About Cisco ASR 1000 Series Aggregation Services Routers

The Cisco ASR 1000 Series Routers carry a modular yet integrated design, so network operators can increase their network capacity and services without a hardware upgrade. The routers are engineered for reliability and performance, with industry-leading advancements in silicon and security to help your business succeed in a digital world that's always on. The Cisco ASR 1000 Series is supported by the Cisco IOS XE Software, a modular operating system with modular packaging, feature velocity, and powerful resiliency. The series is well suited for enterprises experiencing explosive network traffic and network service providers needing to deliver high-performance services.

Cisco ASR 1000 Series Routers are available in this options:

  • Cisco ASR 1001-X Router

  • Cisco ASR 1002-X Router

  • Cisco ASR 1001-HX Router

  • Cisco ASR 1002-HX Router

  • Cisco ASR 1004 Router

  • Cisco ASR 1006 Router

  • Cisco ASR 1006-X Router

  • Cisco ASR 1009-X Router

  • Cisco ASR 1013 Router

For more information on the features and specifications of Cisco ASR 1000 Series Routers, refer to the Cisco ASR 1000 Series Routers datasheet.


Note

Cisco IOS XE Bengaluru 17.6.1a is the first release for Cisco ASR 1000 Series Aggregation Services Routers in the Cisco IOS XE Bengaluru 17.6.x release series.



Note

Starting from IOS XE 17.5, the following consolidated platforms(or with dual IOSd ))will move to monolith packaging and therefore it will not be possible to upgrade/downgrade using separate packages.

  • ASR1001-HX

  • ASR1001-X

  • ASR1002-X

  • ASR1002-HX


Instead use the command install add file bootflash:<file name> activate commit command to upgrade using a single image that combines all the separate packages therefore improving the boot time

Starting from IOS XE 17.6, the ISSU on Cisco ASR 1000 Series Aggregation Services Routers will migrate to an install workflow that provides step-by-step upgrade/downgrade commands.

The ISSU load version commands will be deprecated and these commands include:

  • abortversion,

  • acceptversion,

  • checkversion

  • commitversion

  • config-sync

  • image-version

  • loadversion

  • runversion

Additionally, dual IOSd ISSU commands and Bundle mode ISSU workflows will also be disabled.


Note

The In-Service Software Upgrade(ISSU) in ASR 1000 is being migrated to an install workflow that provides a step-by-step upgrade/downgrade. Starting from IOS-XE 17.6.1a, the following items will be disabled:

  • The ISSU load version command set including issu loadversion , issu runversion , issu acceptversion and issu commitversion

  • Dual IOSd ISSU commands

  • Bundle mode ISSU workflow



Note

Starting with Cisco IOS XE 17.3.x, with the introduction of Smart Licensing Using Policy, even if you configure a hostname for a product instance or device, only the Unique Device Identifier (UDI) is displayed. This change in the display can be observed in all licensing utilities and user interfaces where the hostname was displayed in earlier releases. It does not affect any licensing functionality. There is no workaround for this limitation.

The licensing utilities and user interfaces that are affected by this limitation include only the following:

  • Cisco Smart Software Manager (CSSM),

  • Cisco Smart License Utility (CSLU), and

  • Smart Software Manager On-Prem (SSM On-Prem).


New and Enhanced Software Features

Table 1. New Software Features in Cisco 1000 Series ASR Release Cisco IOS XE 17.6.x

Feature

Description

Asymmetric Lease for DHCPv6 Relay Prefix Delegation:

This feature allows you to manage or change the lease renewal. It provides options to force renewal of lease and also detects when the lease is nearing the expiry date.

BGP Serviceability Enhancements for EVPN and MVPN

This feature includes the following enhancements

  • MAC address format for Type-2 EVPN routes: This enhancement provides three different Mac address formats suitable for various components such as L2RIB, CEF and EVPN.

  • EVPN Type-2 and Type-5 Routes Checking: This enhancement provides an updated output for the show ip bgp l2vpn evpn command. The updated output removes redundant keywords for Type-2 and Type-5 routes, and filters and retrieves matching routes based on both MAC and IP address.

  • MVPN/EVPN Routes Check Simplification: With this enhancement, users can avoid manual re-typing of key fields and directly copy details from the show ip bgp l2vpn evpn and show ip bgp ipv4 mvpn summary outputs.

Best Practices for Increased Scaling of IS-IS Neighbors:

This enhancement introduces commands that let you configure increase scaling of neighbors in a hub and spoke deployment using the following criterions

  • Reducing flooding over parallel peer to peer links

  • Staggered synchronization of adjacencies after router reload

  • Configuring CLNS queue size and monitoring CLNS and IS-IS queues

BMP Per-Peer Header Timestamp:

  • By default, the BMP messages with per-peer header contain timestamps. The system time is used as a timestamp in these messages. To notify users about this enhancement, the show ip bgp bmp server summary command output includes the message - "BGP Message Timestamp will be sent to BMP Servers".

