Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S

This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S. Caveats describe unexpected behavior.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search.

 

Identifier
Description

CSCut34273

ASR1K, "unknown" process leak under cpp_cp_svr

CSCur31425

ASRNAT: PPTP ALG: Incorrect UNNAT of Peer-Call-ID in Outgoing-Call-Reply

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.3S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.3S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search.

 

Identifier
Description

CSCuj68160

iosd crashed @flow_def_field_list_lookup on doing RPSWO

CSCul46792

ISSU:XE311<>XE312 Vfi_qos packet drops after ISSU runversion

CSCul79546

GEC pactrac: show fia-traced packet has unexpected unformatted output

CSCum53269

no ip subnet in l3-custom results in creating custom protocol

CSCuo00449

Nightster- CRC errors on receive side of ten gig interfaces

CSCuo38164

ASR1K: H323 call fails & Traceback noticed with SBC config

CSCuq43357

ASR1K - Y1731 Frame Delay Measurement broken

CSCuq63167

XE313 : PAP address allocation issue - retry with mods to gaddr_unlock

CSCuq66758

ASR1k - CPP ucode crashes on configuring OTV

CSCuq70681

HostDB Timer Corruption Causing Firewall Crashes on ASR 1k

CSCuq75633

BFD down sent from ASR5500 is not recognized by 1K, still sending UP

CSCuq85115

ASR1K enable "ip cef accounting non-recursive” cause fman_rp crash

CSCuq88560

ASR CPP crashes due to stuck thread interrupt

CSCuq91599

ASR1k wccp pending-ack in fman-wccp caused standby-fp reload every 1hr

CSCur00747

ROMMON Upgrade rolled back

CSCur00762

ASR1k - incorrect traffic classification after HW TCAM is exhausted

CSCur09918

ASR1K: RP2 kernel crash

CSCur18685

QOS SG: Lev1 shape rate is de-activated after dynamic config on the fly

CSCur33915

ASR1000 QFP crash due to stuck thread

CSCur46638

XE3.10+ Flapping ATM i/f or VC may cause small memory leak

CSCur57558

To fix limitation of 20sec TBAR for ASR1K GM

CSCur60943

Crash on ASR with OTV configured related to internal timer function

CSCur90494

sbs_entry allocation failure causes ESP crash

CSCus28745

POS FRR issue with traffic loss around 1 sec instead of 50ms

CSCus32530

ASR1K ESP crash in internal L4R removal feature routine

CSCus51697

BDI not working correctly on ipbase license

CSCus62358

ASR1k: MAC based filter does not work with EPC

CSCus69732

IOS-XE: Evaluation of glibc GHOST vulnerability - CVE-2015-0235

CSCus85852

CPP DRV: Disable IIC Interrupts (Revert CSCuq05197)

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(2)S2

Status

Fixed

Identifier
Description

CSCuh07579

IPSec fails to delete or create SAs due to IPSec background process stuck

CSCuj79520

PAP global address usage is growing consistently over time

CSCul48593

Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port

CSCum14512

CRL download for SUBCA resulting in signature verification failure

CSCum84172

DMVPN: Need to protect nodes from being triggered as behind NAT

CSCun06260

Cisco IOS XE Release 3.13 gatekeeper hardening

CSCun82649

NAT-BPA standby crashes

CSCun92244

Active router creates binds with same gaddr, gport for >1 lport

CSCun96598

ASR 1000 Series Router: DS3-MIB objects are showing value 'ZERO' on SPA-2XT3/E3

CSCun99798

dot3Stats counters are not updating on Cisco ASR 1000 Series Fixed Ethernet Line Cards (ASR1000-2T+20X1GE and ASR1000-6TGE).

CSCuo05333

SDK: mcp_dev - crypto engine reports bogus counter with SHA-384 algorithm

CSCuo26237

yyTranslations are not synced on active and standby FP after changing modes

CSCuo37411

Cisco ASR 1000 Series Router CPP crashes with stuck thread in ipv4_nat_pat_block_to_front

CSCuo46913

Crash after running debug cry condition peer subnet

CSCuo50995

Cisco ASR 1000 Series Router LI sets Identification field of packet from IAP to MD to zero

CSCuo61455

Router crashes in NAT with ALG enabled

CSCuo61982

New platform specific command for uRPF loose suppress drop counter increasing

CSCuo85982

High RP/ESP utilization due to unconditional ESS debug for v4 multicast

CSCuo95771

IPSec SA are deleted incorrectly by background process

CSCuo97597

ISSU/MDR XE313->mcp-dev: %CMRP-3-SIP_MDR_FAIL:SIP MDR restart timed out

CSCuo99185

Multiple IOS-XE CPP Ucode crashes due to invalid static route

CSCup10251

QoS functionality breaks due to issues in TCAM, %CPPOSLIB-3-ERROR_NOTIFY

CSCup17566

PP crash caused by sessions renegotiating authentication

CSCup32129

Auto-RP announces packets replication

CSCup34928

RP crashes when configuring and unconfiguring a service continuously

CSCup37676

OTV jumbo packet fragmentation and reassembly causes ASR 1000 Router CPP crash

CSCup48518

FTP ALG create incomplete token in case of EPSV passive

CSCup51926

NAT door creation may be possible getting failed

CSCup53658

Cisco ASR 1000 Series Router QinQ subinterface stats do not work on port channel

CSCup54891

CPP crash due to race condition while release object

CSCup88496

630748069 Serial interface MTU issue on ASR 1006 Router

CSCup98776

ASR 1000 Series Router outbounds SA creation failure, and ESP not processing further requests

CSCuq02069

CUBE-SP HA Calls Fail/High CPU if CRYPTO PKI command entered on Standby

CSCuq05276

ASR 1000 Router CPP crashes in ipv4_nat_esp_remove_conn

CSCuq09004

RP crashed with cpp_cp_svr crash in cpp_qm_event_insert_leaf_node

CSCuq13494

ASR 1000-IPv6 egress ACL intermittently misclassifies and drops ESP packets

CSCuq14700

TDL message buffers memory leak

CSCuq24971

ASR 1000 ucode crash with pa_get_state on using aggregate port channel

CSCuq27271

Fair-queue with time or byte based queue-limit encounters ucode crash

CSCuq49527

ASR 1000 IOSD crashes while configuring IPSLA with Y1731

CSCuq54655

ASR1K:Ucode@PAR1_CSR32_PAR1_ERR_LEAF_INT__INT_PAR1_STEM_CB_SEL_INV_ERR

CSCuq86513

Cisco ASR 1000 Series Router: crash in packet classification

CSCuq90913

OTV: CPP ucode crashes in l2bd_forward when BD conditional debug is enabled

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S

All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.

Identifier
Description

CSCuq64148

Huge packet drops with CRC errors when ASR 1001x Router is connected to a 3925

CSCum99115

E-Line: Default encapsulation-access interface connect to PE goes down on shut service Inst

CSCun41391

FP crashes on Cisco ASR 1000 Series Router after upgrade from 3.7.2S to 3.11.0S

CSCuj55363

lispgetVpn traffic is dropped when getvpn profile is applied in WAN interface

CSCum80911

Cisco IOS XE Release 3.12: ESP100 TCAM limit is exceeded; hardware TCAM cannot hold with 2000 tunnels

CSCur00762

Cisco ASR 1000 Series Router - incorrect traffic classification after hardware TCAM is exhausted

CSCup57389

Traffic drops while testing VRF Lite co-existence with SP NAT for LNS

CSCun62181

ASR 1000 Router crashes at crypto IPsec update peer path MTU

CSCuq22615

Re-registration after ACL change takes 1 to 2 seconds on ASR 1000 Router and traffic goes in clear

CSCuq82536

ELC-40: Memory leak when configuring MAC filters on port channels

CSCur07193

ELC-40: Cisco ASR 1000 Series Fixed Ethernet Line Card crashes after CSCuq82536 commit when port channel is configured

CSCuq63782

ATM VCs flap when under a large amount of traffic

CSCuq91488

Not punt BFD packet to RP even BFD state changed from Down to Up

CSCuq88560

ASR CPP crashes due to stuck thread interrupt

CSCuq84284

IOS XE crashes while SNMP polling cbQosMatchStmtCfgEntry with NBAR

CSCur09725

Cisco ASR 1000 Series Router crashes when loading NBAR Protocol Pack 10.0.0

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S

  • CSCuo85606

Symptom: ESP80 may crash when tearing down PPP sessions on LNS at scale.

