Reference a wrapper Chapter topic here

Read Me First

Related References

User Documentation

Communications, Services, and Additional Information

  • Sign up for Cisco email newsletters and other communications at: Cisco Profile Manager.

  • For information on the latest technical, advanced, and remote services to increase the operational reliability of your network visit Cisco Services.

  • To browse and discover secure, validated enterprise-class apps, products, solutions, and services, visit Cisco Devnet.

  • To obtain general networking, training, and certification titles from Cisco Press Publishers, visit Cisco Press.

  • To find warranty information for a specific product or product family, visit Cisco Warranty Finder.

  • To view open and resolved bugs for a release, access the Cisco Bug Search Tool.

  • To submit a service request, visit Cisco Support.

Documentation Feedback

To provide feedback about Cisco technical documentation use the feedback form available in the right pane of every online document.

Release Notes for Cisco vEdge Device, Cisco SD-WAN Release 20.6.x


Note

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on standards documentation, or language that is used by a referenced third-party product.


These release notes accompany the Cisco SD-WAN Release 20.6.x, which provides Cisco SD-WAN capabilities. They include release-specific information for Cisco vSmart Controllers, Cisco vBond Orchestrators, Cisco vManage as applicable to Cisco vEdge devices.

Related Releases

For release information about Cisco IOS XE SD-WAN devices, refer to Release Notes for Cisco IOS XE SD-WAN Devices, Cisco IOS XE Release 17.6.x.

For release information about Cisco SD-WAN Controllers, refer to Release Notes for Cisco SD-WAN Controllers, Cisco SD-WAN Release 20.6.x

What's New for Cisco SD-WAN Release 20.6.x

This section applies to Cisco vEdge devices.

Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.

Table 1. Cisco SD-WAN Release 20.6.2
Feature Description

Support to Configure NTP Server using Localized Policy CLI

This feature allows you to configure the NTP server feature on Cisco SD-WAN devices using the Cisco vManage localized CLI policy.

Table 2. Cisco SD-WAN Release 20.6.1
Feature Description

Cisco SD-WAN Getting Started

Cisco vManage Persona-based Cluster Configuration

Simplifies adding Cisco vManage servers to a cluster by identifying servers based on personas. A persona defines what services run on a server.

Support for Reverse Proxy with Cisco IOS XE SD-WAN Devices and Cisco SD-WAN Multitenancy

With this feature, you can deploy a reverse proxy device in your overlay network between Cisco IOS XE SD-WAN devices and Cisco vManage and Cisco vSmart Controllers. Also, this feature enables you to deploy a reverse proxy device in both single-tenant and multitenant overlays that include Cisco vEdge or Cisco IOS XE SD-WAN edge devices.

Systems and Interfaces

Dual Endpoint support for interface status tracking on Cisco vEdge devices

This feature allows you to configure tracker groups with dual endpoints using the Cisco vManage System template and associate each template group to an interface. The dual endpoints provide redundancy for tracking the status of transport interfaces to avoid false negatives.

RBAC for Policies

This feature allows you to create users and user groups with required read and write permissions for Cisco vManage policies. RBAC for policies provides users with the access to all the details of policies to help maximize the operational efficiency. It makes it easier to meet configuration requirements and guarantees that authorized users on the system are only given access to what they need.

Tenant Device Forecasting

With this feature, a service provider can control the number of WAN edge devices a tenant can add to their overlay network. By doing so, the provider can utilize Cisco SD-WAN controller resources efficiently.

Migrate Multitenant Cisco SD-WAN Overlay

This feature enables you to migrate a multitenant Cisco SD-WAN overlay comprising shared Cisco vManage instances and Cisco vBond Orchestrators, and tenant-specific Cisco vSmart Controllers to a multitenant overlay comprising shared Cisco vManage instances, Cisco vBond Orchestrators, and Cisco vSmart Controllers.

Routing

Route Manipulation for Leaked Routes with OMP Administrative Distance

This feature allows you to configure the OMP administrative distance option to prefer OMP routes over MPLS routes.

Policies

Traffic Classification Using NBAR

This feature extends Network-Based Application Recognition (NBAR) support to Cisco SD-WAN vEdge devices.