  • CFM operation and action model: This feature introduces a NETCONF/YANG model to perform the following functions:

    • Display Ethernet CFM maintenance-points data for local MEP, local MIP, remote MEP, or database.

    • Activate or deactivate CFM latching loopback and start or stop OAM remote loopback.

    • This model helps you to gain more visibility into the timing of the service operations and manage network devices from a centralised orchestration application such as Cisco DNAC.

      For more information, see Programmability Configuration Guide.

IEEE802.1ad Support on Port-channel and Subinterfaces:

This feature supports configuring IEEE802.1ad on port-channel, port-channel subinterfaces and port-channel member links with configurable ethertypes, in addition to configuration on physical interfaces.

L2VPN Traffic SteeringUsing SR-TE Preferred Path:

This feature allows you to configure an SR policy as the preferred path for a VPWS or VPLS pseudowire. VPWS or VPLS pseudowires between same PEs can be routed over different SR policies based on the requirements.

Pyang version 2.x

The updated pyang plugin version 2.x fixes existing issues such as XPATH validation and upstream pyang issues. Additionally, this version reports all errors in the YANG models to the users and enforces a strict model validation.

Redistribution of leaked routes into BGP:

  • Allows you to leak (or replicate) routes between the global VRF and service VPNs, and redistribute the leaked routes into the destination protocol BGP. The redistribution of the leaked routes occurs after replicating the routes into the corresponding VRF. Route leaking allows you to share common services that multiple VPNs need to access. The source protocols that support route leaking and redistribution of routes into the destination protocol BGP are as follows:

    • Connected

    • Static

    • BGP

    • OSPF

    • EIGRP

Secure Factory Reset:

The Secure Factory Reset feature introduces the factory-reset secure all command that you can use to erase the contents of the bootflash memory, and securely reset the device using 3-pass overwrite method.

Zone-Based Firewall Reclassification:

The Zone-Based Firewall (ZBFW) Reclassification feature is an enhancement to the Zone-Based Firewall feature. With this enhancement, any changes you make to the policy configuration on an existing firewall session is immediately enforced.

Voice: Class of Restriction YANG Configuration Model:

YANG models were developed for the following CLIs as part of the Class of Restriction configuration:

  • dial-peer voice <tag> pots/voip corlist

  • dial-peer voice vad

  • dial-peer cor custom name <string>

  • dial-peer cor list <string> member <string>

  • voice num-exp <string1> <string2>

  • voice register pool <string> [no] cor {incoming | outgoing} cor-list-name {cor-list-number starting-number [- ending-number] | default}


Note

From Cisco IOS XE Bengaluru 17.6.x, configuring a weak crypto algorithm generates a warning message. However, you can ignore this warning because the working of crypto algorithms is not impacted. For more information on weak crypto algorithms, see Supported Standards.


Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.

Resolved and Open Bugs for Cisco IOS XE Bengaluru 17.6.x

Resolved Bugs in Cisco IOS XE Bengaluru 17.6.3a

Caveat ID Number

Description

CSCvy63924

Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command.

CSCvx40516

17.5 ZBFW + NAT: Traffic flow In2Out scenario failed

CSCvy73165

ASR1000 HX,GD:10G interfaces supports multirate:Mismatch in autoneg/speed in sh run and sh sdwan run

CSCwa26509

Shut/no shut of endpoint-tracker attached tunnel, doesn't create probe again on 17.6.2.

CSCvz98373

ZBFW : FirewallPolicy drops seen with RTSP traffic in steady state.

CSCvw67366

ASR1002-X: Punt keepalive crashed due to bqs related interrupt.

CSCvz73202

CPP crash on scaling to 5K RA sessions.

CSCvz71436

Call Placing issue from SCCP phones

CSCvy69846

Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device.

CSCvy57681

Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit.

CSCvz86591

VRF-aware static NAT with route-map and reversible not working

CSCwa10915

ASR 1000 Series PFRv3: Elephant flow will trigger performance monitor exporting more than 50% byte loss

CSCwa36699

Prefetch CRL Download Fails

CSCwa01804

Router ASR 1000 Series ucode crash with PPE DTL transfer error during IP reassembly

CSCvz67279

SELINUX-5-Mismatch Log on ASR1002HX.

CSCvz62032

Attach gateways failed in cloud express

CSCvz59621

MKA Session not coming up on EVC.

CSCvz87460

ASR 1000-RP2|VID&gt;V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon

CSCwa19074

Infinite output from command show sdwan tunnel sla.

CSCwa80474

IKEv2 Deprecated Ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance.

CSCvv82985

dhcpv6_relay:dhcp-client on branch not receive ipv6 address

CSCwa76260

IKEv2 Deprecated Ciphers denied by Crypto Engine CDSL - Cicso PSB Security Compliance.

