| |
Bug Id: | CSCtr62456 |
Title: | Path Traversal possible to filesystem of other SDR nodes |
|
Description: | Symptoms:
Cisco IOS XR contains a directory traversal vulnerability that allows for arbitrary file access.
An authenticated attacker may be able to exploit this issue to access sensitive information which could be leveraged to launch subsequent attacks.
Conditions:
Default configuration.
Workaround:
There are no workarounds to mitigate this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/6.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C
CVE ID CVE-2012-1343 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.0.1.BASE, 5.0.0.BASE |
|
Known Fixed Releases: | 4.2.1, 4.2.1.8i.BASE, 4.2.2, 4.3.0.1i.BASE |
|
|
| |
| |
Bug Id: | CSCth95003 |
Title: | MPP multiport support for SNMP |
|
Description: | Symptom:
Inband interface is not shown in LPTS bindings Additionally, management protocols like SNMP do not work over inband interfaces.
Conditions:
Configuring Management Plane Protection(MPP) to enable Management Protocols on inband interfaces
Workaround:
As a workaround, the MgmtEth interfaces can be used instead of the inband interfaces.
Additionally, you can also restart snmpd to recover from this state.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.1.0.BASE, 4.1.0.ROUT, 4.1.1.BASE |
|
Known Fixed Releases: | 4.0.4.7i.BASE, 4.0.4.7i.FWDG, 4.1.1, 4.1.1.29i.BASE, 4.1.1.29i.FWDG, 4.1.2.3i.BASE, 4.1.2.3i.FWDG, 4.2.0.10i.BASE, 4.2.0.10i.FWDG |
|
|
| |
| |
Bug Id: | CSCty50129 |
Title: | Improperly bounded memcpy in sftpsvr_mkdir |
|
Description: | Symptoms:
This is a proactive software enhancement to implement secure best practice procedures into the code.
Conditions:
Default configuration.
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via
normal resolution channels
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | 4.2.1.22i.BASE, 4.2.1.26i.BASE, 4.2.2.2i.BASE, 4.2.3.5i.BASE, 4.2.3.9i.BASE, 4.3.0.6i.BASE |
|
|
| |
| |
Bug Id: | CSCue04603 |
Title: | CRS 140G LC reload due to sporadic asic error |
|
Description: | Symptom:
1)LC/0/7/CPU0:Jan 12 12:34:44.131 : pse_pogo_driver[281]: %L2-PSE-6-INFO_MSG : PSE 0 Dumped PPE Exception data to /harddisk:/dumper/pogo_ppe_exception/ingress-pogo-v2-ppe_dump.node0_7_CPU0.first
LC/0/7/CPU0:Jan 12 12:34:44.146 : pse_pogo_driver[281]: %PLATFORM-CIH-5-ASIC_ERROR_ASIC_SCAN : ASIC SCAN is needed due to ASIC error 0x12800005 with instance 0
2)A LC on a Cisco CRS-3 may reload with an error message like the following example:
LC/0/13/CPU0:Jan 13 19:23:16.171 : platform_mgr_common[272]: %PLATFORM-HFR_PM-3-
ERR_FAULT_FROM_DEVICE : Device pla #0 has a fault=CRITICAL. action: Rebooting node
Conditions:
PSE driver is unable to fix the SBE in (CIMEM/GIMEM) and as a result SBE is getting accumulated into MBE on occurrence of another SBE at same memory. Also in the attempt of fixing the SBE, pse driver is corrupting the memory.
Workaround:
Not available.
Recovery:
This issue is due to soft error(very very rare to repro) and line card RMA wont fix the issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.1.2.BASE, 4.2.4.BASE |
|
Known Fixed Releases: | 4.3.1.24i.BASE, 4.3.1.24i.FWDG, 4.3.1.29i.FWDG, 4.3.2.14i.FWDG, 4.3.2.9i.BASE, 4.3.2.9i.FWDG, 5.1.0.3i.BASE, 5.1.0.3i.FWDG |
|
|
| |
| |
Bug Id: | CSCui60347 |
Title: | Locally generated pings may cause a device reload |
|
Description: | Symptoms:
Cisco IOS XR Software is affected by a denial of service (DoS) vulnerability that could allow an authenticated, local attacker to to trigger a reload of
the affected device by locally generating certain ICMP messages.
The vulnerability is due to a combination of the SPP buffer corruption and a mutex issue when extended ping with timeout=0 and large packet size is
terminated with Control-C. An attacker could exploit this vulnerability by sending large ICMP packets from an affected device.
Conditions:
Default device configuration.
Workaround:
There are no available workarounds.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
4.6/4.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:N/I:N/A:C/E:H/RL:U/RC:C
CVE ID CVE-2013-3464 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.0.4.BASE |
|
Known Fixed Releases: | 4.3.2.BASE, 4.3.2.FWDG, 5.0.1.7i.BASE, 5.0.1.7i.FWDG, 5.1.1.8i.BASE, 5.1.1.8i.FWDG, 5.1.11.4i.BASE, 5.1.11.4i.FWDG, 5.1.2.1i.BASE, 5.1.2.1i.FWDG |
|
|
| |
| |
Bug Id: | CSCue91963 |
Title: | Sporadic reset of CGSE because of HB Error |
|
Description: |
Symptom:
CGSE Module or ISM PLIM resets.
Conditions:
Device must have the Point-to-Point Tunneling Protocol-Application Level Gateway configured with alg pptpAlg
Affects CGSE-PLUS Module affected in a device running Cisco IOS XR Software release 4.3.1.
Affects CGSE PLIM and ISM PLIM in a device running Cisco IOS XR Software release XR 4.3.0.
Workaround:
Module will reload if hw-module reset auto disable location location of CGSE/ISM, and this vulnerability is exploited.
More-Info:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2013-5498 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5498
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.3.0.BASE |
|
Known Fixed Releases: | 4.3.1.BASE, 4.3.2.18i.BASE, 5.1.0.11i.BASE |
|
|
| |
| |
Bug Id: | CSCue69413 |
Title: | show packet-memory show UDP hold packets and never free |
|
Description: | Symptom:
Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion. Successful exploitation could render critical services on the affected device unable to allocate packets resulting in a denial of service (DoS) condition.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr
Conditions:
See Affected Products section of the advisory.
Workaround:
See Workarounds section of the advisory.
Further Problem Description:
See PSIRT Security Advisory.
PSIRT Evaluation:
Cisco has released free software updates that address this vulnerability.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE, 4.3.2.BASE |
|
Known Fixed Releases: | 4.3.2.22i.FWDG, 5.0.1.99i.BASE, 5.1.0.12i.FWDG |
|
|
| |
| |
Bug Id: | CSCtg41177 |
Title: | TCP crash on RP while doing shut no shut of neighbor T1s |
|
Description: | <B>Symptom:</B>
TCP crashes.
<B>Conditions:</B>
TCP is in the middle of bringing NSR up (i.e. synchronizing the session state to the standby
TCP) and an interface is shut during this time. The sessions that are being synced for NSR must
be going through the shut interface. This results in retransmissions during the NSR sync and
exposes a bug in TCP.
<B>Workaround:</B>
None. TCP will restart automatically, the sessions will be reestablished and NSR will be
brought up on them.
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via
normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 3.8.3.BASE, 3.9.1.ROUT, 4.0.0.ROUT |
|
Known Fixed Releases: | 3.9.2, 3.9.3, 4.0.0, 4.0.0.19i.FWDG, 4.0.1, 4.0.1.1i.FWDG, 4.0.2, 4.0.3, 4.0.4, 4.1.0 |
|
|
| |
| |
Bug Id: | CSCtz62593 |
Title: | Cisco IOS XR Software Route Processor Denial of Service Vulnerability |
|
Description: | Summary
Cisco IOS XR Software contains a vulnerability when handling crafted packets that may result in a denial of service condition. The vulnerability
only exists on Cisco 9000 Series Aggregation Services Routers (ASR) Route Switch Processor (RSP440) and Cisco Carrier Routing System (CRS)
(Performance Route) Processor (PRP and RP-B). The vulnerability is a result of improper handling of crafted packets and could cause the route processor,
which processes the packets, to be unable to transmit packets to the fabric.
Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-2488 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Symptom:Conditions:Workaround:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.0.4.BASE |
|
Known Fixed Releases: | 4.2.1.31i.FWDG, 4.2.2.6i.FWDG, 4.2.3.14i.FWDG, 4.3.0.12i.FWDG |
|
|
| |
| |
Bug Id: | CSCuc02092 |
Title: | ONE-P fails to validate IDL length |
|
Description: | $$PRECFS
Symptoms:
The ONE-P process does not effectively validate input which could allow for a denial-of-service condition on the device.
Conditions:
A device configured to make use of the ONE-P functionality.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu09012 |
Title: | Interfaces stuck in Unknown/Unknown state after shut/no shut LC |
|
Description: | Symptom:
Interfaces get stuck in Unknown/Unknown state after shut/no shut a 30xTenGigE PAT line card.
Conditions:
This issue is seen on a NCS6K router booted with Cisco IOS XR version 5.2.5-06i.
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | 5.2.5.13i.FWDG, 5.3.2.15i.FWDG |
|
|
| |
| |
Bug Id: | CSCuc46165 |
Title: | CRS MSC-140G/14-10GBE going in reset after interface comes up 623173195 |
|
Description: | Symptom:
Customer running 4.2.1 on a CRS with a 14X10GB card goes into reset after an interface come up.
The card stay in-reset until the link is pull out, and the card is reset.
Conditions:
CRS running 4.2.1 with a 14X10GB card when GRE and QoS is enabled.
Workaround:
Disable GRE or QoS.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.2.1.BASE, 4.3.1.BASE |
|
Known Fixed Releases: | 4.3.1.17i.FWDG, 4.3.2.3i.FWDG, 5.1.0.2i.FWDG |
|
|
| |
| |
Bug Id: | CSCuh43144 |
Title: | Cisco IOS XR Software SNMP Denial of Service Vulnerability |
|
Description: | Symptom:
A vulnerability in SNMP module of Cisco IOS XR Software could allow an authenticated, remote attacker to cause a reload of the SNMP process on an affected device.
The vulnerability is due to improper processing of SNMP requests for certain MIBs. An attacker could exploit this vulnerability by sending a SNMP request for certain MIB objects. An exploit
could allow the attacker to cause a reload of the SNMP process on an affected device.
Conditions:
The vulnerability is due to improper processing of SNMP requests for certain MIBs
Workaround:
Although no workaround exists for this vulnerability, customers can use a combination of mitigation features such as Infrastructure ACLs (iACL), Management Plane Protection, and reverse path forwarding (uRPF) in order to narrow the attack surface.
Warning: Because this vulnerability is exploited via UDP transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. In addition to ACLs, administrators should enable uRPF, a security feature of Cisco IOS Software that verifies the reachability of the source address in packets being forwarded. The combination of these two technologies offers a stronger mitigation than iACLs alone.
After the ACL is created, it must be applied to all interfaces that face non infrastructure devices, including interfaces that connect to other organizations, remote access segments, user segments, and segments in data centers.
The white paper entitled "Cisco Guide to Harden Cisco IOS XR Devices", presents guidelines and recommended deployment techniques for infrastructure protection access lists.
Warning: Even though iACL will limit the attack surface to only those sources that are explicitely allowed, the attack may inadvertently come from a valid source in which case this mitigation will not help.
Once the process has crashed, it will recover by itself. If the condition continues, the leak will continue until the process eventually crashes again.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.3:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2013-6700 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6700
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE, 5.1.1.BASE |
|
Known Fixed Releases: | 4.3.2.22i.BASE, 5.1.1.13i.BASE, 5.1.11.8i.BASE, 5.1.2.5i.BASE, 5.2.0.7i.BASE |
|
|
| |
| |
Bug Id: | CSCti16475 |
Title: | atmdrv, qos_ea and gsr_pm processes caught in triangular deadlock. |
|
Description: | <B>Symptom:</B>
You may run into a process deadlock condition on the Engine 3 ATM linecards for the 12k if you
try to add/remove ATM subinterfaces while polling the cbqos mib.
<B>Conditions:</B>
You will most likely see this accompanied with SYSDB EDM timeouts in the logs similar to below:
sysdb_svr_local[260]: %SYSDB-SYSDB-6-TIMEOUT_EDM : EDM request for
'oper/qos_ma/node/b0/stats/ATM0_11_0_0.310/output/' from 'mibd_interface'
(jid 307, node 0/6/CPU0). No response from 'qos_ma' (jid 234, node 0/11/CPU0) within
the timeout period (100 seconds)
A "show process blocked location rack/LC/cpu0" will show you the deadlock. It will
look similar to below:
sh proc block loc 0/11/cPU0
Wed Jul 21 20:34:44.199 GMT
Jid Pid Tid Name State TimeInState Blocked-on
178 45061 3 kaa Reply 1115:07:48:0372 12298 mbus-lc
178 45061 4 kaa Reply 1115:07:46:0495 12298 mbus-lc
63 12299 2 mbus_text Reply 0:00:00:0810 12298 mbus-lc
82 12301 1 timesync_client Reply 0:00:07:0722 12298 mbus-lc
72 32794 1 psarb-lc Reply 0:00:00:0031 12298 mbus-lc
59 32798 1 ksh Reply 1115:10:29:0879 12299 mbus_text
61 32800 3 mbi-hello Reply 0:00:00:0553 12298 mbus-lc
61 32800 4 mbi-hello Reply 0:00:03:0107 12298 mbus-lc
61 32800 7 mbi-hello Reply 1115:10:26:0456 12298 mbus-lc
61 32800 9 mbi-hello Reply 1115:10:26:0458 12298 mbus-lc
55 32802 7 fiad Reply 1115:10:12:0120 12298 mbus-lc
159 57397 1 gsr_pm Send 48:22:45:0036 81984 qos_ea <---
233 81984 1 qos_ea Send 48:22:45:0205 118897 atmdrv <---
234 94309 1 qos_ma Reply 48:22:45:0854 86083 ifmgr
107 118896 1 atm_vcm Reply 48:22:45:0982 86083 ifmgr
109 118897 1 atmdrv Reply 48:22:45:0996 57397 gsr_pm <---
109 118897 4 atmdrv Reply 1115:06:06:0365 12297 mqueue
108 118901 1 atm_vcm_ea Reply 48:22:46:0076 118897 atmdrv
<B>Workaround:</B>
Restart the atmdrv process on the linecard
"process restart atmdrv location rack/lC/cpu0"
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/1.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:S/C:N/I:N/A:P/E:F/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 3.8.2.8i.BASE |
|
Known Fixed Releases: | 3.9.3, 3.9.3.2i.FWDG, 3.9.3.2i.LC, 4.0.1, 4.0.1.11i.BASE, 4.0.1.11i.FWDG, 4.0.2, 4.0.3, 4.0.4, 4.1.0 |
|
|
| |
| |
Bug Id: | CSCua67511 |
Title: | The snmp lldpmib retreival gets timed out for a large scale. |
|
Description: | Symptom:
snmpwalk on LLDP MIB gets timed out on scaled test
Conditions:
Occurs if no.of subinterfaces very high and an snmpwalk is done to
retreive the lldpLocalSystemsData & lldpRemoteSystemsData table.
Workaround:
snmpwalk to be avoided when large no.of subinterfaces. Try to use alternate
snmpget if problem occurs.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.2.3.LC |
|
Known Fixed Releases: | 5.1.1.11i.FWDG, 5.1.11.4i.FWDG, 5.1.2.1i.FWDG, 5.2.0.7i.FWDG |
|
|
| |
| |
Bug Id: | CSCuj82176 |
Title: | Cisco IOS XR Software OSPFv3 Denial of Service Vulnerability |
|
Description: | Symptom:
A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS XR Software could allow an unauthenticated, remote
attacker to cause a crash of the OSPFv3 process on an affected device.
