Cisco Notification Alert -Cisco NCS 6000 Series Core Router-01-Jul-2015 16:48 GMT

Feedback Sign Up Unsubscribe         Security Advisories & Responses for Network Convergence System 6000 Series Routers Title: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability Description: A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet. The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition. Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr Date: 11-JUN-2015 Find additional information in Cisco Security Advisories & Responses Software Updates for Network Convergence System 6000 Series Routers Product Name: NCS 6008 - 8-Slot Chassis Software Type: IOS XR Software Maintenance Upgrades (SMU) Release Version: 5.2.4 Alert Type: New File File Name: ncs6k-sysadmin-5.2.4.CSCuu95426.tar File Description: ISSU/Reload/Recommended SMU,Power Tray alarms on an NCS 6008 File Release Date: 24-JUN-2015 Software Updates for Network Convergence System 6000 Series Routers Product Name: NCS 6008 - 8-Slot Chassis Software Type: IOS XR Software Maintenance Upgrades (SMU) Release Version: 5.2.3 Alert Type: New File File Name: ncs6k-sysadmin-5.2.3.CSCuu14963.tar File Description: Hitless/Recommended SMU, NCS6k - hardware interrupt reset all FC upon LC insertion or Plane shut File Release Date: 29-JUN-2015 Find additional information in Software Downloads index. Software Updates for Network Convergence System 6000 Series Routers Product Name: NCS 6008 - 8-Slot Chassis Software Type: IOS XR Software Manager Release Version: 2.0 Alert Type: New File File Name: CSM-2.0.zip File Description: Cisco Software Manager v2.0 File Release Date: 30-JUN-2015 Find additional information in Software Downloads index. Known Bugs - Network Convergence System 6000 Series Routers Bug Id: CSCus26639 Title: Per node vlan limit should be changed to 2x1884 from 1884 Description: Symptom: We can configure only 1884 vlans per LC, supported L2/L3 vpn scale can not be achieved due to this Conditions: We can configure only 1884 vlans per LC, supported L2/L3 vpn scale can not be achieved due to this Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 01-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.16i.BASE, 5.2.4.1i.BASE Bug Id: CSCuu22102 Title: PLX-8614 showing not ready Description: Symptom: PLX-8614 showing not ready on SCSW cards Conditions: after upgrading to 5.2.4.16I Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 01-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.4.BASE, 5.2.5.11i.BASE Bug Id: CSCus31665 Title: admin config loss after hw-mod loc all reload Description: Symptom: On a Cisco NCS4000 or 6000 series router, after issuing a 'hw-module reload' command from the sysadmin mode, the latest sysadmin configuration commit may be lost. This issue seems to be relatively rare Conditions: Conditions to trigger this issue are unknown, but seem to occur relatively rarely. Workaround: When this issue is triggered, the correct sysadmin configuration has already been backed up. You will find text files containing previous sysadmin backup files by performing the following commands: 1. Locate the desired sysadmin configuration backup file. They are organized by timestamp. (The desired one will most likely be the second most recent): sysadmin-vm:0_RP0# run Thu Jan 8 22:52:27.545 UTC [sysadmin-vm:0_RP0:~]$cd /misc/config/confd/ascii_backup/ [sysadmin-vm:0_RP0:/misc/config/confd/ascii_backup]$ls *cfg confd_config_backup_20150108225813.cfg confd_config_backup_20150109002852.cfg confd_config_backup_20150108225820.cfg confd_config_backup_20150109003646.cfg 2. Load the config file: [sysadmin-vm:0_RP0:~]$/opt/cisco/calvados/script/confd_manual_restore.sh Will restore config from ascii config file "confd_config_backup_20150109003646.cfg" Restored configuration from "confd_config_backup_20150109003646.cfg" successfully [sysadmin-vm:0_RP0:~]$ 3. Exit the shell, and confirm that the proper configuration has been loaded. The 'Commit performed' message displayed in this example may or may not be shown. [sysadmin-vm:0_RP0:~]$exit exit sysadmin-vm:0_RP0# System message at 2015-01-09 00:41:26... Commit performed by root via console using noaaa. sysadmin-vm:0_RP0# show running-config Fri Jan 9 00:41:33.617 UTC fpd auto-upgrade disable aaa authentication users user root .... Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 01-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.BASE, 5.2.5.11i.BASE Bug Id: CSCuj74595 Title: NGN:LDP and BGP flaps seen on oversubscribe non-qos 10G port on linkwood Description: Symptom: LDP and BGP flaps are seen Conditions: No qos is applied on the interface and the interface on linkwood is oversubscribed with traffic Workaround: Apply a qos policy with prec6 packets getting guaranteed bandwidth Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 02-JUN-2015 Known Affected Releases: 5.0.0.ADMIN, 5.0.0.BASE, 5.1.1.LC Known Fixed Releases: 5.0.1.5i.BASE, 5.0.1.6i.BASE, 5.1.1.18i.BASE, 5.1.11.13i.BASE, 5.1.2.9i.BASE, 5.2.0.28i.BASE, 5.2.1.1i.BASE, 5.2.2.6i.BASE Bug Id: CSCuu41932 Title: 525 NCS6K:BLB sessions on non-bundle LC stuck in INIT. Label not pgmed. Description: Symptom: All BLB sessions hosted on one of the LCs ; which has no members part of the bundle; are stuck in INIT state. On debugging by BFD PD DE team & L3FIB DE team; it is learnt that MPLS label programming for the sessions is not correctly done. This is confirmed by looking at the mpls label forwarding output of an affected BLB session. Conditions: Hosting LC shouldn't have any members of the bundle Workaround: Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 03-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: Bug Id: CSCut77956 Title: ISSU-AD: MGBL-AAAD-3-ERROR : Failed to setup ConfD subscriptions, err=-1 Description: Symptom: During ISSU upgrade (or) AAAD process restart, the following error-trace is displayed, %MGBL-AAAD-3-ERROR : Failed to setup ConfD subscriptions, err=-1 Conditions: On NCS6K/NCS4K, ISSU upgrade (or) process restart of AAAD. Workaround: NONE Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 03-JUN-2015 Known Affected Releases: 5.2.4.ADMIN, 5.2.4.BASE Known Fixed Releases: 5.2.4.15i.BASE, 5.2.5.8i.BASE Bug Id: CSCuu37545 Title: Rib and bcdl processes shut down on standby after reinserting RP Description: Symptom: process shutdown on standby after re-inserting RP Conditions: RP physical OIR and then insertion Workaround: Reload standby RP XR VM Further Problem Description: Here we see that DS service running on standby RP is learning about the endpoints from other nodes little late. Processes look for service end points and exit when they do not get them from DS. They repeat this on respawn and eventually go to shutdown state. Status: Fixed Severity: 2 Severe Last Modified: 04-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.12i.BASE Bug Id: CSCus49127 Title: RP1 is struck at grub - grub.cfg was modified during the smu activation Description: Symptom: RP1 is struck at grub - grub.cfg was modified during the smu activation. Grub.cfg file in host boot partition is not right. search.fs_label ?5].? roo In above line fs_label is set to some junk. Conditions: The trigger was calvados issu. 20% reproducible Lets say there was a reload after 1st phase in Calvados ISSU, nodes went through 1st phase may face this issue. Workaround: No Workaround. Recovery: need to re-image the chassis. Further Problem Description: There was a bug setting Host LV Label while creating backup partition during Host SMU/Host ISO upgrade. Status: Fixed Severity: 2 Severe Last Modified: 04-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.9i.BASE, 5.2.5.1i.BASE, 5.2.5.4i.BASE Bug Id: CSCus50217 Title: panini issu: ppe dump after issu run phase Description: Symptom: you may see ppe dump after issu run phase on release 5.2.3 on platform NCS6K. Conditions: ISSU run phase Workaround: n/a Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 04-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.BASE, 5.2.4.3i.BASE Bug Id: CSCuu57969 Title: GMPLS-TE src not set - OLM reg. failure as olm_api has LWM problem Description: Symptom: when enabling GMPLS-TE, we require LMP on the interface to be UP. When LMP is configured on the DWDM interface, the client on Active-RP is trying to connect with server on Stand-BY-RP. This client-server registration is failing, resulting in LMP being down, further GMPLS-TE is down as a result. Conditions: this issue only occurs in Panini platform. does not occur on ASR. CRS is not tested for this. Occurs only if there are Both Active and stand-by RP. Workaround: shut-down te_control and ucp_olm processes on Stand-BY RP. This will impact redundancy. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: 5.2.5.BASE, 5.3.1.CE, 6.0.0.MPLS Known Fixed Releases: Bug Id: CSCur22068 Title: interfaces are not coming up after applying breakout config on 523.8i Description: Symptom: interfaces are not coming up after applying breakout config on 523.8i Conditions: interfaces are not coming up after applying breakout config on 523.8i Workaround: LC OIR Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.9i.BASE, 5.2.4.6i.BASE Bug Id: CSCur99206 Title: PAT LC 523.12I boot time is 4.5 min slower than 10J Description: Symptom: PAT LC boot time is slower in 5.2.3.12I comparing with 5.2.3.10J Conditions: 1 PAT LC and 2M BGP routes are scaled Workaround: Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.15i.BASE, 5.2.4.1i.BASE Bug Id: CSCur29800 Title: Continuous fia_driver link error messages from LC5 after routing on Description: Symptom: Continuous fia_driver link error messages from LC5 after routing on Conditions: Continuous fia_driver link error messages from LC5 after routing on Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 08-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.12i.BASE, 5.2.4.1i.BASE, 5.2.4.6i.BASE Bug Id: CSCuu66506 Title: LC XR VMs on LCC0 in shutoff state after 0/RP0 OIR and 0/RP1 reload Description: Symptom: The LC XR VMs on the rack where OIR happens are in shutoff state. All the other XR VMs are running. Conditions: After active RP OIR, if standby RP also reloaded for some other issue, there's a chance to hit this issue. Workaround: Users can just start the shutoff LC XR VMs by SDR command. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 11-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCuu33822 Title: NPU-1: Failed to get pla drops stats in npu_platform_stats_get_plim Description: Symptom: An NPU may fail to get pla drops stats in npu_platform_stats_get_plim after a line card is reloaded as shown by the following error messages: LC/0/5/CPU0:May 13 22:01:36.832 : npu_driver[270]: %L2-NPU-6-INFO_MSG : NPU-1: Failed to get pla drops stats in npu_platform _stats_get_plim LC/0/5/CPU0:May 13 22:02:41.730 : sysdb_svr_local[214]: %SYSDB-SYSDB-6-TIMEOUT_EDM : EDM request for 'oper/plim-asic-drv/node/500/summary' from 'plim_ether_show' (jid 67901, node 0/5/CPU0). No response from 'npu_driver' (jid 270, node 0/5/CPU0) wit hin the timeout period (100 seconds) Conditions: This issue is seen on a NCS6K router booted with Cisco IOS XR version 5.2.5-08i. Workaround: Unknown Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 11-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCus71815 Title: Calvados VM is stuck in Factory Mode-sysadmin-vm prompt Description: Symptom: In the sysadmin mode of an NCS 6000 or NCS 4000 system, the prompt may be displayed as "Factory Mode-sysadmin", some commands may not be available (show version and show platform may be impacted), and the Route Processor (RP) may reload. The system may prompt for initial root-user creation, but no configurations should be lost. Conditions: This issue is triggered by a downgrade from 5.2.3/5.2.1 to 5.0.1. Workaround: A router reload may resolve the issues. If not, a re-image may be needed. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 12-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.9i.BASE, 5.2.5.4i.BASE Bug Id: CSCus23276 Title: System Upgrade from 5.2.1 to 5.2.3.12I fails with node reloads Description: Symptom:During NCS 6008 SW upgrades from IOS XR versions 5.0.1 or 5.2.1 to 5.2.3 or 5.2.4, the router may reload and revert back to the 5.0.1 or 5.2.1 committed version Conditions:When attempting a Software Upgrade on an NCS 6008. Specifically from versions 5.0.1 or 5.2.1, specifically to versions 5.2.3 or 5.2.4. That is a 5.0.1 to either 5.2.3 or 5.2.4 SW upgrade or A 5.2.1 to either a 5.2.3 or 5.2.4 SW upgrade Workaround:Install the CSCus23276 SMU for the IOS XR Release 5.0.1 or 5.2.1, before attempting to upgrade to either 5.2.3 or 5.2.4 The 5.0.1 SMU is AA09359 The 5.2.1 SMU is AA09360 More Info:-This is a Host SMU -Note that the latest Host SMU supersedes any previously installed Host SMU's -Note that a "hw-module location all reload" via sysadmin after this host SMU activation, is required unless it automatically reloads -Note DO NOT issue an "install commit" before the reload, but rather wait for the reload after the Host SMU is installed, and then issue an "install commit" after the reload from the Host SMU activation -Follow the detailed instructions in the Cisco.com IOS XR Upgrade guides when planning for IOS XR SW Upgrades http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html Status: Fixed Severity: 2 Severe Last Modified: 12-JUN-2015 Known Affected Releases: 5.2.3.BASE, 5.2.3.LC Known Fixed Releases: Bug Id: CSCur32861 Title: rpm installation failure observed during prepare of 9C Description: Symptom: install prepare/activate from 8I to 9C abort Conditions: while doing System upgrade operatoin from 8I to 9C Workaround: n/A Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 12-JUN-2015 Known Affected Releases: 5.2.1.BASE Known Fixed Releases: Bug Id: CSCus76458 Title: after 5.2.3 -> 5.0.1 downgrade, next upgrade from 5.0.1 fails Description: Symptom: "INFRA-INSTAGENT-2-SELF_TEST_FAILURE" and Continuous LC reload on performing downgrade to 5.0.1 followed by an upgrade to 5.2.X Conditions: Happens when a downgrade from 5.2.x to 5.0.1 is followed by an upgrade from 5.0.1 to 5.2.x Workaround: Remove the following files from ALL RPs only when the router is on IOS-XR release 5.0.1 (when the downgrade to 5.0.1 from 5.2.x has been completed): admin sysadmin-vm:0_RP0#run [sysadmin-vm:0_RP0:~]$ cd /install_repo/gl/instdb [sysadmin-vm:0_RP0:/install_repo/gl/instdb]$ rm ?f clos-master-swprofile-active.bin [sysadmin-vm:0_RP0:/install_repo/gl/instdb]$ rm ?f clos-master-swprofile-active.txt [sysadmin-vm:0_RP0:/install_repo/gl/instdb]$ rm ?f clos-master-swprofile-committed.bin [sysadmin-vm:0_RP0:/install_repo/gl/instdb]$ rm ?f clos-master-swprofile-committed.txt Also, if access to the SysAdmin-VM is not possible from the XR-VM, please apply the following work-around on BOTH RPs (in the XR-VM): run [xr-vm_node0_RP0_CPU0:/]$ chmod 700 /opt/cisco/XR/packages/iosxr-os.rp-5.0.1/sbin/admin-cli-proxy-xr_static [xr-vm_node0_RP0_CPU0:/]$ chmod 700 /opt/cisco/XR/packages/iosxr-os.rp-5.0.1/sbin/confd_cli More Info: Status: Fixed Severity: 2 Severe Last Modified: 12-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: Bug Id: CSCuu83584 Title: NCS6K MultiChassis reloads unexpectedly via INFRA-INSTMGR-SW_RESYNC_END Description: Symptom: An NCS 6008 MultiChassis System may unexpectedly reload. Conditions: This may happen when using IOS XR version 5.2.4 and the install manager process has determined the software is out of sync Workaround: There is no workaround at this time. The NCS 6008 router will resume normal operations after the router reload. Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 13-JUN-2015 Known Affected Releases: 5.2.4.ADMIN Known Fixed Releases: Bug Id: CSCut72458 Title: Device GN2411 Not_Ready on 60x10gig NCS6000 Description: Symptom: GN2411 on 60x10gig module for NCS6k not loading. Status is "NOT_READY", ports on slice not forwarding. Conditions: Operate Workaround: Possible restart CCC_Driver Further Problem Description: none Status: Fixed Severity: 2 Severe Last Modified: 15-JUN-2015 Known Affected Releases: 5.2.1.CE Known Fixed Releases: 5.2.4.15i.BASE, 5.2.5.8i.BASE Bug Id: CSCut83406 Title: Continuous PPE exception dump due to num_entries=0 in XR ISSU run phase Description: Symptom: Continuous ppe exception dumps will occur during the ISSU run phase, the ISSU process may be aborted. Conditions: Configure and schedule an ipsla operation. While the operation is active do ISSU. Workaround: Remove the ipsla config before doing ISSU. After ISSU the user can reconfigure ipsla. Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 15-JUN-2015 Known Affected Releases: 6.0.0.BASE Known Fixed Releases: Bug Id: CSCuu85265 Title: Interfaces vanished from LC3 after removing breakout config Description: Symptom: 100G interfaces will not get created after removing breakout config due to bundlemgr_ea spinning at 100% on different LC Conditions: 100G interfaces will not get created after removing breakout config due to bundlemgr_ea spinning at 100% on different LC Workaround: Reload LC Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 16-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: Bug Id: CSCus50433 Title: MC: Need a fix that addresses both CSCty02554 and a config loss issue Description: Symptom: MgmtEth intf configs lost after RPFO on a NCS6K 2+2 Multi-chassis system. Conditions: Perform RPFO on LCC Rack0 with redundant RPs on a NCS6K 2+2 Multi-chassis system. Workaround: Unknown Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.3.2.10i.BASE Bug Id: CSCuu84038 Title: BFD Continuously flapping after Process Restart Description: Symptom: BFD continuously flapping causing bundles flap and traffic to drop Conditions: Process restart bfd Workaround: Restart lpts_pa process Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuq25106 Title: after slice_mgr_proxy crash, slices does not recover Description: Symptom: This DDTS address two issues, Issue 1: slice_mgr_proxy is restarted prior to slices are up, then the slices will not come up. Issue 2: (display issue )show platform slices output shows 'Oper' state as 'unknown' for all the slices of a LC, even though the slices are initialized and interfaces are created Conditions: For issue 1.when slices are not up, and slice mgr proxy is restarted, we might get into a state where slice mgr proxy will not power up the slices after restart. For Issue 2: shelf_mgr restart on the respective LC. Workaround: For issue 1: Reload the respective linecard from the XR prompt, or admin prompt. For issue 2: Restart the slice_manager process in the corresponding LC. Further Problem Description: For issue 1: slice mgr proxy does not crash or restart under normal scenarios. If slices are powered up, slice mgr proxy restart (e.g. SMU installation) is fine. If slices are not yet powered, and slice mgr proxy got restarted, then slices will not get powered up. Status: Fixed Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.1.BASE Known Fixed Releases: 5.2.3.9i.BASE, 5.2.4.6i.BASE, 5.3.1.6i.BASE Bug Id: CSCut09462 Title: MC: "error: file `/cache/system_image.iso' not found" after loading img Description: Symptom:Whenever SW mismatch happens( No.of SMU installed on Active Vs Local Node or version mismatches), then reimage of node is done install Manager. This is broken now. It will be struck at the grub(boot) menu after automatic reload. Reason for the break: When ISSU feature was added in 523, symbolic link files are introduced in install repository. Then while synchronising the install repo, symlinks and actual file pointed by symlinks were synchornised separately. This lead to download only symlink instead of actual image file while reimaging. Conditions:Whenever SW mismatch happens( No.of SMU installed on Active Vs Local Node or version mismatches), then reimage of node is done install Manager. Conditions of sw mismatch: When install operation is going on if some node is reloaded, then that will not complete install op. When it comes up, sw mismatch happens and reimage itself. Other condition is OIR. If user plug card with different sw version installed, then sw mismatch happens. Workaround:USB booting the card is only option. More Info:Actual problem is, during reimage it is downloading only symbolic link. But the image pointed by symbolic link is not getting downloaded. This DDTS/SMU will fix the issue. Status: Fixed Severity: 1 Catastrophic Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.4.14i.BASE, 5.2.5.5i.BASE, 5.2.5.8i.BASE Bug Id: CSCus59734 Title: HSAT-CAL-ISSU: Sysadmin ISSU failed due to Timeout happened during ISSU Description: Symptom: After Calvados ISSU started, it failed with below error: Apr 20 09:58:29 Timeout happened during ISSU operation. Reload system to recover Conditions: Seen after Calvados ISSU is started. Seen once so far Workaround: None Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: Bug Id: CSCus39152 Title: panini issu: managment intf config failed during issu Description: Symptom: you may see management intf config failed during issu load phase on release 5.2.3 on platform NCS6K. Conditions: issu load phase Workaround: n/a Further Problem Description: Status: Other Severity: 2 Severe Last Modified: 17-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: Bug Id: CSCur37330 Title: After 208.5 days uptime the kernel TSC 64bit counter overruns Description: Symptom: RP or LC reloads due to hardware wdog timeout. Conditions: Uptime of 208.5+ days Workaround: Reload RPs/LCs before the uptime of 208.5 days has been reached. Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 18-JUN-2015 Known Affected Releases: 5.0.1.BASE, 5.2.1.BASE Known Fixed Releases: 5.2.3.99i.BASE Bug Id: CSCus95955 Title: VSAT: ospf nbr down in Load Ph- Forwording interface failed to change bk Description: Symptom: ospf neighbors were down during ISSU Load Phase in VSAT ISSU sanity testing. Conditions: Executed "install activate issu load" command. Workaround: Unknown. Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 21-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuq99260 Title: NCS6K: MPP/LPTS Erroneously Allows SNMP Queries on Inband Interfaces Description: Symptom: NCS6K MPP/LPTS is allowing snmp queries on inband interfaces without associated MPP configuration to allow such queries (from any IP, on any inband interface). Conditions: No known trigger. Workaround: Unknown If inband SNMP polling is required, apply MPP SNMP peer configuration for inband interfaces to limit from which source IP's queries will be allowed. Can also configure ACL for snmp-server. Further Problem Description: Restart snmpd process to recover from failed state. Status: Open Severity: 2 Severe Last Modified: 21-JUN-2015 Known Affected Releases: 5.2.1.CE Known Fixed Releases: Bug Id: CSCuu17173 Title: 5.2.5 NCS6K- RP Switchover back to back - BLB - FgidMgr Behaviour issue Description: Symptom: Have 2 Rps . Running BLB sessions with 150 * 3 timer . Perform Redundancy Switchover in RP0, RP1 becomes active. BLB sessions is fine . Now perform Redundancy Switchover on RP1 (before 5min) ,RP0 becomes active. We see the BLB sessions going down because of the failure in fgidmgr in client resync request. Conditions: Redundancy switchover on XR RP Workaround: N/A Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 21-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.1i.BASE Bug Id: CSCuu89358 Title: Slice status is UP/UP when slice is down - cosmetic NCS6K Description: Symptom: A slice on an NCS 6008 may not come UP after a reload of the NCS 6008 router Conditions: This happens on a system reload from the Sysadmin VM on an NCS 6008 router running 5.2.4 Workaround: There is no workaround at this time Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCus27229 Title: December 2014 - NTPd.org Vulnerabilities Description: Symptom: IOS-XR for Cisco Network Convergence System (NCS) 6000 includes a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296 This bug has been opened to address the potential impact on this product. Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information. Conditions: ntp enabled on the device. Workaround: Use NTP access-groups Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 22-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.4.6i.BASE Bug Id: CSCuq31566 Title: telnetd crash when receiving malformed telnet packet Description: Symptoms: A vulnerability in telnetd process of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the affected service. The vulnerability is due to improper processing of malformed telnet packet directed to a device configured to process such packets to itself. An attacker could exploit this vulnerability by sending a malformed telnet packet to a device that is configured to accept telnet connections to itself and process them for remote management. An exploit could allow the attacker to cause a reload of the affected service. Conditions: Cisco IOS XR device is configured to accept telnet connections for remote management. Workaround: None. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C CVE ID CVE-2015-0776 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 5.0.1.BASE Known Fixed Releases: 5.3.1.10i.FWDG Bug Id: CSCus31214 Title: RP0 went to Failed unexpected CPU down : MERR CAT_ERR" in OCU Description: Symptom: During the RP0 admin vm reload in calvados ISSU, the hardware state of RP0 went to FAILED because of "unexpected CPU down event: failure detected: MERR CAT_ERR". Then RP0 stuck at host in booting. Conditions: hit this issue only once during Calvados ISSU. Workaround: No Workaround. Recovery: No router reload to reco Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 5.2.3.BASE, 5.2.5.ADMIN Known Fixed Releases: Bug Id: CSCuu09679 Title: Config restore takes 11 mins to come up on PAT card Description: Boot time of Pat LC is increased due to this issue (upto 7 minutes seen in testing). The DDTS fix will restore the Boot time for Pat LC to 5.2.3 numbers. Symptom: Boot time was increased for Pat LC. EPM traces and other logs indicate that Config restore on the LC is taking upto 11 minutes. Conditions: The issue is seen on reload of the LC and power-cycle of router. Workaround: None Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 23-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuu11986 Title: Some of the nodes missing in the entPhysicalName output on A41 Description: Symptom: Some of the nodes missing in the entPhysicalName output on A41 Node missing in entity mib. Bogus entities in admin "show inventory". Conditions: No specific trigger Workaround: N/A, need to install a reload smu Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.4.BASE, 5.2.5.