CSCvt66541

Crypto PKI-CRL-IO process crash when PKI trustpoint is being deleted.

CSCwa11150

E1 configurations (under Serial interface) lost after reload.

CSCwa30988

CoS preservation not working for the services EVPL and EPL tunnel.

CSCvz65545

ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535

CSCvz41647

Partial multicast drops are seen after a failover event in a site with two cedges.

CSCvz76277

Hostname not allowed beginning with numbers.

CSCvz34668

Static mapping for the hub lost on one of the spokes.

CSCvz84437

Unexpected reload due IPV6 UDP fragment header in VxLAN.

CSCwa15085

Router Crash due to Stuck Thread with appnav-xe dual controller mode.

CSCvx28426

Router may crash due to Crypto IKMP process.

CSCvz11362

ASR 1000 Series device fails to install rekey causing traffic drop.

CSCwa18177

Flapping bidirectional/unidirectional packet capture option with ipv4 filter for long time failed.

Open Bugs in Cisco IOS XE Bengaluru 17.6.3a

Caveat ID Number

Description

CSCvz93712

VFR is enabled by feature NAT but there is no NAT configured on the interface.

CSCvy72970

Active ftp not working with UTD+HTX for security and Unified policy.

CSCwa39336

CG522: Cannot transfer files.

CSCwb02142

Traceback: fman_fp_image core after clearing packet-trace conditions.

CSCwb23871

2048 RSA keys are lost after reload

CSCwb20089

cEdge ESP crashes after enable platform debug for Cloud onRamp for SaaS.

CSCvx74917

[17.5 Umbrella] DNS Packets are not redirected to configured Custom DNS after Umbrella Template Edit

CSCwb00533

cEdge traffic is getting dropped/blackholed due to OCE_ADJ_DROP reason.

CSCwa24717

Mutex crash seen in MLPPP in function cleaning bundle links

CSCvz05814

[Chrysler]: Cwand issue observed ..potential crash

CSCwb21195

SDWAN ASR cEdge sees Anti-Replay drops when sequence number is beyond 32 bit.

CSCwb25913

(Rework): After configuring match input-interface on class-map, router goes into a reboot loop.

CSCvz94966

ASR1000 Series throughput drop of 10% from 17.3 to 17.6 Release

CSCwb03455

Inter-vrf route leaking not working and packet drop seen due to Ipv4Unclassified.

CSCwa72273

ZBFW dropping return packets from Zscalar tunnel post cedge upgrade to 17.3.4.

CSCvz91913

Bay 2 startup config of 40Gbps not applied on reload

CSCwa68471

Traceback: CPP ucode core generated after HSRP priority change

CSCvz31901

ASR1000 Series: Cisco makefile changes to build the PHY API SW 4.67.05

CSCwa49721

SDWan HUB with firewall configured incorrectly dropping return packets when routing between VRFs.

CSCwa81471

AOM pending objects with loopbacks binded to tloc-extended interfaces.

CSCwb18223

SNMP v2 community name encryption problem.

CSCwa97171

PRP frames not transparent transmitted over L2TPv3 or EoMPLS tunnel.

CSCwb08186

E1 R2 - dnis-digits cli not working.

CSCwa98714

FMFP-3-OBJ_DWNLD_TO_DP_FAILED and tracebacks are seen following traffic drop.

CSCwa67101

Netflow exporter statistics not increasing on MFR interface with frame-relay fragmentation.

CSCwa84448

Intersite cloudsec enabled packets with &lt;60 byte across ASR1k getting dropped when PTP is enabled.

CSCwa74499

ZBFW seeing the SIP ALG incorrectly dropping traffic and resetting connection.

CSCwa11349

ASR1002-HX High QFP Utilization.

CSCwb29773

ASR1K /RP3 / IOS XE 17.x / Carrier delay config on PO etherchannel intf not applied to bundle links.

CSCvz28950

DMVPN phase 2 connectivity issue between two spokes.

CSCwb20222

Upgrade ASR1K from 17.3.4a to 17.6.2 is failed.

CSCvy54048

CPP Unexpected Reboot While Freeing CVLA Chunk.

CSCvz62601

ASR1000-MIP100 / IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps.

CSCwa98545

Checks of route leaks creates memory corruption.

CSCvz08674

cEdge rebooted 2 time with CPP 0 failure Stuck Thread.

CSCvz33747

High CPU caused by "IOSD ipc" task on ASR 1002-HX.

CSCwa76875

After configuring match input-interface on class-map, router goes into a reboot loop.

CSCwa08847

ZBFW policy stops working after modifying the zone pair.

CSCwa26599

FN980 new signed Telit modem firmware FN980M_38.02.X92 upgrade failed.

CSCwa29964

SCEP fails if AAAA DNS repy is received and source interface has no IPv6 address.

CSCwa52627

ASR1000 Series / 17.3 / "sh int transceiver" reports incorrect Tx/Rx optical power values.

CSCwb32635

17.6.2 IOS XE SD-WAN - vdaemon file is incomplete when running admin-tech.

CSCvz55275

Show DMVPN command displays incorrect state.

CSCwa67851

Router traceback and reload when different encapsulation used on xconnect interfaces.

CSCvz95158

ASR1000-HX: IPSec Led doesn't lit even though module is correctly installed.

CSCvz74322

"Shutdown" command visible in running config after reload of ASR 1002-HX.

CSCwb18315

Umbrella DNS security policy doesn't work with Cloud onRamp .

CSCvx00230

Even after interface is admin down we see counter on the load interval

Resolved Bugs in Cisco IOS XE Bengaluru 17.6.2

Caveat ID Number

Description

CSCvz30670

Qos issue on IPv6 Virtual access (tunnel ipsec) interface ASR1k

CSCti88451

Syslog message for SIP Trunk unregistration / registration

CSCvh31741

IOS Device may unexpectedly reboot when displaying BGP neighbors from AF being deleted

CSCvt49729

IPv6 PD lost after RP failover under the sh subscr sess output

CSCvt95787

Unhide "bandwidth" interface command on cedge cli

CSCvw13682

L3 connected lite session not coming up , stuck in data-plane(qfp)

CSCvx61611

Disruption of IPC communication between the FMAN-FP and FED processes due to lack of ACKs from FED.

CSCvx99833

[EVPN L2TRM] Default SMET route should accept only group/source length zero & wildcard value

CSCvy03887

SCP process leading to crash

CSCvy06671

Wrong source ip address is shown in https access log

CSCvy18995

[EVPN BGP] IMET route without PMSI tunnel attribute is accepted by Leaf VTEP

CSCvy23400

MC-LAG feature cannot preserve administratively shut down sub-interfaces

CSCvy27721

IOS-XE Router may experience unexpected reboot with X25 RBP

CSCvy29677

Invalid Free Block Memory Corruption Caused by DHCP is Leading to IOSd Crash

CSCvy31008

OSPF process may not install an external prefix (with fwaddr) in RIB

CSCvy39259

Memory Corruption in standby node of B2B HA setup when running Mifid Media Proxy Recording Calls

CSCvy44951

ESP Unexpected Reboot on Broadband Intelligent Services Gateway During Session Clean-up

CSCvy46402

CUBE-979 Wrong crypto suite selection for re-invite during SRTP-SRTP dialpeer based recording case.

CSCvy54607

Iosd crash at ospf-1 router process while applying config from bootflash

CSCvy56660

mlacp backbone interface defined in netconf as Container instead of list entry

CSCvy58348

Bulk-Sync Failure (PRC) On applying a non-existent Policy map to interface via template

CSCvy67482

SRTP failure leading to no audio in TDM-SIP call with 183 wSDP present

CSCvy67650

Controller does not send TCP SYN or ACK for web redirect when banner size is greater than 200 char

CSCvy68568

show telemetry internal diagnostics decode error

CSCvy69555

unable to fetch eigrp prefix, nexthop, omptag, and route origin

CSCvy69663

Running certain commands from old web interface may cause device to crash

CSCvy72193

ISG IPv6 session lose connection w/ "no ipv6 nd ra suppres" due to final RA sent for other session

CSCvy72210

CIsco IOS XE crash after executing 'show flowspec ipv4' command

CSCvy78311

CUBE FPI leak on DO-DO flow in ANAT m-line switch case with CUBE pref IPv6

CSCvy78544

17.7:ASR1K:Traceback @be_isis_process_no_router on unconfiguring ISIS with Entropy Label feature.

CSCvy78992

BGP Router process may crash after configuring maximum-paths eibgp

CSCvy83154

MAG is not detecting the path UP after several reboots

CSCvy84153

Crash is observed in the controller when the AP location name is greater than 32 character

CSCvy85559

LISP DDT: Buffered Map Request leads to NMR delivery failure

CSCvy86265

Memory leak in ospf on withdrawing SRMS prefix sid

CSCvy86580

[EVPN BGP] Crash seen @bgp_evpn_print_pmsi ,bgp_show_one_pmsi ,bgp_show_network_detail

CSCvy87819

Extra isis config lines getting added to interface BDI Config

CSCvy90726

BGP Memory Leak after upgrading to 17.3.x due to Duplicate Attribute Entries

CSCvy91369

IOS-XE : IPSLA ICMP-Jitter over L3VPN results incorrect jitter value.

