New and Enhanced Software Features for Cisco IOS XE Amsterdam 17.2.1r

New and Enhanced Features for Cisco IOS XE Amsterdam 17.2.1r


Note

Cisco IOS XE Amsterdam 17.2.1r is the first release for Cisco ASR 1000 Series Aggregation Services Routers in the Cisco IOS XE Amsterdam 17.2.1 release series.

Note

When you upgrade from one IOS XE release to another, you may see %Invalid IPV6 address error in the console log file. To rectify this error, enter global configuration mode, and re-enter the missing IPv6 alias commands and save the configuration. The commands will be persistent on subsequent reloads.


  • 6VPE over DMVPN with IPv6 Transport—This feature supports multi-tenant IPv6 LAN prefixes. You can create these prefixes using an IPv6 DMVPN transport over the IPv4 overlay neighborship.

  • MAG or customer-specific SLA Configuration—This feature lets you configure MAG and customer-specific SLA to enable or disable IP SLA probes for PMIPv6 multipath management. To change the IP SLA probe parameters, use the enable-sla command.

  • Install and Deploy Cisco IOS XE and Cisco IOS XE SD-WAN Functionality on Edge Router—This feature supports the use of a single universalk9 image to deploy Cisco IOS XE SD-WAN and Cisco IOS XE functionality on all the supported devices. This universalk9 image supports two modes - Autonomous mode (for IOS XE features) and controlled mode (for SD-WAN features).

  • Fail Close Revert Mode—This feature lets group members remove the downloaded key server policy when there is no rekey or the group member is not able to re-register to the key server, and therefore return to the fail close mode.

  • Partial Configuration on CPE—This feature supports use of Download RPC and Transfer Complete RPC to apply partial configuration on a CPE. It helps in the configuration of the CPE using download RPC method in CWMP instead of a manual configuration.

  • Enhanced VRF option for TCL socket—In this release, the -myvrf keyword is added to the fconfigure command. This command specifies the options in a channel and enables you to associate a VRF table name with it.

  • Support for configuring GRE in tunnel encapsulation mode —You can now configure a GRE tunnel in tunnel encapsulation mode in addition to the existing support for UDP tunnels.

  • QSFP-40/100-SRBD support

  • MACSec on Port Channel—This feature lets you configure MACsec encryption support on port channels therefore increasing the security of the traffic.

  • Improving NAT 44 performance—This enhancement introduces ip nat settings high command that allows high connection set up rate for non-ALG NAT traffic.

  • VPN-ID in NetFlow exported packet—This feature helps in identification of VPN using the MPLS VPN-ID.

  • Ingress and Egress Accounting MIB—This feature allows the user to access all VxLAN accounting information in a single SNMP request.

  • DHCP unicast support on IOS-XE—This feature introduces support for unicast mode on DHCP. This helps with splitting the horizon therefore improving security of the network.

  • Block BGP Dynamic Neighbor Sessions—This feature allows you to block a router from establishing BGP dynamic neighbor sessions with certain nodes in a BGP peer group - these nodes are identified with their IP addresses. The ability to shut down or prevent the creation of BGP dynamic neighbor sessions is useful when a peer needs maintenance.

  • Support for Spoke Nodes as P Nodes in MPLS over DMVPN Phase 3—This feature helps you configure a spoke node as either a P node or PE node in an MPLS over DMVPN deployment. To configure the spoke node, MP-BGP redistributes the route or label information between the spoke node and a PE node behind it.

  • LISP Support for TCP Authentication Option—This feature helps you configure TCP Authentication Option (TCP AO) to prevent spoofed TCP segments in the sessions between an ETR and an MS.

  • EBGP Route Propagation without Policies— This feature helps you configure an EBGP router to not propagate routes to and from an EBGP neighbor, when at least one inbound and one outbound policy are not configured for the neighbor.

  • Debug commands for PIM and VRF — This release introduces debug commands for VRF (debug condition vrf) and PIM (debug ip pim)details. The debug condition vrf command lets you limit the debug output to a specific virtual routing and forwarding (VRF) instance. The debug ip pim command displays PIM packets received and transmitted, as well as PIM related events.

  • CUBE: Fax detect for IP-IP flows on IOS XE platform — This release introduces support for fax detection for SIP calls and transfer on Cisco IOS XE platforms.

  • gNMI Protocol— This release introduces support for gNMI protocol on ASR 1000 routers.

New Hardware Supported for Cisco IOS XE Amsterdam 17.2.1r

  • ESP-100X and ESP-200X—Cisco ASR 1000 ESP100-X and ESP-200X are QFP-based embedded services processors for the Cisco ASR1000 Series Routers. These ESP's are based on third-generation QFP ASIC. The ESP100-X contains one, third-generation QFP ASIC and the ESP200-X contains two, third-generation QFP ASIC.

Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.2.1r

Resolved Bugs for Cisco IOS XE Amsterdam 17.2.1r

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Caveat ID Number

Description

CSCvg79330

enable platform ipsec control plane conditional debug might cause FP/QFP IPsec outbound SA leak

CSCvp72039

Ucode crash in infra with injected jumbo packet

CSCvq43550

C1111-4P doesn't restart authentication for "clear authen session" if "authen open" the port

CSCvq47444

CLI "config-exchange request" for any ikev2 profile has inconsistent behavior between IOS and confd

CSCvq71864

Crash after executing "show archive config differences"

CSCvq75610

freed rpi_parent is hit when deleting parent route by route update event

CSCvq81620

Router crashes with ZBF HA sync.