SLA Class Support Enhancement

This feature is an enhancement to support more than six SLA classes per policy on Cisco SD-WAN devices.

Application-aware Routing and Data Policy SLA Preferred Colors

This feature provides different behaviors to choose preferred colors based on the SLA requirements when both application-aware routing policy and data policies are configured.

Cloud OnRamp

Cloud onRamp for SaaS over SIG Tunnels

This feature allows you to connect to Cloud onRamp for SaaS by means of a SIG tunnel.

Cloud onRamp for SaaS over SIG tunnels provides you secure access to the SaaS applications, and the capability to automatically select the best possible SIG tunnel for accessing the SaaS applications.

Cisco SD-WAN Monitor and Maintain

Generate System Status Information for a Cisco vManage Cluster Using Admin Tech

This feature adds support for generating an admin-tech file for a Cisco vManage cluster. The admin-tech file is a collection of system status information intended for use by Cisco SD-WAN Technical Support for troubleshooting.

Prior to this feature, Cisco SD-WAN was only able to generate an admin-tech file for a single device.

View Generated Admin-Tech Files at Any Time

This feature adds support for viewing generated admin-tech files whenever the admin-tech files are available on a device.

You can view the list of generated admin-tech files and then decide which files to copy from your device to Cisco vManage. You can then download the selected admin-tech files to your local device, or delete the downloaded admin-tech files from Cisco vManage, the device, or both.

Embedded Packet Capture for Cisco vEdge Devices Using CLI Commands

This feature provides an alternative method to capture traffic data to troubleshoot connectivity issues between Cisco vEdge devices and Cisco vManage using supported CLI commands. As part of this feature, the following commands are introduced to capture traffic details:

- request stream capture

- show packet-capture details

Additional Real Time Monitoring Support for Routing, License, Policy, and Other Configuration Options

This feature adds support for real time monitoring of numerous device configuration details including routing, license, policy, Cloud Express, Cisco vBond Orchestrator, TCP optimization, SFP, tunnel connection, license, logging, and Cisco Umbrella information. Real time monitoring in Cisco vManage is similar to using show commands in the CLI of a device.

There are many device configuration details for Cisco vManage. Only a subset of the device configuration details is added in Cisco IOS XE Release 17.6.1a and Cisco vManage Release 20.6.1.

Manage Data Collection for Cisco SD-WAN Telemetry

This feature allows you to disable data collection for Cisco SD-WAN telemetry using Cisco vManage.

Data collection for telemetry is enabled by default.

On-Demand Troubleshooting

This feature lets you view detailed information about the flow of traffic from a device. You can use this information to assist with troubleshooting.

Production Change Management in Audit Logs

This feature adds support to include template and policy configuration details in audit logs. You can view the current and previous configuration details for any action in Cisco vManage.

DPI Statistics

This feature lets you view detailed information about the flow of traffic from a device.

Cisco SD-WAN SNMP

Support for Cisco SD-WAN Traps

This feature adds support for receiving the following SNMP trap notifications:

  • Certificate expiration notification on Cisco IOS XE SD-WAN devices and Cisco vEdge devices.

  • Health monitoring notifications on Cisco vEdge devices, Cisco vBond Orchestrator, Cisco vSmart Controller, and Cisco vManage.

Important Notes, Known Behavior, and Workaround

  • Starting from Cisco SD-WAN Release 20.5.1, Cloud onRamp for IaaS isn't supported for Cisco vEdge Cloud Router running on Cisco SD-WAN Release 20.5.1. However, Cloud onRamp for IaaS is supported with AWS as the cloud provider for Cisco vEdge Cloud Routers using Cisco SD-WAN Release 20.4.1 and earlier. Cloud onRamp for IaaS is also supported with Microsoft Azure as the cloud provider for Cisco vEdge Routers using Cisco SD-WAN Release 20.3.1 and earlier.

  • In Cisco SD-WAN Release 20.5.1, the cloud-init bootstrap configuration that you generate for the Cisco vEdge Cloud Router cannot be used for deploying the Cisco Cloud vEdge Router running on Cisco SD-WAN Release 20.5.1. However, you can use the bootstrap configuration for deploying the Cisco vEdge Cloud Router running on Cisco SD-WAN Release 20.4.1 and earlier versions.

  • Cisco vManage Release 20.3.1 implements a hardened security posture to comply with FedRamp guidelines. As a result, your vAnalytics login credentials that are stored locally get erased on upgrading the software, and you cannot access the vAnalytics service directly through Cisco vManage. In this case, log in to vAnalytics using this URL: https://analytics.viptela.com. If you can’t find your vAnalytics login credentials, open a case with Cisco TAC support.
  • For Cisco SD-WAN Release 20.4.1, you must run the messaging server on all the active instances of the Cisco vManage cluster when deploying the Cisco vManage cluster. See the High Availability Configuration Guide for vEdge Routers for more information.

  • For information about upgarde paths, see Cisco vManage Upgrade Paths.

Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Bugs for Cisco SD-WAN Release 20.6.3

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Release 20.6.3

Bug ID Headline

CSCwa58714

Loopback interface not reachable when the gateway set to the virtual vrrp ip

CSCwa08989

Interested traffic(FTP/SIP/ICMP...) can't be forwarded properly after Cisco vEdge Device device rebooting.

CSCwa32952

Cisco vEdge Device access controlled via TACACS+ prevents user from performing certain configurations

CSCwa78885

Cisco vEdge Device 2k crashed due to kernel panic while generated admin-tech from Cisco vManage

CSCvz42160

Device not rebooting after an intentional crash

CSCvy27321

Cisco vEdge Device interface tracker reporting down status in vdebug constantly while on the CLI its up.

CSCvz87934

Cisco vEdge Device marking the routes as invalid in OMP when the control policy is changed.

CSCwa84507

Hardware Random Number generation shouldn't include TPM RNG until mutexing occurrs

CSCvy57380

Endpoint Tracker stays down when ip address changed from dhcp to static

CSCwa59201

Cisco vEdge Device 5k TPM failure resulting TLOC disable

CSCwa24992

ZBFW zone-pair (service to service) not working as expected.

CSCwa01810

Affinity on Cisco vEdge Device will fulfill EQUILIBRIUM when it loses the included vSmart group ID.

Open Bugs for Cisco SD-WAN Release 20.6.3

Bug ID Headline

CSCwb55433

Cisco vEdge Devicenot accepting 2 static routes if one of them is Null0

CSCwa92331

Affinity logic not working if entire CG1 vsmarts shutdown

CSCwb06217

After failover Existing primary Cisco vEdge Device stops receiving traffic and forwarding - 20.6.2

CSCwb57899

Cisco vEdge Device: fails to reboot automatically after FP watchdog failure

CSCwa23852

Azure Cisco SD-WAN Cisco vEdge Device/Cisco vSmart Controller VHD image doesn't prompt initial admin password wizard

Bugs for Cisco SD-WAN Release 20.6.2

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Release 20.6.2

Bug ID

Description

CSCvy37285

SSH to Loopback not working

CSCvy89362

QOS-3-INVALID_BQS_QUEUE_INFO: Drop policy given an invalid scheduling queue/wred 0/0 -Traceback

CSCvy91411

SD-WAN policy is not correctly programmed in Cisco IOS XE SD-WAN device

CSCvy92960

C8500 QFP FirewallNonsession drops when starting 80K flows

CSCvy97761

IPV6 route is breaking control connection.

CSCvy98784

AppQoE DP stats for active connections shows huge bogus value

CSCvy99344

Cisco IOS XE SD-WAN device: Multicast UnconfiguredIpv4Fia drop when multicast interworks with service chain/NAT DIA

CSCvz03053

OMP continues to redistribute BGP route with down bit set (SoO)

CSCvz04121

"show sdwan tunnel statistics bfd" and "clear sdwan tunnel statistics" issues

CSCvz09330

Bootstrap aaa config issues due to default aaa config

CSCvz23024

17.6.1_auto:SNMP failure on bfdSessionsListSystemIp

CSCvz25619

FNF: Reload due to a memory allocation failure in Cisco IOS XE SD-WAN device

CSCvz30465

MT: Template push with thousand eye feature failed for ISR4461 after PnP workflow

CSCvz38312

ISR1100 - Cisco IOS XE SD-WAN device: Tx queue hang issue on RJ45 ports

CSCvz40788

SDWAN tunnels are not coming up in Multilink Frame relay sub-interface

CSCvz45159

Data plane crash seen on C8200-UCPE-1N8 with upgrade of c8kv from 17.5.1 to 17.6.1 build

CSCvz47982

Flow-Control Goes down when configurating manual speed and remove the auto negotiation

CSCvz55789

Data-policy direction-all with empty action is causing to ignore app-route-policy

CSCvz56966

Zscaler SIG tunnels not coming up after reboot due to HTTP/RESP/CODE 400

CSCvz62602

Extranet local switch crash when mdata is enabled.

CSCvz69124

ISR4k:BFD scaling: Not able to scale more that 2048 BFD sessions

CSCvz70734

Cisco IOS XE SD-WAN device crash with sdwan overlay multicast: "CPU Usage due to Memory Pressure exceeds threshold"

CSCvz70426

VEdge VRRP-VIP IP address not responding in multi VPN

CSCvz86967

vEdge DST Root CA X3 Expiration causing umbrella integration to fail

CSCvz65048

vEdge 20.6.1: Locally sourced DNS packets uses incorrect interface while resolving Cisco vBond Orchestrator hostname.

CSCvz83560

vEdge 20.6.1: Control connection fails to come up due to DTLS handshake failure.

CSCvz65300

vEdge 20.6.1: BGP route is not considered to reach DNS server during Cisco vBond Orchestrator hostname DNS lookup

CSCvy46919

vEdge: Out of Order IKE Negotiation causes IKE to get stuck

Open Bugs for Cisco SD-WAN Release 20.6.2

Bug ID

Description

CSCvz42885

Packet drops due to QoS Policy after upgrading from 20.3.3 to 20.6.0.101

CSCwa25457

Nutella 6G/Vedge 5K: BFD sessions take long time to come up after clearing omp sessions

CSCvz46516

sit_regression; speedtest.py- test_speedtest_2edges: Failed to start iperf client

CSCwa23852

Azure Viptela vEdge/vSmart VHD image doesn't prompt initial admin password wizard

Bugs for Cisco SD-WAN Release 20.6.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Release 20.6.1

Bug ID

Description

CSCvw31987

vEdge 1000 rebooted with Software initiated - Daemon 'ftmd' failed

CSCvw54152

Vedge 5k-LLQ policer rate on interface 10ge0/0 change after reboot on version 20.1.932

CSCvx18309

Cloud-init tries to configure dhcp ip on eth0 interface on ESXI (support VMware*)

CSCvx26199

Control connection to Cisco vManage does not failover from IPv6 interface to IPv4 interface

CSCvx44834

ASR1K - ACE entry added after object-group is missing in hardware causing packets drops

CSCvx50343

Routes redistributed to the OSPF/BGP that shouldn't be filtered by the routing-policy are filtered

CSCvx83356

Global Route leaking feature do not import routes if the route policy name is lengthy

CSCvx84040

Vedge running 19.2.31 crashes with dbgd failed message while doing speed test

CSCvx85654

shaping-rate value on main interface doesn't apply on traffic through sub interface on Vedge 5k

CSCvx86673

vEdge show interface command shows wrong information for speed

CSCvy02586

Additional counter to capture the mismatch between control and data plane hash table ZBF records.

CSCvy03463

FTMD crash seen after customer tried to add a second tracker to an interface

CSCvy08650

In 20.3.2.1 transport interface distribution, view percentage utilization shows blank

CSCvy14007

vEdge:PIMD crash after few min of multicast traffic received

CSCvy18908

Cloud vEdge crash on bfdmgr_update_sla_mapping

CSCvy33818

On MTT Cisco vManage system IP persists after invalidating and deleting the edge devices.

CSCvy65611

vedge-2000 dropping arp replies post upgrading to 20.5.1

CSCvy83632

DNS resolution fails from VPN 511 - request download vpn 511 <URL>

CSCvy86565

[20.6.1-EFT] vBond Software upgrade from SW ver 20.3 to 20.6.1 EFT image is failing

CSCvz30626

20.6: Cisco vManage Main Dashboard , with Top Application Data => SSL proxy, data is empty

Open Bugs for Cisco SD-WAN Release 20.6.1

Bug ID

Description

CSCvx44834

ASR1K - ACE entry added after object-group is missing in hardware causing packets drops

CSCvy33818

On MTT Cisco vManage system IP persists after invalidating and deleting the edge devices.

CSCvy66289

vEdge not initiating arp request after upgrading

CSCvz00831

Nutella 6G/Vedge 5K: BFD sessions take hours to come up after clearing omp sessions

CSCvz01685

Set local tloc does not respect DPI sticky rule

CSCvz21798

vEdge CLoud Heat template is chaning Interface names on SW Version 20.5

CSCvz30626

20.6: Cisco vManage Main Dashboard , with Top Application Data => SSL proxy, data is empty

Supported Devices

Table 3. Supported Devices and Versions in Cisco SD-WAN Release 20.6.x

Device Family

Device Name

Cisco vEdge Devices

  • vEdge 100

  • vEdge 100b

  • vEdge 100m

  • vEdge 100wm

  • vEdge 1000

  • vEdge 2000

  • vEdge 5000

  • vEdge Cloud

Cisco ISR 1100 and ISR 1100X Series Integrated Services Routers

  • ISR1100-4G

  • ISR1100X-4G

  • ISR1100-6G

  • ISR1100X-6G

  • ISR1100-4GLTENA

  • ISR1100-4GLTEGB

Table 4. Supported Modules on Cisco ISR 1100 and ISR 1100X Series Integrated Services Routers

Module Family

Module Name

Cellular Modules

  • D-LTE-AS

  • D-LTE-GB

  • D-LTE-NA

These modules are supported on Cisco ISR 1100 and ISR 1100X Series Integrated Services Routers using Cisco SD-WAN Release 20.4.1 or later releases. The modules are not supported on Cisco ISR1100-4GLTE models.

Redesign of Cisco vManage GUI

From Cisco vManage Release 20.6.1, Cisco vManage GUI is redesigned and offers a new visual display. Besides the new sign in screen, this section presents a comparative summary of the significant changes between older Cisco vManage releases and Cisco vManage Release 20.6.1 and later.

Change in Navigation Menu

From Cisco vManage Release 20.6.1, the navigation menu at the top left of the Cisco vManage window is collapsed, and can be expanded to view the menu options. The previous releases of Cisco vManage have a static side-bar navigation menu.

Figure 1. Navigation Menu in Cisco vManage Release 20.5.1 and Earlier

Figure 2. Navigation Menu (Collapsed) in Cisco vManage Release 20.6.1 and Later

Figure 3. Navigation Menu (Expanded) in Cisco vManage Release 20.6.1 and Later

Change in Position of the User Profile and Sign Out Options

From Cisco vManage Release 20.6.1, the User Profile and Sign Out options are moved to the bottom of the collapsible side-bar menu in the left pane. In the previous releases, these options are available at the top-right corner of Cisco vManage.

Figure 4. User Profile and Sign Out Options inCisco vManage Release 20.5.1 and Earlier

Figure 5. User Profile and Sign Out Options in Cisco vManage Release 20.6.1 and Later

Change in Presentation of the Main Dashboard

From Cisco vManage Release 20.6.1, the position of Select Resource Group drop-down menu is shifted to the left.
Figure 6. Main Dashboard in Cisco vManage Release 20.5.1 and Earlier

Figure 7. Main Dashboard in Cisco vManage Release 20.6.1 and Later

Other Changes

The redesign includes:

  • New icons across Cisco vManage

    Figure 8. Example of Icons in Cisco vManage Release 20.5.1 and Earlier

    Figure 9. Example of Icons in Cisco vManage Release 20.6.1 and Later

  • New design for GUI elements such as tabs and buttons

    Figure 10. Example of GUI Elements in Cisco vManage Release 20.5.1 and Earlier

    Figure 11. Example of GUI Elements in Cisco vManage Release 20.6.1 and Later

  • New design for search bars across Cisco vManage

    Figure 12. Example of Search Bar in Cisco vManage Release 20.5.1 and Earlier

    Figure 13. Example of Search Bar in Cisco vManage Release 20.6.1 and Later