Malicious Traffic RDR timestamps have mismatch
•
The END_TIME field in MALUR RDRs is skewed by an amount of time equal to the offset from GMT configured in the SCE.
This issue is resolved in release 3.1.0.
Discrepancy in reported call minutes between Link and Media Reports
•
The call minutes reported in RDRs for SIP and Skype calls differ between RPT_MEDIA and RPT_LUR. The RPT_LUR field will, in some cases, be consistently higher (by up to 10%) than the corresponding RPT_MEDIA field.
This issue is resolved in release 3.1.0.
Traffic Control
This subsection describes caveats relating to traffic control that are resolved in SCA BB release 3.1.0.
•
•
•
•
•
QP session limit allows Number of Sessions + 1 before applying breach action
•
When working with External or Internal Quota Provisioning and limiting the number of sessions, subscriber is allowed for one extra session than his quota allows him.
This issue is resolved in release 3.1.0.
QP redirected (due to quote depletion) sessions are counted as used
•
When subscriber reaches depletion he will be redirected to the notification destination URL. The sessions for which the subscriber was redirected upon are also being counted as used sessions so if the next quota event will be Add Quota, those redirected sessions will be reduced from the amount of sessions this subscriber is now allowed to have.
This issue is resolved in release 3.1.0.
Internal quota with SM pull mode not working properly
•
When using SM in pull mode, with internal quota, a subscriber will not get the configured quota upon login. When traffic is consumed, this subscriber will enter a breach state.
This issue is resolved in release 3.1.0.
Quota Replenish Scatter - does not work as expected
•
Quota management is configured to work in periodical mode, that is, subscriber quota is replenished every hour or day, and quota replenish is scattered around the due time, which is either on the hour or at midnight.
Subscribers whose quota should be replenished before the top of the hour (half of all subscribers) constantly get new quota during the time between their scheduled quota replenish and the top of the hour. For instance, a subscriber that is scheduled for new quota at 11:50 does not receive new quota at 11.50, but at some time between 11:55 and 12:00.
This issue is resolved in release 3.1.0.
Concurrent session limitation is not working
•
Concurrent session limitation might not be enforced properly after applying a new limitation and in particular in transition between unlimited policy and a limited one, and vice versa. The incorrect limitations enforcement applies only to subscribers that have open sessions at the time of the policy change. A concurrent session limit change can be due to applying of a service configuration or a change in the subscriber's package.
This issue is resolved in release 3.1.0.
Miscellaneous
This subsection describes miscellaneous caveats that are resolved in SCA BB release 3.1.0.
•
•
•
•
Services are sometimes shown by number in reports
•
In extremely rare cases, the Reporter will show certain services by their numbers instead of by their symbolic names. The problem occurs in the second apply when a policy has been applied via the console, then modified by renaming, adding, or deleting services and reapplied.
This issue is resolved in release 3.1.0.
Subscriber import exception for site with SCE having no service configuration applied
•
Importing subscribers into the SM may produce an error message when one or more SCEs in the domain are not reachable or do not have a service configuration applied.
This issue is resolved in release 3.1.0.
Enable/disable of Anomaly Detection does not enable/disable the attack filter
•
Enabling or disabling of the Anomaly Detection in the SCA BB Console does not enable/disable the attack filter.
This issue is resolved in release 3.1.0.
PQI install is not saving all the application configuration
•
A PQI install (by CLI) does not save the configuration of RDR tag mapping to categories and the packageId per template index.
If the SCE is then rebooted without a prior apply, this configuration is cleared.
This issue is resolved in release 3.1.0.
Compatibility Information
SCA BB 3.1.0 should be used with the following components:
For more information regarding compatibility between Service Control components, refer to the Cisco Service Control Application for Broadband Download Guide.
Capacity Information
SCA BB 3.1.0 supports the following flow and subscriber capacity numbers, for the two main capacity options.
Open Caveats
Traffic Processing
This section describes open caveats in SCA BB release 3.1.6 that relate to traffic processing.
•
Traffic Classification
This subsection describes open caveats in SCA BB release 3.1.6 that relate to traffic classification.
Limitations when working with VLANS/VPNs with overlapping IPs
•
When SCA BB is deployed in an environment where it is required to analyze traffic in VLANs/VPNs with overlapping IP addresses, some of its capabilities, which rely on uniqueness of IP addresses in the network, do not function:
–
–
Many reports in the following categories rely on IP uniqueness:
–
–
–
–
–
–
Unexpected flow classification after adding service element with non-default zone
•
The same flow can be classified to different services, depending on a zone configuration that seems unrelated. This occurs after you define a new port-based protocol and then create a new service, adding a service element with the new protocol and a non-default zone to the service. Flows that match the new protocol but do not match the zone of the service element will now be mapped to the Default Service.
The following steps illustrate this. The unexpected flow classification occurs at step 6.
1.
2.
3.
4.
5.
6.
7.
Workaround:
Add the service element <New port-based protocol, Initiated by either side, *, *>to an existing service. (You can also define a new service for this purpose.) Once you do that, transactions using the specific protocol but with network IP addresses that do not match the specific zone, will go to the less specific service.