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCut94388 Title: TLU entry has invalid TLU_ID drop for 6VPE traffic after RP FO Description: Symptom: l3vpn traffic dropped transiently on egress PSE as TLU entry has invalid TLU_ID Conditions: The triggers are proc restart of ipv4_rib or ipv6_rib, RP FO. 100% reproducible from 5.2.4 13I on my testbed Workaround: no Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCus69517 Title: Evaluation of glibc GHOST vulnerability - CVE-2015-0235 Description: Symptom: IOS-XR for Cisco Network Convergence System (NCS) 6000 includes a version of the GU C library that is affected by the following vulnerability. On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235. A Cisco Security Advisory has been published to document this vulnerability at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent. Workaround: Not available. Further Problem Description: No specific exploitation vector for NCS6K is known. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.4.BASE, 5.4.0.BASE Known Fixed Releases: 5.2.4.1i.MCAST Bug Id: CSCuu76809 Title: SysDB was unable to save a configuration file 5.2.4 to 5.2.1 on NCS6k Description: Symptom: On trying to configure an NCS 6008 router, a config inconsistency message is seen and the configuration can not be committed. Issuing a "clear config inconsistency" doesn't help. Conditions: When downgrading software on an NCS 6008 router from IOS XR version 5.2.4 to 5.2.1 Workaround: Reload the xr vm. Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCut77471 Title: APRIL 2015 NTPd Vulnerabilities Description: Symptom: This product includes a version of ntpd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2015-1798 and CVE-2015-1799 This bug has been opened to address the potential impact on this product. Conditions: Device has NTP authentication enabled and/or has NTP authentication enabled with peers: ntp authenticate ntp authentication-key 1234 md5 104D000A0618 7 ntp trusted-key 1234 ntp peer 192.168.0.1 key 1 Workaround: There are no workarounds. Further Problem Description: ETA - The fix will be committed to code base by 4/20/2015. Then SMU release request can be raised to start SMU release procedure. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.0/4.3 https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: Bug Id: CSCup27504 Title: TCP crash @ socket_async_evm_id2session Description: Symptom: TCP Crash Conditions: Process restart TCP Workaround: None Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.1.BASE, 5.2.1.ROUT Known Fixed Releases: Bug Id: CSCur02177 Title: Bash Vulnerability - (CVE-2014-6271) Description: Symptom: The following Cisco products NCS6k include a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 This bug has been opened to address the potential impact on this product. Conditions: Exposure is not configuration dependent. Authentication is required to exploit this vulnerability. Workaround: Not available. Further Problem Description: Product is vulnerable in 5.0.0, 5.0.1, 5.2.1. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 24-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.17i.BASE Bug Id: CSCus64833 Title: please remove 1 minute timer in the PD mcast mrib code Description: Symptom: you may see 1 minute timer in the PD mcast mrib code on release 5.2.3 on platform NCS6K. Conditions: ISSU Workaround: n/a Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 25-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: Bug Id: CSCuu97666 Title: AA09999 SMU Fix is not taking effect if SMU Activated as ISSU Description: Symptom: AA09999 Fix not working if activated as ISSU Conditions: SMU Activation with ISSU Option Workaround: A. Install AA09999 with "install activate issu " B. Wait till package activated on each RP, by checking "show install active" in sys-admin VM. C. For each rack, in sys-admin VM, please run following commands. 1. "show processes services rm active location all" to retrieve location(s) where "rm" services are active. 2. "show processes services rm standby location all" to retrieve location(s) where "rm" services are standby. 3. "process mandatory shelf_mgr location " 4. "process shutdown shelf_mgr location " 5. "process restart shelf_mgr location " 6. "process start shelf_mgr location " 7. "process mandatory shelf_mgr location " Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 5.2.2.BASE Known Fixed Releases: Bug Id: CSCuu97606 Title: Switch port auto tune failure on an NCS 6008 Multichassis router Description: Symptom: The following alarms may be found on an NCS 6008 Multichassis router via the "show alarms brief" output from the Sysadmin VM. Conditions: This may happen on an NCS 6008 Multichassis router that is using the combination Shelf Controller switch cards when running IOS XR software version 5.2.4 Workaround: There is no workaround at this time Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuu10990 Title: NGN:lldp subinterfaces enable config rejected on NCS6K 5.2.4.12i Description: Symptom: "lldp subinterfaces enable" config commit fails in global config mode. This cli is supposed to enabled lldp for sub-interfaces in 5.2.4. Conditions: "lldp subinterfaces enabled" config tried on NCS6K 5.2.4.12i Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.9i.FWDG Bug Id: CSCut96231 Title: MC: xr vm IP conflict caused by sync issue between sysadmin and hushd Description: Symptom: RP xr vm's had IP conflict caused by synchronization/communication issue between sysadmin and hushd after loading image with reimage_chassis command. on a NCS6K 2+2 Multi-chassis system. Conditions: Loaded image with reimage_chassis command on a NCS6K 2+2 Multi-chassis system. Workaround: Unknown. Further Problem Description: Status: Terminated Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuu14963 Title: NCS6k - hardware interrupt reset all FC upon LC insertion or Plane shut Description: Symptom: SFE devices hard reset due to IfmafoPint interrupt. sfe_driver[2575]: %PLATFORM-CIH-2-ASIC_ERROR_HARD_RESET : sfe[24]: An oor-thresh-err error has occurred causing packet drop transient. ECI.Interrupt_Register.DCH_<0-3>.Interrupt_Register.IfmafoPInt Threshold has been exceeded Conditions: It can happen in the following scenarios -) Reload/Insertion of linecard with traffic -) Shutdown of fabric plane. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 26-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.5.14i.BASE Bug Id: CSCuu58694 Title: show commands not working after router reload [RT 19037] Description: Symptom: In sysadmin mode of a Cisco NCS 6000 or 4000 system, some node(s) may be missing from ? completion in CLI commands, despite the node(s) being up and running. Conditions: This can be triggered by internode network connectivity issues. The CLI commands may be missing nodes even after the internode network connectivity issue resolves itself. Workaround: Reloading the missing sysadmin VM (if possible) will recover the system. Restarting the active instance of confd_helper will also recover the system: 1. Restarting admin VM of missing node(s): sysadmin-vm:0_RP1# reload admin location X/YZ 2. Restarting active confd_helper process: sysadmin-vm:0_RP1# show processes services confd_helper run location all Fri Jun 26 02:13:32.823 UTC ---------------------------------------------------------------------- node: X/YZ ---------------------------------------------------------------------- Service: confd_helper Host Process(IID) ARGS: confd_helper(0) -t token -v -d -w 400 -b 30 -p 600 -r 10 -f 10 Scope: SYSTEM Redundancy: Y Selected: Y Last started: 06/26/2015 02:01:07.000 HA-Role: ACTIVE State: Run Last Ready Time: 677s sysadmin-vm:0_RP1# process restart confd_helper location X/YZ Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 27-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuv05956 Title: /misc/disk1 mount point is getting removed on image upgrade/downgrade Description: Symptom: /misc/disk1 mount point is getting removed on image upgrade/downgrade Conditions: on image upgrade/downgrade Workaround: none Further Problem Description: /misc/disk1 mount point is getting removed on image upgrade/downgrade Status: Open Severity: 2 Severe Last Modified: 27-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: Bug Id: CSCur81426 Title: panini issu: BOB flapped once after run phase due to npu_driver Description: Symptom:you may see BFD over Bundle flapped once during ISSU run phase on release 5.2.3 on platform NCS6K. Conditions:scale bundle and ISSU run phase Workaround:recovered automatically Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.13i.BASE, 5.2.4.1i.BASE, 5.3.1.12i.BASE, 5.3.1.12i.FWDG, 6.0.0.5i.BASE Bug Id: CSCuu20902 Title: npu_driver failed to init NPU0 after reset followed by slice_mgr restart Description: Symptom: The npu_driver process failed to initialize ASIC after Power-On reset: LC/0/5/CPU0:May 5 22:09:03.020 : npu_driver[270]: %L2-NPU-4-COLD_RESET_FAILED : NPU0: Failed to initialize ASIC after Power-On reset : npu_driver : (PID=9239) : -Traceback= 7fdbbfc670a9 7fdbd25129bc Conditions: This is seen on a NCS6K router booted with Cisco IOS XR version 5.2.5-08i. Workaround: NA Further Problem Description: Refer root cause in PRRQ. Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.11i.BASE, 6.0.0.5i.BASE Bug Id: CSCus15990 Title: FC cards in UNKNOWN/POWERED_ON state after reload Description: Symptom: NCS6K FC shown as UNKNOWN card type and in HW POWERED_ON state Conditions: Problem seen with "reload rack" or "hw-module location all reload" commands. Workaround: Use "hw-module location reload" command on each FC that has this problem. This will take the FC CCC out of the I2C bus lock state and recover from the problem. Further Problem Description: The problem is caused by CXP I2C access on FC causing I2C bus to hang. This bus hang condition can cause CCC FPGA to stop processing any additional I2C transaction, thus causing the the IDPROM read operation to fail. Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.17i.BASE, 5.2.4.3i.BASE, 6.0.0.5i.BASE Bug Id: CSCus77973 Title: NCS6K HA Fabric Lost Packets with 5 planes Description: ---Start of Note Titled: Release-note--- Symptom: In a multi-chassis router with one of the fabric planes shut down, line-rate traffic with small packets (256Bytes) suffers packet loss to the tune of 5% when one or more FIA devices have a reachability of less than 5 planes (30 links). Conditions: When all the links in the fabric are up and all planes are up, this setting will not have any adverse impact. But when a plane is down (bringing the total number of links from/to FIAs to 30) and one or more FIA devices have fewer than 30 links up towards them, the all-reachability vector on all FIAs are reduced to less than 30. In this scenario, all FIAs end up using a number of links less than 30 to arrive at the total credits. Depending on how many links are down to the affected FIA, the total credits could be much less than that needed for doing line-rate traffic. Workaround: The problem only shows up when one or more FIA devices are not reachable on all fabric links. Such links must be identified and fixed (by replacing the failing FRUs). If, for some reason that is not possible, then the incorrect option that is causing the problem can be manually removed from /pkg/bin/cisco_ng.bcm on the XR VMs of all linecards in the system. The procedure is : (For each linecard in the system) 1) Attach to the linecard from the XR VM's command prompt. attach location 0/0/CPU0 2) Open /pkg/bin/cisco_ng.bcm in vi and search for the following line and remove it. scheduler_fabric_links_adaptation_enable=1 3) Save the file and sync. 4) Reload the router after modifying all the linecards' cisco_ng.bcm Further Problem Description: ---End of Note Titled: Release-note--- Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.4.FWDG Known Fixed Releases: 5.2.4.9i.BASE, 5.2.5.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCur77689 Title: CCC declaring card as Failed when ublaze has "cpu hog like" condition Description: Symptom: Cards can wrongly being reported with HW FAILED event and causing card not becoming OPERATIONAL. Conditions: CCC declaring card as having HW FAILED when CCC internal MicroBlaze processor has "cpu hog like" condition. This condition is sign of processor being busy but not an indication of HW failure. Workaround: None. Once card is moved to HW FAILED state, to recover from this, user has to reload the card with "hw-module location reload" command. Further Problem Description: This event is very rare, for this to happen, another watchdog timeout has to be happening at the same time for CCC driver to actually detect MicroBlaze CPU watchdog stage-1 timeout. Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.0.BASE Known Fixed Releases: 5.2.3.13i.BASE, 5.2.4.1i.BASE, 5.2.4.6i.BASE, 6.0.0.5i.BASE Bug Id: CSCuh72986 Title: A possible timing condition PON and zarlink/OTP workarouund Description: Symptom: Line card interfaces may not be created and slice-mgr process throws out initialization errors on certain line cards Conditions: Some Line cards that are Cisco prototype for internal uses, have, Zarlink device version < H, that has this HW defect, wherein device loses its configration over time. Workaround: Need to take the board to the lab for rework This is NOT applicable to FCS and also not applicable to production boards Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.0.1.BASE, 5.2.1.BASE Known Fixed Releases: 5.2.3.3i.BASE, 5.2.4.6i.BASE, 5.3.1.6i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu44451 Title: fabric bundle links flap or stay down upon CXP OIR Description: Symptom: on 4+2 system with 5.2.4.16I, observed fabric bundle links flap or stay down upon CXP OIR. Conditions: cxp OIR Workaround: n/a Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 28-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.11i.BASE, 6.0.0.5i.BASE Bug Id: CSCur22606 Title: interfaces are not getting created on few slices with breakout config Description: Symptom: interfaces will not be created from few slices after applying the breakout config Conditions: interfaces will not be created from few slices after applying the breakout config Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.12i.BASE, 5.2.4.1i.BASE, 5.3.1.19i.BASE, 6.0.0.5i.BASE Bug Id: CSCus08716 Title: NPU driver setting for CDR value optimization for 10x10 LR Description: Symptom: 10 Gig link flap on 10x10 LR connection Conditions: 100 GE CPAK interface splitted into 10x10 GE interface connected to patch panel and then to carrier demark. Workaround: None Further Problem Description: Status: Fixed Severity: 1 Catastrophic Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.1.CE Known Fixed Releases: 5.2.3.14i.BASE, 5.2.4.1i.BASE, 5.3.1.23i.BASE, 5.3.2.3i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu87600 Title: Admin sh techs and node attach failing due to IP Address not synced Description: Symptom: Admin sh techs will fail due to IP Address not synced followed by router reload Conditions: Admin sh techs will fail due to IP Address not synced followed by router reload Workaround: none Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.5.ADMIN Known Fixed Releases: Bug Id: CSCur09447 Title: Cinetd services not clearing vty sessions causing telnet to fail Description: Symptom: User not able to telnet to router. Conditions: User not able to telnet to router once allowable max sessions of telnetd is initiated and then closed the telnet session cinetd process is not clearning the counters when telnetd process getting terminated/telnetd session ends. [523 on panini platform] Workaround: None [Proc restart of cinetd]. It is applicable to 523 on panini platform Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.10i.BASE, 5.3.1.6i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu76954 Title: Fabric plane going down after Calvados OCU. Description: Symptom: After Calvados OCU the fabric plane goes down or multicast down. Conditions: This conditions occur on the Panini MC system. Workaround: None Further Problem Description: Reproduction of the bug : 100% Status: Open Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.5.ADMIN, 5.2.5.BASE Known Fixed Releases: Bug Id: CSCuq18554 Title: atomic_set_value and atomic_clr_value are not working on panini Description: Symptom: atomic_set_value and atomic_clr_value are not working Conditions: When two threads try to do atomic_set_value and atomic_clr_value on the same shared data Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.1.BASE Known Fixed Releases: 5.2.3.6i.BASE, 5.3.1.6i.BASE, 6.0.0.5i.BASE Bug Id: CSCuq95241 Title: IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability Description: <b>Symptom:</b> A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6 <b>Conditions:</b> Refer to the published Cisco Security Advisory <B>Workaround:</B> Refer to the published Cisco Security Advisory <B>Further Problem Description:</B> PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9: http://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C CVE ID CVE-2015-0618 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.1.BASE Known Fixed Releases: 5.2.3.9i.BASE, 5.3.1.