The vulnerability is due to improper parsing of malformed type 1 link-state advertisement (LSA) packets. An attacker could exploit this vulnerability by
sending a malformed type 1 LSA packet to a vulnerable device. An exploit could allow the attacker to cause a crash of the OSPFv3 process on an
affected device, which may lead to a denial of service (DoS) condition.
Conditions:
OSPFv3 configured on a device
Workaround:
None
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5.8/4.8:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2013-5565 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5565
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | 5.1.1.15i.ROUT, 5.1.2.7i.ROUT, 5.2.0.10i.ROUT |
|
|
| |
| |
Bug Id: | CSCut02857 |
Title: | BGP AIGP: attribute not updated with add-paths after IGP metric change |
|
Description: | Symptom:
BGP AIGP attribute not updated by inline Route Reflector (configured with next-hop-self) after IGP metric change to the next hop.
Conditions:
Issue is seen when additional-paths feature is enabled and more than one path needs to be advertised.
For add-paths the new AIGP attribute is not advertised.
Workaround:
There is no workaround.
Further Problem Description:
bgp soft clear for the relevant BGP address family should force the router to advertise the updated AIGP attribute value.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 5.2.2.ROUT |
|
Known Fixed Releases: | 5.2.4.10i.ROUT, 5.2.5.4i.ROUT, 5.3.1.29i.ROUT, 5.3.2.6i.ROUT, 6.0.0.5i.ROUT |
|
|
| |
| |
Bug Id: | CSCuq96906 |
Title: | ipv4_rib and ipv6_rib crash at rib_update_pack_opaque |
|
Description: | Symptom:
A crash on the "ipv4_rib" or "ipv6_rib" processes can be observed due to an internal error condition.
Conditions:
The process crash can occur during normal router operation, with no specific trigger.
Workaround:
There is no workaround
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.3.1.15i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCui60438 |
Title: | PRP: SPP Buffer corruption |
|
Description: | Symptoms:
PRP: SPP Buffer corruption
Conditions:
Default configuration.
If there is spp-context-depletion, SPP buffer corruption can occur.
Workaround:
None.
More Info:
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal
resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.0.4.BASE |
|
Known Fixed Releases: | 4.3.3.4i.BASE, 4.3.4.8i.BASE, 5.1.1.11i.BASE, 5.1.11.4i.BASE, 5.1.2.1i.BASE, 5.2.0.7i.BASE |
|
|
| |
| |
Bug Id: | CSCuh30380 |
Title: | Fabio and IngressQ errors bringing CRS down |
|
Description: | Symptom:
Cisco IOS XR Software Releases 3.3.0 to 4.2.0 contain a vulnerability when handling fragmented packets that could result in a denial of service (DoS)
condition of the Cisco CRS Route Processor cards listed in the ''Affected Products'' section of this advisory.
The vulnerability is due to improper handling of fragmented packets. The vulnerability could cause the route processor, which processes the packets, to
be unable to transmit packets to the fabric.
Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the Software Maintenance Upgrades
(SMU) for Cisco bug ID CSCtz62593 are not affected by this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr
Conditions:
Please see the "Details" section of the Advisory.
Workaround:
Please see the "Workarounds" section of the Advisory.
Further Problem Description:
Cisco has released free software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
7.1/5.9:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-5549 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Terminated |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 4.1.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu80537 |
Title: | traffic stop flowing once macsec removed from subinterfaces |
|
Description: | Symptom:
traffic stops once macsec removed from subinterfaces
Conditions:
macsec is applied on the subinterfaces and removed
Workaround:
reload the LC
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus16505 |
Title: | CRS-3 FQ B2B Planes didn't recover after DEADNODE |
|
Description: | on a CRS-3 B2B system, we have identified a Faulty FP140 causing all the fabricqs in the system to reset because of one ingressq showing up int_ext_qdram_mbe error, and causing deadnode to happen on all the S1 asics.
Symptom:
fabric planes will struck in MCAST_DOWN state.
Conditions:
int_ext_qdram_mbe error seen on a faulty MSC.
Workaround:
shutdown the MSC which shows int_ext_qdram_mbe error.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | 5.3.1.15i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuu59120 |
Title: | Topo mismatch in unused s3rx link in metro S1S3 causes fabric errors |
|
Description: | Symptom:
In multi-chassis system, after migrating the 140-G S2 fabric boards to 400-G fabrics, the fabric errors were observed. There fabric errors were causing the fabricq ASIC reset. There is fabric topology mismatch reported by 40-G fabric boards on the S3RX links.
Conditions:
After migrating the 140-G S2 fabric boards to 400-G fabrics.
Workaround:
A persistent fabric topology mismatch was reported by 40-G fabric board on one of the S3Rx links. This looked to be a fault hardware. So it is recommended to replace the faulty hardware.
Further Problem Description:
There are some unused fabric bundle links after migrating to 400-G S2 fabric. These unused links are required to kept in disabled & down state. But the links were kept in enabled state that was causing some signals detected from neighboring links. These signals in-turn were causing the fabric errors, and fabricq ASIC reset.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | 5.3.2.11i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCut75565 |
Title: | RSVP may get overwhelmed and would not recover under scale |
|
Description: | Symptom:
RSVP-TE tunnels not coming when using 32K LSPs at mid-point in some scenarios.
Conditions:
This issue is seen when Juniper is used as head-end with setup retry timer of 30 seconds.
Workaround:
Allow longer timer for LSP setup at head-end.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 5.3.0.MPLS |
|
Known Fixed Releases: | 5.3.1.28i.MPLS, 5.3.2.6i.MPLS, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCur10654 |
Title: | Recursive VRF Table LST not happening for BGP dependency |
|
Description: | Symptom:
FIB_MGR periodic memory leak due to unresolved CEF entries on LC.
Conditions:
Memory is depleted gradually by FIB_MGR process on couple of line cards and eventually cause the process to reset when the available memory reaches the minor/severe/critical alarm state.
Workaround:
1. Applicable to all releases where the issue is seen :-
Create one dummy affected VRF member interface on the card. This needs to be present permanently.
2. Applicable to releases 4.3.2 onwards :-
Associate the affected VRF to the line-card using 'VRF-Group' SVD enhancement.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 02-JUL-2015 |
|
Known Affected Releases: | 4.2.1.BASE |
|
Known Fixed Releases: | 5.2.21.1i.BASE, 5.2.3.99i.BASE, 5.2.4.11i.BASE, 5.2.5.8i.BASE, 5.3.0.12i.BASE |
|
|
| |
| |
Bug Id: | CSCuu44073 |
Title: | NCS4K: Traffic went down during RUN phase of XR-ISSU on Tail node |
|
Description: | Symptom:
Traffic down observed on JDSU (towards head from tail).
Conditions:
During RUN phase of XR-ISSU on tail node.
Workaround: None
Reproducibility (%): - 100%
Expected Resolution: Yet to be committed in customer release.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCub53673 |
Title: | 12K IOS XR SPA Reload due to High CPU caused by E1 National Bit mismatch |
|
Description: | Symptom:
SPA-8XCTE1 will reload due to HEARTBEAT issue
Conditions:
National bit is changing frequently and resulting in more interrupt which leads to high CPU
Workaround:
None. In peer force the national bit to a constant value.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 4.2.0.BASE |
|
Known Fixed Releases: | 4.2.3.27i.BASE, 4.3.0.26i.BASE |
|
|
| |
| |
Bug Id: | CSCuu87470 |
Title: | fib_mgr blocked on dpc_rm_svr after shutting down ints in UVF |
|
Description: | Symptom:
fib_mgr blocked on dpc_rm_svr after shutting down ints in UVF
Conditions:
after shutting down interfaces on UVF, or physical OIR of the link
Workaround:
Sunstone reload
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtx03546 |
Title: | Cisco IOS XR Software Crafted IPv6 Packet DoS Vulnerability |
|
Description: | Symptom:
A vulnerability in the IP version 6 (IPv6) processing code of Cisco IOS XR Software for Cisco CRS-3 Carrier Routing System could allow an unauthenticated, remote attacker to trigger an ASIC scan of the Network Processor Unit (NPU) and a reload of the line card processing an IPv6 packet.
The vulnerability is due to incorrect processing of an IPv6 packet carrying IPv6 extension headers that are valid but unlikely to be seen during normal operation. An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic. An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition.
Cisco has released free software updates that address this vulnerability. There is no workaround that mitigates this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr
Conditions:
See published Cisco Security Advisory
Workaround:
See published Cisco Security Advisory
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2015-0769 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 4.0.1.LC |
|
Known Fixed Releases: | 4.2.1.15i.FWDG, 4.3.0.2i.FWDG, 5.1.1, 5.1.11, 5.1.12, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1 |
|
|
| |
| |
Bug Id: | CSCuu42592 |
Title: | Frodo:Few Ip packets dropped on (NCS4K-20T-O-S) card at ambient temp |
|
Description: | Symptom:
A few packets lost when running the IP traffic for a long period of time, at ambient temperature on specific setup.
Conditions:
1. IP Traffic running on NCS4K-20T-O-S line card at ambient temperature.
2. Few IP packet drop is seen.
Workaround:
None
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu10254 |
Title: | After RP OIR on tail node 1GE and STM16 traffic down(DT22+SMU) |
|
Description: | After RP OIR on tail node 1GE and STM16 traffic down.
Symptom:
On tail node RPFO/RP OIR Traffic on Protect and Restore LSPs will not be recovered.
Conditions:
1. Setup GMPLS 1+1 or 1+1+R or 1+R tunnels and traffic should be up on Working LSP.
2. Make Working path down so that Traffic switches to Protect/Restore.
3. Tail node RPFO/RPOIR. Traffic on Protect/Restore links will go down.
Workaround:
None.
Further Problem Description:
Reproducibility (%):
100%
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu11993 |
Title: | After Mid node power cycle OCI observed on HO ODU controller |
|
Description: | Symptom:
On a setup with mix of 1+1 and 1+R GMPLS NNI tunnels, Traffic outage is seen after Mid Node power-cycle.
During traffic outage, OCI alarm on HO ODU4 and ODU2 are observed on head node
Conditions:
1. Create tunnels with mix of 1+1 and 1+R with different protection profiles and with combination of different Hold off and WTR timers
2. Ensure traffic is up and running
3. Power cycle the mid node.
4. Traffci outage will be observed on the tunnels even after mid node comes up
5. Also OCI alarm is observed on HO ODU controller at head node.
Workaround:
None
Further Problem Description:
Expected resolution: 5.24
Reproducibility : Rare
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 5.2.4.MPLS |
|
Known Fixed Releases: | 6.0.0.5i.BASE, 6.0.0.5i.FWDG, 6.0.0.5i.MGBL, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCuv00592 |
Title: | Improper Load Balancing on Bundle after link flap |
|
Description: | Symptom:
Traffic not distributed fairly between bundle-ether link members
Conditions:
Bundle link flap
Workaround:
shut/no shut of the under utilized links
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu05523 |
Title: | Crash in ptah_port_state_update while removing GMPLS Tunnel Odu-grp-Te |
|
Description: | Symptom:
otn_framer_digi crash observed while removing GMPLS Tunnel Odu-grp-Te
Conditions:
GMPLS topology. Crash observed on mid node while removing GMPLS Tunnel Odu-grp-Te
Workaround:
None
Reproducibility (%):30%
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.5.2i.BASE |
|
|
| |
| |
Bug Id: | CSCuu55551 |
Title: | ncs4k - 2HW : traffic lost after FPD upgrade all in E/W config |
|
Description: | Symptom:
traffic lost after FPD upgrade all or GENNUM device on 2HW card in E/W config, in addition the CLI command : show hw-module fpd could interrupts the upgrade procedure
Conditions:
2HW card configured in E/W config with 20x10 card
Workaround:
NONE
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu14047 |
Title: | Headless SDR due to an unexpected SDR_VCPU_VMEM_CHANGED RP XR reload. |
|
Description: | Symptom:
XR VM reloads unexpectedly, then traffic will be impacted since the headless scenario is seen.
Conditions:
When the RP OIR is done there is a chance to hit this issue.
Workaround:
Expected Resolution: Please check with the support engineer for information on which release(s) this bug is expected to be fixed.
There is no workaround for this.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN, 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu08526 |
Title: | NCS4K:TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI. |
|
Description: | NCS4K:TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI.
Symptom:
TIM not getting cleared on NCS4K-24LR-O-S after removing SAPI TTI
Conditions:
OTU2 controller on NCS4K-24LR-O-S LC with 2-stage channelization with SAPI TTI as well as OS TTI on OTU2 controller.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu65686 |
Title: | session for sub interfaces stuck in INIT |
|
Description: | Symptom:
session stuck in INIT state while macsec is enaled on two subinterfaces of the physical port
Conditions:
macsec is enabled on the subinterfaces
Workaround:
do not enable multiple encapsulation on subinterfaces or do not enable macsec on multiple encapsulated subinterfaces of same physical port
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 06-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum27065 |
Title: | 511-SIT: PVRSTAG doesn't send BPDU packet after RPFO |
|
Description: | Basic Description:
Following an RP switchover, the pvstag-io process tries to replay its connections with the packet infrastructure. If this fails (e.g. because the packet infrastructure is not ready), a timer is started to replay the connections. When this timer fires, the timer handling code does not correctly handle it and ends up in a tight loop repeatedly servicing the same timer. The timer cannot be cleaned up because the process never returns to its event loop to process any results from the packet infrastructure registration. This means that no PDUs are sent out, and the process does not respond to management requests.
Symptom:
Following an RP switchover, PVRSTAG/PVSTAG PDUs are not sent out and PV(R)STAG manageability commands time out. CPU usage is also increased with pvstag-io showing a high CPU usage.
Conditions:
Seen when performing a failover with PV(R)STAG configured on a bundle subinterface.
Workaround:
None. Restarting the affected process should clear the condition.
Expected Resolution: Please check with the support engineer for information on which release(s) this bug is expected to be fixed.
Reproducibility (%):
100% of failovers attempted in 5.1.1 hit this issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.2.CE, 4.3.3.CE, 4.3.4.CE, 5.1.1.CE |
|
Known Fixed Releases: | 4.3.4.SP3, 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.1.20i.BASE, 5.1.11.16i.BASE, 5.1.2.12i.BASE, 5.2.0.14i.BASE |
|
|
| |
| |
Bug Id: | CSCuf76967 |
Title: | Mismatch in A/EG flag between mfib/mrib after disconnet |
|
Description: | Symptom:
Mismatch in A or EG flag between mfib and mrib.
Conditions:
This happens when:
1. traffic is received on forwarding interface.
and
2. mrib and mfib are disconnected due to various reasons like mrib restart, SVD, RPFO.
Workaround:
Clear pim topology.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.1.1.MCAST, 5.1.1.BASE |
|
Known Fixed Releases: | 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.1.1i.FWDG, 5.1.1.1i.MCAST, 5.2.3.99i.BASE |
|
|
| |
| |
Bug Id: | CSCun06352 |
Title: | ods_update_entry: lst_delete() error: 'prm_server' detected the 'warning |
|
Description: | Symptom:pifilter timing out on PRM when modifying the ACL, leading to an ACL being configured on the system, but not being committed in the config. Essentially each ACE entry is taking seconds to program, which leads to a timeout. The ACL under the cover gets applied, but it doesn't get committed in the config, the commit fails.