CSCvy92696

Cosmetic: `Logging host` configuration inconsistent between sdwan and IOS configuration

CSCvy93771

Webauth hosts fails to get login page due to increment of aaa_reply_pending_count, WA bkpressure

CSCvy93946

Removal of SHA-1 HMAC Impacting ability to SSH

CSCvy99942

Netconf: Logging to syslog stops working in certain scenarios

CSCvz00900

No Ringback to External Callers When Call Reaches Desk Phone JIRA CMESRST-328

CSCvz01295

Edge Device performance issue

CSCvz01883

DHCP Lease not renewed properly after expiry

CSCvz03677

router crashes when changing BGP AS Number

CSCvz04388

RSP3:pubd process crashed during ISSU from 17.6.1 to 17.3_throttle

CSCvz06288

PI Infra changes for CSCvy74957 CPU generated FNF traffic does not adhere to standard RFC 4594

CSCvz08303

Controller reloads unexpectedly in dbm process when DBAL batch stops executing

CSCvz09498

'show isis teapp' with scale doesn't display the entire list

CSCvz12010

CUBE switches over to fax passthrough when "a=silenceSupp:off - - - -" received in 200 OK.

CSCvz12596

Memory leak in emulated database of OSPF and VRF.

CSCvz14745

Memory leak seen when using DNS with IP SLA

CSCvz21844

When Polling MIB 1.3.6.1.4.1.9.9.764 CUBE status shows wrong information

CSCvz24067

On-Prem ZTP: control connections are formed. But after sometime, vManage reset the configuration.

CSCvz24880

CUBE responds with new transaction refresher (UA) within the refresh message for fax passthru call

CSCvz26193

IOS-XE switch may experience unexpected reboot while executing MAB commands

CSCvz27413

CUBE takes lot of time to send 486 to the other call-leg when media stats-disconnect is enabled

CSCvz28986

SNMP poll of DHCP Stats not available on IOS-XE 17.03.03

CSCvz30670

Qos issue on IPv6 Virtual access (tunnel ipsec) interface ASR1k

CSCvz33145

SDA - on Anywhere Border RPF for external RP incorrectly pointing to LISP after BGP route is back

CSCvz33428

STATIC IP configured on SVI is lost when changing from DHCP if SVI flaps at the same time

CSCvz35288

Ti-LFA backup path is not availabe for some protected Adj-SIDs in mutil-area OSPF

CSCvz37619

DSPware 58.5.1 Release targeting v176_throttle to 17.6.2

CSCvz41766

VG450 Crashes Repeatedly in IOSd due to HTSP

CSCvz45020

%SIP-1-LICENSING: SIP service is Up. License report acknowledged.

CSCvz45256

Inbound fax T38 switchover on MGCP GW sending an m line of audio instead of image

CSCvz51558

udp-jitter incorrect RTT calculation when using BDI interfaces

CSCvz60451

Memory leak is observed in C9800-CL due to native telemetry

CSCvz66346

ASR920: New Bridge-Domain are not added dynamically to POCH when TEFP-encap from-bd is configured

CSCvx08118

ASR1001-X: Bug to further address CSCvt08179 : QFP crash due to hardware interrupt

CSCvy24936

vBond connections continuously flapping on edge devices.

CSCvy37285

SSH to Loopback not working

CSCvy44723

control connection to the edege device doesnt come up with v6 and reverse proxy

CSCvy54606

CVLA need to reserve at least 50M memory for low-end DRAM platform

CSCvy74799

Ucode crash observed at tw_bad_timer_bucket () at ../../../infra/tw_timer.c:918

CSCvy85281

Crash triggered by "crypto gdoi ks rekey replace-now"

CSCvy89362

QOS-3-INVALID_BQS_QUEUE_INFO: Drop policy given an invalid scheduling queue/wred 0/0 -Traceback

CSCvy89461

Crash when getting cdspCardStatusEntry OID

CSCvy89785

OSPFv3 adjacency won't come up after "ospfv3 authentication ipsec" is applied on Tunnel interface

CSCvy91411

SD-WAN policy is not correctly programmed in cEdge

CSCvy94954

LA LED turns green when just inserted SFP-10G-LR on ISR4k without cable connecting

CSCvy95586

SCCP gateway auto configuration download results in an incomplete configuration.

CSCvy97578

Need Active/Active ZBFW support for Inter-vrf TCP traffic

CSCvy97761

IPV6 route is breaking control connection.

CSCvy98784

AppQoE DP stats for active connections shows huge bogus value

CSCvy99344

cEdge: Multicast UnconfiguredIpv4Fia drop when multicast interworks with service chain/NAT DIA

CSCvz03053

OMP continues to redistribute BGP route with down bit set (SoO)

CSCvz03342

Multicast boundary command on tunnel interface DMVPN network is sending ttl=1 packet

CSCvz04121

"show sdwan tunnel statistics bfd" and "clear sdwan tunnel statistics" issues

CSCvz06952

vSmart crash on ompd process

CSCvz07134

Router does not boot on recent 16.X releases with large service policy applied on the interface.

CSCvz09078

FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times

CSCvz09330

Bootstrap aaa config issues due to default aaa config

CSCvz18867

IP NAT source static does not work for TCP traffic from OUT to IN

CSCvz23024

17.6.1_auto:SNMP failure on bfdSessionsListSystemIp

CSCvz24267

Static NAT entry is injecting a route to Null0

CSCvz25619

FNF: Reload due to a memory allocation failure in cEdge

CSCvz26211

flow monitor statistics missing when reloading with configuration

CSCvz30465

MT: Template push with thousand eye feature failed for ISR4461 after PnP workflow

CSCvz34290

no ip nbar resources flow max-session does not restore default platform session limits

CSCvz40788

SDWAN tunnels are not coming up in Multilink Frame relay sub-interface

CSCvz47421

VLAN IP config missing on bootup due to missing startup configs

CSCvz47982

Flow-Control Goes down when configurating manual speed and remove the auto negotiation

CSCvz53819

ZBFW : ARStandby drops seen on New Active during RG switchover

CSCvz55789

Data-policy direction-all with empty action is causing to ignore app-route-policy

CSCvz56966

Zscaler SIG tunnels not coming up after reboot due to HTTP/RESP/CODE 400

CSCvz60101

Failure to start (on RP2) iox app-hosting application

CSCvz62602

Extranet local switch crash when mdata is enabled.

CSCvz70734

cEdge crash with sdwan overlay multicast: "CPU Usage due to Memory Pressure exceeds threshold"

CSCvz73780

memory leak with fman_cc process when SM-X-G4M2X module installed

Open Bugs in Cisco IOS XE Bengaluru 17.6.2

Caveat ID Number

Description

CSCuv05226

ASR920 : VRF is not deleted after replacing default config

CSCvv82322

ASR1001-X and ASR9K: Link issue when using macsec

CSCvw67366

ASR1002-X: Punt keepalive crashed due to bqs related interrupt

CSCvw70446

17.4 ZBFW:Crash pointing to fw_base_flow_create () seen on ASR1K

CSCvz11362

ASR fails to install rekey causing traffic drop

CSCvz31901

ASR1K: Cisco makefile changes to build the PHY API SW 4.67.05

CSCvz33747

High CPU caused by "IOSD ipc" task on ASR 1002-HX.

CSCvz54262

ASR1001X crash at CFT after scaling up to 4M flows when internet link up from 2Gbps to 10Gbps

CSCvz55696

ASR1K - IOSXE BGP Graceful Restart inducing extensive packets loss after nexthop node is offline

CSCvz62601

ASR1000-MIP100 / IOS XE 17.3.2 / high CPU on LC process mcpcc-lc-ms and link flaps

CSCvz67279

SELINUX-5-Mismatch Log on ASR1002HX and 8500 Platforms

CSCvz74322

"Shutdown" command visible in running config after reload of ASR 1002-HX

CSCvz87460

ASR 1000-RP2|VID>V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon

CSCvu62879

Crash@bgp_perform_general_scan

CSCvy20617

CUBE license status goes to ""NOT IN USE" after SLR Authorization

CSCvy22343

Crash after reapplying BGP/ attempt to initialize an initialized wavl tree

CSCvy57681

Unexpected reboot of IOS-XE Router in BQS QM @ cpp_qm_proc_rt_commit

CSCvy97741

qfp_ucode_c8kv crash at making a blind transfer from an outside SIP service

CSCvy98400

CUBE responds with new transaction refresher (UA) within the refresh message

CSCvz05377

ACL not getting updated once pushed from ISE

CSCvz07465

Too big Call-ID length in the SIP REGISTER

CSCvz19341

SUBSCRIBE-NOTIFY Passthrough does not work as expected in CUBE registration proxy scenario

CSCvz20285

SDWAN image info not updated in packages.conf when upgrading in autonomous mode

CSCvz21812

QoS policy update with "random-detect dscp" configuration get rejected on device side

CSCvz23470

Function: DNA-C/SWIM - NCSW10249: Distribution failed using protocol: HTTPS with FQDN

CSCvz26532

No audio on Courtesy Call Back from CCE when using SRTP

CSCvz26852

During netconf push vManage adding '\" for every pipe "|" symbol

CSCvz26901

When survivability script with header-passing enabled is invoked, the translation rule fails

CSCvz30202

CUBE does not send REGISTER to registrar server after reloading it.

CSCvz35474

Traceback: IOS core generated after failure of process CCSIP_SPI_CONTROL

CSCvz43262

CUBE DTMF Interworking breaks during consulted call transfer

CSCvz48118

Radius probe account pushes unsupported Service-type [6] attribute

CSCvz55553

BGP routes refreshing in the routing table after adding "bgp advertise-best-exterenal"

CSCvz55696

ASR1K - IOSXE BGP Graceful Restart inducing extensive packets loss after nexthop node is offline

CSCvz55812

MLP cpp crash cause both FP cpp to lock and stuck in disconnecting

CSCvz57415

128.0.0.0/2 is installed into CEF as unusable on a PETR after EID-Prefix is removed.

CSCvz57887

CUBE is not sending audio for SIPREC call recording

CSCvz60420

Peer voice hunt group does not track hops

CSCvz62589

Crash when configuring NAT log flow-export v9 (HSL)

CSCvz64802

WLC reloaded due to a memory corruption in wncd

CSCvz72871

Multicast traffic received over DMVPN tunnel are dropped on RP and not forwarded downstream.

CSCvz74646

CME fails to send notifications to all phones for shared line use during parallel calls

CSCvz76277

Hostname not allowed beginning with numbers

CSCvz76649

APs disjoin the WLC when a clients connects to a Secure LDAP SSID

CSCvz77313

Catalyst Switch reload due to SFF8472

CSCvz81906

Crash while running 'show running-config' command due to "ipv6 dhcp test relay reply add"

CSCvz84537

Webauth external stuck in authenticating without taking ip address

CSCvz86218

IOS 17.x / SCP copy command fails for large files > 2GB size due to "invalid argument"

CSCvz86580

Unable to remove the BGP neighbor statement through vManage template.

CSCvz89713

CEF should not notify LISP based on helpered UDP broadcast packets from remote hosts

CSCvv82985

dhcpv6_relay:dhcp-client on branch not receive ipv6 address

CSCvx28426

Router may crash due to Crypto IKMP process

CSCvy63924

Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command.

CSCvy69846

Guestshell:.py files stored under /home/guestshell are lost after reboot on 1ng device

CSCvy72970

Active ftp not working with UTD+HTX for security and Unified policy.

CSCvz28950

DMVPN phase 2 connectivity issue between two spokes

CSCvz37340

The [service timestamps log datetime msec localtime] command cannot be pushed via CLI Addon template

CSCvz40459

Ucode crash due to NAT proxy timeout

CSCvz54262

ASR1001X crash at CFT after scaling up to 4M flows when internet link up from 2Gbps to 10Gbps

CSCvz58895

IOS-XE unable to export elliptic curve key

CSCvz65545

ISIS reports encode error when NSF cisco if configured for GRE tunnel number greater than 65535

CSCvz67279

SELINUX-5-Mismatch Log on ASR1002HX and 8500 Platforms

CSCvz76277

Hostname not allowed beginning with numbers

CSCvz77008

SDWAN Router Crashed "Critical process qfp_ucode_csx fault on fp_0_0 (rc=139)"

CSCvz80197

FTMD message error

CSCvz87460

ASR 1000-RP2|VID>V07|16.9.7 MD5 signature does not match failure while upgrading to 17.3(1r) rommon

Resolved Bugs in Cisco IOS XE Bengaluru 17.6.1a

Caveat ID Number

Description

CSCvo41609

GETVPN: Clearing members on Key Server causing rekey processing failure on GMs

CSCvr91128

NAT HA - stale tcp sessions in standby router

CSCvw21378

ASR1001-X built-in Tengig interfaces' counters increasing continuously and port stay up/up w/o SFP

CSCvw91361

Crash when issuing "show crypto isakmp peers config"

CSCvw98579

BQS crash seen in 17.3 while bringing up 30k PPPOE sessions

CSCvx22349

After reload or switchover, redundant ESP goes offline->online (transient issue)

CSCvx23159

FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed

CSCvx25217

cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvx26065

1006-X: Box rebooted due to ucode crash, with 2M CFLOW and 8K BFD sessions

CSCvx32090

Port channel configuration triggers traceback

CSCvx32670

Wrong reload reason reflected after a power outage.

CSCvx32807

False positive alarm: IOSXE_RP_ALARM-6-INFO: ASSERT CRITICAL Fan Tray Bay 1 Fan Tray Module Missing

CSCvx44834

ASR1K - ACE entry added after object-group is missing in hardware causing packets drops

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

CSCvx53399

fman_fp_image crashed with ZBFW config change

CSCvx57615

ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent

CSCvx64449

%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format

CSCvx64640

Data plane VPLS traffic generating Control Word on all Label Switched Headers

CSCvx68767

PWK - Overlay tunnel goes down with overnight traffic (No Crash)

CSCvx69830

ASR1k: BQS crash seen at cpp_qm_event_proc_defer_cb

CSCvx72682

[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC

CSCvx75330

fman_rp memory leak in acl_config_bind_v4_acl_message function.

CSCvx77024

IPv6 DMVPN - NBMA address not getting preserved

CSCvx77203

[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled

CSCvx77674

A router may crash when processing an NHRP packet

CSCvx78215

An IOS XE device might crash at DoubleExceptionVector

CSCvx82406

Memory leaks in IOS_PRIV_OPER_DB

CSCvx83301

"insufficient resources" NHRP-ERROR while receiving small rate of NHRP Resolution Requests/second

CSCvx88061

Extended PAT not allowing more than 1k translations

CSCvx88246

Packets dropped due to firewall + data policy interop issue

CSCvx89710

SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible"

CSCvx94323

NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut

CSCvx97718

vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset

CSCvy00963

On vManage 20.4.1, traceroute on cEdge leads to outage at the site

CSCvy01097

Router may crash under ZBF configuration (cpp_cp_svr)

CSCvy03584

cEdge fails to capture sdwan-related outputs to admin-tech

CSCvy09343

CFM inject packet is not marked as high priority

CSCvy10159

Software MTP should support encrypted TLS connection

CSCvy13261

ASR1001-X is not tagging BGP prefixes with OMP tags

CSCvy13735

BFD tunnels stuck in down state after port-hop

CSCvy17941

High memory utilization observed due to NAT/ALG

CSCvy18691

ASR1002HX-IPSECHW octeon ucode crashes when provisioned via SD-WAN

CSCvy20588

CSDL failure when it should be allowing RSA keys with 1024 length.

CSCvy30209

IOS-XE cpp ucode crash with fragmented packets

CSCvy32673

GD/1hx-Interface doesn't come up when reboot/upgrade device with autoneg enabled on 10G SFP+ Port

CSCvy33007

"Best of Worst" Fallback mode causes reachability issue when routes flap

CSCvy33818

On MTT vManage system IP persists after invalidating and deleting the edge devices.

CSCvy34102

CPP ucode crash with route-map and overload at ipv4_nat_rmap_walk_find.

CSCvy35853

ASR1k- egress byte counter on MIP100 10GE interface is inaccurate

CSCvy50292

Standby router crashes ZBFW on VASI interfaces with FTP or SIP TCP traffic

CSCvy52761

adding multilink frame relay sub-interface to SDWAN fails; "Aborted: application error"

CSCvy54314

Data-policy local-tloc with app-route is dropping packets when SLA is not met

CSCvy64468

ASR1002-HX crashed after removing then applying the ZBF configuration.

CSCvy67720

[FNF] Need to force DTL read after PLU lookup in fnf_build_do_ipv4_fast

CSCvy93830

BFD tunnel uptime not showing correct values post upgrade to 17.6.01

Open Bugs in Cisco IOS XE Bengaluru 17.6.1a

Caveat ID Number

Description

CSCvx44834

ASR1K - ACE entry added after object-group is missing in hardware causing packets drops

CSCvx95405

Cellular interface lte Network Selection Mode switches to auto following a reload

CSCvy33818

On MTT vManage system IP persists after invalidating and deleting the edge devices.

CSCvy57681

Crash in BQS QM @ cpp_qm_proc_rt_commit

CSCvy72970

Active ftp not working with UTD+HTX for security and Unified policy.

CSCvy78501

17.6: AAR not working properly as configured SLA classes are not shown under app-route stats

CSCvy86497

BFD session flap/down while control connection with vManage is going down

CSCvy87507

Router unexpectedly routes traffic with broadcast dst MAC

CSCvy90763

PYON: Adjusting new text segment to address L2i rejections issues with SDWAN profiles

CSCvz06095

ReassTimeout drops with NAT in Port-Channel.

CSCvz08674

cedge rebooted 2 time with CPP 0 failure Stuck Thread

CSCvz08945

low-bandwidth-link doesn't reduce number of BFD packets

CSCvz09078

FireWall Policy Drops are seen when the OG/ACE's are reconfigured multiple times

CSCvz11362

ASR fails to install rekey causing traffic drop

CSCvz24199

cEdge: Transport interface IP is unexpectedly NATed to pool address in DIA scenarion

CSCvz25403

NetApp: Issues with traffic does not get forwarded via TLOC extended interface

CSCvz28795

SSL VPN fails to establish if 'match url' is configured under crypto ssl profile

CSCvz28950

DMVPN phase 2 connectivity issue between two spokes

CSCvz31630

Crash ASR 1k crash under "VTEMPLATE Background Mgr" process

CSCvz33108

After uploading the serial file list to the vmanage, the edges lost Control Con. and BFD sessions

CSCvz34290

no ip nbar resources flow max-session does not restore default platform session limits

CSCvz35990

OSPFv3 IPSec encryption failure when IPv4 address-family not configured in VRF

ROMmon Release Requirements

For more information on ROMmon support for Route Processors (RPs), Embedded Services Processors (ESPs), Modular Interface Processors (MIPs), and Shared Port Adapter Interface Processors (SIPs) on Cisco ASR 1000 Series Aggregation Services Routers, see https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html


Note

After upgrading the ROMmon to version 17.3(1r), you cannot revert it to a version earlier than 17.3(1r) for the following platforms:

  • ASR 1001-X

  • ASR 1001-HX

  • ASR 1002-HX

This restriction is only applicable for these platforms. If you have upgraded to ROMmon version 17.3(1r) on any other platform, reverting to an earlier version of ROMmon is permitted and does not cause any technical issues


Related Documentation