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCur83141 Title: panini issu: ipv6_nd failed to be resolved on bundle after issu run Description: Symptom: you may see ipv6 neighbor in INCMP state on new V2 RP after ISSU load phase completed on release 5.2.3 on platform NCS6k. This is mainly seen when the peer interface flaps. Conditions: ISSU load phase with scale bundles Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.14i.FWDG, 5.2.4.1i.FWDG, 5.3.1.17i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCus63861 Title: vSAT-ISSU:Install prepare failing due to CMPAT_INSUFFICIENT_INFO error Description: Symptom: ISSU prepare phase failing Conditions: install pepare Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.BASE, 5.2.4.3i.BASE, 6.0.0.5i.BASE Bug Id: CSCus47583 Title: During OCU rvm_mgr reloaded the standby RP Description: Symptom: During calvados ISSU, standby RP keeps reset 0/RP0/ADMIN0:Jan 12 04:45:55.133 : shelf_mgr[2574]: %INFRA-SHELF_MGR-4-VM_RELOAD : Reloading admin VM on 0/RP1 0/RP0/ADMIN0:Jan 12 04:55:26.393 : shelf_mgr[2574]: %INFRA-SHELF_MGR-6-SW_EVENT : Rcvd SW event SW_EVENT_FAILURE, event_reason_str 'wdog__0 SysAdmin VM Watchdog stage1:0' for card 0/RP1 0/RP0/ADMIN0:Jan 12 05:05:37.026 : shelf_mgr[2574]: %INFRA-SHELF_MGR-6-HW_EVENT : Rcvd HW event HW_EVENT_POWERED_OFF, event_reason_str 'Powered off via CCC WARM RESET' for card 0/RP1 0/RP0/ADMIN0:Jan 12 05:05:40.774 : shelf_mgr[2574]: %INFRA-SHELF_MGR-6-HW_EVENT : Rcvd HW event HW_EVENT_POWERED_ON, event_reason_str 'board primary power-zone on' for card 0/RP1 Conditions: the trigger was calvados ISSU. 10% reproducible. Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.10i.BASE, 5.2.5.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCus54427 Title: bfd sessions stuck in down state forever after LC OIR following ISSU Description: Symptom: All v4/v6 bfd sessions stay in DOWN state Conditions: In one of the following conditions 1. Step by Step ISSU 2. All the LC OIR-one at a time OR 1. Step by Step ISSU 2. Powercycle OR 1. Step by Step ISSU 2. router reload Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.6i.BASE, 6.0.0.5i.BASE Bug Id: CSCuq60102 Title: Slow memory leak on NCS6K when using MPLS-TE tunnels Description: Symptom: FIB platform programming failures indicating running out of either shared memory resources and/or hardware stats allocation failures. Conditions: Issue is seen due to a memory leak observed with allocation of output stats for TE tunnels. If excessive route flaps or ldp session flaps are observed this memory leak can cause resource depletion. Workaround: No workaround exists and it would require LC VM reloads. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.3.0.CE Known Fixed Releases: 5.2.3.9i.BASE, 5.3.1.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu31827 Title: packet corruption w/PHP when L2 trailer eixists in packet Description: Symptoms: Packets dropped on ultimate hop pop (UHP) node on ingress with ''IPV4 checksum errors'', where NCS6k is acting as PHP node and running 5.2.3 version image. Packet captures on UHP ingress show corrupted UDP header. Conditions: Problem is seen in an inter-op scenario when all the the below conditions meet: - incoming MPLS packet is trailed with extra bytes on an NCS6k node - that is running 5.2.3 or a newer version image and - acting as PHP node for the stream. These specific packets are not handled gracefully on NCS6k and get corrupted while processing. First condition is a very specific case and should not exist for ServiceProvider network. Any other data/control traffic streams, flowing through NCS6k at the same time which don't have trailing bytes...are not impacted. Problem is not seen for an IP only network. Workaround: Configure explicit-null on UHP node. Further Problem Description: When MPLS packets with trailing bytes reached NCS6k, it was not handled gracefully on 5.2.3 release which supports NHID based forwarding. In earlier release that didn't have NHID based forwarding , this case is handled gracefully. Problem is seen when all the below conditions meet: a. incoming MPLS packet is trailed with extra bytes on an NCS6k Ingress linecard b. that is running 5.2.3 or a newer version image and c. acting as PHP node for the stream. Problem Impact: a. These specific packets are not handled gracefully on NCS6k and get corrupted while processing and were dropped on the next node (UHP node). b. All other data/control streams that didn't have trailing bytes, were flowing fine. Condition a. is not likely for a production ServiceProvide network. In this case we hit upon the issue as upstream 7600 was adding extra trailing bytes to the packet. Here are some workarounds which were tried and found to be working: a. Replaced 7600 node (doing MPLS encapsulation) with ASR9K. b. Add static route on 7600 such that outgoing packet from 7600 node is unlabeled. c. Configure explicit null on UHP node such that NCS just does label swapping and will not do PHP processing. d. When image was downgraded to 5.0.1 issue was not seen as it didn't have NHID forwarding. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.9/2.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.5.11i.BASE Bug Id: CSCus91625 Title: Complete traffic drop with Rx pkt discard drops(IQM) on FIA Description: Symptom: otal traffic drop observed on a FIA with Rx pkt discard drops(IQM) error count. Sum of packets from PSE and switch shown as dropped. RP/1/RP0/CPU0:cr02.ashburn.va.ibone#sh controllers fia statistics detail instance 3 location 0/7/CPU0 Sun Feb 8 18:21:40.872 UTC FIA Statistics Rack: 0, Slot: 7, Asic instance: 3 FIA Rx (To Fabric) Statistics. ------------------------------------------------------------------------ Input Pkt counters Pkts Bytes Rx pkts from pse : 838299 173715291 <<<< Rx pkts from switch : 125894 31749373 <<<<< bcast pkts from switch : 0 mcast pkts from switch : 0 ucast pkts from switch : 125894 Rx pkts enqueued(IQM) : 15 1905 Rx pkts dequeued(IQM) : 15 1905 Rx pkts sent to fabric : 15 Cell counters: Data cells sent to fabric : 15 1905 Control cells sent to fabric : 500757232757 Drop counters: Rx burst error drops(NBI) : 0 Rx error drops(Switch) : 0 Rx error drops(pse) : 0 Rx pkt discard drops(IQM) : 963726 209341053 <<<< Pkt crc error drops(FDT) : 0 Unreachable dest cell drops : 0 Conditions: - FIA encounters a memory partity error - Currently on 5.2.1 & 5.2.3 there is no mechanism to log this parity error event and initiate a recovery mechanism. - Hence no errors would be seen in "show asic-erros" output and traffic coming in to the FIA gets completely dropped. Workaround: - Perform a manual power on reset of the FIA ASIC ( to be updated) Further Problem Description: NIL Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.1.BASE Known Fixed Releases: 5.2.4.8i.BASE, 5.2.5.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCur79587 Title: ncs6k bao_id_size increase to 2**18 Description: Symptom: FIB doesn't support full internet feed bgp attribute Conditions: internet feed bgp attributes Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.13i.BASE, 5.2.4.1i.BASE, 6.0.0.5i.BASE Bug Id: CSCui72650 Title: SFE asic stuck in SOC_INIT_ST after SFE PON/AER Description: Symptom: SFE asic is not in normal state and stuck in SOC_INIT_ST state. Conditions: Seen when the SFE goes through a PON reset multiple times or when PON happens while driver is recovering from the restart. Workaround: No known workaround. Reproducibility (%): 30% Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.0.0.BASE Known Fixed Releases: 5.0.1.6i.ADMIN, 5.0.1.6i.BASE, 5.0.1.8i.BASE, 5.2.1.1i.BASE, 5.2.2.6i.BASE, 5.2.3.15i.BASE, 5.2.4.1i.BASE, 6.0.0.5i.BASE Bug Id: CSCur69041 Title: mpls ldp neighbor is not established after ISSU Run Phase Description: Symptom: VPNv4 and VPNv6 traffic loss happens after ISSU Run Phase because mpls ldp neighbor is not established. Conditions: After ISSU Run Phase Workaround: none Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.13i.MPLS, 5.2.4.1i.MPLS, 5.3.1.15i.FWDG, 5.3.1.15i.MPLS, 6.0.0.5i.FWDG Bug Id: CSCus26559 Title: panini issu: BOB stay at down on V2 only in issu load phase Description: Symptom: you may see BOB session stay at down state on V2 in ISSU load phase on release 5.2.3 on platform NCS6K Conditions: 1. during issu load phase 2. shut/no shut BE501-515 on remote panini during load phase Workaround: n/a Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.17i.FWDG, 5.2.4.3i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCur76820 Title: panini issu: load phase struck due to ipv6_nd not ack Description: Symptom:You may see load phase stuck due to ipv6_nd not ack on release 5.2.3 on platform NCS6k. Conditions:Back-to-back ISSU Workaround:None Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.14i.FWDG, 5.2.4.1i.FWDG, 5.3.1.17i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCus40680 Title: IPv6 multicast failed to recover due to IPv6 mcast adj in deleted state Description: Symptom:IPv6 multicast traffic may fail to recover on release XR 5.2.3 on platform NCS6K after ISSU upgrade. Conditions:If a bundle interface exists in a down a state before ISSU start and if this bundle interface is brought up after load phase(eg.; by doing no shut bundle intf on remote node) Workaround:No workaround More Info:Recovery: If a bundle interface is brought up(which was in down state prior to ISSU) after load phase completion, multicast adjacency is not getting added on V2 and this multicast adjacency will not be added until interface flap happens(ex: shut & no-shut before or after run phase) again. Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.4i.FWDG, 5.3.1.20i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCur81913 Title: On bundle interface ipv6 NA is sent to multicast mac address Description: Symptom: Host unable to resolve NCS6K ipv6 address through Neighbor Discovery. Conditions: Host is a FreeBSD server running version 7.1 and it is connected to NCS6K bundle interface. Workaround: Configure static ipv6 arp entry on the FreeBSD server. Or Enable promiscuous mode on the FreeBSD server interface. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.0.1.BASE Known Fixed Releases: 5.2.3.13i.BASE, 5.2.4.1i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu89754 Title: Bundle links fromslice1 flapped while trying to bringupslices 0,2,4onLC3 Description: Symptom: Bundle links from slice1 flapped while trying to bring up slices 0,2,4 on LC3 Conditions: Bundle links from slice1 flapped while trying to bring up slices 0,2,4 on LC3 Workaround: None Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: Bug Id: CSCuu80118 Title: N6K : Backup bios flag is set wrongly after calvados ISSU Description: Symptom: Conditions: This is seen after calvados ISSU Workaround: Please contact TAC for work around Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.5.ADMIN Known Fixed Releases: Bug Id: CSCus24850 Title: panini issu: ipv6 bfd flap once during issu run phase Description: Symptom: you may see ipv6 bfd session flap once during ISSU run phase on release 5.2.3 onplatform NCS6K. Conditions: issu run phase Workaround: n/a Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.15i.FWDG, 5.2.4.1i.FWDG, 5.3.1.17i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCut69566 Title: Panini issu: RSVP crashed at debug_sync_immediate on ISSU cleanup Description: Symptom: RSVP crash seen on RP0. Conditions: This symptom is observed on a NCS6K router that is running 525 image in ISSU cleanup phase. Workaround: There is no workaround. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE, 5.2.5.BASE Known Fixed Releases: 5.2.5.9i.FWDG Bug Id: CSCuq84998 Title: ISSU - On panini, auto-rp (.40) discovery packets getting dropped Description: Symptom: ISSU - Panini auto-rp (.40) discovery packets getting dropped Conditions: ISSU - Panini auto-rp (.40) discovery packets getting dropped Workaround: NA Further Problem Description: ISSU - Panini auto-rp (.40) discovery packets getting dropped Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.1.MCAST, 5.2.3.BASE Known Fixed Releases: 5.2.3.17i.BASE, 5.3.1.4i.BASE, 6.0.0.5i.BASE Bug Id: CSCus42525 Title: panini issu: ipv6-nd is not issu ready on lc Description: Symptom: you may see ipv6_nd is not issu ready on release 5.2.3 on platform NCS6K. Conditions: ISSU load phase Workaround: n/a Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 29-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.3.FWDG, 5.2.4.3i.FWDG, 5.3.1.20i.FWDG, 6.0.0.5i.FWDG Bug Id: CSCuu29635 Title: bfd_agent crashed @ sse_uidb_rdm_read_sh_ingress sse_uidb_set_feature_r Description: Symptom: bfd_agent crashed @ sse_uidb_rdm_read_sh_ingress sse_uidb_set_feature_r Conditions: Seen on NCS-6k in Release 525 which brought BLB support and as now the mem leak is fixed , this is seen if you activate a Reload SMU which was build without checking reload flag Workaround: Build the SMU with Reload Flag but the process recovers after crashing on all LCs Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: Bug Id: CSCuu62396 Title: Install activate combination of host and reload smu is aborting from xr Description: Symptom: install operation aborts with inst_agents crashing on all nodes. Conditions: install activate of host-iso smu and calvados smu from XR. Workaround: none. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.14i.BASE Bug Id: CSCuu38177 Title: Inter-rack connectivity lost for 10 mins after router reload Description: Symptom: In a steady state 1 hour after MC fully comeup, one rack is failed: 3/RP1/ADMIN0:Jun 16 11:38:07.908 : shelf_mgr[2505]: %INFRA-SHELF_MGR-3-RACK_FAILED : Rack 2 state going to FAILED. Control plane connectivity to this rack could be unstable reported by shelf_mgr. And recovered after 5-10 min, sometimes even longer(30 min) Conditions: There are multiple triggers for this but the issue may appear after a while and not always. Following can trigger this issue: 1) SC card NT switchover 2) vlan changes 3) Extension port status changes Workaround: No workaround. Reload Chassis to recover. Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE, 5.2.5.BASE Known Fixed Releases: 5.2.5.2i.BASE Bug Id: CSCuu73793 Title: ISSU Failing due to prepare failure in API instmgr_prepare_lv Description: Symptom: ISSU aborts in prepare phase. Once this issue is hit, consistently all XR ISSU operations will fail in prepare phase with the same reason. show issu summary shows the bellow status +++++++++++ 1. show issu summary [14:31:12.963 UTC Tue Jun 09 2015] +++++++++++ Last ISSU operation completed with failure. List of ISSU phases: ------------------------------------------------------------ Phase name : Prep Phase Status : Aborted Start time : Tue Jun 9 06:47:58 2015 Complete time : N/A ------------------------------------------------------------ Phase name : Abort Phase Status : Completed Start time : Tue Jun 9 07:48:50 2015 Complete time : Tue Jun 9 07:53:51 2015 ============================================================ ISSU Failure Summary: ------------------------------------------------------------ Node Name : node0_RP0_CPU0(0x1008) Client Name : issudir(244) Error Type : ISSU_ERROR_PREP_FAILURE Error Desc : ISSU install prepare failure ============================================================ and "show issu director trace error" shows the bellow logs Jun 9 07:48:50.674 issudir/error 0/RP0/CPU0 t3513 issudir_instmgr_prepare_lv_reply_cb: Some nodes failed. Aborting ISSU Conditions: ISSU activation/deactivation Workaround: restart inst_agent in all calvados nodes. This can be done by issuing the following command from sysadmin prompt. process restart inst_agent location This command should be executed for every node in the system. Further Problem Description: This problem occurs when there are two consecutive ISSU failures with first failure is in Load phase. Failure reason is, RP1 Calvados install agent, couldn't get IP of XR VM. This IP is used to copy data partition from V1 to V2. This IP is given by Calvados manager, if we receive the IP details after install agent tries to copy partition, copy fails and ISSU operation is aborted. calvados Inst agent Logs: 2015-06-09 06:03:41.316309 Found the dest data disk /dev/vde. 2015-06-09 06:13:42.405285 instagt_check_and_copy_partition: No valid IP address found after 601 seconds2015-06-09 06:13:42.405499 instagt_hushd_attach_vol_cb_new_vm:4474 -Abort new_vm_part operation 2015-06-09 06:13:42.405544 Received activate issu done callback 2015-06-09 06:13:42.405580 instagt_hushd_attach_vol_cb_new_vm:4474-Free new_vm_part cxt in error handling 2015-06-09 06:13:42.405610 Freeing instcm ctx 0x7f46301f6fd0 'dummy' 2015-06-09 06:13:42.405789 Received node inventory info from CM 2015-06-09 06:13:42.405866 Received node info for 16 nodes 2015-06-09 06:13:42.405904 instagt_cm_handle_node_inventory_obj: IP address of local XR VM is: c0000404 2015-06-09 06:13:42.405968 Timer stopped 2015-06-09 06:13:42.406000 Set the install request status to CALV_INSTAGT_ACTI_DONE_OFFSET: 90 2015-06-09 06:13:42.406028 TMP: total sub op = 1 2015-06-09 06:13:42.406054 Updating the current percent 90 2015-06-09 06:13:42.406079 Sending activate done to inst_mgr 2015-06-09 06:13:42.406117 Sending response INSTCMD_ACTI_DONE to inst_mgr 2015-06-09 06:13:42.412849 saved impacted procs info (0) 2015-06-09 06:13:42.413627 FSM: entering state acti_done 2015-06-09 06:13:42.413669 Chkpt: starting write 2015-06-09 06:13:42.413705 Checkpointing XR operation 246 2015-06-09 06:13:42.414036 Chkpt: wrote 259 bytes to /install_repo/local/instagt_chkpt 2015-06-09 06:13:42.414087 FSM: entering state cleanup 2015-06-09 06:13:42.414121 ........Ending operation 246 (install activate)........ 