Conditions:Can happen under any normal operation
Workaround:Remove the ACL from all interface and attempt another configuration.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 5.1.2.BASE, 5.2.0.BASE |
|
Known Fixed Releases: | 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.2.20i.BASE, 5.1.3.1i.BASE, 5.2.0.18i.BASE |
|
|
| |
| |
Bug Id: | CSCun72714 |
Title: | Duplicated Syslog for SNMP traps send used by inform method |
|
Description: | Symptom:if SNMP trap send by INFORM method and at same the large trap send it can trigger this issue
Duplicate informs are getting for single trigger
Conditions:SNMP trap use for INFORM and doing LC OIR , we are seeing the issue duplicate informs are getting
Workaround:no workarround
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.3.14i.BASE, 5.2.2.15i.BASE, 5.2.3.1i.BASE, 5.3.0.1i.BASE |
|
|
| |
| |
Bug Id: | CSCul55433 |
Title: | MVPNv6 can't inherit PIM-SM SPT route to Extranet VRF |
|
Description: | Symptom:
ASR9K PE doing MVPN extranet is not forwarding multicast to local receiver if remote receiver (behind MDT) joins first.
Conditions:- Local source in vrf A
- Local receiver in vrf B
- remote receiver in vrf A
If remote receiver joins first, local receiver will never receive the multicast traffic.
Workaround:- clear pim topology on the ASR9K in vrf A
or
- configure pim spt-threshold infinity on the remote site. Problem does not happen if traffic to remote receiver is forwarded on (*,g).
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.1.17i.MCAST, 5.1.11.13i.MCAST, 5.1.2.9i.MCAST, 5.2.0.10i.MCAST |
|
|
| |
| |
Bug Id: | CSCuo52946 |
Title: | mulitcast group can't be forwarded over pppoe session |
|
Description: | Symptom:
multicast over pppoe
Conditions:
The issue happens in the following condition:
1. Customer's STB supports picture in picture, at first, stb was playing group 239.57.15.3, when customer tried to receive another channel 239.58.203.0 at the same time, no stream can be played for this group 239.58.203.0.
2. STB was playing group 239.57.15.3 and changed to another group, when switched back to group 239.57.15.3, no stream for this group any more.
Workaround:
none
Further Problem Description:
deletion of any PPPOE interface will delete the underlying physical interface. This does not affect existing ones but any new PPPOE interface being added , or any changes to existing one over same physical would be impacted.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 5.1.0.MCAST |
|
Known Fixed Releases: | 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.3.11i.MCAST, 5.2.0.25i.MCAST |
|
|
| |
| |
Bug Id: | CSCuj95304 |
Title: | XR:4.3.1: Unable to disable MPLS TTLpropagation |
|
Description: | Symptom:
Disabling the MPLS TTL propagation for locally generated packets via "mpls ip-ttl-propagation disable local" global config on asr9k platform is not working.
Conditions:
This issue will be seen :
1)Only for mpls configuration
2) only for locally generated packets
3) if there is an outgoing label or explicit NULL.
As a result of this bug we see IP-TTL will still be propagated to MPLS-TTL if there is an outgoing label/Explicit Null.
Example: Traceroute, BGP etc
Workaround:
Expected Resolution: Please check with the support engineer for information on which release(s) this bug is expected to be fixed.
Will be fixed in 520 & 512
Reproducibility (%): 100%
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE, 5.1.1.BASE |
|
Known Fixed Releases: | 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.11.BASE, 5.1.2.12i.BASE, 5.2.0.9i.BASE |
|
|
| |
| |
Bug Id: | CSCul98202 |
Title: | ipv4_rib proc stuck in Mutex, ipv4_rib rib_ug_send_data error messages |
|
Description: | Symptom:
Rib process appears to be blocked, causing issues with bcdl download and client update.
rib_ug_send_data error messages are seen on console.
Conditions:
** THIS ISSUE CAN ONLY HAPPEN IF BGP-RIB FEEDBACK FEATURE IS ENABLED***
When BGP-RIB feedback is enabled, BGP inserts a feedback cookie into a batch
or routing updates. As RIB downloads each batch to FIB, it returns the associated
feedback cookie to BGP.
The feedback cookie at the head of the list can be accidentally free'd causing
the remaining and newly added cookies in the list to be blocked. Each cookie has
a timer associated with it. The increasing number of timers being processed
and rearmed every few ms eventually overwhelms rib process.
Workaround:
None.
The accidental free is due to internal race conditions between multiple rib
process threads. It is purely timing related.
All platforms are affected. However please note that the bug existed from
day one, and it only was detected by a large service provider in 4.3.3.1 where
large BGP scale exists and BGP feedback is enabled.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: | 4.3.31.10i.BASE, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.1.20i.BASE, 5.1.11.16i.BASE, 5.1.2.12i.BASE, 5.2.0.14i.BASE |
|
|
| |
| |
Bug Id: | CSCut60548 |
Title: | PI FIB RSRC MON not able to trackt shmwin size > 4G |
|
Description: | Symptom:
fib_mgr traceback with FIB internal inconsistency detected
RP/0/RP0/CPU0:Mar 26 02:16:22.666 : fib_mgr[124]: %ROUTING-FIB-3-ASSERT : FIB internal inconsistency detected: route new 3725 ctx flags 0x1 leaf flag 0x200000 flag2 0x0 leaf IPv4:default:0xe0000000:rib:114.0.19.64/26[src:rib] frs IPv4:rib:flags=0x1:size=36{IPv4:default:0xe0000000[0x165b19350],rib,114.0.19.64/26,flags=0x200000,#paths=1[TenGigE0_RP0_CPU0_5.11,101.2.11.2]}[0x17aaddeb8] : fib_mgr : (PID=5250) : -Traceback= 611b5f 43f99f 4645cd 464b20 43e43c 440970 440dd9 443238 7fc3e7351b98 7fc3e7363a9e 41b0b
e 439349 7fc3dd73c9bc
Conditions:
after withdraw/re inject routes, remove ospf and commit replace
Workaround:
sunstone reload
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | 5.2.5.3i.FWDG, 5.3.2.10i.FWDG, 6.0.0.5i.FWDG |
|
|
| |
| |
Bug Id: | CSCut66771 |
Title: | High switching time when new restore is created (max 20sec) |
|
Description: | Symptom:
Traffic drop in order of few seconds when traffic switches from Restore to new Restore on GMPLS Tunnel.
Conditions:
1. 1+1+R or 1+R GMPLS tunnel is created and traffic is running on Working LSP.
2. For 1+1+R make both Working and Protect paths down. For 1+R make Working Path down. Restore should get signaled and traffic should be up on Restore.
3. Make Restore Path down.
4. New Restore signaling happens on same path as old Restore, resulting in Failure again. It will take couple of seconds to signal a new Restore and Traffic to be up.
Workaround:
None.
Reproducibility (%): 50%
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum97742 |
Title: | EIGRP topo entry with bogus nexthop created when SoO and TAG are present |
|
Description: | Symptom:
An EIGRP topology entry with bogus nexthop is created when more than one attribute is present in the network received from neighbors speaking TLV 2.0. It also tries to install one or more bogus networks (one may be a default network) with bogus nexthop.
Conditions:
It can only occur when more then one attribute set in any network received from a neighbor speaking TLV 2.0.
Workaround:
RtrA IPADDR-A ????????? IF-B RtrB
route-policy legit_nexthop
if next-hop in (IPADDR-A) then
pass
else
drop
endif
end-policy
router eigrp 1
vrf vrf1
address-family ipv4
interface IF-B
route-policy legit_nexthop in
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.2.ROUT |
|
Known Fixed Releases: | 4.3.4.SP3, 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.2.22i.ROUT, 5.2.0.15i.ROUT |
|
|
| |
| |
Bug Id: | CSCuu99233 |
Title: | CRS: 4.3.2: PLU memory channel full detection and avoidance |
|
Description: | Symptom:
A CRS-1 linecard may start to report PLU errors.
fib_mgr[165]: %PLATFORM-PLU-4-ERR_NOTIFY : Hardware Table 4 may be inconsistent. Attempting correction every 120 seconds .
When this happens the forwarding of traffic through the linecard for some FIB entries will likely be affected.
Conditions:
This issue normally hard to hit because it requires many things to come
in perfect sequence.
Workaround:
To recover from this condition you can crash the fib_mgr process on the affected linecard with the command process crash fib_mgr loc 0/x/cpu0.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum43188 |
Title: | VRRP checksums not being set on Virtual Interface |
|
Description: | Symptom:
VRRP group on two VRRP routers both show the master state.
Conditions:
XR4.3.4 or XR4.2.3 with CSCuj84262 SMU installed
Using a virtual interface
VRRP
Workaround:
In a scenario where there is a single XR router meeting the conditions and either an XR device not meeting the conditions, or a different type of router (IOS, Juniper, etc) the priority of the affected XR router should be changed so that it will become backup. In a case where both XR routers are hitting the conditions there is no workaround.
Further Problem Description:
The issue exists in XR4.3.4 or XR4.2.3 with CSCuj84262 SMU installed. Other releases are not affected.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 4.3.4.BASE |
|
Known Fixed Releases: | 4.3.4.SP1, 4.3.4.SP4, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.1.20i.FWDG, 5.1.11.16i.FWDG, 5.1.2.12i.FWDG, 5.2.0.14i.FWDG |
|
|
| |
| |
Bug Id: | CSCuu89196 |
Title: | After xr reload the registered license is lost--back to DEMO mode |
|
Description: | Symptom:
RP/0/RP0/CPU0:ott02-sim-09-uut#show licen status
Smart Licensing is ENABLED
Initial Registration: SUCCEEDED on Tue Jun 16 2015 17:12:55 UTC
Last Renewal Attempt: None
Registration Expires: Wed Jun 15 2016 17:09:49 UTC
License Authorization:
Status: AUTHORIZED on Tue Jun 16 2015 17:15:23 UTC
Last Communication Attempt: SUCCEEDED on Tue Jun 16 2015 17:15:23 UTC
Next Communication Attempt: Thu Jul 16 2015 17:15:23 UTC
Communication Deadline: Mon Sep 14 2015 17:12:17 UTC
RP/0/RP0/CPU0:ott02-sim-09-uut#show licen platform sum
Current state: PRODUCTION
Collection: LAST: Tue Jun 16 17:28:31 2015
NEXT: Tue Jun 16 17:30:31 2015
Reporting: LAST: Tue Jun 16 17:28:31 2015
NEXT: Tue Jun 16 17:30:31 2015
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
System Product: Right to Use 1 0
System Foundation: IP/MPLS/L3VPN Premium (per 1 Gbps) 1 0
System Feature: QoS (per 1Gbps) 1 0
RP/0/RP0/CPU0:ott02-sim-09-uut#
RP/0/RP0/CPU0:ott02-sim-09-uut#
RP/0/RP0/CPU0:ott02-sim-09-uut#reload
Standby card not present or not Ready for failover. Proceed? [confirm]
Preparing system for backup. This may take a few minutes especially for large configurations.
Status report: node0_RP0_CPU0: BACKUP INPROGRESS
Status report: node0_RP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY
[Done]
Proceed with reload? [confirm]
Reloading node 0/RP0/CPU0
Query the node to be reloaded
Received get inv reply nobjs 1 for 4
NODE_IP of noded to be reloaded 0xc0000004
sending stop hb
Cause: User initiated forced reload
VM IP addr sent for relaod 0xc0000004
After booting:
RP/0/RP0/CPU0:ott02-sim-09-uut#
RP/0/RP0/CPU0:ott02-sim-09-uut#show licen platfor sum
Current state: DEMO
Collection: LAST: (disabled)
NEXT: (disabled)
Reporting: LAST: (disabled)
NEXT: (disabled)
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
RP/0/RP0/CPU0:ott02-sim-09-uut#
RP/0/RP0/CPU0:ott02-sim-09-uut#show licen stat
Smart Licensing is ENABLED
License Authorization:
Status: No Licenses in Use
RP/0/RP0/CPU0:ott02-sim-09-uut#RP/0/RP0/CPU0:Jun 16 17:40:42.560 UTC: bgp[1048]: %ROUTING-BGP-5-ADJCHANGE : neighbor 2002:6d01:1700::1 Up (VRF: default) (AS: 201)
RP/0/RP0/CPU0:ott02-sim-09-uut#
Conditions:
image:
Refpoint = calvados/release@bnb-54-flex/5
Built By : therrien
Built On : Mon Jun 15 17:27:28 EDT 2015
Build Host : ott-pd-vs-010
Workspace : /nobackup/therrien/works
Source Base : ios_ena
Devline : bnb-54-flex
Devline Type : ACME Project
bnb-54-flex EFR-00000306577 Project
ci-msl EFR-00000306252 Lineup
ci-532 EFR-00000305773 Lineup
default EFR-00000304397 Lineup
RP/0/RP0/CPU0:ott02-sim-09-uut#
Workaround:
N/A
Further Problem Description:
N/A
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut31517 |
Title: | Optics controller config in pre and active after cfgmgr-rp restart |
|
Description: | Symptom:
All interface config will be in both preconfig and active after a cfgmgr-rp process restart/crash.
Conditions:
cfgmgr-rp crash/restart
Workaround:
This does not affect functionality in any way.
But if you still do not want preconfig interfaces then you need to reload the LC.
Please do not attempt to delete the preconfig. All the config will be lost on reload.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.4.11i.BASE, 5.2.5.8i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuv05395 |
Title: | Failed to register license under mgmt vrf--http_client crashes |
|
Description: | Symptom:
With the configuration below, the router failed to register the license (Failed to send message to Cisco: Fail to send out Call Home HTTP message).
Could you please have a look to see what's wrong here (without vrf config, everything works fine, under vrf I also can ping our email server ?outbound?):
domain name cisco.com
domain name-server 64.102.6.247
domain vrf vpnv4v6 name cisco.com
domain vrf vpnv4v6 name-server 64.102.6.247
vrf vpnv4v6
address-family ipv4 unicast
import route-target
100:1
!
export route-target
100:1
!
!
address-family ipv6 unicast
import route-target
100:1
!
export route-target
100:1
!
!
!
call-home
vrf vpnv4v6
service active
contact-email-addr oliviaj@cisco.com
profile CiscoTAC-1
active
destination address http http://elo-elm5:8080/ddce/services/DDCEService
destination transport-method http
!
!
!
interface MgmtEth0/RP0/CPU0/0
vrf vpnv4v6
ipv4 address dhcp
!
RP/0/RP0/CPU0:pe1-uut#ping vrf vpnv4v6 outbound
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.37.93.161, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms
RP/0/RP0/CPU0:pe1-uut#
Conditions:
image:
Refpoint = calvados/release@ci-msl/10
Built By : therrien
Built On : Mon Jun 22 22:01:23 EDT 2015
Build Host : ott-pd-vs-010
Workspace : /nobackup/therrien/lic
Source Base : ios_ena
Devline : r54x
Devline Type : ACME Project
r54x EFR-00000307085 Project
ci-msl EFR-00000306788 Lineup
ci-532 EFR-00000305773 Lineup
default EFR-00000304397 Lineup
RP/0/RP0/CPU0:ott02-sim-09-uut#
Workaround:
None
Further Problem Description:
By turning on all the debugs:
debug call-home trace
debug call-home error
debug call-home smart-licensing all
We can see the http_client crashes all the time:
RP/0/RP0/CPU0:ott02-sim-09-uut#ping vrf vpnv4v6 elo-elm5
RP/0/RP0/CPU0:Jun 25 14:48:54.496 UTC: call_home[314]: CALL-HOME-TRACE: call_home_process_timer_event() is entered
RP/0/RP0/CPU0:Jun 25 14:48:54.496 UTC: call_home[314]: CALL-HOME-TRACE: Cleared rate limit counter
RP/0/RP0/CPU0:Jun 25 14:48:54.496 UTC: call_home[314]: CALL-HOME-TRACE: call_home_boot_interval_completed() is entered, boot 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.22.183.117, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 74/79/88 ms
RP/0/RP0/CPU0:ott02-sim-09-uut#
With all the debug is on, I saw http_client core dump all the time. Here is the decode:
Program terminated with signal 6, Aborted.