Conditions: Tearing down PPP sessions on LNS.

Workaround: There is no workaround.

  • CSCuo56943

Symptom: ASR 1000 ESP card crash, fman_fp_image core file and cpp-mcplo-ucode core file were generated.

Conditions: crash was seen when mpls flow monitor FLOW output command was issued on a interface with some traffic.

Workaround: Configure manually the following monitor/record for MPLS traffic (the native netflow ipv4 original-output doesn't include any MPLS field):

flow record mpls-record match ipv4 tos match ipv4 protocol match mpls label 1 details match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output match flow sampler collect routing source as collect routing destination as collect routing next-hop address ipv4 collect ipv4 source mask collect ipv4 destination mask collect transport tcp flags collect interface input collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last flow monitor mpls-monitor record mpls-record
 
  • CSCum54014

Symptom: ESP reloads after reporting one or both of the following interrupts:

blank.gif CGI_CSR32_CGI_OTHER_LEAF_INT__INT_YIC_M40_TIMEOUT

blank.gif PIT_CSR32_PIT_HPI_MISC_LEAF_INT__INT_HPI_ISN_INVALID_ADDRESS_INT

A ucode core file may or may not be created when this event occurs.

Conditions: Only applies to ESP100, ESP200 and ASR1002-X.

Workaround: There is no workaround. The issue is fixed in the following releases: 15.2(4)S6 / XE3.7.6S, 15.3(3)S4 / XE3.10.4S, 15.4(1)S3 / XE3.11.3S, 15.4(2)S / XE3.12.0S, 15.4(3)S / XE3.13.0S.

  • CSCun39803

Symptom: Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. The Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work. This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone.

Conditions: ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.

Workaround: There is no workaround on the ASR 1000 platform so far. Statically configuring ARP entries on the hosts will work.

  • CSCuo75390

Symptom: Ucode crash occurs with UWS-WAN_XE311 profile.

Conditions: While verifying NAT64 with traffic on.

Workaround: There is no workaround.

  • CSCun60555

Symptom: An ESP crash may occur after removing an MFR interface soon after it was created.

Conditions: This behavior may be seen on IOS-XE platforms running software versions that support MFR. It may be dependent on the timing of the configuration and removal of the interface. The crash only affects the ESP card.

Workaround: It may be possible to avoid the crash by waiting a few seconds after creating an MFR interface before removing it.

  • CSCum13378

Symptom: A Cisco ASR 1000 Series router configured as an IPSec endpoint may fail to reassemble fragmented ESP packets. During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.

Conditions: This symptom occurs due to UDP packet of a specific size received on the clear side of the device.

Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the device from getting into the ATTN_SYNC state.

  • CSCun28965

Symptom: The show ip nat translation filter range [inside | outside] [local|glocal] start-ip end-ip command does not filter the output as per the range specified.

Conditions: This symptom occurs on Cisco ASR 1000 Series router.

Workaround: There is no workaround.

  • CSCuo41590

Symptom: There are compatibility issues between certain IOS-XE versions and SM-ES3X. With some combinations of SM-ES3X firmware and some releases of IOS-XE, the SM-ES3X will not boot. With the unsupported combinations, the SM-ES3X will not boot.

An error SPA-3-MSG_PARSE_FAILURE:iomd: Failed to parse incoming message from SM-ES3X-24-P slot 2 subslot 0 board 0. The module software may require an update and will be displayed on the IOS-XE console and the SM-ES3X will go into out of service state as shown in the show platform command.

router# show platform Chassis type: ISR4451-X/K9 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ISR4451-X/K9 ok 00:16:02 0/0 ISR4451-X-4x1GE ok 00:13:52 1 ISR4451-X/K9 ok 00:16:02 1/0 SM-X-1T3/E3 ok 00:12:29 2 ISR4451-X/K9 ok 00:16:02 2/0 SM-ES3X-24-P out of service 00:07:54 R0 ISR4451-X/K9 ok, active 00:16:02 F0 ISR4451-X/K9 ok, active 00:16:02 P0 Unknown ps, fail never P1 XXX-XXXX-XX ok 00:15:32 P2 ACS-4450-FANASSY ok 00:15:32

Conditions: Versions of SM-ES3X modules is incompatible with some earlier versions of IOS-XE. SM-ES3x version EJ1 is only compatible with the following major release versions of IOS-XE, or later: 15.3(3)S4 (XE 3.10.4), 15.4(1)S3 (XE 3.11.3), and 15.4(2)S (XE3.12.1).

Workaround: Ensure that a compatible combination of SM-ES3X and IOS-XE images are used. Upgrade/downgrade one or the other to get to a compatible pair.

  • CSCuo09341

Symptom: ESP100 crashes while running IPoE subscriber traffic class features.

Conditions: IPoE subscriber traffic class features are configured on Cisco ASR 1000 Series Router platform with ESP100 board.

Workaround: There is no workaround.

  • CSCuo11035

Symptom: One-way audio on some outgoing calls to PSTN across CUBE-SP. This is seen for call flow scenarios involving forking and with multiple call legs for the same call going through the SBC.

Conditions: Cisco ASR 1000 Series Router configured as CUBE SP SBC running IOS XE 3.10.1.

Workaround: There is no workaround.

  • CSCun97966

Symptom: When packets are sent to crypto, a txnpMaxMtuExceeded message is seen.

Conditions: This symptom occurs only on Cisco ASR 1002x, ASR1000-ESP100, and ASR1000-ESP200 routers.

Workaround: There is no workaround.

  • CSCul01335

Symptom: FP may crash.

Conditions: On changing pap limit from 30 to 60 with traffic on.

Workaround: There is no workaround.

  • CSCun08855

Symptom: ASR router crashes with IOSd punting packet to port-channel with ERSPAN configured on the router.

Conditions: Port-channel and ERSPAN configured on the router.

Workaround: There is no workaround.

  • CSCuo55508

Symptom: A cpp-ucode crash is encountered.

Conditions: Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions: debug platform packet-trace enable, debug platform packet-trace packet 16 fia-trace, debug platform condition egress, debug platform condition start.

Workaround: Do not use fia-trace.

  • CSCuo52384

Symptom: ROMMON get_mac_addr and IOSXE IDPROM access fail on booting standby RP2.

Conditions: External USB thumb drive used on RP2.

Workaround: Remove external USB thumb drive on RP2.

  • CSCuo55610

Symptom: Incomplete kernel core file with filename ending in TEMP_IN_PROGRESS.

Conditions: Active RP kernel core dump in dual RP2 systems.

Workaround: There is no workaround.

  • CSCun04952

Symptom: Traffic which needs to be sent between AppNav-controllers will get lost. Received inter-appnav-controller packets are assigned to the shutdown tunnel interface. As a result, no flows will be synchronized between this appnav-controller and appnav-controllers in the same appnav-controller-group. Asymmetrically routed packet also fails due to lack of flow, and unable to query flow from other appnav-controller.