2015-06-09 06:13:42.414503 Deleted inst_agent checkpoint 2015-06-09 06:13:42.419685 FSM: entering state idle 2015-06-09 06:13:42.419785 Re Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.2i.BASE Bug Id: CSCut07852 Title: [N6K] Active RP OIR is causing missing LC0 on XR-VM Description: Symptom: LC0/0 OIR notification when physical OIR'ing an RP. Conditions: Physical OIR of an RP Workaround: NA Further Problem Description: ??? When RP is being removed, we had enough time to process RP's own BOARD_REMOVAL interrupt (this is generated when short pin is disconnected from backplane): ??? When a ev_removal event is injected to the CCC state machine, it will call the following routine: /* * Called when the card is physically removed from chassis */ void ccc_csm_ev_removed_handler (struct ccc_card_fsm_dm *this) { struct ccc_card_info *card_info = this->data->card_info; ccc_handle_card_removal(card_info->presence_bit, TRUE); } ??? Because the local card presence_bit value is never initialized, it has default value of '0', which is LC0 presence bit. So basically RP removal is being wrongly reported as LC0 removal. Card removal was never meant to be handle for local card as there is no representation of presence bit for local RP. The fix for this is to skip the call of ccc_handle_card_removal() event for local card or just don't inject removal event of local card. Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.4.13i.BASE, 5.2.5.8i.BASE, 6.0.0.5i.BASE Bug Id: CSCuu35818 Title: Slice in Oper DOWN state after restart slicemgr and changing framer-mode Description: Symptom: A slice may be put in FAULT state after restarting the slice_manager process causing the slice to be stuck in Operation DOWN state. Conditions: This issue is seen on a NCS6k router booted with Cisco IOS XR version 5.2.5-08i. Workaround: None Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.2i.BASE Bug Id: CSCuu70820 Title: l2fib-mgr memory consumption at 1.46G on linecards Description: Symptom: l2fib_mgr memory usage increases gradually over time at a rate of about 1MB per hour. Conditions: The issue is seen on NCS6K routers only. The chances of seeing this issue increase as the number of line cards in the setup increases. At the moment, it has been seen on a setup with 16 line cards. The issue is seen even without any l2vpn configuration. l2fib_mgr may get into a state where this problem is seen when an l2fib_mgr process starts on any node within the router. For example, process restart, line card reload/insertion, or a SMU installation that restarts l2fib_mgr. Workaround: Restarting the l2fib_mgr process on all nodes will at least bring the process memory consumption back down. This does not guarantee that it will not get back into this state again though. Further Problem Description: Monitoring of l2fib_mgr memory usage for upward trends is recommended for the first 24 hours after l2fib_mgr is (re)started in any way. Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.1.CE Known Fixed Releases: 5.2.5.13i.FWDG, 5.3.2.13i.FWDG Bug Id: CSCuu91311 Title: Install activate a HOST SMU in XRVM shows invalid package state Description: Symptom: When installing a host SMU in the XRVM on an NCS 6008 router running 5.2.4 Conditions: This happens on an NCS 6008 router running IOS XR version 5.2.4 when installing a host SMU Workaround: Do not install a host SMU in the XRVM in 5.2.4 Further Problem Description: The install operation will fail but the host SMU will show that it's active but in the underlying software it's not active Status: Open Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuu59011 Title: NCS6k 525:Seeing NPU driver related error after slice mgr proc restart Description: Symptom:PON reset of NPU asic followed by hard reset cgi_csr32.cgi_internal_hier_int.cgi_csr32.cgi_fifo_leaf_int.int_pnp_uf_err can lead to asic being in unrecovered state which can lead to loss of traffic completely on the affected slice. Conditions:Releases: 52x releases PON reset followed by hard reset cgi_csr32.cgi_internal_hier_int.cgi_csr32.cgi_fifo_leaf_int.int_pnp_uf_err Workaround:Slice shut/unshut should recover the LC to a working condition. Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCuv06711 Title: xr user is not able to login to calvados if user profile dont have Description: Symptom: xr user is not able to login to calvados if user profile doesn't have user group configured. Conditions: If user profile doesn't have user group configured. Workaround: Modification in RADIUS server and it needs a server reboot Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: Bug Id: CSCuu23846 Title: XR-Active RP OIR causing %IP-TCP_NSR-3-OUT_OF_SYNC Description: Symptom: NCS6K 5.2.3 Upon active XR RP OIR, below syslog appears continuously until TCP is restarted on the new XR-Active RP. tcp[332]: %IP-TCP_NSR-3-OUT_OF_SYNC : One or more NSR control messages could not be delivered to partner TCP. Conditions: When the NCS6K RP card is slowly removed from the slot, there is a window where the card is still powered on but the standby RP detects this as CARD REMOVAL and hence tells the software on PEER RP that the Active RP is removed. This is a conflict of information and caused software issues. Workaround: Do only graceful RP OIR. Shutdown the card in sysadmin config mode and then remove the RP card from the slot. Further Problem Description: None. Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.3.BASE Known Fixed Releases: 5.2.5.10i.BASE Bug Id: CSCuu64262 Title: Multiple fabric links down on MC system Description: Symptom: Multiple S2 fabric links down on MC system on boot up. Conditions: Usually occurs when there is one or more gennums sitting in between the FE links. In an MC system there are gennums sitting in between the s13 and s2 optical links. There are scenarios where theses gennums does not adapt to a signal properly there by causing errors on the end point falafel links. This may cause the links to be down. Workaround: Not scalable Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCuu37526 Title: Fan tray removal alarm observed on physical removal of active RP Description: Symptom: On physical removal of active RP, observe the following issues. 0/RP1/ADMIN0:May 13 17:13:57.842 PDT: envmon[2499]: %PKT_INFRA-FM-3-FAULT_MAJOR : ALARM_MAJOR :Fan tray removal alarm :DECLARE :0/FT1: Fan Tray has been removed Conditions: 5.2.4 release, RP OIR Workaround: None Further Problem Description: See Summary Status: Fixed Severity: 1 Catastrophic Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE Known Fixed Releases: 5.2.5.13i.BASE Bug Id: CSCuu07648 Title: bundlemgr_adj stuck in mutex by rdm_client_write after config applied Description: Symptom: We ran into two slightly different issues (bundlemgr_adj proc blocked) 1. Processes blocked forever on config apply two times successively 2. Processed getting blocked for few mins on config apply, and recovers on their own. Conditions: steps to hit this issue: - Applied the config file. The break-out interfaces are then reated - Loaded the config file again to add the config for these break-out interfaces Workaround: no Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.BASE, 5.2.5.BASE Known Fixed Releases: 5.2.5.12i.BASE Bug Id: CSCuu22548 Title: npu_driver should abort int creation if asic init fails on unshut slice Description: Symptom: The npu_driver process fails to abort interface creation when asic init fails on a newly unshut slice. Conditions: This issue is seen on a NCS6K router booted with Cisco IOS XR version 5.2.5-08i. Workaround: Unknown Further Problem Description: Status: Fixed Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.5.BASE Known Fixed Releases: 5.2.5.11i.BASE Bug Id: CSCut24295 Title: NCS6K MC Random FPD Errors on System Reload Description: Symptom: When reloading an NCS 6008 router, after the reload, FPD values may be seen as all zero's or incorrect FPD values. Conditions: This may occur on an NCS 6008 platform for PLX FPD's and other FPD types. Workaround: Restart the plx_fpd process on the node that is having PLX FPD inconsistent values or all zero values. Example for a line card in slot 5 on an NCS 6008: process restart plx_fpd location 0/5 Further Problem Description: Status: Open Severity: 2 Severe Last Modified: 30-JUN-2015 Known Affected Releases: 5.2.4.LC Known Fixed Releases: Find additional information in Bug Search index.   2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks