Cisco CSR 1000v Series Cloud Services Routers Overview
 Note |
Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.
Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience. Do provide feedback about your experience with the Content Hub. |
Virtual Router
The Cisco Cloud Services Router 1000V (CSR 1000V) is a cloud-based virtual router that is intended for deployment in cloud and virtual data centers. This router is optimized to serve as a single-tenant or a multitenant WAN gateway.
When you deploy a CSR 1000V instance on a VM, the Cisco IOS XE software functions as if it were deployed on a traditional Cisco hardware platform. You can configure different features depending on the Cisco IOS XE software image.
Secure Connectivity
CSR 1000V provides secure connectivity from an enterprise network such as a branch office or a data center, to a public or a private cloud.
Hardware Requirements
For hardware requirements and installation instructions, see the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide .
Software Images and Licenses
The following sections describe the licensing and software images for CSR 1000V.
Cisco Smart Licensing
The Cisco CSR 1000V router supports Cisco Smart Licensing. To use Cisco Smart Licensing, you must first configure the Call Home feature and obtain the Cisco Smart Call Home Services. For more information, see Installing CSR 1000V Licenses and Smart Licensing Guide for Access and Edge Routers.
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
Cisco CSR 1000V Evaluation Licenses
Prior to Release 3.13, Cisco provided a built-in evaluation with the CSR 1000V instance, where you could use the Premium Technology Package at a maximum throughput of 50 Mbps for 60 days. With Release 3.13 and later, Cisco has moved to a self-service model to provide the flexibility of trialing additional technology packages and higher throughputs.
Evaluation licenses are valid for 60 days and are available with a valid Smart Account. To request an evaluation license, contact Cisco or a qualified Cisco partner.
The following evaluation licenses are available:
-
IPBASE technology package license with 10 Gbps maximum throughput
-
SEC technology package license with 5 Gbps maximum throughput
-
APPX technology package license with 5 Gbps maximum throughput
-
AX technology package license with 5 Gbps maximum throughput
If you need an evaluation license for the Security technology package, or for an AX technology package with higher throughput, contact your Cisco service representative.
For instructions on obtaining and installing evaluation licenses, see the Installing CSL Evaluation Licenses for Cisco IOS XE 3.13S and Later section in the Cisco CSR 1000v Software Configuration Guide .
Cisco CSR 1000V Software Licenses
Cisco CSR 1000V software licenses are divided into feature set licenses. The supported feature licenses depend on the release.
Current License Types
The following are the license types that are supported in Cisco IOS XE Everest 16.4.1 and later:
-
IPBASE: Basic Networking Routing (Routing, HSRP, NAT, ACL, VRF, GRE, QoS)
-
SEC (Security): IPBase package + Security features (IP Security VPN, Firewall, MPLS, Multicast)
-
AX: IPBase package + Security features + Advanced Networking features (AppNav, AVC, OTV and LISP)
-
APPX Package: IPBase package + Advanced Networking features - Security features (IP security features are not supported in this package)
Legacy License Types
The three legacy technology packages - Standard, Advanced, and Premium - were replaced in Cisco IOS XE Release 3.13 with the IPBAsE, SEC, and AX technology packages.
Features Supported by License Packages
For more information about the Cisco IOS XE technologies supported in the feature set packages, see the overview chapter of the Cisco CSR 1000v Series Cloud Services Router Software Configuration Guide.
Throughput
The Cisco CSR 1000V router provides term subscription licenses that support the feature set packages for the following maximum throughput levels:
-
10 Mbps
-
50 Mbps
-
100 Mbps
-
250 Mbps
-
500 Mbps
-
1 G bps
-
2.5 Gaps
-
5 Gbps
-
10 Gbps (IPBASE only)
The throughput levels are supported for different feature set packages in each version. For more information about how the maximum throughput levels are regulated on the router, see the Cisco CSR 1000v Cloud Services Router Software Configuration Guide.
Memory Upgrade
A memory upgrade license is available to add memory to the Cisco CSR 1000V router (Cisco IOS XE 3.11S or later). This license is available only for selected technology packages.
Additional Information about Licenses and Activation
For more information about each software license, including part numbers, see the Cisco CSR 1000v Router Datasheet. For more information about the standard Cisco IOS XE software activation procedure, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S.
Software Image Nomenclature for Installation Files
The Cisco CSR 1000V installation file nomenclature indicates properties supported by the router in a given release.
For example, these are filename examples for the Cisco IOS XE Amsterdam 17.2.1 release:
-
csr1000v-universalk9.17.02.01.ova
-
csr1000v-universalk9.17.02.01.iso
-
csr1000v-universalk9.17.02.01.qcow2
The following table lists the filename attributes along with its properties:
|
Filename Attribute |
Properties |
|---|---|
|
universalk9 |
Specifies the package that you are installing. |
|
17.02.01 |
Indicates that the software image is mapped to the Cisco IOS XE Amsterdam 17.2.1 release. |
New and Enhanced Features for Cisco IOS XE Amsterdam 17.3.x
New and Changed Software Features in Cisco IOS XE 17.3.8a
There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see the Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
New and Changed Software Features in Cisco IOS XE 17.3.8
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.7
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.6
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.5
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.4
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.3
There are no new software features in this release.
New and Changed Software Features in Cisco IOS XE 17.3.2
There are no new software features in this release.
New and Changed Software Features for Cisco IOS XE 17.3.1a
The following are the new CSR 1000V software features for Cisco IOS XE Amsterdam 17.3.1a release:
Note |
Cisco IOS XE Amsterdam 17.3.1a is the first release for Cisco CSR 1000V in the Cisco IOS XE Amsterdam 17.3.1 release series. |
-
Support for Azure-PMD (Poll Mode Driver): You can now enable the Azure-PMD functionality for Cisco CSR 1000V instances running on Microsoft Azure. This functionality offers a faster, user-space packet processing framework that bypasses the VM's kernel network stack to increase the speed of network traffic. In a typical packet processing that uses the kernel network stack, the process is interrupt-driven, which involves context switching from the kernel space to the user space. Azure-PMD eliminates this context switching and the interrupt-driven method in favor of a user-space implementation that uses poll mode drivers for faster packet processing.
-
Configure IP Multicast over Unidirectional links for PIM: Unicast and multicast routing protocols forward data on interfaces from which they have received routing control information- this requires a bidirectional link. However, some network links are unidirectional, where the physical send-only interface is on the upstream router and the physical receive-only interface is on the downstream router. To control routing information in these unidirectional environments, you need to enable the IP multicast over UDL functionality. To enable this functionality, you can now configure a UDL routing tunnel as a unidirectional generic routing encapsulation (GRE) tunnel and map this to a one-way satellite link, which in turn enables the associated unicast and multicast routing protocols to treat the UDL as a bidirectional link.
-
Support for KVM (RHEL) 7.5 and 7.7 and ESXi 6.5 and 6.7.
-
Support for openconfig-lldp 0.2.1: From the Cisco IOS XE Amsterdam 17.3.1 release, the openconfig-lldp 0.2.1 is supported. No additional configuration is required.
-
Show platform resources command: The existing show platform resourses command now includes the following extension keywords to help you gather more information on platform resource utilization: R0, R0 cpu, R0 memory, exmem, datapath, and datapath oversubscriptions.
-
Show packet tracer command: The output of the show platform packet-trace command now includes additional trace information for packets either originated from IOSd or destined to IOSd or other BinOS processes.
-
Enable debug information for Multicast: The following debug commands are introduced to enable the debugging information for Multicast via CONFD/NetConf:
-
debug platform condition feature multicast controlplane level
-
debug platform condition interface gigabitEthernet 0/0/1.2 ipv4 access-list mcast
-
debug platform condition feature multicast dataplane v4mcast submode
-
debug platform condition feature multicast dataplane v6mcast submode
-
-
New cipher suites for IP ssh Client and Server Algorithm: You can configure the HMAC algorithm of HMAC-SHA2-256-ETM@openssh.com or HMAC-SHA2-512-ETM@openssh.com as a cryptographic algorithm. These cipher suites can be used with the ip ssh client algorithm mac and ip ssh server algorithm mac commands.
-
CUBE: Up to 100 VRF Instances: The current support limit is 54 VRF instances on a CUBE box. This requires customers to purchase additional hardware to meet requirements. For deployments such as HCS that need to support greater number of tenants per box, the limit of VRF instances is enhanced to 100 with this feature. Also, support is introduced for this feature in CUBE Enterprise with this release.
-
CUBE: Dial Peer Binding with Live Traffic: The Live Bind feature allows you to either change or add binding on a dial-peer that does not have any active calls, while other dial-peers with the same binding has active calls.
-
CUBE: Media Proxy Multi-forking using SIPREC: With this feature, the SIPREC-based CUBE Media Proxy solution supports forking to multiple recorders.
-
CUBE: OPUS Codec Negotiation: With this feature, support is introduced for OPUS audio codec with CUBE.
-
CUBE: TLS Server Name Indication (SNI) - RFC6066: With this feature, support is introduced for Server Name Indication (SNI). SNI is a TLS extension that allows a TLS client to indicate the name of the server that it is trying to connect during the initial TLS handshake process.
Note |
If you’re using a Cisco CSR1000V 17.3.x instance, and you switch to controller mode, you might not be able to log in to the device or enter the CLI prompt. To overcome this issue, upload the ciscosdwan_cloud_init.cfg bootstrap file with the aaa authorization exec default local command to the router. For more information, see Switching Between Autonomous and Controller Modes. |
Note |
When you execute the show tech-support command multiple times in an oversubscribed environment, it might cause the device to lose ssh connectivity. If this occurs, reload the device and ensure that the environment is not oversubscribed. |
Note |
When you upgrade from one Cisco IOS XE release to another, you may see a %Invalid IPV6 address error in the console log file. To rectify this error, enter the global configuration mode, re-enter the missing IPv6 alias commands, and save the configuration. The commands are persistent on subsequent reloads. |
Note |
Some YANG models are not fully compliant with all the IETF guidelines. The errors and warnings shown while executing pyang with -–lint flag is currently deemed to be non-critical as they do not impact the semantic of the models or prevent the models from being used as part of the toolchains. To determine the issues with the models, run the check-models.sh script with --lint flag enabled. It is recommended to ignore LEAFREF_IDENTIFIER_NOT_FOUND and STRICT_XPATH_FUNCTIONS errors types when running pyang for validation as they are non-critical errors and doesn’t impact the YANG model functionality. |
Resolved and Open Bugs for Cisco IOS XE Amsterdam 17.3.x
Resolved Bugs for Cisco IOS XE 17.3.8a
All resolved bugs for this release are available in the Cisco Bug Search Tool.
|
Bug ID |
Description |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z |
Open Bugs - Cisco IOS XE 17.3.8a
|
Bug ID |
Description |
|---|---|
|
RTP packets not forwarded when packet duplication enabled, no issue without duplication feature. |
|
|
Procyon packets drop due to MACSEC post-encryption padding behavior. |
|
|
ISG: initiator unclassified IP-address LQIPv4 command has no effect. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
IPv6 DMVPN - NBMA address not getting preserved. |
|
|
Auto-Update Cycle incorrectly deletes certificates. |
|
|
CISCO-CLASS-BASED-QOS-MIB doesn't work with LTE Cellular interface on device after reload. |
|
|
ISG / Crashes due to %IDMGR-3-INVALID_ID: bad id in id_delete during session roaming. |
|
|
Subscriber Session getting stuck and needs clearing it manually. |
|
|
Memory leak in AEM chunks related to firewall. |
|
|
EWC HA pair expereincing IOS tracebacks, followed by KEYMAN crash. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Device link goes err-disabled due to link-flap after reloading peer device. |
|
|
BQS Failure - QoS policy is missing in hardware for some Virtual-Access tunnels after session flaps. |
|
|
Router traceback and reload when different encapsulation used on XConnect interfaces. |
|
|
Device template attachment causes PPPoE commands to be removed from ethernet interface. |
|
|
Interface stats are not getting updated for port-channel. |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
|
CSDL failure: IPSec QM Use of DES by encrypt proc is denied. |
|
|
VG450 VMWI race condition causes no ringing for analog phones. |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.7
|
Bug ID |
Description |
|---|---|
|
Device with 5G module P-5GS6-GL is losing cellular configuration at each boot after upgrading. |
|
|
Device crashed - track the fman-fp's memory leak caused by cond-debug. |
|
|
Interface VLAN1 placed in shutdown state when configured with ip address pool. |
|
|
Intermittent double DTMF due to changing timestamp on a DTMF event. |
|
|