Conditions: Having a shutdown tunnel interface configured with tunnel source equals to the local appnav-controller IP and tunnel destination equals to the IP of another appnav-controller in the appnav-controller-group (i.e. another ASR router). To detect this problem, the following counter goes up for every dropped packet: show platform hardware qfp active statistics drop | i Disabled. Alternatively you can use a packet-trace feature on 3.10.2 and above to check the dropped reply getting sent to the shutdown tunnel interface.

Workaround: Remove the shutdown tunnel from configuration or un-shutdown it.

  • CSCun99766

Symptom: A router crashes while making changes to an AppNav policy map or a class map.

Conditions: This symptom occurs under the following conditions:

blank.gif Multiple AppNav controllers are used.

blank.gif Sessions are created and can be seen using show service-insertion statistics sessions command.

blank.gif AppNav policy map and class map is modified when live traffic is redirected by AppNav.

blank.gif Policy map or class map change results in a mismatch between AppNav controllers.

Workaround: When using AppNav Controller Group with multiple ACs, avoid changing the policy map or class map when there are active sessions present (use show service-insertion statistics sessions command).

  • CSCuo29770

Symptom: ESP fails to initialize and reboots. The following message will be seen on the IOS console:

*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - startup init (0x1) *Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - start CPP (0x1) The cpp_driver tracelog contains an entry which lists an A41C error code, indicating that the driver was unable to turn on termination.

Here is an example: 01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/dui/A41C: QFP0.0 - unable to turn on termination for DUI0. This is an intermittent failure, so the ESP will likely initialize successfully on the 2nd or 3rd attempt. This is an initialization issue, and once initialization completes successfully there are no further problems related to this condition.

Conditions: Only ASR1002-x, ESP100 and ESP200 are affected. Router configuration or traffic pattern do not affect this problem. The software is fixed in XE3.7.6S, XE3.10.4S, XE3.11.2S, XE3.12.0S and later releases.

Workaround: There is no workaround.

  • CSCun83128

Symptom: PPTP sessions do not come up.

Conditions: Static translation for port 1723 for the inside server, and PAT for the data sessions.

Workaround: Use 1 to 1 mapping.

  • CSCuo17719

Symptom: An ESP crash is seen with IPv6 ping to or from an interface configured with IPSec and FNF.

Conditions: The crash is seen when the size of the IPv6 ping is greater than the interface IPv6 MTU.

Workaround: There is no known workaround. However, this is not a common scenario for IPv6 as fragmentation is always handled by the sending host/application.

  • CSCun88636

Symptom: Kingpin crashes @ cmcc_2kp_cli_show_plim_status_cb.

Conditions: Kingpin crashes while issuing the show plat hard slot 0 plim status int command.

Workaround: There is no workaround.

  • CSCun85761

Symptom: L2 frame checks failure when payload length increases with LDAP algorithm

Conditions: Steps: Translate SIP address into longer address length.

Workaround: There is no workaround.

  • CSCue27980

Symptom: A CPP crash triggered by NBAR may occur on Cisco ASR 1000 Series routers, Cisco 4000 Series ISR routers, and Cisco CSR 1000V routers.

Conditions: This symptom may occur under rare conditions of traffic mixture and rate when NBAR and NAT are both enabled.

Workaround: There is no workaround.

  • CSCun10918

Symptom: Issue PPP subscribers cannot be terminated in ASR1K, due to object being locked.

Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts EVSI wrong dpidb type errors 0 EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.

Workaround: Remove QOS of the PPP

  • CSCun97760

Symptom: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.

Conditions: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.

Workaround: If customer do not need h.323 algorithm, a workaround is to disable h.323 algorithm using the no ip nat service h225 command.

  • CSCun89879

Symptom: Some SIP packets drop with B2B, CGN, and BPA setup.

Conditions: Some SIP packets drop with B2B, CGN, and BPA setup.

Workaround: Reload router.

  • CSCum18039

Symptom: Traffic not flowing on a queue following QoS reconfiguration or new interface creation. Also possible inability to change QoS configuration on any interface or create new interfaces/sessions following occurrence of this condition.

Conditions: Queue was previously being over subscribed when it was deleted leaving it in a flowed off congested state such that it would never drain. This issue affects ASR1K using ESP100 or ESP200, ASR1002X, and ASR1001X platforms only (i.e. ASR1K using ESP5/10/20/40 are unaffected by this issue/change).

Workaround: There is no workaround.

  • CSCun78318

Symptom: ACLs applied to the mgmte do not work on the new active RP after a RP switch over.

Conditions: After a RP switch over as the old standby RP becomes the new active RP.

Workaround: Remove then reapply the ACLs to the mgmte on the new active RP.

  • CSCuo20090

Symptom: The saved ACLs applied to the mgmte from startup-config may not work after the system reload.

Conditions: After system reload.

Workaround: Remove and then reapply the ACLs to the mgmte after system reload.

  • CSCun48994

Symptom: The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number of entries fall below 4000.

Conditions: This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue is hit when the operation involves both the flushing and SID notification.

Workaround: There is no workaround.

  • CSCun49087

Symptom: A Cisco ASR 1002x router crashes.

Conditions: This symptom occurs during duty cycle testing with a lot of negative events in the DMVPN setup.

Workaround: There is no workaround.

  • CSCum04528

Symptom: A Cisco ASR 1002-X router might crash and reload writing a core file in the process.

Conditions: This symptom occurs with a Cisco ASR1002-X router running NAT with ALG traffic.

Workaround: There is no workaround.

  • CSCun37698

Symptom: An ESP might crash.

Conditions: The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being analyzed.

Workaround: There is no workaround.

  • CSCun36785

Symptom: A Cisco ASR1002X production router acting as a WAN-Aggregator reloads unexpectedly after pushing the AVC configuration from Cisco Prime infrastructure through an SSH session. The configuration push was successful onto the box, and the flow statistics were exported to the PI. However, after 30 minutes, the router reloaded with a "CPP mcplo_ucode" crash and a "fman_fp" crash. The box is configured with IKEv2 DMVPN and basic NAT, along with BGP and EIGRP. Four static NHRP tunnels from different branch locations terminated onto this box. All traffic from the branches were encrypted, decrypted on this router and NAT was applied to the decrypted traffic before sending it out of the port-channel interface towards the production network.

Conditions: This symptom is observed on a Cisco ASR 1002X router running CCO IOS-XE version 3.10.1. The crash has occurred only once. Currently AVC configurations have been backed out and the router is stable. This affects the AVC deployment on the network seriously.

Workaround: There is no workaround.

  • CSCun26943

Symptom: In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing data plane. HA records robustly. The easiest way for the customer to recognize if this is happening is by examining the output of the show platform hardware qfp active system intra and the show platform hardware qfp standby system intra commands. If the output shows the counters "rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.

Conditions: DUAL FP systems with stateful HA features such as NAT configured.

Workaround: There is no workaround.

  • CSCun87685

Symptom: ASR1006/15.4(1)S crashed while adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.

Conditions: Adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.

Workaround: There is no workaround.

  • CSCun83231

Symptom: After sub package ISSU operation is performed, ELC does not come up and the following error messages are seen:

*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127) *Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127

Conditions: Issue is seen specific to ASR1000 Ethernet Line Cards (ELC): ASR1000-2T 20X1GE and ASR1000-6TGE line cards, and sub package upgrade. Issue is seen across all releases that support ELC.

Workaround: Consolidated upgrade can be performed.

  • CSCum99077

Symptom: fman_rp process crashes. RP card is reloaded.

Conditions: When routing loop occurs in network and causes massive routing information update, an internal logic error may be triggered.

Workaround: Avoid routing loop.

  • CSCuo02558

Symptom: Crash in cpp_cp_svr when executing the show platform packet-trace packet all command.

Conditions: Crash can only occur when executing the show platform packet-trace packet all command.

Workaround: Display a single packet at a time using the show platform packet-trace packet num command instead of using all.

  • CSCun32035

Symptom: Configured following features as part of IWAN performance testing for UTAH platform: AVC, PFR, QoS, AppNav, WAAS, DMVPN, and Crypto. Make sure DMVPN and MPLS tunnels are up and performance monitor, WAAS and crypto are enabled for these tunnels. Router crashes with traffic profile.

Conditions: Traffic profile includes, voice, http, and media traffic. A crash is seen as soon the traffic is initialized at less than 15% of load.

Workaround: There is no workaround.

  • CSCum85493

Symptom: Ping fails with tunnel protection applied.

Conditions: Tunnel protection applied on GRE tunnel interface, using IKEv1 to negotiate IPsec SAs and remote node (IKEv1 responder) behind NAT.

Workaround: The users can switch to IKEv2.

  • CSCun69811

Symptom: A customer on active box would only like to use the no activate commad for a single delegate registration entry below:

subscriber sip: 999999@site.com sip-contact sip: 001999999999@10.0.0.1 adjacency CUCM-llab delegate-registration sip:test.site.com adjacency PSTN-lab-SIP-CONNECT-test-lab profile SIP-CONNECT_TIMERS activate

Conditions: Sessions are deactivated and the stand-by router crashes.

Workaround: The no activate command must be executed at the delegate-registration sub section. This will prevent the deactivation of the sessions.

  • CSCum66182

Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.

Conditions: While testing Ether-Like MIB for ASR1000-6TGE.

Workaround: There is no workaround.

  • CSCum81041

Symptom: One-way audio incoming calls are redirected through CVP.

Conditions: Call flow:

Caller----G711----TDM GW----SIP-----ASR1K----SIP-----CUSP----SIP----CVP(Vz0)----IP-IVR | | -----SIP---CVP (BAMS) | |--------SIP---CUCM---Agent Phone (G729 only)

Initially, the caller is connected to IP-IVR, both ingress and egress leg of the CUBE is doing G711. Call is connected to the IP-IVR, then CVP sends a refer to the VXML GW for playing prompts and ringback tone. When the call is transferred to the agent, CUBE negotiated G729 at the sip level with the CVP, but because of mid-call signaling block on the ingress side, continue with the G711. Hence, xcoder is invoked on the CUBE to handle G729 to G711 and vise-versa, but CUBE is still sending G711 media to the agent phone side while the agent phone is sending G729 media to the CUBE.

Workaround: There is no workaround.

  • CSCun84368

Symptom: Net flow cache entry is not created for IPV6 flows, and entries for IPv4 entries is not accurate. For IPv4 entries, the BGP next hop is not updated and set to 0.0.0.0.

Conditions: Upon Execution of RP switchover.

Workaround: After RP switch-over, remove BGP configuration from Core router ("P"), and configure it back. Upon BGP update on PE router, the BGP-NH will appear in FNF records.

  • CSCun02605

Symptom: ASR crashes with no known trigger in CCSIP_SPI_CONTROL process.

Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ.

CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash.

Workaround: There is no workaround.

  • CSCuo04588

Symptom: Signal quality on 10G port using SFP-10G-LR and SFP-10G-ZR are poor. Some packets are lost as CRC errors at 10G full bandwidth traffic test.

Conditions: This is seen on 1RU-VE built-in 10G ports with software version 15.4(02)S

Workaround: There is no workaround, except to upgrade the software.

  • CSCuo00449

Symptom: CRC receive side errors have appeared on a variety of P4/P5 Nightster units utilizing both SR and LR optics during traffic flow tests. Not all units are experiencing the issue at present. Approximately, 10% of traffic are lost due to this issue at full 10G bandwidth traffic.

Conditions: This issue is seen on release 1RU-VE routers built-in 10G port running on software version 15.4(02)S.

Workaround: There is no workaround except to upgrade the software.

  • CSCun73043

Symptom: Copper SFP (SFP-GE-T) interface in subslot 0/0 of Nightster does not come up with 10/100 mbps forced speed.

Conditions: The copper sfp (SFP-GE-T) interface hit this condition after router power cycle is issued.

Workaround: There is no workaround.

  • CSCuo38164

Symptom: Traceback and log error is noticed.

Conditions: While initiating H323 call with the SBC feature.

Workaround: There is no workaround.

  • CSCun86123

Symptom: ATOM port-mode xconnect is up, but all traffic under the l2 vc is dropped and statistics shown under show mpls l2 vc detail command are zero.

Conditions: On reloading the router multiple times continuously with traffic on port-mode ATOM vc, at times the VC does not come up. This issue is seen only on the SPA SPA-2CHT3-CE-ATM.

Workaround: Shut/no shut of the controller on which the port-mode ATOM vc is created.

Example:

Bnet-A1(config)#controller
Bnet-A1(config)#controller E3 1/3/0
Bnet-A1(config-controller)#shu
Bnet-A1(config-controller)#shutdown
Bnet-A1(config-controller)#no shu
Bnet-A1(config-controller)#no shutdown
Bnet-A1(config-controller)#
 
  • CSCuo89971

Symptom: When configured as virtual tunnel end point (VTEP), the Router stops processing any data. It even fails to establish the OSPF neighbor relationship post the reload.

Conditions: When configured as VTEP, traffic stops on all Ports of the Ethernet Line Card after sometime. The problem also happens with packets going out of the ELC Ports having Multicast MAC address as destination MAC in the Ethernet header. The problem occurs only with ASR1000-6TGE/ASR1000-2T 20X1GE if any of the 1G/10G ports have egress Multicast MAC traffic.

Workaround: Reload the Line card and stop egress Multicast MAC traffic.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S

  • CSCum99115

Symptom: In EFP xconnect setup, if local access EFP is default encap, local EFP state change from up to down will trigger remote CE interface down. This is the remote host shutdown feature.

Conditions: Occurs under he following conditions:

blank.gif Xconnect configured under EFP

blank.gif EFP is default encapsulation type

blank.gif Local EFP is down

Workaround: There is no workaround.

  • CSCun57777

Symptom: Broadcast Packets are dropped after adding EVC config to ASR 1002 Router. The issue happened on and before Release 3.09.02. The issue doesn't happen on and after Release 03.10.00. After adding evc config, broadcast packets are dropped, L2BDReplicationStart is counted, and replication tree information disappears.

Conditions: on and before 03.09.02.

Workaround: To execute no shutdown command under service instance before configuration change.

  • CSCuo77017

Symptom: The team resource has not released after 32k EFP is configured and deleted on the ASR 1001 Router.

Conditions: With a configuration running 3.13 image, configure 32k EFP and check the tcam resource on the ASR 1K and delete the EFP. Then check the tcam on the asr1k, and will find the resource has not been released.

Workaround: Reload the router or FP.

  • CSCue91054

Symptom: ESP Crashed when sending IPv6 fragmented traffic through dmvpn hub(mgre tunnel).

Conditions: This happens when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through dmvpn hub (mgre tunnel). Large amount of IPv6 fragment traffic (for example, 5G on ESP20) which exceeds reassembly performance number (less then 2G).

Workaround: Change MTU to avoid IPv6 fragmentation.

  • CSCup05568

Symptom: BFD failing on RSP Failover on ASR1K with scale configuration.

Conditions: RSP Failover.

Workaround: There is no workaround.