#0 0x00007f46a57b35b5 in raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 0x00007f46a57b35b5 in raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007f46a57b4de0 in abort () at abort.c:92
#2 0x00007f46a95b4fed in free_internal (ptr=0x14c2558, caller_pc=0x407d9b)
at calvados/shared_pkg/common/malloc_stat/src/memdbg.c:224
#3 0x00007f46a95b4ec3 in free (ptr=0x14c2558) at calvados/shared_pkg/common/malloc_stat/src/memdbg.c:470
#4 0x0000000000407d9b in httpc_free_transaction (transaction=0x14b8f98)
at infra/http_client/src/http_core_client_transaction.c:112
#5 0x0000000000408b9d in httpc_delete_transaction (sess=, trans=0x14b8f98)
at infra/http_client/
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus04459 |
Title: | no flowspec does not remove all v4 rules from linecard |
|
Description: |
Symptom:After unconfiguring flowspec on PE router, the rules are not removed from the h/w.
Conditions:After unconfiguring flowspec on PE router
Workaround:None.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.3.0.21i.FWDG |
|
|
| |
| |
Bug Id: | CSCuq53867 |
Title: | CRS-X scaled IPv4 ACL incorrectly blocking traffic |
|
Description: | Symptom:
IPv4 traffic get dropped in ingress PSE due to "ACL no match", although ACL has "permit ipv4 any any" matches.
Conditions:
Scaled IPv4 ACL
Workaround:
None
Further Problem Description:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE, 5.3.0.BASE |
|
Known Fixed Releases: | 5.1.4.6i.BASE, 5.3.0.8i.BASE |
|
|
| |
| |
Bug Id: | CSCuu77478 |
Title: | MPLS LDP crash due to invalid packet IOS-XR 5.1.3 |
|
Description: | Symptoms:
A vulnerability in MPLS LDP packet processing Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the MPLS LDP process on the
affected device.
The vulnerability is due to improper processing of crafted MPLS LDP packet. An attacker could exploit this vulnerability by sending crafted MPLS LDP packets to be
processed by an affected device. An exploit could allow the attacker to cause a reload of the MPLS LDP process on the affected device.
Conditions:
Cisco IOS XR device configured to process MPLS LDP packets.
Workaround:
Disable advertising of FECs with prefix length <=24
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2015-4223 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 08-JUL-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | 5.3.2.13i.MPLS |
|
|
| |
| |
Bug Id: | CSCub10126 |
Title: | umass_enum process should recover in USB device freeze, halt conditions |
|
Description: | Symptom:
---------------
eUSB flash device, called lcdisk0: on CRS-3 linecards, hangs and is not accessible.
"dir lcdisk0: location <>" will return an error, and the logs may be flooded by USB driver messages from the affected linecard.
Conditions:
----------------
Affects MSC-140G and FP140.
Recovery:
---------------
RP/0/RP0/CPU0: run attach 0/X/CPU0
ksh # ls lcdisk0: // to confirm the problem, this should return file or directory not found or a similar error
ksh # pidin | grep io-usb
ksh # pidin | grep devb-umass
//on another console in exec
RP/0/RP0/CPU0:ios#process shutdown umass-enum location
//back to first console
ksh # kill -9
ksh # kill -9 //if this was present before
ksh # ls lcdisk0: //if this still does not work, reload the card to recover.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 4.0.3.BASE |
|
Known Fixed Releases: | 4.2.3.24i.BASE, 4.3.0.23i.BASE |
|
|
| |
| |
Bug Id: | CSCut96383 |
Title: | After Mid node Power cycle,WRKING CNTLR ODU State is showing NOT-ACTIVE |
|
Description: | Symptom:
After Mid node Power cycle, working controller ODU State is showing NOT-ACTIVE in "show controller odu-group protection-detail"
Conditions:
After Mid node Power cycle, wrong state is updated.
Workaround:
None
Reproducibility (%):1/2
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 6.0.0.5i.BASE, 6.0.0.5i.FWDG, 6.0.0.5i.MGBL, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCur25840 |
Title: | Traffic drop on link recovery with PSE drops in the egress direction |
|
Description: | Symptom:
Traffic drop on bundle link restoration from a backup link
Conditions:
unshut of the primary link
Workaround:
None
Further Problem Description:
For ipv4 traffic outage, drops are reported as "MPLS remote next hop" and for ipv6 outage, drops are reported as "IPv6 L3LI drop".
Node 0/4/CPU0 Egress PSE Stats
--------------------------------
Punt Stats Punted Policed & Dropped
---------- ------ -----------------
Diagnostic 180 0
IPv6 L2LI punt 16 0
Drop Stats Dropped
---------- -------
IPv6 L3LI drop 1
MPLS remote next hop 317568
Debug Stats Count
----------- -----
IPv6 link-local packets 29
Pre route IPV6 pkt 19
RP/0/RP1/CPU0:DCMAR2#
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: | 5.3.2.13i.FWDG |
|
|
| |
| |
Bug Id: | CSCut84185 |
Title: | VZW SR 634093469: Traffic drops with PBTS: drop_reason 445 |
|
Description: | Symptom:
Hardware chain gets corrupted sometimes when PBTS is enabled
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 5.1.2.BASE, 5.1.4.BASE |
|
Known Fixed Releases: | 5.3.1.BASE, 5.3.2.8i.BASE, 5.3.2.9i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuu29035 |
Title: | Traffic glitch on RPVM switchover and traffic loss on RPVM switchback |
|
Description: | Symptom:
Traffic glitch observed on RPFO.
Conditions:
On scale set up, when RP switchover is done, there are some change bits sent to eapd resulting in re-progragramming of x-connect causing traffic glitch.
Workaround:
None
Reproducibility (%): - 100%
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 5.2.4.ADMIN |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut86877 |
Title: | NCS4K :Traffic on DIGI and CPAK Card going down on doing FC OIR |
|
Description: | Symptom:
NCS4K :Traffic on DIGI and CPAK Card going down on doing FC OIR
Conditions:
Steps to repro the issue
1.Plane Shut
2. FC remove
3.Plane Unshut
4. FC insert
Workaround:
After FC insert again execute Plane Shut and Plane Unshut
Further Problem Description:
When the card comes up it matches the plane state sent by FSDB Agg with the Plane state of its DB.
If it matches it will not make any change otherwise it executes the isolation of the link from FIA depending upon the Plane shut/unshut.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu24010 |
Title: | LSP taking 6 sec to 3.5mins to signal restore path. |
|
Description: | 1+R restoration taking 6sec to 3.5 min
Symptom:
LSP taking 6 sec to 3.5mins to signal restore path.
Conditions:
1. Setup multiple tunnels 1+R, with same links for working path.
2. Topology(e.g. single link with minimum admin weight) or path option(explicit) enforces that restoration LSPs will take same link.
3. Make Working path down so that Traffic switches to Restore.
4. Some of the LSPs take 6sec to 3.5min to restore traffic.
Workaround:
None.
Further Problem Description:
Reproducibility (%):
100%
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo77039 |
Title: | LC CPU hog due to TCAM error correction to invalid address |
|
Description: | Symptom:
CPU Hog is seen in 40G LC CPU.
Many processes are blocked on tcam_mgr.
Conditions:
The problem may be observed on CRS-MSC-B and CRS-FP40 if tcam parity errors are triggered.
Workaround:
There is no workaround available.
Recovery:
Reload the linecard.
More Info:
This defect causes tcam_mgr process to stuck in a loop trying to fix parity errors on the tcam. Consequently all processes, which write into tcam are blocked on tcam_mgr. Potential side effects
are traffic drops leading to black-holing.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE |
|
Known Fixed Releases: | 5.1.3.9i.FWDG, 5.2.2.15i.FWDG, 5.2.3.1i.FWDG, 5.3.0.1i.FWDG |
|
|
| |
| |
Bug Id: | CSCto97840 |
Title: | Continous traceback- pkg/bin/mpls_lsd ( Memory Leakage issue) |
|
Description: | Symptom:
RP/0/RP1/CPU0:Apr 22 05:55:29.474 : mpls_lsd[271]:
%ROUTING-MPLS_LSD-7-ERR_GENERAL : A set of line cards have failed to read 0
rewrites in the last 180 seconds, and may be causing forwarding problems :
pkg/bin/mpls_lsd : (PID=524450) : -Traceback= 40009e40 40000484 4c2477d4
4c24575c 40000d28 40000fac 40032ebc
Conditions:
Conditions:
Continuous sending of GRP_MSG_GSP_DELETE_GROUP_NODE message without being freed
caused gsp memory to reach rlimit, which is 500MB
Workaround:
restart gsp process or OIR the card where gsp process memory reaches 500MB
More Info:
1. What is the trigger for this issue?
When last group on a node leaves a group, GRP_MSG_GSP_DELETE_GROUP_NODE will
be sent out. This usually happens to bcdl group where one or more linecards are
slower than others.
2. PI / PD?
It is platform independent.
3. What is the impact of this issue and any traffic impact?
When this happens, gsp memory increases. When gsp memory exceeds a certain
limit (300 MB to 500MB platform dependent), gsp communication gets slower,
eventually, gsp will either crash or stop functioning. when gsp stops
functioning, no route update can't be proceed.
4. Any proactive workaround?
Check gsp memory usage, if it exceeds a certain amount such as 250 MB,
restart gsp or reload the card
5. Recovery/ rectifying steps if we bump into this?
same as step 4.
6. How AT&T comes to know when they are hit with this issue?
Check gsp memory usage on all the cards.
7. Is this SMUable to 3.9.3? If so would the SMU be a reload SMU or a
non-reload SMU?
It would be reload smu.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 3.9.1.BASE, 4.0.3.BASE, 4.1.2.BASE |
|
Known Fixed Releases: | 4.0.4, 4.0.4.2i.BASE, 4.1.1, 4.1.2, 4.1.2.99i.BASE, 4.2.0, 4.2.0.8i.BASE, 4.2.1, 4.2.2, 4.2.3 |
|
|
| |
| |
Bug Id: | CSCur52433 |
Title: | CRS-X SC-GE-22-B silent reset causes CE-LOOP issue |
|
Description: | Symptom:
SC-GE-22-B silent reset with following register value and FCC rack reload due to lost connection with DSC.
0x08000006 (Approximated Time stamp)Cause: Ungraceful reset.Last Reset Status register value = 0x802002
Conditions:
Silent reset of SC-GE-22-B can happen anytime and the reload of FCC rack can happen when there is control-ethernet congestion and drop.
Workaround:
Self-recoverable. If system turns unstable then reload the router to recover.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 5.1.4.BASE, 5.3.1.CE |
|
Known Fixed Releases: | 5.3.1.22i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuq79134 |
Title: | TWC lab:MC2+1 - Long time for SCGE-B to boot during migration |
|
Description: | Symptom:
Long time for SCGE-B to boot due to extra sync of pkgs
Conditions:
in-service upgrade of Trishul (SC-GE-B) in lab, by swapping the SC1 (legacy SC-GE) first.
Workaround:
none
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | 5.1.4.7i.BASE, 5.3.1.7i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCut76127 |
Title: | [NCS4K] Memory leak in shelf_mgr on an idle testbed |
|
Description: | Symptom:
Shelf mgr process leaks memory continously in idle state
Conditions:
524 image on NCS6K
Workaround:
No workaround. Fixed in 525. 524 production smu available.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.5.13i.BASE |
|
|
| |
| |
Bug Id: | CSCui99608 |
Title: | CE errors incrementing for fabric SM2/SP/1/113 on multiple CRSes |
|
Description: | Symptom:
On B2B CRS router CE errors on fabric were continuously incrementing for the same links on both racks so 0/SM2/SP/1/113 and 1/SM2/SP/1/113.
Conditions:
Theses CE errors have been detected in steady state with no observable external influence.
Workaround:
SMU will be prepared to fix this problem.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 5.1.1.19i.BASE, 5.1.11.13i.BASE, 5.1.2.10i.BASE, 5.2.0.12i.BASE |
|
|
| |
| |
Bug Id: | CSCut44902 |
Title: | Operational Status always Unknown for NCS4k. |
|
Description: | Symptom:snmp request to entOperstate for FRU entities
Conditions:FRU entities
Workaround:None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 5.2.3.BASE |
|
Known Fixed Releases: | 5.3.2.10i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCum93144 |
Title: | IPARM cb for IP Addr notification on LC is inconsistent for current upd |
|
Description: | Symptom:
Client Applications running on LCs May not receive IP Address Callbacks/updates in the following cases:
1) multiple Registrations/Un registrations
2) client Apps configured with Dual stack
3) Loopback delete and configure
Conditions:Cline process running only on LC
Workaround:None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 5.2.0.BASE |
|
Known Fixed Releases: | 5.2.0.25i.FWDG |
|
|
| |
| |
Bug Id: | CSCut30136 |
Title: | Mandatory SMU SAM changeset for certificate expiration. |
|
Description: |
Moving based on request from TAC engineers.Symptom:When we try to to install add any SMU/Pie post October 2015 all will run in to this error. Since our certificate will expire at oct 2015.
Error: Cannot proceed with the add operation because the code signing
Error: certificate has expired.
Error: Suggested steps to resolve this:
Error: - check the system clock using 'show clock' (correct with 'clock
Error: set' if necessary).
Error: - check the pie file was built within the last 5 years using
Error: '(admin) show install pie-info
Error: /tftp://202.153.144.25/auto/tftp-sjc-users3/jamohamm/IMAGES/asr9k-
Error: mcast-px.pie-4.3.2'.
Conditions:Install add on any SMU/Pie post Oct 2015.
Workaround:No workaround as of now.
More Info:We will not be able to add any SMU/Pie post Oct 2015.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: | 4.3.2.SP8, 4.3.4.SP8, 5.3.1.26i.BASE, 5.3.2.3i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCur08109 |
Title: | (530-SSR3)PKT_INFRA-HFR_PFI-3-INFRA_ERROR : Infra error platform_pfi: qu |
|
Description: | Symptom:
infra hfr pfi syslog flooding on console
Conditions:
on rack oir
Workaround:
none.
Further Problem Description:
Some client queries with NULL ifhandle would encounter an error returned by IM for the query status. IM does not expect an attribute query to come with a NULL ifhandle. Thus, in PFI, we skip calling IM api if the ifhandle sent by client in the request is NULL.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.1.4.10i.BASE, 5.3.0.12i.BASE |
|
|
| |
| |
Bug Id: | CSCuu50903 |
Title: | XML sends disconnection request to CTC even though node is accessible. |
|
Description: | Symptom:
XML sends disconnection request to CTC even though node is accessible.
Conditions:
When node is accessed through CTC.
Workaround:
Further Problem Description:
XML sends disconnection request to CTC even though node is accessible.
While performing ISSU through CTC , in between XML sends disconnection request to CTC even though node is accessible through ping & telnet.
4 bytes from 10.127.59.236: icmp_seq=64459 ttl=250 time=1.61 ms
64 bytes from 10.127.59.236: icmp_seq=64460 ttl=250 time=1.68 ms
64 bytes from 10.127.59.236: icmp_seq=64461 ttl=250 time=1.87 ms
64 bytes from 10.127.59.236: icmp_seq=64462 ttl=250 time=1.69 ms
### XR Information
User = satkris2
Host = bgl-ads-956
Workspace = /nobackup/satkris2/DT28-r52x-ncs4k-May22
Lineup = proj:r52x-ncs4k%EFR-00000304788
XR version = 5.2.4.17I
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtr88602 |
Title: | Polling doesnt return any values against stats supported L2 subintf basi |
|
Description: | Symptom:
IfInOctets and IfOutOctets does not return a value.
Conditions:
n/a
Workaround:
n/a
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 4.1.0.BASE, 4.2.0.BASE |
|
Known Fixed Releases: | 4.1.2.22i.BASE, 4.2.0.16i.BASE |
|
|
| |
| |
Bug Id: | CSCus77196 |
Title: | 1D-Convergence 531 results degraded in many areas with 530 as baseline |
|
Description: | Symptom:
Convergence results are degraded
Conditions:
With 531 14I
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv00287 |
Title: | Fixes for mpg-dev collapse 23/06/15 |
|
Description: | The bug occurred in a development lineup and so was never released to any customers.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCun73211 |
Title: | CRS-X 90sec delay for recursive BGP IPv4 hw CEF program on LC insertion |
|
Description: | Symptom:
Ingress and egress traffic drop upon insertion of a CRS Series 40x10GbE interface module. OIR is simulated using the 'no hw-module power disable location ' admin configuration command. Loss duration observed to last up to around 90 seconds and to impact BGP IPV4 prefixes before complete traffic restoral.
Conditions:
40x10GbE interface module insertion in CRS -X running IOS-XR 5.1.1 release. Interfaces on this line card are configured as active bundle-ethernet member links with mixed CRS-FP-X+40X10GE and CRS-FP140+14X10GBE interfaces on local CRS-X router. Ingress and egress traffic is being sent over the bundle-ether interface.
Workaround:
1) Manually shut the interfaces of the 40x10GbE interface module being inserted. Wait for the module to be operational and manually restore (no shut) the active interfaces.
OR
2) Configure the carrier-delay up 60000 command on all interfaces to mitigate any convergence due to asynchronous programming of ingress and egress line cards.
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# int tenGigE 0/9/0/0
RP/0/RP0/CPU0:router(config-if)# carrier-delay up 60000
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.1.1.FWDG |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCul58246 |
Title: | Service Pack version handling |
|
Description: | This fix enables detecting SP as a SMU like package. Without it, the SP will have deactivation/version issues.
Symptom:
Service Pack version in "show version" is incorrect. Service Pack deactivation fails.
Conditions:
Service Pack is activated on any image.
Workaround:
No workaround.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE |
|
Known Fixed Releases: | 4.3.2.SP1, 4.3.2.SP2, 4.3.2.SP3, 4.3.2.SP5, 4.3.2.SP6, 4.3.2.SP7, 4.3.2.SP8, 4.3.4.SP1, 4.3.4.SP4, 4.3.4.SP5 |
|
|
| |
| |
Bug Id: | CSCuu40416 |
Title: | ATT-CERT: bfd crash on multiple METRO nodes on MC after router reload |
|
Description: | Symptom:
bfd_agent process cash with core dump crash on multiple METRO nodes on MC after router reload.
After this it restarts and does not crash.
Conditions:
Condition under which it occurred in test set up was with MC metro setup on reload of router.
Workaround:
no workaround as of now, but happens only on router reload.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.CE, 5.3.2.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu32699 |
Title: | After RPvm Switchover traffic fluctuation observed on multiple tunnels |
|
Description: | Symptom:
After Active RP reload/ RP side switch, Traffic for some odu-group-te tunnels fluctuates.
Conditions:
1. Configure several odu-group-te tunnels with a mix of 1+1 and 1+1+R protection types.
2. Toggle status of GCC communication channel between the node participating the in above circuit.
3. Side switch the active RP.
4. Traffic for some of the tunnels created in Step1 will fluctuate
Workaround:
None
Further Problem Description:
Reproducibility: 10% (Very-Rare)
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv17805 |
Title: | MSDP sessions are kept flapping on CRS router |
|
Description: | Symptom:
All of MSDP sessions are kept flapping on the router
Conditions:
Workaround:
MSDP process restart will recover the router back to normal.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.MCAST |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv19963 |
Title: | subintf deleted from xr but DPA still has the intfs |
|
Description: | Symptom:
RP/0/RP0/CPU0:pe1-uut#sh arp vrf vpnv4v6
-------------------------------------------------------------------------------
0/RP0/CPU0
-------------------------------------------------------------------------------
Address Age Hardware Addr State Type Interface
91.1.0.2 - 90e2.ba8e.c075 Interface ARPA TenGigE0/0/0/3
110.1.0.1 - 90e2.ba84.d55d Interface ARPA TenGigE0/0/0/2
192.3.1.2 - 5246.8b6e.6de4 Interface ARPA GigabitEthernet0/0/0/6.100
192.3.6.2 - 5246.8b6e.6de4 Interface ARPA GigabitEthernet0/0/0/6.1
RP/0/RP0/CPU0:pe1-uut#
Somehow it seems that the dpa and xr are out of sync.
On XR, there is no ten 0/0/0/3.100 and 101 configured, but these vlans are shown in dpa.
Cc Jason/Yuren here:
Could you please have a look?
Vnc: ott2lab-as3:!7/spirit
RP/0/RP0/CPU0:pe1-uut#sho controllers dpa inter
Name Idx State Counter Count
GigabitEthernet0/0/0/6.1 17 up rx packets 135
rx bytes 13230
punts 135
GigabitEthernet0/0/0/6.100 20 up rx packets 134
rx bytes 12596
punts 134
GigabitEthernet0/0/0/6.101 21 up rx packets 98
rx bytes 8820
punts 98
GigabitEthernet0/0/0/6.102 22 up rx packets 142
rx bytes 9300
punts 142
GigabitEthernet0/0/0/6.2 18 up rx packets 97
rx bytes 9118
punts 97
GigabitEthernet0/0/0/6.3 19 up rx packets 129
rx bytes 8556
punts 129
TenGigE0/0/0/1.1 13 up rx packets 214
rx bytes 126338
punts 214
TenGigE0/0/0/1.2 14 up rx packets 212
rx bytes 123310
punts 212
TenGigE0/0/0/1.200 15 up rx packets 213
rx bytes 124268
punts 213
TenGigE0/0/0/1.201 16 up rx packets 212
rx bytes 122754
punts 212
TenGigE0/0/0/3.100 13 up rx packets 214
rx bytes 126338
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut51192 |
Title: | LDP does not have a retry mechanism if failure in vbind observed |
|
Description: | Symptom:
MPLS LDP stop forwarding and the 'Failed lookup' count incrementing in show mpls forwarding summary output.
Conditions:
No NSR configured for LDP and RP FO
Workaround:
None
Further Problem Description:
Problem can be recovered with MPLS LDP process restart
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | 5.3.1.27i.MPLS, 5.3.1.28i.MPLS, 5.3.2.6i.MPLS, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCus51067 |
Title: | incorrect FGID programming on replacing Zircon with Metro Fabric |
|
Description: | Harmless errors message seen after replacing Zircon(400G HQ-B2B fabric card) card with Metro(40G fabric card) during downgrade in B2B system.
Symptom:
SP/0/SM0/SP:Jan 12 11:32:26.013 : sfe_drvr[130]: %FABRIC-FABRIC_DRVR-3-ERRRATE_EXCEED_SLOW : s2/0/SM0/SP/0 HP NQ Err: rack-grp: 4
Conditions:
Message is seen in downgrade case in HQ B2B router. When we replace 400G SM card to 40G SM card.
Workaround:
No workaround. Message is harmless.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCue58377 |
Title: | BGP session clear needed to bring up L2VPN tunnels under some situation |
|
Description: | Symptom:L2 VPN sessions may not come up for VPLS with BGP signalling in IOS XR Release 4.2.3.
Conditions:VPLS with BGP signalling.
Problem is reproducible for VPLS VLAN mode and for VPWS VLAN and Port modes.
Workaround:The BGP neighbour session may be flapped to restore the L2 VPN sessions.
More Info:The issue is resolved in IOS XR Release 4.3.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 4.3.1.27i.ROUT, 4.3.2.11i.ROUT, 4.3.2.17i.ROUT, 5.0.1.99i.BASE, 5.1.0.3i.ROUT |
|
|
| |
| |
Bug Id: | CSCus53252 |
Title: | pm_collector crash due to replicator hit the assert. |
|
Description: | Symptom:
snmp stats collection enabled on the XR device
Conditions:
XR Software
Workaround:
Reload the box
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | 5.3.1.22i.MGBL, 6.0.0.5i.MGBL |
|
|
| |
| |
Bug Id: | CSCuv08423 |
Title: | Fabric errors along with fabricq_mgr crash with planes down on MC 8+1 |
|
Description: | Symptom:
Fabric errors bringing planes down
Conditions:
No apparent trigger
Workaround:
None
Further Problem Description:
Following errors were observed:
RP/0/RP0/CPU0:Jun 28 19:15:46.860 : pm_collector[362]: %MGBL-PM-7-INTERNAL : Failed to remove instance from collection set for request id: '3' : sonetpath_sts_15min
SP/2/SM3/SP:Jun 28 19:16:36.113 : sfe_drvr[130]: %FABRIC-FABRIC_DRVR-3-ERRRATE_EXCEED_SLOW : s3/2/SM3/SP/0 LP NQ Err: msc-dest: RP- 16 17;
LC/2/0/CPU0:Jun 28 19:16:36.112 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e600a Out Of Resources error.
LC/2/1/CPU0:Jun 28 19:16:36.113 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e602d Out Of Resources error.
LC/2/6/CPU0:Jun 28 19:16:36.112 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e6028 Out Of Resources error.
LC/2/5/CPU0:Jun 28 19:16:36.113 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e601f Out Of Resources error.
LC/2/7/CPU0:Jun 28 19:16:36.113 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e6025 Out Of Resources error.
LC/2/4/CPU0:Jun 28 19:16:36.113 : fabricq_mgr[178]: %FABRIC-FABRICQ-6-ERR_ASIC_OOR : Fabricq Asic 0 encountered Write CSN OOR: Capture register= 0x864e6023 Out Of Resources error.
LC/2/0/CPU0:Jun 28 19:16:36.117 : fabricq_mgr[178]: %FABRIC-FABRICQ-3-RESET : Reseting Fabricq ASIC Device 0. Reason: WR_CSN_OOR
LC/5/2/CPU0:Jun 28 19:16:36.495 : platform_mgr_common[283]: %PLATFORM-HFR_PM-3-COMMUNICATION_ERR : Device fabricq #0 has a fault=CATASTROPHIC. action: Immediate Rebooting Node
LC/5/2/CPU0:Jun 28 19:16:36.528 : ingressq[234]: %FABRIC-INGRESSQ_DLL-4-BRM_AGGR_DELTA_THRSHLD : BRM aggr delta, spo link: 0, cast: 2, threshold: 128001
LC/5/2/CPU0:Jun 28 19:16:36.555 : ingressq[234]: %FABRIC-INGRESSQ_DLL-4-BRM_INVALID_INPUT : BRM invalid input; spo: 0, cast: 3, current_barr: a input_barr: 0
LC/5/2/CPU0:Jun 28 19:16:36.565 : platform_mgr_common[283]: %PLATFORM-HFR_PM-3-COMMUNICATION_ERR : Device fabricq #0 has a fault=CATASTROPHIC. action: Immediate Rebooting Node
LC/5/2/CPU0:Jun 28 19:16:36.632 : ingressq[234]: %FABRIC-INGRESSQ_DLL-6-WDG_BARRIER_STALLED : BRM UCH: barrier stalled.
LC/5/2/CPU0:Jun 28 19:16:36.632 : ingressq[234]: %FABRIC-INGRESSQ_DLL-6-WDG_BARRIER_STALLED : BRM UCL: barrier stalled.
LC/5/2/CPU0:Jun 28 19:16:36.633 : ingressq[234]: %FABRIC-INGRESSQ_DLL-6-WDG_BARRIER_STALLED : BRM MCH: barrier stalled.
LC/5/2/CPU0:Jun 28 19:16:36.633 : ingressq[234]: %FABRIC-INGRESSQ_DLL-6-WDG_BARRIER_STALLED : BRM MCL: barrier stalled.
LC/5/2/CPU0:Jun 28 19:16:36.642 : bfd_agent[127]: %L2-BFD-6-SESSION_STATE_DOWN : BFD session to neighbor 10.1.227.70 on interface POS5/2/1/0 has gone down. Reason: Fwding plane reset
LC/5/2/CPU0:Jun 28 19:16:36.642 : bfd_agent[127]: %L2-BFD-6-SESSION_STATE_DOWN : BFD session to neighbor 10.1.227.70 on interface POS5/2/0/0 has gone down. Reason: Fwding plane reset
SP/4/SM0/SP:Jun 28 19:16:36.612 : sfe_drvr[131]: %FABRIC-FABRIC_DRVR-3-BM_DEAD_NODE_FAILURE : BM Dead Node Failure Occured for Aggregation Node (s2s3) : (superstar/4/SM0/SP/1).
SP/4/SM0/SP:Jun 28 19:16:36.935 : sfe_drvr[131]: %FABRIC-FABRIC_DRVR-3-BM_DEAD_NODE_FAILURE : BM Dead Node Failure Occured for Aggregation Node (s1) : (superstar/4/SM0/SP/1).
SP/4/SM0/SP:Jun 28 19:16:37.209 : sfe_drvr[131]: %FABRIC-FABRIC_DRVR-3-BM_DEAD_NODE_FAILURE : BM Dead Node Fa
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCud35723 |
Title: | isi_link<x>_sz_mm_err causing LC reset |
|
Description: | Symptom:
An excessive noisy transmission network could cause LC reset. Excessive CRC
errors could lead to corrupted packets from the transmission into linecard,
especially with SIP-800, where lots of size mismatch errors could be generated.
These size mismatch errors are the size mismatch between the PLIM header and
IP header. These size mismatched packets are mostly dropped by the PLIM,
but sometimes sent to PSE ucode. In very rare timing situations, this may cause
the LC reset.
Conditions:
Noisy transmission network on POS SPA may cause sz_mm_err/crc_stomp_err packets
on MSC40 PSE. If there are many ingress features configured such as URPF, Biscuit
and Netflow, and high traffic rate with size mismatch error, in rare timing situations,
this may cause the asic scan and LC reset.
Workaround:
None
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 4.0.4.BASE, 4.1.1.BASE |
|
Known Fixed Releases: | 4.3.1.17i.FWDG, 4.3.2.3i.FWDG, 5.1.0.2i.FWDG |
|
|
| |
| |
Bug Id: | CSCuh00948 |
Title: | %IP-TCP_NSR-5-DISABLED :NSR disable TCP Retransmission threshold exceed |
|
Description: | Symptom:
BGP NSR is getting disabled
Conditions:
When there is a high number of BGP update packets, the receive window of active TCP can go to zero. This will trigger the issue, when NSR is enabled.
Workaround:
Usually this condition will recover itself, whenever BGP retries the NSR bring up
Further Problem Description:
Use following steps to find out, whether you are hitting this issue or not.
1. Collect show tcp dump all from both active and stand by RPs. This will have TCP packet dump from both active and stand by
2. Check for window size(WIN 0 in below output) in active RP packet dump for the session which is under investigation. If window size is zero, then we may be hitting this issue..
Jun 6 13:00:56.856>s --A-P- SEQ 1430658199 ACK 224754998 LEN 19 WIN 0 (pak: 0x0, line: 732)
^^^ KA sent, but with zero window.
3. If window size is not zero, then it may be some packet path issue, because of which TCP hitting retransmission and which in turn causing NSR down. Please triage further on packet path issue aspect.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 4.3.4.8i.FWDG, 5.1.1.3i.BASE, 5.1.1.3i.FWDG, 5.1.11.1i.BASE, 5.1.11.1i.FWDG, 5.2.0.1i.BASE, 5.2.0.1i.FWDG |
|
|
| |
| |
Bug Id: | CSCug41214 |
Title: | router-convergence local config deletion leads to stale inheritance |
|
Description: |
Symptom:Stale inheritance is seen when a config submode is being deleted, that has a config-group applied under the submode.
Conditions:A config-group has been defined and applied with regular expression under a submode. Then, delete the submode.
Workaround:There is no workaround. Reload of the router is required to delete the stale inheritance.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 4.3.4.BASE, 5.1.0.BASE, 5.1.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus96631 |
Title: | l2vpn stats with bundle AC stops working with only NPU1 member |
|
Description: | Symptom:
"show l2vpn forwarding interface bundle-ether 9.30 ..."
When the above command is issued, the stats counters are failed to increment when the below steps are
performed...
1. Configure a bundle interface with 2 members one in NPU0 and another in NPU1
2. Configure VPWS or local switch with the bundle interface.
3. Remove the interface from NPU0
4. Issue above 'show command...'
The statistics counters are not incremented.
Conditions:
Software Configuration of VPWS or Local Switch with bundle Interface. Two member ports one in NPU 0 and another in NPU 1.
When member port 0 is removed from bundle, then the statistics are not incrementing.
Workaround:
No Workaround.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 5.3.1.LC |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv29186 |
Title: | Issue in configuring OTN mode after removing from packet mode on Arwen. |
|
Description: | Symptom:
Issue in configuring OTN mode after removing from packet mode on Arwen.
Conditions:
After moving the interface from packet mode.
Workaround:
Further Problem Description:
After removing the packet mode from the interface when I am trying to configure with OTN mode , it's getting error out with following error.
RP/0/RP0:vpws_frodo(config)#controller optics 0/6/0/2
RP/0/RP0:vpws_frodo(config-Optics)#port-mode otn framing opu2
RP/0/RP0:vpws_frodo(config-Optics)#commit
Fri Jul 10 02:21:49.991 UTC
% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors
RP/0/RP0:vpws_frodo(config-Optics)#show configuration failed inheritance
Fri Jul 10 02:26:17.739 UTC
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
controller Optics0/6/0/2
port-mode Otn framing opu2
!!% Unable to query IM attr for requested interface: 'portmode' detected the 'warning' condition 'Unable to query IM attr for requested interface'
!
End
Here even though we do ?un shut? the controller , it remain in DN state .
RP/0/RP0:vpws_frodo(config)#controller optics 0/6/0/2
RP/0/RP0:vpws_frodo(config-Optics)#no shutdown
RP/0/RP0:vpws_frodo(config-Optics)#commit
RP/0/RP0:vpws_frodo(config-Optics)#do show controllers optics 0/6/0/2
Fri Jul 10 04:36:14.042 UTC
Controller State: Down
Transport Admin State: In Service
RP/0/RP0:vpws_frodo#show running-config controller optics 0/6/0/2
Fri Jul 10 04:44:15.014 UTC
% No such configuration item(s)
RP/0/RP0:vpws_frodo(config-Optics)#do show version
Fri Jul 10 02:33:07.972 UTC
Cisco IOS XR Software, Version 6.0.0.06I
Copyright (c) 2013-2015 by Cisco Systems, Inc.
Build Information:
Built By : abhharih
Built On : Wed Jul 8 15:30:17 IST 2015
Build Host : bgl-ads-2296
Workspace : /nobackup/abhharih/xspeed_latest
Version : 6.0.0.06I
Location : /opt/cisco/XR/packages/
RP/0/RP0:vpws_frodo(config-Optics)#do show hw-module fpd | in 0/6
Fri Jul 10 04:40:24.764 UTC
0/6 NCS4K-2H10T-OP-K 0.2 CCC-FPGA CURRENT 1.10 1.16
0/6 NCS4K-2H10T-OP-K 0.2 CCC-Power-On CURRENT 1.03 1.03
0/6 NCS4K-2H10T-OP-K 0.2 DIGI1 CURRENT 2.03 2.03
0/6 NCS4K-2H10T-OP-K 0.2 DIGI2 CURRENT 2.03 2.03
0/6 NCS4K-2H10T-OP-K 0.2 Ethernet-Switch CURRENT 1.01 1.01
0/6 NCS4K-2H10T-OP-K 0.2 PLX-8649 CURRENT 0.02 0.02
0/6 NCS4K-2H10T-OP-K 0.2 Primary-ZYNQ CURRENT 1.04 1.04
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu12932 |
Title: | After Reload of card having NNI link odu-group-ma process blocked |
|
Description: | Symptom:
After Reload of card having NNI link odu-group-ma process blocked and traffic is dropped
Conditions:
NNI links and traffic flooding on OTN GMPLS-TE circuits
Workaround:
NONE
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.4.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCug87067 |
Title: | %ROUTING-FIB-5-ROUTE_UPDATE_DROP : LABEL-RECYCLING for CSC PE-CE link |
|
Description: | RNE Enclosure
Symptom:
Logs containing the following appear
fib_mgr[209]: %ROUTING-FIB-5-ROUTE_UPDATE_DROP : LABEL-RECYCLING
Forwarding for the old label fails.
Conditions:
If BGP resolves a nexthop using a labeled BGP route and that nexthop is deleted, BGP also deletes the label for that route, but continues to use it.
Workaround:
process restart mpls_lsd location all
or
process restart bgp location all
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 4.1.2.BASE, 4.3.2.BASE |
|
Known Fixed Releases: | 5.2.4.6i.ROUT, 5.3.1.7i.ROUT, 6.0.0.5i.ROUT |
|
|
| |
| |
Bug Id: | CSCur34277 |
Title: | 530: ksh crash is seen on Tomahawk A9K-8x100GE-L-SE |
|
Description: |
Symptom:ksh crash is seen on A9K-8x100GE-L-SE
Conditions:RSP Switchover or when line card boots up
Workaround:No impact, only crash is observed
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE, 5.3.1.BASE |
|
Known Fixed Releases: | 5.3.1.21i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCur26433 |
Title: | IOS-XR : evaluation of SSLv3 POODLE vulnerability |
|
Description: | Symptom:
This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-3566
This bug has been opened to address the potential impact on this product.
Conditions:
Workaround:
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 2.6/2.5
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 5.1.3.K9SEC, 5.3.2.K9SEC, 5.3.3.BASE, 5.3.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur04769 |
Title: | pkg/bin/sysdb_mc crash on loading ACL scale config |
|
Description: |
Symptom:sysdb_mc process will crash and might result in system getting hang for few minutes, but it will self recover and the system will become stable after few minutes
Conditions:This crash is seen when we try to load a big ACL config(~ 300K lines)
Workaround:This crash is not seen for smaller config (~150K lines)
More Info:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | 5.2.4.8i.BASE, 5.2.5.4i.BASE, 5.3.0.18i.BASE |
|
|
| |
| |
Bug Id: | CSCuu32416 |
Title: | CTC shows stale entry of ISSU due to lack of error handling. |
|
Description: | Symptom:
When CTC sends any ISSU command through XML to the node then CTC displays the logs for the same operation on the ISSU Wizard. For this we fetch last 1 install log from the node. CTC does not match operation id which have been received from log with the last operation id which was received for the command. And CTC displays all logs to the user in ISSU wizard.Hence in case the operation has not been started on the node,then CTC does not display any error to the user and displays last completed/aborted logs in ISSU wiizard
Conditions:
in case the operation has not been started on the node,then CTC does not display any error to the user and displays last completed/aborted logs in ISSU wiizard.
Workaround:
Check in the XML logs and CLI to get details about the operation failure.
Do appropriate action via CLI/CTC and start Issu again.
Further Problem Description:
Expected Resolution :- Error handling shall be done in CTC ISSU wizard in 6.0 reloease
Reproducibility (%) :- 30 %
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut42562 |
Title: | Unicast Traffic dropped as discard drops in ingressq on Standby RP OIR |
|
Description: | Symptom:
In a 8+2 multichassis setup used for system testing with fabqos configured, there is a 10G snake setup spanning 5 MSC-X line cards. When the standby RP of rack 7 is reloaded(where there are MSC-X cards in rack 7 that has participated in the snake traffic), few discard drops are seen in ingressq of some MSC-X cards.
Conditions:
This issue would be seen with multichassis and single chassis setups which have high volume of traffic, when the standby RP is reloaded or in case of RP failover. It may be that only some RPs in the multichassis may cause this. We have seen the issue with mixed streams of IPv4, IPv6 and MPLS traffic. Also this issue would typically be seen when lot of protocols are enabled in the router.
Workaround:
In case there is no AF traffic in the system, consider disabling fabqos. With fabqos disabled, this issue is not seen.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv14219 |
Title: | BFD ipv6 session in INIT state due to ipv6 adjacency missing |
|
Description: | Symptom:
RP/0/RP0/CPU0:pe1-uut#sh bfd ipv6 session
Interface Dest Addr
Local det time(int*mult) State
H/ NPU Echo Async
------------------- --------------- ---------------- ---------------- ----------
Te0/0/0/3 901:a01:1::1
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/4 fe80::5046:12ff:fe54:8d6e
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/5 901:a03:3::1
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.1 2002:c003:600::1
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.2 fe80::5046:70ff:feb4:7385
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.3 2002:c003:600::2:1
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.100 2002:c003:100::1
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.101 fe80::5046:70ff:feb4:7385
No n/a 0s 6s(2s*3) INIT
Gi0/0/0/6.102 2002:c003:100::2:1
No n/a 0s 6s(2s*3) INIT
RP/0/RP0/CPU0:pe1-uut#
RP/0/RP0/CPU0:pe1-uut#sh run router stati
router static
address-family ipv4 unicast
3.0.0.0/16 91.3.0.1
3.0.0.0/16 192.3.3.1
3.0.0.0/16 192.3.8.1
5.0.0.0/8 5.14.0.1
101.0.3.1/32 91.3.0.1 bfd fast-detect minimum-interval 100 multiplier 3
101.0.3.1/32 192.3.3.1 bfd fast-detect minimum-interval 100 multiplier 3
101.0.3.1/32 192.3.8.1 bfd fast-detect minimum-interval 100 multiplier 3
223.255.0.0/16 5.14.0.1
!
address-family ipv6 unicast
3::/112 901:a03:3::1
3::/112 2002:c003:100::2:1
3::/112 2002:c003:600::2:1
101:3::1/128 901:a03:3::1 bfd fast-detect minimum-interval 100 multiplier 3
101:3::1/128 2002:c003:100::2:1 bfd fast-detect minimum-interval 100 multiplier 3
101:3::1/128 2002:c003:600::2:1 bfd fast-detect minimum-interval 100 multiplier 3
!
vrf vpnv6
!
vrf vpnv4v6
address-family ipv6 unicast
2007:1::2/128 901:a01:1::1
!
!
!
Conditions:
image:
Refpoint = calvados/release@ci-msl/10
Built By : kentp
Built On : Sun Jun 28 18:04:40 EDT 2015
Build Host : ott-pd-vs-016
Workspace : /workspace/kentp/dt_images/5.4.0.11I/workspace
Source Base : ios_ena
Devline : r54x.lu
Devline Type : ACME Project (Devline uses a project: r54x%46)
r54x EFR-00000307677 Project
ci-msl EFR-00000306788 Lineup
ci-532 EFR-00000305773 Lineup
default EFR-00000304397 Lineup
RP/0/RP0/CPU0:ce1#
Workaround:
1. try shut/noshut interface first to see if the BFD session can recover.
2. if still not working, process restart ipv6_io, ipv6_ea, ipv6_ma
Further Problem Description:
For Single Hop BFD, a 6VPE config or a vrf config is immaterial, since it will always sends down a completely L2 encapsulated packet injected to port. If the session is stuck in INIT state it is likely because either adj is not resolved or the initial packet is not being received by the neighbour. I followed the above and found that the adjacency for v6 is not resolved for any of the interfaces below on PE1. I can also see that CE1 has not received the packet from PE1 to be able to resolve from DOWN to UP state. PE1 is in INIT state because it received packet from CE1. The adjacency of the corresponding interface on CE1 is resolved.
I tried shut/no shut and
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv23532 |
Title: | [arwen] Tagged traffic is not flowing over port based cross connect |
|
Description: | Symptom:
Tagged traffic is not flowing over port based cross connect
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu21429 |
Title: | npu0 and npu1 asic in bad state after successive npu pon resets |
|
Description: | Symptom:
Npu0 and npu1 did not recover.
Conditions:
pon resets on the npu's of different slice , and also when one pon is over, I executed another pon on the same slice.
Workaround:
reload LC
Further Problem Description:
pon resets on the npu's of different slice , and also when one pon is over, I executed another pon on the same slice. Npu0 and npu1 did not recover.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | 5.2.5.10i.BASE, 6.0.0.6i.BASE |
|
|
| |
| |
Bug Id: | CSCuv01164 |
Title: | After sending traffic tx queues stuck and intf ping no longer works |
|
Description: | Symptom:
TOPO:
IXIA--10G intf sustone---asr9k--IXIA.
Without sending traffic the link between IXIA and sunstone is up and all the routing protocols are up. After sending traffic (3G), the link protocol is down and routing protocols are down as well. After stopping traffic, the interface back to back ping to ixia is no longer working.
The queues are stuck there:
RP/0/RP0/CPU0:ott02-sim-09-uut#show datapath tm subport 2
Subport 2
Parent vPort: 2
Weight: 10200
Rate: 970904
Being Deleted: no
Configured: yes
Queue 16 pkts: 7419 bytes: 1597668
Queue 17 pkts: 5162 bytes: 6255458
Queue 18 pkts: 0 bytes: 0
Queue 19 pkts: 0 bytes: 0
Queue 20 pkts: 0 bytes: 0
Queue 21 pkts: 0 bytes: 0
Queue 22 pkts: 0 bytes: 0
Queue 23 pkts: 0 bytes: 0
Priority Queues: 1
Best effort Queues: 7
RP/0/RP0/CPU0:ott02-sim-09-uut#
Conditions:
image:
Refpoint = calvados/release@ci-msl/10
Built By : therrien
Built On : Mon Jun 22 22:01:23 EDT 2015
Build Host : ott-pd-vs-010
Workspace : /nobackup/therrien/lic
Source Base : ios_ena
Devline : r54x
Devline Type : ACME Project
r54x EFR-00000307085 Project
ci-msl EFR-00000306788 Lineup
ci-532 EFR-00000305773 Lineup
default EFR-00000304397 Lineup
RP/0/RP0/CPU0:ott02-sim-09-uut#
Workaround:
shut/no shut intf or restart uvf
Further Problem Description:
N/A
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut64614 |
Title: | 531-P2MP TE- Tunnel getting created on decap on "receiver-site" config |
|
Description: | Symptom:
With Dynamic P2MP-TE profile and receiver-site configured, P2MP-TE tunnel is still created from Egress PE.
Conditions:
MVPN or GTM with Dynamic P2MP-TE tunnels. receiver-site is configured on the Egress-PEs.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.2.2.MCAST, 5.3.1.MCAST |
|
Known Fixed Releases: | 5.3.1.29i.FWDG, 5.3.1.29i.MCAST, 5.3.1.29i.MPLS, 5.3.2.6i.FWDG, 5.3.2.6i.MCAST, 5.3.2.6i.MPLS, 5.3.2.9i.MCAST, 6.0.0.5i.FWDG, 6.0.0.5i.MCAST, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCun98015 |
Title: | aipc_proxy crash multiple times @ mgd_timer_walk_down_tree on DRP card |
|
Description: | Symptom:
aipc_proxy crashes
Conditions:
Issue applies to all platforms.
Workaround:
None
Further Problem Description:
The issue has no known impact.
Check with support team (TAC) / internally for the crash decode to confirm that this bug is being hit.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE, 4.3.2.BASE, 4.3.3.ROUT, 5.1.2.BASE |
|
Known Fixed Releases: | 5.1.3.8i.BASE, 5.2.0.27i.BASE |
|
|
| |
| |
Bug Id: | CSCus42773 |
Title: | JANUARY 2015 OpenSSL Vulnerabilities |
|
Description: | Symptom:This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
This bug has been opened to address the potential impact on this product.