Wired guest client stuck at IP_LEARN with DHCP packets not forwarded out of the foreign to anchor. |
|
|
QFP crash when ZBFW configuration features log dropped-packets configuration. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
ezPM (performance monitor) error logs may cause uCode crash due to congestion of IPC from DP to CP. |
|
|
QoS Classification not working for DSCP or ACL + MPLS EXP. |
|
|
ERROR info: Router configuration failed:interface Serial0/1/0:23 isdn switch-type primary-ntt. |
|
|
Router reloads unexpectedly during NHRP processing. |
|
|
DSPware targeting v173_throttle. |
Open Bugs for Cisco IOS XE Amsterdam 17.3.7
|
Bug ID |
Description |
|---|---|
|
RTP packets not forwarded when packet duplication enabled, no issue without duplication feature. |
|
|
Procyon packets drop due to MACSEC post-encryption padding behavior. |
|
|
ISG: initiator unclassified IP-address LQIPv4 command has no effect. |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
IPv6 DMVPN - NBMA address not getting preserved. |
|
|
Auto-Update Cycle incorrectly deletes certificates. |
|
|
CISCO-CLASS-BASED-QOS-MIB doesn't work with LTE Cellular interface on device after reload. |
|
|
ISG / Crashes due to %IDMGR-3-INVALID_ID: bad id in id_delete during session roaming. |
|
|
Subscriber Session getting stuck and needs clearing it manually. |
|
|
Memory leak in AEM chunks related to firewall. |
|
|
EWC HA pair expereincing IOS tracebacks, followed by KEYMAN crash. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Device link goes err-disabled due to link-flap after reloading peer device. |
|
|
BQS Failure - QoS policy is missing in hardware for some Virtual-Access tunnels after session flaps. |
|
|
Router traceback and reload when different encapsulation used on XConnect interfaces. |
|
|
Device template attachment causes PPPoE commands to be removed from ethernet interface. |
|
|
Interface stats are not getting updated for port-channel. |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
Dataplane memory utilization issue - 97% QFP DRAM memory utilization. |
|
|
Unexpected reboot due to IOSXE-WATCHDOG: Process = Crypto IKMP. |
|
|
CSDL failure: IPSec QM Use of DES by encrypt proc is denied. |
|
|
VG450 VMWI race condition causes no ringing for analog phones. |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.6
|
Bug ID |
Description |
|---|---|
|
'show interfaces' counters are incorrect and display extremely large values. |
|
|
Device crashes during boot with configuration of 10 or more vCPUs. |
|
|
MACSEC not working on subinterfaces using dot1q >255. |
|
|
IOS PKI client uses incorrect search filter for CRL retrieval using LDAPv3. |
|
|
Lack of MAC address in Inform Event message. |
|
|
IPSec Key engine process holding memory continuously and not freeing up. |
|
|
Router rebooted due to watchdogs after issuing the commands sh crypto mib ipsec commands. |
|
|
Renewing hardware wan edge cert shows old cert serial/valid date in control local-properties. |
|
|
Device reloads when group-range is configured under an interface Group-Async. |
|
|
Traffic is hitting wrong sequence in the data policy. |
|
|
SCCP auto-configuration issues with multiple protocols. |
|
|
(Rework): After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
NHRP process taking more CPU with ip nhrp redirect configured. |
|
|
ZBFW dropping return packets from Zscalar tunnel post cedge upgrade. |
|
|
[XE NAT] Source address translation for multicast traffic fails with route-map. |
|
|
Appnav-XE connections are going as passthrough unsupported. |
|
|
Large number of IPSec tunnel flapping occurs when underlay is restored. |
|
|
IOS-XE: Device platforms running 17.x - crypto ipsec policy installation fails. |
|
|
NAT translations do not work for FTP traffic on device. |
|
|
Incorrect check of the TCP sequence number causing return ICMP error packets to drop (Thousandeyes). |
|
|
Registration of spoke fails with dissimilar capabilities w.r.t to HUB. |
|
|
Secure key agent trace levels set to Noise by default. |
|
|
"Revocation-check crl none" does not failover to NONE DNAC-CA. |
|
|
Serial interface stuck in "line protocol is down" state after it went down and it is recovered. |
|
|
Observed crash in device with prd10 image. |
|
|
Keyman memory leak using public keys. |
|
|
Device fails to update sdn-network-infra-iwan key after 1 year. |
|
|
IKEv2 fragmentation causes wrong message ID used for EAP authentication. |
|
|
CRL verification failure result 400 Bad Request with DigiCert. |
|
|
Static mapping for the hub lost on one of the spokes. |
|
|
Packet sanity failed for resolution reply on spoke due to missing SMEF capability. |
|
|
FTP data traffic broken when UTD IPS enabled in both service VPN. |
Open Bugs for Cisco IOS XE Amsterdam 17.3.6
|
Bug ID |
Description |
|---|---|
|
Console Port Access change CLI does not work in CONTROLLER mode. |
|
|
Device dropping all dataplane traffic on Gig3 interface. |
|
|
ICMP traceroute return packet not classified based on FW override port info. |
|
|
ISG / Crashes due to %IDMGR-3-INVALID_ID: bad id in id_delete during session roaming. |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut. |
|
|
Device link goes err-disabled due to link-flap after reloading peer device. |
|
|
When configration IP NAT inside/outside on VASI intereface, ack/seq number abnormal. |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map. |
|
|
QFP core due to NAT scaling issue. |
|
|
Device gets rebooted when tunnel move across two egress interfaces with QoS MPoL policy config. |
|
|
ISG: initiator unclassified ip-address LQIPv4 command has no effect. |
|
|
ZBFW : ARStandby drops seen on New Active during RG switchover. |
|
|
Alpha: EWC Ha pair Expereincing IOS Tracebacks, followed by KEYMAN Crash. |
|
|
RTSP Traffic not being rewritten by NAT. |
|
|
Router crashing when clearing a VPDN session. |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ. |
|
|
ISG: Number of lite sessions conversion in progress counter not decrementing on failed account-logon. |
|
|
[Verizon CAP]NIM-LTE-EA No Data - Requires Subslot Reload to Recover. |
|
|
Unable to remove "switchport mode access" and "switchport nonegotiate" at the same time. |
|
|
Device crash for stuck threads in cpp on packet processing. |
|
|
Subscriber session getting stuck and needs clearing it manually. |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface |
|
|
CPP uCode crash due to ipc congestion from dp to cp. |
|
|
Device template attachment causes pppoe commands to be removed from ethernet interface. |
|
|
CPP unexpected reboot while freeing CVLA chunk. |
|
|
IKEv2 deprecated ciphers denied by crypto engine CDSL - PSB security compliance - DES, 3DES, DH1/2/5. |
|
|
Missing mandatory transform type (ESN) in IKEv2 ESP protocol |
|
|
After configuring match input-interface on class-map, router goes into a reboot loop. |
|
|
GETVPN-IPv6 & LISP support on device platforms. |
|
|
UTD: Exception in utd_logger.py due to missing extra-data in AMP alert. |
|
|
Traceback: fman_fp_image core after clearing packet-trace conditions. |
|
|
Hightower 5G light is blue when 4G LTE is in use. |
|
|
Router may crash due to Crypto IKMP process. |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.5
|
Caveat ID Number |
Description |
|---|---|
|
Ucode crash observed at tw_bad_timer_bucket () at ../../../infra/tw_timer.c:918 |
|
|
CSR1Kv Packets above size of 2050 being dropped in subinterface by BadUidbSubIdx |
|
|
Wrong config: attach 2 same perf-monitors on same direct of 1 interface may lead reboot unexpectedly |
|
|
NAT ALG breaks(Drops) ICMP control messages (ICMP Fragmentation Needed) for PMTUD |
|
|
OSPFv3 adjacency won't come up after "ospfv3 authentication ipsec" is applied on Tunnel interface |
|
|
SDWAN: CSR1000v deployed in Microsoft Azure throwing continuous errors on consol. |
|
|
GETVPN: Clearing members on Key Server causing rekey processing failure on GMs |
|
|
DMVPN over DMVPN with IPSEC - return packets are dropped with BadIpChecksum |
|
|
CVLA need to reserve at least 50M memory for low-end DRAM platform |
|
|
csr: Missing iid_certs for AWS invite-only regions |
|
|
IKEv1/IKEv2 "show crypto session brief" output empty |
|
|
Static NAT conflicts/overwrites with Port-forwarding |
|
|
Prefetch CRL Download Fails |
|
|
Memory leak when packet tracing or any other platform debug condition is enabled. |
|
|
memory leak with fman_cc process when SM-X-G4M2X module installed |
|
|
Crypto PKI-CRL-IO process crash when PKI trustpoint is being deleted |
|
|
IOS-XE unable to export elliptic curve key |
|
|
CSR1000v Buffer Leak - IPSEC reply msg getting dropped |
|
|
crypto ipsec security-association dummy leads to packet loss |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
RAR: After Credit starvation, packets are not properly classified based on QoS. |
|
|
crypto ikev2 proposals are not processed separately |
|
|
Watchdog timeout due to Crypto IKMP |
|
|
VXE: IOSd watchdog crash while printing to syslogs to console |
|
|
Flapping bidirectional/unidirectional packet capture option with ipv4 filter for long time failed |
Open Bugs for Cisco IOS XE Amsterdam 17.3.5
|
Caveat ID Number |
Description |
|---|---|
|
CSR1000V 17.3.5 crashes during boot with configuration of 10 or more vCPUs |
|
|
Protocol specific change for base path |
|
|
NHRP messages tagged with incorrect MPLS labels - unable to establish shortcut |
|
|
Telemetry: IOS-XE Controller crashes after using 'show telemetry ietf subscription all' command. |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map |
|
|
Removing service-policy from the Zone-pair causes device crash |
|
|
csr1kv/c8kv: Console Port Access change CLI does not work in CONTROLLER mode |
|
|
ASR1001X gets rebooted when Tunnel move across two egress interfaces with QoS MPoL policy config |
|
|
Router rebooted de to watchdogs after issuing the commands sh crypto mib ipsec commands |
|
|
ZBFW : ARStandby drops seen on New Active during RG switchover |
|
|
crash observed at NHRP while using summary-map |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ |
|
|
Crash on cpp process when QoS policy configuration is being applied |
|
|
IOSd Nhrp core due to a segmentation fault when disabling PfR IWANs |
|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface |
|
|
Incorrect check of the TCP sequence number causing return ICMP error packets to drop (Thousandeyes) |
|
|
CPP Unexpected Reboot While Freeing CVLA Chunk |
|
|
C1100 Unexpected reboot with Critical process fman_fp_image fault on fp_0_0 |
|
|
Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol |
|
|
Device: sdn-network-infra-iwan key does not update successfully under network disruption situation |
|
|
GETVPN-ipv6 & LISP support on C900 platforms |
|
|
SCEP fails if AAAA DNS repy is received and source interface has no IPv6 address |
|
|
The router reload unexpectedly due to Cellular CNM process. |
|
|
FlexVPN per-user inline ACL from Radius not installed |
|
|
Router may crash due to Crypto IKMP process |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.4
|
Caveat ID Number |
Description |
|---|---|
|
cedge is sending incorrect if index values for the sub-interfaces. |
|
|
App-aware policy need to be honored when queuing is not set by localized policy |
|
|
Pre-mature session deletion leading to churn and lower TPS at scale |
|
|
BFD sessions go down on Service VPN after UTD is enabled on cEdge |
|
|
Cisco 1111 CSR vtcp may cause packet drop for sip packets causing phones to reset |
|
|
Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4 |
|
|
AWS:Cisco 8000kv CSR crashed and reboots if shut/no shut an interface a number of times |
|
|
Cisco 1000v CSR crashing frequently with Critical software exception error. |
|
|
cEdge running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE |
|
|
SDWAN custom policy that does not looked to be programmed correctly on the cedge platform |
|
|
FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed |
|
|
Wrong reload reason reflected after a power outage. |
|
|
Removing and Adding Bulk ACL leads to dataplane programming failure |
|
|
Zone Based Firewall on cEdge router dropping web traffic with the reason Zone-pair without policy |
|
|
Cisco 1000v CSR: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass |
|
|
SIT 17.5.1 02/01: Stby switch reloaded due to config mismatch during telemetry push from DNAC. |
|
|
cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging |
|
|
For-us Icmp packets are collected by cflowd which against the data-policy |
|
|
Crash when TPOOL is updating and 'wr mem' is issues at same time |
|
|
ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent |
|
|
Data plane VPLS traffic generating Control Word on all Label Switched Headers |
|
|
"show sdwan policy service-path/tunnel-path" command cause device crash |
|
|
[DMM/SLM test issue] CFM crash when using physical port, DMM/SLM doesn't work on EVC |
|
|
custom app not getting detected after attached removed and re-attached- app-visibility is disabled |
|
|
[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled |
|
|
An IOS XE device might crash at DoubleExceptionVector |
|
|
SDWAN cedge : traffic simulation tool shows traffic blackhole |
|
|
Cisco 1000v CSR Multicast Over OTV Not Forwarding |
|
|
Packets dropped due to firewall + data policy interop issue |
|
|
SCEP: CA server fails to rollover CA certificate with error: "Storage not accessible" |
|
|
vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset |
|
|
Config out of sync after upgrading to 17.4.1 |
|
|
Security container is dropping legitimate FIN,ACK Packets |
|
|
IOS-XE cpp ucode crash with fragmented packets |
|
|
Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED |
Open Bugs for Cisco IOS XE Amsterdam 17.3.4
|
Caveat ID Number |
Description |
|---|---|
|
DMVPN - after removing IPSec, traffic is dropped on a tunnel interface |
|
|
Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured |
|
|
unexpected reload due to Crypto IKEv2 process |
|
|
Watchdog timeout due to Crypto IKMP |
|
|
can not update local-address in a crypto keyring |
|
|
crypto ikev2 proposals are not processed separately |
|
|
cEdge-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working. |
|
|
Crash when issuing "show crypto isakmp peers config" |
|
|
IKE should have a mechanism to alert or mitigate resource exhaustion due to QM flooding |
|
|
cEdge ipv6 netflow with high scale flows FNF does not working |
|
|
fman_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash. |
|
|
%CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed due to ip rtp header-compression iphc-format |
|
|
IKEv1 IPSec CAC (Call Admission Control) counter leak leading to %CRYPTO-4-IKE_DENY_SA_REQ |
|
|
CSR in Azure can fail to authenticate using AAD |
|
|
CSR crashes after oce_lookup_one_adj_id_handle while reading emu_mem. |
|
|
Removal of 'set reverse-route tag xxx' removes 'reverse-route' config from crypto map |
|
|
SDWAN: Cisco 1000v Series CSR deployed in Microsoft Azure throwing continuous errors on consol. |
|
|
Cisco 1000v Series CSR/Cisco 8000v Series CSR: Console Port Access change CLI does not work in CONTROLLER mode |
|
|
CPP Crash While Freeing CVLA Chunk |
|
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met |
|
|
Cisco 1121 ISR router multiple crash. - session hash corrupted |
|
|
Cedge : Cloudexpress Office 365 probes are hitting 100% loss |
|
|
ccedge Cisco 1121-4P CSR crahed with Localsoft error |
|
|
URL Filtering regex pattern match not working on large pattern |
|
|
cEdge QFP starts dropping traffic - UTD Service Node not healthy ident |
|
|
Qos download failed with FW policy when rebooting device |
|
|
cEdge: High CPU usage due to Multicast and Data Policy configuration. |
|
|
Unable to fetch eigrp prefix, nexthop, omptag, and route origin |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.3
|
Caveat ID Number |
Description |
|---|---|
|
Mishandling of dsmpSession pointer causes a crash |
|
|
Static routes pointing to interface tunnel not valid after tunnel's source interface flaps. |
|
|
IOSD crash due to segmentation fault at SISF Main Thread |
|
|
Crash in sre_dp_traverse_dfa_legacy as SIP invite messages crosses a GRE Tunnel |
|
|
Cloud Express probes fails when two default rules are present |
|
|
Traceback: IP SLA triggers INJECT_HDR_LENGTH_ER and INJECT_FEATURE_ESCAPE log message |
|
|
Crash seen in isis_sr_uloop_lspdb_dump with 'debug isis microloop' enabled |
|
|
BGP: advertised community list is malformed due to GSHUT community |
|
|
No responder-bytes from cEdge when UTD is enabled |
|
|
Router may crash when using Stateful NAT64 |
|
|
GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage |
|
|
Moving PC from network causes static DHCP binding to be removed from the device. |
|
|
"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload |
|
|
DMVPN with ipv6 link-local address do not register to HUB |
|
|
Router might crash after apply a class-map in input direction with bandwidth percentage |
|
|
NAT64 ALG: Router crashes on nat64_process_token |
|
|
Passive FTP doesn't work with NAT |
|
|
Crash in TCL Bytecode When Running RA Trace in Guestshell Python |
|
|
Device Template failing to attach after changing few device variables |
|
|
Smart license registration through explicit mode proxy server |
|
|
[EVPN RT2-RT5] After few host moves RT2-RT5 re-origination happens even when there is no Remote RT2 |
|
|
MACSEC MKA stops forwarding data after every 3rd rekey |
|
|
ip-acl errors of correcting the logic of sequence id when there is an error with msg creation |
|
|
EVPN Type-2 IP/MAC route is created for not-connected SVI |
|
|
Unexpected reload in NHRP when access to an invalid memory region |
|
|
APPNAV CFT crashes |
|
|
Pseudowire interface may be unexpectedly removed from VFI on unrelated configuration change |
|
|
OMP-Agent Routes in EIGRP changes AD to 252 on non-SDWAN devices |
|
|
CPP ucode crash with fw_base_flow_create |
|
|
SSH with Certificate authentication doesn't work after upgrade to 17.3.1 |
|
|
HSL Export over VASI Interface causes Netflow v9 Template Flooding |
|
|
unable to transfer 1500 byte IP packet when using BRI bundled Multilink |
|
|
RP went down due to __be_iosd_rec_malloc_free_before |
|
|
[SIT]: BFD sessions not established between Edges, with UTD enabled |
|
|
Dynamic Nat pool "ip aliases" are not created on the device |
|
|
LMR Unable to hear first seconds of audio |
|
|
FlexVPN reactivate primary peer feature does not work with secondary peer tracking |
|
|
Throughput license grace period starts counting down after upgrade router software |
|
|
OpenSSL vulnerability (CVE-2020-1971) evaluation for IOS-XE |
|
|
Router may not send PIM Register message if RP is reachabile over TE tunnel |
|
|
BGP AS-path prepend: cEdge won't update correctly better prepended route. |
|
|
Device is crashing after Device Access Policy is attached |
|
|
DDNS feature triggers crash on 16.X/17.X releases due to memory corruption |
|
|
Crash wile configuring l2vpn evpn instance for VXLAN |
|
|
Decouple mac aging from ARP aging on vlans not using the centralized gw feature |
|
|
BGP IPv6 link-local session doesn't come up |
|
|
Not able to create VFI instances |
|
|
Memory Lock and system crashed while clearing ip access-list stats. |
|
|
ISIS crash in isis_sr_tilfa_compute_protection |
|
|
Control plane hitting EID prefix entry limit for MAC after upgrade |
Open Bugs for Cisco IOS XE Amsterdam 17.3.3
|
Caveat ID Number |
Description |
|---|---|
|
Crash at the moment of calculating tcp header |
|
|
Netflow crash at fnf_ipv6_output_feature_final_internal with flow record on IPv6 IPsec tunnel |
|
|
NETCONF ACL not working if ACL is referencing an object-group |
|
|
Clients using DHCP Server Port-Based Address Allocation not getting IP address |
|
|
ucode crash with firewall timer lock |
|
|
BGP-neighbor down when push banner configuration failure |
|
|
IOS-XE Memory Leak in SSS Manager |
|
|
Router crash observed when AppNav Cluster delete with service-insertion enabled on LAN interface |
|
|
FMAN_rp: qos_hqf [L:1.0, N:0x3485061e18 ] (0p, 0c) download to FP failed resulting in a crash |
|
|
IP PIM SPT-threshold infinity causes ICMP Echo Replies to not be generated for IP Multicast Requests |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.2
|
Caveat ID Number |
Description |
|---|---|
|
ASR1002X lost all configuration after upgrade from 16.12 to 17.3. |
|
|
GRUB2 Arbitrary Code Execution Vulnerability. |
|
|
Memory leak upon ssh/scp connections to a router. |
Resolved Bugs for Cisco IOS XE Amsterdam 17.3.1
|
Caveat ID Number |
Description |
|---|---|
|
Fix for kernel driver issue causing wake up for empty block, packet too large to process |
|
|
CSR Gig3 Interface not created even after ENI is attached to VM instance in AWS |
|
|
CSR on AWS - PAYG Broken in 17.1, 17.2, and Polaris |
|
|
Custom Data: bash/python scripts in Scripts section does not execute |
|
|
CSR stuck in Bootloop while upgrading to 17.2.1r on Azure. |
|
|
vmxnet3 vnics need ability to set MTU |
Open Bugs for Cisco IOS XE Amsterdam 17.3.1
|
Caveat ID Number |
Description |
|---|---|
|
CSR1000v may unexpectedly reload (or hang) due to keepalive failures |
|
|
C8000v not booting up in Azure if assigned IPaddr 10.0.1.0 to Gig1 Interface |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Documentation Feedback
To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at https://www.cisco.com/en/US/support/index.html.
Go to Products by Category and choose your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information for the issue that you are experiencing.
Feedback