  • CSCuo85191

Symptom: Crashes on ASR 1000 Router.

Conditions: Memory allocation is failed.

Workaround: There is no workaround.

  • CSCuo85982

Symptom: High RP and ESP utilization and generation of many large (~ 1 MB) logging files with names of the form "cpp_cp_F*".

Conditions: IPv4 multicast packets received on interfaces configured for IP subscriber sessions.

Workaround: There is no workaround.

  • CSCuj55363

Symptom: In the LISP getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic gets dropped with qfp error of IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP when the getvpn profile is applied to the LISP0 interface. The encrypted traffic flows in the LISP setup properly.

Conditions: getvpn profile is applied to the physical interface instead of lisp interface.

Workaround: Apply getvpn profile in the LISP interface.

  • CSCum80911

Symptom: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. When do clear crypto session on hub and spoke twice, ESP is crashed.

Conditions: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. when do clear crypto session on hub and spoke twice, ESP is crashed.

Workaround: There is no workaround.

  • CSCup17060

Symptom: ESP crashes at imgr_pktc_cmdsmapcreate_impl.

Conditions: Multiple RP switchovers with 10K flexvpn sessions with traffic

Workaround: There is no workaround.

  • CSCun23996

Symptom: DPSS session is not cleared from the router when the dpss application ends gracefully. The session get cleared automatically after approx 3 mins. During this time, application with same application name cannot reconnect.

Conditions: Provide the conditions.

Workaround: Run the following command on router to clear the session immediately: one stop session all or Wait for the session to get cleaned automatically, or terminate the application ungracefully (ctrl + c).

  • CSCun41391

Symptom: FP crash after the IOS-XE upgrade to 3.11.0S.

Conditions: ASR 1K router running 3.11.0S.

Workaround: There is no workaround.

  • CSCuo22413

Symptom: ASR1000 may crash unexpectedly.

Conditions: The crash is due to Flexible Net flow aging timers.

Workaround: There is no workaround.

  • CSCun62181

Symptom: ASR1002 running asr1000rp1-adventerprisek9.03.04.06.S.151-3.S6.bin crashes at crypto ipsec update peer path mtu.

Conditions: None.

Workaround: There is no workaround.

  • CSCup19109

Symptom: ASR1k crashes in SIP code.

Conditions: None.

Workaround: There is no workaround.

  • CSCun25912

Symptom: When using the Anyconnect autoreconnect feature on the ASR platform, configurations dynamically applied to the virtual-access interface might be lost over the reconnection.

Example, the interface after initial connection establishment would have a QOS service policy applied:

ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate service-policy input INPUT-POLICY end After reconnection the INPUT-POLICY is missing:
 
ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate end

 

Conditions: This has been observed with configurations being applied from the user AAA profile over Radius authentication. Affected parameters observed are QOS service policies and access-group.

Workaround: Do not use the reconnect feature or apply those configurations directly to the Virtual-Template (if this is an option).

  • CSCtx72973

Symptom: Config-sync failure is seen when unconfiguring the crypto gdoi group.

Conditions: Seen on HA setup.

Workaround: There is no workaround.

  • CSCum25373

Symptom: Traceback is seen.

Conditions: MSRPC regression test (mcp_alg_msrpc.tcl) is run

Workaround: There is no workaround.

  • CSCup37676

Symptom: ASR1K crashes when pinging end-to-end over OTV with a frame size greater than (MTU-42) bytes.

Conditions: This has been seen on two ASR1002-X's running IOS-XE 03.10.01.S. Crash was seen when passing large packets across an OTV topology.

Workaround: Limit oversize packets across overlay topology.

  • CSCup38743

Symptom: FTP signaling goes through fine across the ASR in the broken state, but the FTP Data session ( for both active/passive) does not get established.

Conditions: ASR running any of the recent IOS XE code after 3.7.3 with CGN shows this problem after normal operations for about every 2-5 hours.

Workaround: Either clear all the NAT translations ( clear ip nat trans *) or reload the ESP or issue is not seen on the IOS versions before XE 3.7.3 ( including).

  • CSCup11246

Symptom: When doing ISSU super-pkg/sub-pkg upgrade/downgrade between XE3.12.0 CCO to/from latest XE3.12.1 throttle image with Broadband features, Stdby RP fails to come online within the expected time (around 10 mins) and it takes ~18 mins to come to STANDBY HOT state. Noticed that the process CCM RP(82) stucks about 8 mins.

Conditions: Fix for DDTS CSCuo84195 ISSU xe310<>xe311: STBY-RP stuck in process @CCM RF(82) after loadversion Is causing this DDTS.

Though DDTS CSCuo84195 issue is introduced in XE3.11.0, but only identified and fixed recently. Without this DDTS there will be an ISSU issue between XE310 <-> XE311 (or XE312 or XE313)+ images.

After the fix following are the compatible and versions, XE3.10.3 <-> XE3.11.2 <-> 3.12.1 <-> 3.13

Since we cannot commit to already existing labels of XE3.11.0, XE3.11.1 XE3.12.0, this will be known breakages and issu between these image to any latter image will fail.

Workaround: There is no workaround.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS

This section contains the following topic:

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS

This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS:

  • CSCuj86660

Symptom: The CLI is currently not supported. The mapping option is not available if the user types a ? after the buffer keyword, as shown in the example below:

Router# show platform hardware slot 0 plim buffer ?

settings PLIM buffer settings

Router# show platform hardware subslot 0/0 plim buffer ?

settings PLIM buffer settings

| Output modifiers

<cr>

Router# show platform hardware port 0/0/0 plim buffer ?

settings PLIM buffer settings

The following list of CLIs will point the user to the show platform hardware port 0/0/0 plim buffer ? command:

blank.gif show platform hardware slot 0 plim qos input bandwidth

blank.gif show platform hardware subslot <slot/card> plim qos input bandwidth

blank.gif show platform hardware subslot <slot/card> plim qos input map counters

blank.gif show platform hardware port <slot/card/port> plim qos input map counters

blank.gif show platform hardware port <slot/card/port> plim qos input bandwidth

blank.gif show platform hardware interface <interfacename> plim qos input map counters

blank.gif show platform hardware interface <interfacename> plim qos input bandwidth

Conditions: An error would occur if the user tries to execute the CLI as below:

Router# show platform hardware slot 0 plim buffer mapping ^ % Invalid input detected at '^' marker

Workaround: For the built in SPA ports (sub slot 0/0), use the following port mapping for PLIM commands:

Interface Number
Interface Name

Interface 0/0/0

TenGigabitEthernet0/0/0

Interface 0/0/1

TenGigabitEthernet0/0/1

Interface 0/0/2

Crypto-Engine0/0/8

Interface 0/0/3

GigabitEthernet0/0/0

Interface 0/0/4

GigabitEthernet0/0/1

Interface 0/0/5

GigabitEthernet0/0/2

Interface 0/0/6

GigabitEthernet0/0/3

Interface 0/0/7

GigabitEthernet0/0/4

Interface 0/0/8

GigabitEthernet0/0/5

  • CSCuo41369

Symptom: VLAN error reported on the native GE port independent of port speed, which is connected to a C3750G GE switch.

Conditions: The configuration of the UUT port is default and the switch port is:

switchport access vlan 2 switchport mode dot1q-tunnel no cdp enable

Workaround: The current workaround is to implement a different GE Switch model in this environment.

  • CSCum54014

Symptom: The router reloads randomly when the CPU utilization is near 100% and flexible Netflow with a sampler is configured.

Conditions: The router reloads randomly when running performance tests at near 100% CPU utilization with Flexible Netflow and 1-out-of-10 sampler. No configuration changes are seen at the time of the crash, only running traffic is seen at various levels and monitoring CPU/memory utilization. The sampler configuration seems to be the trigger, and the crash doesn't happen with plain Flexible Netflow. Also, the crash is only seen with IPv4 traffic. IPv6 traffic does not produce the crash with the same configuration.

Workaround: Use Flexible Netflow without the sampler configured.

  • CSCuo44165

Symptom: The ASR 1001-X Router may reload when a very large scale IPv6 ACL/ACE configuration is utilized.

Conditions: Large scale IPv6 ACL config is used: 4000 IPv6 ACL (each ACL has 6 ACE) with total 24000 ACE per system.

Workaround: There is no workaround.

  • CSCuo16316

Symptom: COS Based classification of Ethernet packets for the BUILT-IN-2T 6X1GE SPA might not work. Packets will hit the QIN-ANY entry if configured first, rather than explicitly configured QINQ entry and pick up the classification policy for QIN-ANY entry.

Conditions: This problem only occurs if the user configures the QINAny entry followed by an explicit QINQ entry. For example, encap dot1q 50 second-dot1q any encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50. So all the packets that have the outer VLAN tag as 50 will always hit the hardware entry corresponding to the entry 50-any which will cause the classification policy of 50-any to be applied to entry 50-10 and 50-50 as well.

Workaround: Configure explicit QINQ tagged entries first followed by the QINAny entry.For example, <Explicit tags should go first during configuration> encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50 <Make sure to configure the QINAny entry as the last entry> encap dot1q 50 second-dot1q any.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S.

  • CSCuj04100

Symptom: ASR 1000 Router crashed with the following error message:

CPPHA-3-FAULT F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8

Conditions: ASR 1000 Router running 03.10.00.S with configured zone based firewall.

Workaround: There is no workaround.

  • CSCun01152

Symptom: An IOS-XE router may reload unexpectedly when zone-based firewall is configured.

Conditions: Zone-based firewall is configured and may be dependent on many active MSRPC sessions.

Workaround: There is no workaround.

  • CSCul06361

Symptom: When subscriber session is created with ip subscriber interface on subinterface in shutdown state, after bringing the subinterface up, the out packet counters are not increasing. Subscriber does not have IP connectivity, since traffic is going only in one direction.

Conditions: ASR 1K ISG running IOS XE 3.7.4.S (15.2(4).S4), with ip subscriber interface created from subinterface in the shutdown state.

Workaround: Clearing subscriber session when subinterface is up/up will re-establish session when the connectivity is restored.

  • CSCul48822

Symptom: While provisioning an ISG IP Subscriber session, it is possible to leak an ESS segment chunk (IOSXE ESS SEG).

Conditions: The memory leak may occur when there is an error provisioning an ISG IP subscriber session.

Workaround: There is no workaround.

  • CSCuh03476

Symptom: Tracebacks are seen while configuring APS parameters on a PoS link.

Conditions: Occurs during normal CLI configurations.

Workaround: There is no workaround.

  • CSCui22356

Symptom: When Subpackage ISSU Upgrade is performed on ASR1002-X router after upgrading the standby RP (R0/1) with new RP subpackages, switchover is forced from the active IOS process to the standby IOS process. During the switchover, new active RP performs configuration Bulk-Sync with the standby RP. During this Bulk Sync operation, the configuration related to the interfaces is not synced to the standby due to Bulk Sync MCL failures.

The following sample error message will be displayed when this error is present:

Config Sync: Bulk-sync failure due to Servicing Incompatibility. Please check full list of mismatched commands via: show redundancy config-sync failures mcl Config Sync: Starting lines from MCL file: interface Tunnel150 ! <submode> "interface" - tunnel source GigabitEthernet0/0/0.34 <..............> Standby takes more time(~744 seconds) for reaching terminal State.

Conditions: The symptom is observed after redundancy force-switchover step in ISSU upgrade procedure.

Workaround: Perform a standby IOS reload using the hw-module subslot R0/0 reload command.

  • CSCui72473

Symptom: When the Traffic is flowing through ATM1xOC3, the rate of flow fluctuates very faster and the counters does not match. The show interface atm0/3/0 | i pack command can be used repeatedly to check the rate.

Conditions: The traffic should be flowing through ATM SPA.

Workaround: There is no workaround.

  • CSCui76166

Symptom: TTB Rx information is not getting updated on one ASR 1000 Router serial interfaces - Bident.

Conditions: Range of framing type.

Workaround: Default interface and reconfigure OR OIR Bident.

  • CSCui87851

Symptom: Incorrect end interface number range as 0 to 6.

Conditions: While trying to configure built-in GigE interfaces with interface range command

Workaround: There is no workaround.

  • CSCui91872

Symptom: When configuring the following commands on ASR 1000 platform, you get the errors mentioned below:

blank.gif exception memory ignore overflow io frequency 30 maxcount 5

blank.gif exception memory ignore overflow processor frequency 30 maxcount 5

Error:

. F340.09.25-ASR1000-1(config)#$re overflow processor frequency 30 maxcount 5 F340.09.25-ASR1000-1(config)# *Aug 22 12:54:24.920: exception configuration not implemented *Aug 22 12:54:24.920: PARSE_RC-4-PRC_NON_COMPLIANCE< http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&counter=0&paging=5&links=reference&index=all&query=PARSE_RC-4-PRC_NON_COMPLIANCE> ; `exception memory ignore overflow processor frequency 30 maxcount 5'

Conditions: Hardware and software on ASR1k and all IOS platforms, should have non zero values in following commands:

blank.gif exception memory ignore overflow io frequency 30 maxcount 5

blank.gif exception memory ignore overflow processor frequency 30 maxcount 5

Workaround: There is no workaround.

  • CSCuj14019

Symptom: %CMRP-3-UDI_AUTH: F0: command: Quack Unique Device Identifier authentication failed, show up on ASR1001 Router.

Conditions: After reloading the box or inserting SFPs.

Workaround: There is no workaround.

  • CSCuj30033

Symptom: ATM interface - SPA-1XOC3-ATM-V2 - shows counters frozen when interface is shut down.

Conditions: Running traffic over an ATM (SPA-1XOC3-ATM-V2) interface and then shutting down the interface.The interface counters remain frozen and do not return to zero.

Workaround: There is no workaround.

  • CSCul35389
Symptom: Following error messages are observed with SPA reload: ==================================================================
Nov 26 2013 15:14:31.496 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP Nov 27 2013 17:31:42.464 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP The process mcpcc-lc-ms is held down and the SIP is reloaded.

Conditions: Errors are observed when SPA is reloaded.

Workaround: There is no workaround.

  • CSCul45015

Symptom: The show platform hardware port slot/bay/interface plim statistics command does not work correctly. In case of ingress plim classification, the RX high counters are always shown as zero. This is observed on ASR1002-X Router.

Conditions: Plim ingress classification classifies the ingress classification into two HIGH and LOW priority traffic. Note that this is not about the classification not happening correctly. Traffic is classified correctly, it is just that the 'RX high priority' counters under the show platform hardware port slot/bay/interface plim statistics command are not displayed (always shown as 0).

Workaround: There is no workaround.

  • CSCul94622

Symptom: On an ASR 1000 router with CT3 SPA, Malloc Failures and SPA firmware download failures are seen.

Conditions: SPA should have many channels configured (more than 50% of its maximum capacity) and SPA soft reload is done.

Workaround: There is no workaround.

  • CSCug91353

Symptom: Clear command for punt-policer statistics are not logical and located under: show platform hardware qfp active infrastructure punt policer command.

Conditions: Attempting to clear statistics of counters depicted using the show platform soft punt-policer command.