For the example given above, add the service element <doom2, Initiated by either side, *, *>to the "Generic TCP" service.
Flow capacity deteriorates when HTTP URL table is full
•
In release 3.0.0, the limit for the number of items in the HTTP URL list was increased from 10K to 100K. Note that adding more than 10K items to the list affects flow capacity. Using 100K list items can degrade system capacity by up to 50K flows compared with the capacity numbers presented in Capacity Information.
Traffic Accounting and Reporting
This subsection describes open caveats in SCA BB release 3.1.6 that relate to traffic accounting and reporting.
Concurrent sessions reported by SCE application lower than open flows reported by SCE platform
•
The number of concurrent sessions reported by the SCE application can sometimes be lower than the number of open flows in the SCE platform counters. In certain services, such as VoIP and FTP, a single session is made of more than one flow. The SCE platform counters track flows, rather than sessions, and therefore may show higher values. In addition, flows with no payload are tracked by the SCE platform counters, but not by the SCE application counters.
Skype reporting limitations
•
Skype call detection is done using a heuristic analysis of Skype traffic, which makes call detection in Skype less accurate than in other VoIP protocols, and introduces the following limitations:
–
–
•
Clarification regarding VoIP accounting
•
The following MIB counters and fields in the Link Usage RDR and the Package Usage RDR require clarification:
–
–
–
–
–
–
–
–
–
–
Incorrect Values in Session ID field in RTSP TUR
•
When enabling TUR RDRs for RTSP, the session ID field in RTSP TUR contains incorrect values due to the session ID being extracted from the wrong place in the RTSP packets.
Traffic Control
This subsection describes open caveats in SCA BB release 3.1.6 that relate to traffic control.
Virtual links is not supported for the SCE1010 platform
•
Applying a service configuration fails on SCE1010 when virtual links mode is switched on. Hence, virtual links is not supported for SCE1010 platforms.
Quota Threshold RDRs are not supported for Number of Sessions bucket
•
When working in the QM with a Number of Sessions bucket and with dosage less than quota, when the dosage given to the SCE is fully used a new session will be blocked even if there is still quota in the QM, since there are no Quota Threshold RDRs. This (blocked) session will trigger a Threshold RDR (and threshold notification to the QM); therefore the next session will succeed.
For example, if the dosage size is 5 sessions, every 6th session will be blocked and will fail.
Workaround:
Always set the dosage size equal to the quota size when working with a Number of Sessions buckets.
SCA BB Console
This section describes open caveats in SCA BB release 3.1.6 that relate to the SCA BB console.
General
This subsection describes open caveats in SCA BB release 3.1.6 that relate to general issues concerning the SCA BB console.
A PQB file is saved when Save is selected from tools other than the Service Configuration Editor
•
Selecting Save from any tool in the SCA BB Console saves the currently open PQB configuration file, even if that is not the appropriate file type for the tool.
Limitations in navigating from the Reporter to the Service Configuration Editor
•
SCA BB allows users to navigate from a report to the corresponding service configuration entity. For example, right-clicking a service name in the report's legend can take you to the service definition in the Service Configuration Editor. However, the system can navigate only to the PQB file that is currently open in the SCA BB console.
GUI crashes when creating many service rules
•
When a very large number of rules are added under a package, the SCA BB console may crash.
After applying a service configuration, service and package names are not refreshed in the Reporter
•
Service and package names are not refreshed automatically in the Reporter after applying changes in the SCA BB Console.
Workaround:
Refresh the templates manually.
Installation
This subsection describes open caveats in SCA BB release 3.1.6 that relate to installation of the SCA BB console.
Network Navigator configuration not removed when SCA BB Console uninstalled
•
When the application is uninstalled, the Network Navigator configuration (sites and devices) is not deleted, but instead is kept for future SCA BB Console installations. \
Workaround:
To clear these settings, manually delete the following folder:
C:\Documents and Settings\<username>\.scasbb300
Uninstalling while GUI is open
•
Running the uninstaller while the SCA BB Console is open, can fail; however, no warning is given when starting the uninstallation. Close the SCA BB Console before running the uninstaller.
Must uninstall SCA BB Console before reinstalling it
•
You must uninstall the SCA before reinstalling it. Do not install the SCA on top of an existing installation.
Network Navigator
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Network Navigator.
Two identical devices can be created
•
The console permits the creation of two (or more) identical devices (with the same name or the same IP address).
Incorrect error message for failure to connect
•
If you mistakenly provide the IP address of a device of a different type (for example, adding an SCE but with the IP address of an SM) connecting to this device will fail; the error message that is issued does not correctly identify the problem.
Concurrent operations on the same SCE platform are not supported
•
Concurrent operations, such as applying a configuration and extracting a support file simultaneously, on the same SCE platform are not supported. Wait for one operation to finish before beginning a second operation.
Updating CM with service configuration values in a NAT environment
•
When applying a service configuration to the SCE, the Network Navigator also updates the relevant CM with service configuration values, such as service and package names, that are later shown by the Reporter.