CSCvq85556

QoS configuration download failed when device reloading

CSCvq85913

FlexVPN with password encryption -- after primary key change password in profile is not working

CSCvq87063

getvpn suiteb:KS sends delete payload to gm's while scheduled rekey after primary KS dead/readded

CSCvq90361

NHRP process crash on using same tunnel address on multiple spokes

CSCvq91046

ASR1k crash in NAT code when processing PPTP traffic

CSCvq93850

Passive FTP will fail when going over NAT and either client or server are off a SM-X-ES3

CSCvq98095

Gi0/0/0 interface stays up/up and LED green after cable removed

CSCvq98949

ASR1000-RP3: Punt Keepalive Failure (Punt LINK DOWN) or RP FREEZE

CSCvq98999

ISR4451-X / 16.09.01 / Crash when IPSEC SA installation fails

CSCvq99498

Crashes when trying to bring-up / bring-down IPsec crypto session for OSPFv3

CSCvr00983

Unrecoverable Error with PVDM in 0/4 and Thule+dreamliner in 1/0 on ISR4300

CSCvr01327

incorrect Total number of translations on show ip nat translations

CSCvr01454

Punt fragment crash when receive EoGRE packets which have many fragments

CSCvr05193

IOS PKI | Intermittently SubCA fails to rollover

CSCvr05214

NAT translation table is removed before IKE SA deleted when idle timeout occur

CSCvr06666

ISR4K Router CPP ucode Crash due IPv4 Fragmented packets

CSCvr12395

vManage push "media-type rj45" when trying to configure duplex on ISR1k

CSCvr15127

ASR1K/ISR4K Calls fade to no-way audio due to media inactivity detection after 20 minutes

CSCvr17167

High memory utilization under "ezman" due to excessive parity error logging

CSCvr17169

qfp ucode crash with media monitor

CSCvr18570

When user cancel Call Forward All from the analog phone, user can't hear the confirmation tone

CSCvr24498

keyman_rp Memory Leak

CSCvr26524

Crash due to NBAR classification

CSCvr27554

ASR1000-RP2/ASR1000-RP3: OIR after clock set doesn't save the time in RTC

CSCvr27777

ASR1k - Egress byte count is innacurate

CSCvr31188

GETVPN gikev2 Secondary KS doesn't push new policy after merging split condition

CSCvr33415

Router may crash unexpectedly with Segmentation fault(11), Process = DSMP

CSCvr39932

IPSEC install failed IPSEC_PAL_SA shows "unexpected number of parents"

CSCvr42776

FMAN crashed after firewall reconfiguration

CSCvr42823

Umbrella local domain bypass list is not programmed to DP, FMFP-3-OBJ_DWNLD_TO_DP_FAILED

CSCvr45917

ASR1K DSP MIB cdspTotalChannels not responding

CSCvr48349

ESP ucode crashed when running NAT with bpa (CGN)

CSCvr55746

Device becomes unresponsive when configuring l2vpn context

CSCvr57565

MGCP Calls with SRTP fail to connect with Cause Value=47 due to T.38 calls

CSCvr61217

GetVPN-ISR4461// Getvpn traffic is failing with Transport mode with all the versions.

CSCvr65986

ISR1K: dot1q-tunneling ports broadcast unknown unicast traffic to all other local switch ports

CSCvr76534

ISR4k : Crash seen at Process Exec

CSCvr87906

ISR4461: Large un-fragmented IPSEC packets cause router to crash

CSCvr89957

CFT crashed frequently

CSCvr89973

NIM interfaces go into shutdown after router bootup.

CSCvr93969

C9800:ISSU: wncd crash@ crypto_engine_pk_crypto during ISSU downgrade scenario

CSCvr96597

IOS-XE crash after doing a SCEP enrollment

CSCvr99034

ISR 4K router crash during updating the OpenDNS bypass whitelist

CSCvs00410

MKA session up but unable to pass data across link using AES-256-XPN cipher

CSCvs02000

%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space

CSCvs04194

Process = Exec crash seen on dmap longevity testbed with clear cry sa peer several times

CSCvs05043

ESP40 crash in CGN mode after apply "ip nat setting mode cgn" and "no shut" interface

CSCvs07609

Portchannel stats not working on ASR1002-HX

CSCvs08681

Crash triggered with IPv6, IPv4, PPPoE, PortChannel and NAT

CSCvs09052

ASR1K OTV: Incorrect MAC address count on EFP/BD QFP stats

CSCvs13960

IWAN High CPU and Memory

CSCvs18317

C1111X-8P Sku tagged to 4P software tag incorrectly

CSCvs29535

IWAN crash related to DCA channel

CSCvs46484

Standby RP2 crashes on ASR1009-X due to bulk sync in l2fib.

CSCvs60195

ASR1K ucode crash after too many locks in ZBF pair setup

CSCvs70052

ALG with NAT trigger a crash when a DNS writeback occurs

CSCvs86573

Connect message is never forwarded to the calling side

CSCvs96719

ASR1k: Unicast DHCPREQUEST dropped when received on a EoGRE tunnel configured with VRF

Open Bugs for Cisco IOS XE Amsterdam 17.2.1r

All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Caveat ID Number

Description

CSCvh24730

PfRv3: Crash while Printing the Same TCA Message

CSCvp88044

Performance Monitor crash

CSCvt15551

Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low

CSCvt33799

Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI.

CSCvs30625

SRTP-RTP Crash on ASR with GCM Ciphers

Related Documentation