Workaround: Use the show platform hardware qfp active infrastructure punt policer clear command.

  • CSCui77763

Symptom: The show platform software memory qfp-control-process qfp active command is not working.

Conditions: Execution of the show command.

Workaround: There is no workaround.

  • CSCuj35119

Symptom: Upon installing metro ip services and performing a RP switchover, memory leak is noticed:

Address Size Alloc_pc PID Alloc-Proc Name 353DE1BC 76 10094D50 0 *Dead* open license master.i info

Conditions: When this condition occurs perform the following:

1. Install metroIPservices license.

2. Perform SSO.

3. Show memory debug leaks.

Workaround: There is no workaround.

  • CSCul17693

Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool is available with little free memory. As a result, various SNMP management software applications may generate an error notification.

Conditions: This condition is shown from the moment the router boots up. The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions, IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface, which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR 1000 Router boots up, the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.

Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason, the management software needs to be adjusted.

  • CSCud63220

Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. Drops are seen on the output of show policy-map tunnel 5432 command. Drops are seen on the physical interface over which the tunnel is built. NO drops are seen on the Tunnel interface. From the output below, OQD is 0 for the tunnel interface.

Router# show platform hardware qfp active statistics drop ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- TailDrop 753351 63281484 BGL.Q.20-ASR1K-1#show inter summary <snip> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL ----------------------------------------------------------------------------------------------------------------- * GigabitEthernet0/0/1 0 0 0 753351 0 0 735000 1094 0 * GigabitEthernet0/0/2 0 0 0 0 8648000 18016 0 0 0 * Tunnel5432 0 0 0 0 0 0 12697000 22674 0

Conditions: When packets are dropped on a tunnel interface, the output of the show platform hardware qfp act interface all statistics drop_summary command and show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.

Workaround: There is no workaround.

  • CSCui13063

Symptom: QoS on Service instances using COS matching in the child level of a hierarchical policy-map may fail to properly match traffic. Traffic may be classified into an incorrect QoS class.

Conditions: Using COS matching in the child level of a hierarchical QoS policy-map on a service instance.

Workaround: Use a flat policy map, if possible.

  • CSCul03067

Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. Drops are seen on the output of the show policy-map tunnel 5432. Drops are seen on the physical interface over which the tunnel is built. NO drops are seen on the Tunnel interface. From the output below OQD is 0 for the tunnel interface

Router# show platform hardware qfp active statistics drop
------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- TailDrop 753351 63281484 BGL.Q.20-ASR1K-1#show inter summary <snip> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL ----------------------------------------------------------------------------------------------------------------- * GigabitEthernet0/0/1 0 0 0 753351 0 0 735000 1094 0 * GigabitEthernet0/0/2 0 0 0 0 8648000 18016 0 0 0 * Tunnel5432 0 0 0 0 0 0 12697000 22674 0

 

Conditions: When packets are dropped on a tunnel interface, the output of the show platform hardware qfp act interface all statistics drop_summary command and show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.

Workaround: There is no workaround.

  • CSCul70833

Symptom: Byte-based queue-limit does not work correctly when fair-queue is configured.

Conditions: Using fair-queue feature simultaneously. The issue can happen on ASR 1000 Router. The issue is found on 15.3(3)S.

Workaround: Use packet-based queue-limit instead of byte-based queue-limit.

  • CSCum66678

Symptom: When per-tunnel QoS is configured on a DMVPN hub, the ESP memory may become exhausted due to a memory leak. This could cause the ESP to reload.

Conditions: If there are a large number of DMVNP spokes and the spokes flap, then memory on the ESP is allocated and not freed. This could cause the memory exhaustion on the ESP and thus case the ESP to reload.

Workaround: One could monitor the ESP memory usage and if it is getting low, then reboot the ESP during a mainance window. The command show platform software memory qfp-control-process qfp act brief | inc I/F can be used to determine if memory is being consummed due to this issue.

Example:

Router# show platform software memory qfp-control-process qfp act brief | inc CPP I/F DB module allocated requested allocs frees ------------------------------------------------------------------------------ CPP I/F DB 128 48 5 0 <== normal condition is 5 allocs at bootup that is not freed (one spoke flapped) CPP I/F DB 8172 8076 6 0 <== 1 additional alloc of 8028 (2k spokes in network) - with this bug, this memory is not freed
  • CSCui90224

Symptom: Using a performance monitor when the cache size is set to its default value may cause an error during the Cisco In-Service Software Upgrade (ISSU) process. An error in the console log will indicate a failure to update the monitor cache size.

Conditions: Occurs under the following conditions:

blank.gif Applicable to all Cisco IOS XE platforms.

blank.gif Occurs when running ISSU, which provides transparent router software upgrade or downgrade.

blank.gif May occur when doing either one of the following: - Upgrading from Cisco IOS XE 3.10 or earlier to IOS XE 3.11 or later version - Downgrading from IOS XE 3.11 (or later) to a version earlier than 3.11

Workaround: A preventive workaround and typical use case is to configure the cache size manually rather than using the default. If using the default cache size, use the following workaround to avoid the error:

1. Remove the service policy.

2. Run the system upgrade or downgrade.

3. Re-attach the service policy.

  • CSCuj19865

Symptom: The cache size computed for an Easy Performance Monitor (EZPM) context when running on ESP100 or ESP200 supports 10G rate while it should support 15G.

Conditions: An ASR1K Router with ESP100 or ESP200 installed. Configure EZPM monitor context. Attach the monitor to an interface.

Workaround: The user can override the default value computed by EZPM.

  • CSCuj39496

Symptom: When configuring Input MPLS aware FNF (under interface config, mpls flow mon MON_NAME in) it can happen that FNF will cease to function due to cache entry leak/exhaustion.

Conditions: This can only occur with Input MPLS FNF and moreover only will occur with certain labels. In particular it will occur for MPLS labels for which the output of the show plat hard qfp active feature cef-mpls prefix mpls label num command does not have an IPV4 adjacency.

Workaround: There is no workaround other than to realize that this will only happen for MPLS FNF, Input FNF (not Output FNF), and for MPLS labels that no not have the IPV4_ADJACENCY.

  • CSCul04783

Symptom: fman-fp crashes @ fman_fnf_object_walk.

Conditions: Test the avc_serviceability feature with ESP160.

Workaround: There is no workaround.

  • CSCul22733

Symptom: ASR is seen to crash.

Conditions: Occurs under the following conditions:

1. Flow exporter defined with the Management interface GigabitEthernet0 configured as source.

2. An FNF record is configured to collect URL name.

3. FNF monitor using the above record and exporter is configured on an interface with MTU greater than 1500 bytes.

4. A packet with URL greater than 1500 bytes hits the monitor.

Workaround: Do not configure the Management interface as flow exporter source.

  • CSCul25833

Symptom: Issue with Dual Collector FNFV9 in ASR 1002x only one collector is collecting and the second one is not. Happens when monitor has two collectors. The monitor is detached from interface and attached again immediately. Only one of the collector will continue to work correctly.

Conditions: Under flow-monitor provisioning.

Workaround: Apply each flow monitor with a gap of 5secs. If monitor was removed, wait for 5 secs before bringing it back.

  • CSCul34776

Symptom: After ISSU process AOR and dependent fields are not working. Also, sampler granularity may be different from the configured.

Conditions: Happens sometimes.

Workaround: Remove AVC configuration and apply it again after the ISSU process is finished.

  • CSCul38375

Symptom: FNF fields collect connection delay response to-server histogram. Shows wrong values.

Conditions: ASR1000 platform FNF fields "collect connection delay response to-server histogram all” are configured.

Workaround: There is no workaround.

  • CSCul49581

Symptom: AVC metrics are wrong.

Conditions: One only performance monitor is configured on interface. AOR is enabled at policy level.

Workaround: There is no workaround.

  • CSCul62107

Symptom: When an MPLS egress interface is configured with a flow monitor that matches/collects BGP next hop, The FNF field BGP_NEXT_HOP should be the IP address of the PE-router, which generated the topmost label however, it is currently set to 0.

Conditions: MPLS egress interface on the PE router configured with a flow monitor that matches/collext BGP next hop.

Workaround: There is no workaround.

  • CSCul92406

Symptom: FNF monitors updates are failing at ESP.

Conditions: Unconfigure the FNF monitor and configure again.

Workaround: There is no workaround.

  • CSCum35386

Symptom: The AVC Sum Duration metric is incorrect on the Utlra platform.

Conditions: AVC Sum Duration metric is enabled via one of the AVC/EZPM tools (e.g. ART), and is assigned to an interface on an Ultra platform (however it works fine on ASR).

Workaround: There is no workaround.

  • CSCum48124

Symptom: Occasional crash/traceback and router reload when performing config-replace while both performance monitor/s (e.g. EzPM) and native FNF monitors are assigned to the same interface.

Conditions: Performing a config-replace to a clean config (i.e. doesn't assign performance monitors or native FNF monitors), while there are both performance monitors (e.g. EZPM) and native FNF monitors assigned to the same interface in the current running config.

Workaround: First unassign either or both the performance monitors and the native FNF monitors before performing the config-replace. In that case, the config-replace works okay.

  • CSCuh27266

Symptom: CPP core not generated when FP crash happens.

Conditions: Perform SPA OIR with Unicast/Multicast/Broadcast storm control on 32K EFPs

Workaround: There is no workaround.

  • CSCui17100

Symptom: FP reloads with the corefile reporting a GIF_CSR32_GIF_LOGIC_ERR_LEAF_INT__INT_FBLK_CNT_LOW interrupt.

Conditions: This issue only applies to ASR1002-X, ESP100 and ESP200. This crash occurs when the amount of available QFP packet buffer memory falls below 3% of the total available. This can only happen if there is a combination of heavy traffic and a flood of control packets. An example action that could cause a flood of control packets is an OIR of the carrier card when using a scaled EVC-EOMPLS configuration.

Workaround: There is no workaround.

  • CSCul23525

Symptom: Observing cpp_driver crash @ cpp_dsf_spi_get_status.

Conditions: On executing the show platform hardware cpp active infrastructure txspi 0 status command.

Workaround: There is no workaround.

  • CSCum75385

Symptom: The show platform hardware qfp active datapath utilization command displays wrong data. When high priority traffic (ip precedence 6,7) is sent, the counters against Input Non-Priority rows increment. When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against Input Priority rows increment.

Conditions: This can occur when using ESP100.

Workaround: There is no workaround.

  • CSCun32904

Symptom: Ping fails with packet size larger than 10000 with MPLS over mGRE.

Conditions: Configure the MPLS over mGRE and MPLS MTU MAX, Ping jumbo packet and mGRE peer side is also an IOS-XE based service router(ASR1K/ISR4400/CSR1000V)

Workaround: Remove mpls mtu max.

  • CSCun17558

Symptom: COS markings not seen properly on the dot1q interface.

Conditions: The issues are seen if fragment happened in data plane on the dot1q interface.

Workaround: There is no workaround.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S

This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S.

  • CSCun57359

Symptom: Complete or near-complete loss of traffic over an MLPPP bundle.

Conditions: If an MLPPP bundle is currently attempting to pass traffic beyond the physical bandwidth of the bundle and a new member-link is added, or an existing member-link is flapped a sudden and persistent loss of traffic for that bundle can occur.

Workaround: Configure a basic QoS policy that contains at minimum a class-default traffic police or shape restriction. Attach this policy as an output policy to the MLPPP bundle.

Example:

policy-map basic-output-policy class class-default shape average percent 90 interface Multilink1... service-policy output basic-output-policy
  • CSCun02679

Symptom: The tracebacks were seen on Standby RP for this one time while bringing up GTP sessions.

Conditions: Just bring up the dhcp initiated GTP sessions and the tracebacks were seen on standby RP.

Workaround: There is no workaround.

  • CSCun40443

Symptom: The "not supported on this platform" error message is displayed when doing platform CAC configuration on ESP-5 platform.

Conditions: Set following platform CAC configuration on ESP-5 platform: FP CPU - FP MEM -CC MEM.

Workaround: Do not set following platform CAC configuration on ESP-5 paltform: FP CPU, FP MEM, and CC MEM.

  • CSCun23996

Symptom: DPSS session is not cleared from the router when the dpss application ends gracefully. The session get cleared automatically after approx 3 mins.

Conditions: During this time, application with same application name cannot reconnect.

Workaround: Perform one of the following:

blank.gif Run the following one stop session all command on router to clear the session immediately.

blank.gif Wait for the session to get cleaned automatically

blank.gif Terminate the application ungracefully (Ctrl + C)

  • CSCum95638

Symptom: Multiple tracebacks seen pertaining to uRPF component cannot allocate more memory. No functional issues are seen i.e. no session drops.

Conditions: TB is seen on Scaled Setup of 128K Autheticated Sessions and 256K Walkby sessions.

Workaround: Lower the session scale during RP Switchover. Tested 107K Authenticated Sessions, 223K Walkby Sessions with no issues.

  • CSCum80911

Symptom: On ASR 1006 system, on the DMVPN hub, with 2K ipv4 tunnel over IPv6 transport.

Conditions: When do clear crypto session on hub and spoke twice, ESP crashed.

Workaround: There is no work around.

  • CSCun59767

Symptom: Set egress interface MTU to less than 256. Send packets of size greater than 256. Packets were not dropped by UUT as "IpFragErr", but pass through successfully.

Conditions: Set MTU to 100 on the UUT egress interface, which is the same interface to which a crypto map is attached. DF Bit is set in the security-association for that crypto map. From end host, send packets of size 1000. Packets get fragmented to smaller packets of size 256 first, then encrypted. All the fragmented packets will have DF bit set in IP header. These fragmented packets should be dropped at the egress interface.

Workaround: Send packets of size lesser than MTU.

  • CSCun23109

Symptom: Following error message is seen in log:

%IOSXE-3-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:005 TS:00000006977394452567 %IPSEC-3-REPLAY_ERROR: IPSec SA receives anti-replay error, DP Handle 12, src_addr 192.1.2.0, dest_addr 192.1.1.0, SPI 0x250cc2eb

Conditions: Traffic with over subscription shows the TBAR drops. Eventually, all the traffic dropped.

Workaround: Increase anti-replay window size to 20sec.

  • CSCun39959

Symptom: ASR1K can drop site-2-site IPSec packets with specific pad-lengths. The packets are size 47 bytes n*64 (where n is >=1)

Conditions: Site-2-site IPSec tunneled packets from 3rd-party CPE (not been seen with Cisco IOS based CPE as remote IPSec tunnel endpoints). The packet-sized being dropped are 111bytes in length (or 64-byte increments added to 111bytes).

Workaround: There is no workaround.

  • CSCun45500

Symptom: Flow count value is incorrect in the show platform software ipsec F0 inventory command.

Conditions: Flow count values are incorrect for GETVPN Configuration.

Workaround: There is no workaround.

  • CSCum81783

Symptom: Ping fails to go through the v4 over v6 mixed-mode tunnel.

Conditions: When Mixed-mode tunnel is configured and VPN connection is established.

Workaround: There is no workaround.