The Network Navigator takes the CM IP address from the SCE platform RDR-formatter definitions. With certain topologies (such as in a NAT environment), this IP address might not be accessible by the Network Navigator, and a different CM IP address should be used. The engage.ini preferences file can be used to remap CM IP addresses from the SCE platform RDR-formatter definitions to IP addresses to which the Network Navigator can connect.
The "dc.ip.remap.<n>=<address1>,<address2>" property in the engage.ini file defines a mapping between IP addresses. For example, the entry " dc.ip.remap.1=10.1.12.224,212.194.11.27 " means that if the SCE RDR formatter destination is 10.1.12.224, the Network Navigator should update the CM at 212.194.11.27.
The engage.ini file can be found and edited at the following location:
<scas-bb-console-installation>/plugins/policy.contribution/config
which usually maps to:
C:\Program Files\Cisco SCAS\SCAS BB Console 3.0.0\plugins\policy.contribution_1.0.0\config\engage.ini
Service Configuration Editor
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Service Configuration Editor.
New protocols not assigned automatically to services in old PQB files
•
When upgrading old PQB files, new protocols do not get assigned to any service. Signature-based protocols that are not assigned to a service are classified as Generic TCP, even if the flow itself is UDP.
Workaround:
Manually assign protocols to a service using the SCA.
Subscriber Manager GUI
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Subscriber Manager GUI.
Window buttons disappear, cannot work with the Subscriber Manager
•
Under certain circumstances, adding a subscriber to the SM (from the Subscriber Manager GUI) fails. If this happens, the window buttons disappear.
Signature Editor
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Signature Editor.
Merging a custom DSS with a protocol pack
•
If you have created a DSS in the Signature Editor, and would also like to install a protocol pack, you need to merge the DSS with the signatures in the protocol pack. To do this, follow these steps:
1.
2.
3.
Reporter
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Reporter.
Reporter sometimes shows service number instead of service name
•
In unusual circumstances, the Reporter shows some service numbers instead of the symbolic name.
The problem occurs after a policy has been applied to an SCE platform via the SCA BB Console, modified (by renaming, adding, or deleting services) and then reapplied.
This occurs only in SCA BB 3.0.5.
Workaround:
Save the service configuration and close the SCA BB Console, then reopen the Console and apply the service configuration.
Configuration Management
This section describes open caveats in SCA BB release 3.1.6 that relate to configuration management.
General
This subsection describes open caveats in SCA BB release 3.1.6 that relate to general issues concerning configuration management.
Installing the PQI on the SCE with a non-default capacity option
•
SCA BB flow and subscriber capacity numbers can be tuned during the installation by selecting the appropriate capacity option. See Capacity Information, for available capacity options for each SCE platform type.
To install the PQI on the SCE with a non-default capacity option, you should install the PQI using CLI, and specify the name of the capacity option on the 'options' modifier of the PQI install CLI command.
For example, to install the PQI with 'SubscriberLessSCE2000' capacity, use the following CLI commands:
#>configure (config)#>interface LineCard 0 (config if)#>pqi install file eng30037.pqi options capacityOption=SubscriberLessSCE2000SCE log and SNMP traps when a service configuration is applied
•
Apply operations are logged in the SCE user log, with the origin file name and host. This can be viewed in SCE CLI in the following manner:
#more user-log ... 2005-12-18 10:20:54 | INFO | CPU #000 | Engage Policy Applied: username@hostname/64.103.125.159, filename.pqb, Fully-Functional, 6(+1)Packages, 38 Services ...The SCE also generates an SNMP trap with a similar message after a service configuration is applied.
Problem applying pre-3.1.5 service configurations to SCA BB 3.1.5 and higher
•
There is a problem applying some service configuration/PP combinations (3.0.6PP#10, 3.1.0PP#10, 3.1.0PP#12) to SCA BB 3.1.5 installed with PP#12 and higher or 3.1.6 PP#13 and higher.
For example:
1.
2.
3.
4.
The following error is displayed:
1/24/08 3:00:21 PM IST | ERROR | Protocol Pack Installation on 'SCE 315' [192.118.77.20]: Operation failed: Error while importing DSS: Item uniqueness violation error: duplicate Protocol Element
Service Configuration API
This subsection describes open caveats in SCA BB release 3.1.6 that relate to the Service Configuration API.
Backward compatibility with SCA BB 2.5 Service Configuration API
•
Package and class name changes: The Service Configuration Management API has changed in SCA BB 3.0.0, to accommodate new product naming conventions. Nevertheless, the older API classes and methods can still be used.
Note, however, that the Service Configuration Editing API in SCA BB 3.0.0 has been significantly changed, and is generally incompatible with 2.5.
CSV file format changes: SCA BB introduces a new format for CSV files of HTTP URL lists. For backward compatibility, SCA BB 3.0.0 Service Configuration API allows importing CSV files of HTTP URLs in the old 2.5 formats.
API apply does not work with Java 1.4
•
API apply works only with Java 1.5 for the SCE2000.
Under Java 1.4 java.lang.NoSuchMethodError appears in the Error Log.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
Feedback