Conditions:Cisco IOS XR is only affected by CVE-2015-0204 and CVE-2014-3570.
None of the other CVE-IDs are applicable.
The version of OpenSSL used in Cisco IOS XR will be updated under Cisco bug ID: CSCur26433
Affected features that may be impacted:
For CVE-2015-0204 these are the possible features that would be impacted.
* Extensible Markup Language (XML) agent services
* Onep when configured to use ransport tls
* LDAP TLS
* DIAMETER TLS
* SBC using TLS
* Smart Call Home
* OpenFlow using TLS
If the features are not enabled the device is not affected.
Workaround:None.
More Info:PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score.
The Base and Temporal CVSS scores as of the time of evaluation are: 4.3/3.6
http://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from
multiple sources. This includes the CVSS score assigned by the third-party
vendor when available. The CVSS score assigned may not reflect the actual
impact on the Cisco Product.
Additional information on Ciscos security vulnerability policy can be
found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.3.3.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut64636 |
Title: | 531_P2MP- Auto tunnel Down when receiver-site is configured at Decap PE |
|
Description: | Symptom:
P2MP-TE tunnel on head-end does not have the Egress-PE added as a destination
Conditions:
Dynamic P2MP-TE profile is used for MVPN or GTM. Egress-PE is a receiver-site and hence does not announce PTA in the I-PMSI route.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.2.2.MCAST, 5.3.1.MCAST |
|
Known Fixed Releases: | 5.3.1.29i.FWDG, 5.3.1.29i.MCAST, 5.3.1.29i.MPLS, 5.3.2.6i.FWDG, 5.3.2.6i.MCAST, 5.3.2.6i.MPLS, 5.3.2.9i.MCAST, 6.0.0.5i.FWDG, 6.0.0.5i.MCAST, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCus97137 |
Title: | CTC SVG goes out of synch after node disconnect / reconnect |
|
Description: | Symptom:
Not able to get the color of node in node view and alarms in sync
Conditions:
occurs when node is disconnected and then reconnected.
Workaround:
Relaunching the CTC will fix the issue
Expected Resolution :- Fix shall be available in 6.0 release
Reproducibility(%) - 25%
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus72058 |
Title: | continuous mrib assert @ mrib_tunnel_choose_pif on Active & Standby RP |
|
Description: | Symptom:
During NG ISSU on NCS6k platform, there is traffic loss seen for P2MP-TE LSPs
Conditions:
NCS6k supports P2MP-TE midpoint functionality in 5.2.3. If this is configured and an ISSU is performed, then the traffic loss may be seen.
Workaround:
None.
Further Problem Description:
There is no impact for IP-multicast traffic during ISSU on NCS6K.
There is no impact for either LSM or IP-multicast, on ASR9K or CRS platforms.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 5.2.3.BASE, 5.2.3.MCAST, 5.3.1.MCAST |
|
Known Fixed Releases: | 5.2.4.6i.MCAST, 5.3.1.20i.MCAST, 6.0.0.5i.MCAST |
|
|
| |
| |
Bug Id: | CSCuh10252 |
Title: | nfma_took_too_long_to_respond_to_a_verification_request |
|
Description: | Symptom:User could see some of the following symptoms.
1) Commit Failures.
2) High CPU around 40 to 50%
3) process "pifibm_server_lc" blocked on "tcam_mgr" processes.
4) show controllers pse tcam trace location 0/x/cpu0 shows parity errors.
Conditions:If there is a fault in the TCAM device (which might lead to an in-correctable parity error in one more more TCAM addresses) and in this state, a process trys to commit a configuration that uses services of the tcam_mgr. In this scenario while the tcam_mgr is saving logs to the harddisk, tcam_mgr gets blocked, this can cause the above symptoms.
Workaround:Reload the line card.
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 4.0.4.BASE, 4.1.2.BASE |
|
Known Fixed Releases: | 4.3.2.29i.FWDG, 5.1.1.13i.FWDG, 5.1.11.8i.FWDG, 5.1.2.5i.FWDG, 5.2.0.7i.FWDG |
|
|
| |
| |
Bug Id: | CSCuu18623 |
Title: | config change was rejected due to apply failure on "no ethernet oam" |
|
Description: | Symptom:
The user is unable to remove ethernet oam configuration from an interface & receives the error 'The specified interface does not have an entry in the DB'
Conditions:
This is a secondary issue that can only be caused if the running configuration & the ethernet_link_oam_daemon are out of sync. This has never been seen in production images, but could theoretically occur if there is a primary configuration manager issue that causes a configuration inconsistency.
This issue affects all IOS-XR releases containing the link-oam feature until release 5.3.2 where it is fixed.
Workaround:
The user can restart the ethernet_link_oam_daemon process on the affected node with no traffic or operational impact. This with synchronize the ethernet_link_oam_daemon process with the running configuration. After this, configuration removal will work.
Further Problem Description:
This issue is a secondary problem behind an initial configuration inconsistency issue. If this problem is encountered the initial cause of the inconsistency should be investigated as it is likely other parts of the system may also be affected.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 5.3.2.CE |
|
Known Fixed Releases: | 5.3.2.8i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuo22860 |
Title: | TCAM UDP port-id overwritten by GTP TEID when GTP is enabled globally |
|
Description: | Symptom:IPv6 ACL entry for UDP port 2152 fails to match the GTPu traffic and eventually gets denied by the deny ipv6 any any entry at the end of the ACL.
Conditions:The issue can be seen if all of the following conditions are met,
1.CRS router is running IOS XR release 4.2.3 or greater.
2.7-tuple load balancing is enabled using the command cef load-balancing fields L4.
3.GTPu traffic filtering is performed using an IPv6 ACL with the UDP port 2152.
Workaround:
There are couple of workarounds to get around the issue,
1.Disable 7-tuple load balancing.
OR
2.Add an UDP port range 2150 to 2250 ACE to filter the GTPu traffic.
Ex: 2672 permit udp 2001:4888:2030:b000:343:280::/96 2001:4888:2e00::/40 range 2150 2250
More Info:
For IPv6 ACL, TCAM look-up key size is 320 bits, this key contains parameters like src addr, dest addr, src port, dest port, src port range, dest port ranges, etc.
For each incoming packet ucode does range lookup first for both src and dest ports and then prepares tcam lookup key.
Due to a bug in microcode (GTP 4.2.4 ), GTP ?TEID gets wrongly written in the TCAM lookup key where UDP port details are supposed to be written..
In case of ACE with dest port [2152],port_id field in TCAM entry for dest port is over-written by GTP-TEID which results in no match lookup and dropping packets..
Whereas in case of ACE with dest port range [ 2150-2186], port_id field in TCAM entry is programmed with don't care, and since range id covers port 2152, it matches the lookup. Traffic passes..
In short, TCAM corruption happens only when a port is specified and not with range..
50 permit udp 2001:4888:2030:b000:343:280::/96 2001:4888:2e00::/40 eq 2152 - Will not work
200 permit udp 2001:4888:2030:b000:343:280::/96 2001:4888:2e00::/40 range 2150 2186 Works
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | 5.1.3.5i.FWDG, 5.2.0.25i.FWDG |
|
|
| |
| |
Bug Id: | CSCtw89731 |
Title: | PRP fails to boot intermittently after a soft reload |
|
Description: | Symptom: Cisco Performance Route Processor fails to boot at times after soft-reload.
Conditions:Soft reload of PRP.
Workaround:Reseat the card.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 4.1.0.BASE |
|
Known Fixed Releases: | 4.3.2.99i.BASE |
|
|
| |
| |
Bug Id: | CSCud93443 |
Title: | PLA TxBP to EgressQ depletes HP queue |
|
Description: | Symptom:
Traffic loss with egressq[154]: %L2-EGRESSQ_HW_DLL-7-ERR_INTERNAL : Internal error : Egressq Out-Of-Buffer drop detected reason :
sh controller plim asic stat int shows a high amount of 'TxBP' for affected interface.
Conditions:
CRS running 4.0.3
Workaround:
Reloading linecard fixes the issue temporarily.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 4.0.3.BASE |
|
Known Fixed Releases: | 4.3.1.21i.FWDG, 4.3.2.5i.FWDG, 5.1.0.3i.FWDG |
|
|
| |
| |
Bug Id: | CSCuv13031 |
Title: | TDI-AC:show power CLI showing wrong output |
|
Description: | Symptom:
TDI AC with legacy SC and PRP, shows wrong output in 'show power' commands
Conditions:
Seen only with Legacy SC and PRP in 5.3.2
Workaround:
NA
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv26517 |
Title: | IOS-XR: Evaluation for OpenSSL July 2015 vulnerability |
|
Description: | Symptom:
vulnerability: CVE-2015-1793
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication
Conditions:
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
Workaround:
None, we need to move to CiscoSSL 5.4
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 4.3/3.4
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 18-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut96381 |
Title: | History bucket not working |
|
Description: | Symptom:
The history bucket is not working in perf-mgmt. The show command doesnt show any data.
Conditions:
In normal case also the history bucket doesnt work. There is no special trigger for this issue.
Workaround:
Expected Resolution: Please check with the support engineer for information on which release(s) this bug is expected to be fixed.
Reproducibility (%):100%
There is no workaround for this
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv12588 |
Title: | Need debugability to triage inst_agent self test verification failures |
|
Description: | Symptom:
There is not enough debug ability to identify that a node has failed verification of it installed software base.
Conditions:
This issue is seen on a NCS6K router booted with Cisco IOS XR version 5.2.5-09i.
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus65267 |
Title: | ICMP packets dropped on CRS FP-X |
|
Description: | Symptom:
The ping with packet size more than the MTU of link fails and no ICMP type 3 code 4 is returned to the originating node
Conditions:
Topology: Min 3 node
Node A -- Node B -- Node C
Configuration:
Configure MTU x on Node B. Ping Node C from Node A with packet size > MTU(node B)
Expected Behavior:
Node B should send Node A ICMP(type 3 code 4) packets
Workaround:
None
More Info:
Path MTU Discovery is impacted and consequently applications using it, like BGP.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 5.1.3.MPLS |
|
Known Fixed Releases: | 5.3.1.25i.BASE, 5.3.1.25i.FWDG, 5.3.2.3i.BASE, 5.3.2.3i.FWDG, 6.0.0.5i.BASE, 6.0.0.5i.FWDG |
|
|
| |
| |
Bug Id: | CSCuu98875 |
Title: | ISIS: Adj-SID retries fail |
|
Description: | Symptom:
Log messages similar to the following:
Adj-sid-create failed requested for sid:1048576, nh-addr:fe80::216:9dff:fef2:4103, op0->lbl, ifh:(BE26001.1, 0x2080eb0), type 0, tbl 0xe0800000 area_index 1: 0xa2d38016 'MPLS_LSD' detected the 'fatal' condition 'Code(0)': Invalid argument
Conditions:
ISIS with segment-routing configuration.
Workaround:
Configure the interface mentioned in the log message down and then back up, or remove it from the ISIS configuration and re-add it.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 6.0.0.LC, 6.0.0.ROUT |
|
Known Fixed Releases: | 5.3.2.16i.ROUT |
|
|
| |
| |
Bug Id: | CSCuj05980 |
Title: | 100G PLIM crashes on committing invalid wavelength channel 90 |
|
Description: | Symptom:
100G PLIM crashes on committing invalid wavelength channel 90
Conditions:
Invalid wavelength configured. Supported values are 1-89:
RP/0/RP1/CPU0:ios(config)#controller dwdm 0/3/0/0
RP/0/RP1/CPU0:ios(config-dwdm)#wavelength ?
<1-100> Select an ITU channel number; C Band: 1-89
frequency Configure Frequency and Map to ITU Channel
update Configure Wavelength and Map to ITU Channel
Workaround:
Recovery steps:
1. admin-config: hw-module power disable
2. config: change running config of "controller preconfigure dwdm " to a supported wavelength
3. admin-config: no hw-module power disable
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE, 5.1.1.BASE |
|
Known Fixed Releases: | 5.1.1.12i.BASE, 5.1.11.4i.BASE, 5.1.2.2i.BASE, 5.2.0.7i.BASE |
|
|
| |
| |
Bug Id: | CSCtr38857 |
Title: | Router not sending syslogs to syslog server after reload |
|
Description: | Symptom:
During router reload syslog remote host may not be reachable during startup.
But It will become reachable after some time more time. Syslog Retry thread is
designed to retry forever in case syslog remote host is not reachable.
But we observe that it was no retrying after few more attempt which was causes this bug.
Conditions:
1. Configured lots of services to delay the bootup of netinfra (mgmt stack) after a reload.
2. Configure remote logging, then configure syslog traps.
3. Reload the router.
4. If the router syslog server is not able to communicate the remote host within 20 seconds this bug is hit.
Workaround:
1. Restart the syslogd process.
process restart syslogd
2. Remove then re-add the remote syslog configuration.
3. If you have added syslog trap configuration after logging remote configuration;
either comment the syslog trap configuration or reverse the order.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 4.1.1.BASE |
|
Known Fixed Releases: | 4.0.11.7i.BASE, 4.0.4, 4.0.4.14i.BASE, 4.1.2.10i.BASE, 4.2.0, 4.2.0.14i.BASE, 4.2.1, 4.2.2, 4.2.3, 4.2.4 |
|
|
| |
| |
Bug Id: | CSCuu84768 |
Title: | CTC : Changing FEC to None is not possible in CTC |
|
Description: | Symptom:
Change of FEC to None is not possible.
Conditions:
Change of FEC to none was not allowed in any case.
Workaround:
No Workaround From CTC
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu45970 |
Title: | None of the plane has both Admin and Plane states UP over DT4 (arwen lu) |
|
Description: | Symptom:
In the Cisco NCS4k cli the Fabric card and Line cards are reporting as operation down, but traffic is not affected through them
Conditions:
1.insert RP, LC and FC cards into the Cisco NCS4k
2.Restart the R
Workaround:
None
Further Problem Description:
Reproducibility : 0%
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuc74342 |
Title: | snmpd crash @ check_caller_guard |
|
Description: | Symptom:
snmpd crash @ check_caller_guard
Conditions:
continuous snmp walk with slow OID's & system OID's in the background
Workaround:
not known
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | 4.2.4.7i.BASE, 4.3.0.34i.BASE |
|
|
| |
| |
Bug Id: | CSCur69192 |
Title: | CSDL: Standby RSP rsvp process crashed after receiving malformed pkts |
|
Description: | Symptoms:
A vulnerability in RSVP processing of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on an affected
device.
The vulnerability is due to improper parsing of a malformed RSVP packet. An attacker could exploit this vulnerability by sending a malformed RSVP packet to be
processed by an affected device. A successful exploit could allow the attacker to cause a reload of the RSVP process on the affected device.
Conditions:
Device configured for RSVP.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2015-0657 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE |
|
Known Fixed Releases: | 5.2.2.SP1, 5.2.3.13i.MPLS, 5.2.4.1i.MPLS, 5.2.4.2i.MPLS, 5.3.0.16i.MPLS |
|
|
| |
| |
Bug Id: | CSCuu02307 |
Title: | CRS Stopped Working - Protocols flap- rdsfs_svr crashes, nrs |
|
Description: | Symptom:
CRS stopped forwarding traffic, OSPF and LDP flapping, CRS router very slow even executing regular show commands takes minutes to execute.
Error messages in the log related to rdsfs_svr. Standby RP is not Ready.
Conditions:
unknown
Workaround:
Router Reload
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo95165 |
Title: | IOS XR Software Malformed IPv6 Packet Denial of Service Vulnerability |
|
Description: | Symptom:
A vulnerability in the ICMPv6 client library of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause high CPU utilization on a line card of the device running Cisco IOS XR Software and certain IPv6 traffic to the affected device could be dropped.
The vulnerability is due to improper processing of malformed IPv6 packets. An attacker could exploit this vulnerability by sending a malformed IPv6 packet to be processed when IPv6 is configured on an affected device. An exploit could allow the attacker to cause high CPU utilization on a line card of the affected device, and certain IPv6 traffic to the affected device could be dropped.
Conditions:
Device configured to process IPv6 traffic.
Workaround:
restart ipv6_io process
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5/4.1:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2014-3353 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE |
|
Known Fixed Releases: | 4.3.2.SP8, 4.3.4.SP5, 4.3.4.SP6, 4.3.4.SP7, 4.3.4.SP8, 5.1.3.14i.BASE, 5.2.1.28i.BASE, 5.2.2.19i.BASE, 5.2.3.6i.BASE, 5.3.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuu16691 |
Title: | %LIBRARY-REPLICATOR-3-IDT_FAIL : Failed to complete IDT flooding console |
|
Description: | Symptom:
Following messages keeps spewing on the screen from both active/standby RPs:
RP/0/RP0/CPU0:May 2 00:21:36.824 : mpls_ldp[1042]: %LIBRARY-REPLICATOR-3-IDT_FAIL : Failed to complete IDT after several retries: rc 0x0 (Success)
RP/0/RP1/CPU0:May 2 00:22:10.308 : mpls_ldp[1042]: %LIBRARY-REPLICATOR-3-IDT_FAIL : Failed to complete IDT after several retries: rc 0x0 (Success)
Conditions:
Just load the router and boot up mpls_ldp process without LDP GR enabled.
Workaround:
1. configure graceful restart under mpls ldp
2. use the following configuration to suppress this error log:
logging suppress rule test
alarm LIBRARY REPLICATOR IDT_FAIL
!
logging suppress apply rule test
all-of-router
More Info:
The error log is harmless. No functional impact.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 5.2.5.BASE, 5.3.2.CE |
|
Known Fixed Releases: | 5.2.5.10i.MPLS, 5.3.2.9i.MPLS, 6.0.0.5i.MPLS |
|
|
| |
| |
Bug Id: | CSCur72219 |
Title: | BGP crash due to incorrect export RPL chg notif when no vrf issued |
|
Description: | Symptom:BGP crashes with:
Process thread:6 received signal: 11 - SIGSEGV. Segmentation fault. Sender pid:168212
Signal specific information: Signal code 0 - Unknown SIGSEGV code. Accessed BadAddr 0x0 at PC 0xffffffff.
Conditions:Removal of VRF
Workaround:Two Stages of commit required.
First detach policy from global VRF configuration and commit.
Finally delete policy and global VRF configuration and commit.
More Info:The VRF which is being removed does not have any BGP policy, but RPL codes invokes policy change code and not policy remove.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 4.2.4.ROUT |
|
Known Fixed Releases: | 5.2.4.8i.ROUT, 5.2.5.4i.ROUT, 5.3.0.17i.ROUT |
|
|
| |
| |
Bug Id: | CSCus44940 |
Title: | BGP process crash during vrf migration |
|
Description: | Symptom:
BGP crashes when VRFs are added deleted via config/rollback/commit-replace etc.
RP/0/RSP0/CPU0:DC4R902#show run int TenGigE0/0/0/13.1
Mon Dec 8 15:39:40.729 PST
interface TenGigE0/0/0/13.1
description Connection 10GE to DC4R601 SVI VLAN2403 for VRF_DCBB
vrf VRF_DCBB_EMEA
And ran " DC4R901#rollback configuration to import-vrf3"
BGP crashed.
RP/0/RSP1/CPU0:Jan 9 11:43:14.515 PST: dumper[60]: %OS-DUMPER-5-CORE_TRANSFER_STATUS : Transfer of Core file from harddisk:/dumper/first.bgp_1054.by.bgp.sparse.20150109-114241.node0_RSP1_CPU0.x86.Z to harddisk:/coredump/bgp_1054.by.bgp.sparse.20150109-114241.20150109-114248.node0_RSP1_CPU0.x86.Z on local_node suceeded.
RP/0/RSP1/CPU0:Jan 9 11:43:15.991 PST: dumper[60]: %OS-DUMPER-6-CORE_MD5 : harddisk:/coredump/bgp_1054.by.bgp.sparse.20150109-114241.20150109-114248.node0_RSP1_CPU0.x86.Z after transfer. size:8272785 md5:8a035c4182a8419f3e7b2b44c1e2a856
Conditions:
Create a new vrf and apply it to an interface running with an existing vrf. The condition is that RTs are exported via "route-policy" from one VRF and are imported into another VRF via "route-policy". Then this bug triggers.
rollback file:
RP/0/RSP1/CPU0:DC4R901#show configuration rollback changes to import-vrf3
Fri Jan 9 14:51:50.820 PST
Building configuration...
!! IOS XR Configuration 5.1.3
no vrf VRF_DCBB_EMEA
interface TenGigE0/0/0/13.1
description Connection 10GE to DC4R601 SVI VLAN2401 for VRF_DCBB
no vrf VRF_DCBB_EMEA
vrf VRF_DCBB
ipv4 mtu 9000
no ipv4 address 169.65.4.0 255.255.255.254
ipv4 address 169.65.4.0 255.255.255.254
load-interval 30
dampening 1 100 1500 4
encapsulation dot1q 2401
!
!
prefix-set PS_INTERNAL_NETWORK_70X
#list of VRF_DCBB_NETWORK
167.84.204.0/24 le 32,
169.124.64.0/20 le 32,
169.65.0.0/16 le 32,
155.0.0.0/8 le 32,
167.84.13.91/32,
167.84.13.92/32,
167.84.72.79/32,
167.84.72.80/32,
167.84.96.82/32,
167.84.96.81/32,
167.84.96.32/32,
167.84.96.31/32,
10.101.0.0/16 le 32,
10.103.0.0/16 le 32,
10.104.0.0/16 le 32,
10.105.0.0/16 le 32,
10.106.0.0/16 le 32,
10.107.0.0/16 le 32,
10.102.0.0/16 le 32,
10.202.0.0/16 le 32,
10.201.0.0/16 le 32,
10.210.0.0/16 le 32,
201.0.0.0/8 le 32,
155.180.8.202/32,
155.181.8.202/32,
10.2.0.0/16 le 24,
10.3.0.0/16 le 24,
10.4.0.0/16 le 24,
10.5.0.0/16 le 24,
10.6.0.0/16 le 24,
10.7.0.0/16 le 24,
10.238.0.0/16 le 24,
10.239.0.0/16 le 24
end-set
!
router bgp 65400
vrf VRF_DCBB
neighbor 169.65.4.1
remote-as 65141
use neighbor-group NG_CRITICAL_SITES_DATA_CENTER_ROUTES_PLUS_DEFAULT_NO_BFD
description BGP neighbor AS-65141 DC4R601
address-family ipv4 unicast
route-policy RP_CRITICAL_SITES_DATA_CENTER_ROUTES_PLUS_DEFAULT_70X out
!
!
!
no vrf VRF_DCBB_EMEA
vrf VRF_DCBB_EMEA
no rd 167.84.204.41:3
no address-family ipv4 unicast
address-family ipv4 unicast
no maximum-paths ebgp 8
no maximum-paths ibgp 8
no aggregate-address 169.65.4.0/25 summary-only
no redistribute connected route-policy RP_CONNECTED_TO_BGP
no redistribute static route-policy RP_STATIC_TO_BGP
!
no neighbor 169.65.4.1
neighbor 169.65.4.1
no remote-as 65141
no use neighbor-group NG_CRITICAL_SITES_DATA_CENTER_ROUTES_PLUS_DEFAULT_NO_BFD
no description BGP neighbor AS-65141 DC4R601
no address-family ipv4 unicast
address-family ipv4 unicast
no route-policy RP_CRITICAL_SITES_DATA_CENTER_ROUTES_PLUS_DEFAULT_70X out
!
!
!
!
multicast-routing
vrf VRF_DCBB
address-family ipv4
mdt mtu 9000
mdt data 232.41.255.0/24
no mdt default ipv4 232.0.0.1
mdt default ipv4 232.0
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | 5.2.4.14i.ROUT, 5.2.5.8i.ROUT, 5.3.2.6i.ROUT, 6.0.0.5i.ROUT |
|
|
| |
| |
Bug Id: | CSCut47529 |
Title: | Replication fails after the CRS-X link is removed and added back to the |
|
Description: | Symptom:
The symptom is observed when we have a configuration consisting of ethernet bundle(s) with members across LCs and bundle VLANS are configured for the bundle. When all members of the bundle on a particular LC is removed/added in quick succession ( less than 1 sec), bundle member replication fails. show bundle bundle-ether shows that link status of the added member as bundle being replicated to LC.
Conditions:
1. Bundle members on a particular LC are removed/added in quick succession ( < 1 sec )
2. Commit/replace of large configuration in back to back fashion
Workaround:
Have gap of 2 secondsor more when unconfiguring/reconfiguring the bundle members using the CLI.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 5.3.0.BASE, 5.3.1.CE, 5.3.2.BASE |
|
Known Fixed Releases: | 5.3.2.16i.BASE |
|
|
| |
| |
Bug Id: | CSCut93842 |
Title: | /tmp/*config files left over when vty exited not cleanly |
|
Description: | Symptoms:
A vulnerability in Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to produce excessive
tmp/*config files which will cause the system to become unresponsive. The vulnerability is due to user's VTY sessions being closed abruptly (no
clean exit) after the commit/end in global configuration mode. An attacker could exploit this vulnerability by using methods to generate
excessive tmp/*config files thus causing the affected system memory to be exhausted.
Conditions:
Excessive files leaking to /tmp causing memory errors.
Workaround:
Device configured with default configuration.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.6/4.4:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:U/RC:C
CVE ID has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE, 5.3.0.BASE |
|
Known Fixed Releases: | 5.3.2.11i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuu50353 |
Title: | mka session in pending state if applied to other shut sub interfaces |
|
Description: | Symptom:
applying the macsec on shut down sub interface causes mka session on other sub interfaces on the different physical ports to remain in down state.
Conditions:
applied to shut down sub interfaces
Workaround:
do not apply macsec to shut down sub interfaces
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuq79148 |
Title: | BGP Peer not advertising Prefix on ASR9k via the network command |
|
Description: | Symptom:
BGP peer is not advertising any prefix but is receiving prefixes.
Conditions:
BGP configured
Workaround:
reload the router.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 5.2.2.BASE |
|
Known Fixed Releases: | 5.2.2.26i.BASE, 5.2.3.12i.BASE, 5.2.4.1i.BASE, 5.3.0.10i.BASE |
|
|
| |
| |
Bug Id: | CSCuu89225 |
Title: | Smart Licensing DEMO mode--routes flapping |
|
Description: | Symptom:
In demo mode, the originally working routes are flapping:
RP/0/RP0/CPU0:ott02-sim-09-uut#show license statu
Smart Licensing is ENABLED
License Authorization:
Status: No Licenses in Use
RP/0/RP0/CPU0:ott02-sim-09-uut#R
RP/0/RP0/CPU0:ott02-sim-09-uut#show license platfor sum
Current state: DEMO
Collection: LAST: (disabled)
NEXT: (disabled)
Reporting: LAST: (disabled)
NEXT: (disabled)
Count
Feature/Area Entitlement Last Next
================ =============================================== ==== ====
RP/0/RP0/CPU0:ott02-sim-09-uut#RP/0/RP0/CPU0:Jun 16 17:55:26.139 UTC: ospfv3[1028]: %ROUTING-OSPFv3-5-ADJCHG : Process 100, Nbr 102.0.0.1 on TenGigE0/0/0/0.110 from INIT to DOWN, Neighbor Down: Dead timer expired
RP/0/RP0/CPU0:Jun 16 17:55:36.239 UTC: bgp[1048]: %ROUTING-BGP-5-ADJCHANGE : neighbor 109.1.24.1 Up (VRF: default) (AS: 201)
RP/0/RP0/CPU0:Jun 16 17:55:36.243 UTC: bgp[1048]: %ROUTING-BGP-5-NSR_STATE_CHANGE : Changed state to Not NSR-Ready
RP/0/RP0/CPU0:Jun 16 17:56:05.175 UTC: bgp[1048]: %ROUTING-BGP-5-ADJCHANGE : neighbor 91.3.0.2 Up (VRF: default) (AS: 201)
RP/0/RP0/CPU0:Jun 16 17:56:11.293 UTC: bgp[1048]: %ROUTING-BGP-5-ADJCHANGE : neighbor 2002:6d01:500::2 Up (VRF: default) (AS: 201)
RP/0/RP0/CPU0:Jun 16 17:56:11.505 UTC: ospf[1018]: %ROUTING-OSPF-5-ADJCHG : Process 100, Nbr 102.0.0.1 on TenGigE0/0/0/4.410 in area 0 from EXCHANGE to DOWN, Neighbor Down: dead timer expired, vrf default vrfid 0x60000000
RP/0/RP0/CPU0:Jun 16 17:56:15.121 UTC: ospf[1018]: %ROUTING-OSPF-4-NONEIGHBOR : Received database description from unknown neighbor 102.0.0.1, vrf default vrfid 0x60000000
RP/0/RP0/CPU0:Jun 16 17:56:23.640 UTC: bgp[1048]: %ROUTING-BGP-5-ADJCHANGE : neighbor 2002:6d01:500::1:2 Up (VRF: default) (AS: 201)
RP/0/RP0/CPU0:Jun 16 17:56:30.514 UTC: ospf[1018]: %ROUTING-OSPF-5
RP/0/RP0/CPU0:ott02-sim-09-uut#sh route sum
Route Source Routes Backup Deleted Memory(bytes)
local 28 0 0 6496
connected 25 3 0 6496
static 5 0 0 1160
bgp 200 0 0 0 0
ospf 100 0 0 0 0
dagr 0 0 0 0
isis 100 0 0 0 0
Total 58 3 0 14152
After switching back to production mode, the routes can recovered to the following:
RP/0/RP0/CPU0:ott02-sim-09-uut#sh route sum
Route Source Routes Backup Deleted Memory(bytes)
local 28 0 0 6496
connected 25 3 0 6496
static 5 0 0 1160
bgp 200 2000 0 0 912000
ospf 100 4003 0 0 2499048
dagr 0 0 0 0
isis 100 2002 6 0 916992
Total 8063 9 0 4342192
RP/0/RP0/CPU0:ott02-sim-09-uut#sh route ipv6 sum
Route Source Routes Backup Deleted Memory(bytes)
connected 24 3
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuh42639 |
Title: | Can not poll rttMonStatsCollectTable, rttMonStatsCaptureTable on XR |
|
Description: | Multiple tables in RTTMON MIB can not be polled due to path changes in sysdb and some of them are not implemented at all.
Symptom:
If polled for any of the tables listed in description of this bug, user will get no result.
Conditions:
When polled for MIB user can encounter this bug.
Workaround:
NA
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 3.9.0.BASE, 4.2.3.MGBL, 5.1.4.MGBL |
|
Known Fixed Releases: | 4.3.2.24i.MGBL, 5.1.0.16i.MGBL |
|
|
| |
| |
Bug Id: | CSCtf65320 |
Title: | spa_xge_v2[294]: Could not get VMR for tcam 2 addr 790 |
|
Description: | Symptom:
spa_xge_v2[294]: Could not get VMR for tcam 2 addr 790 syslog flooding the console
spa_ge_v2[283]: Could not get VMR for tcam 2 addr 7686
The linecard CPU can spike to 100% and potentially crash the card:
PID 1Min 5Min 15Min Process
20502 27% 27% 27% syslog_dev
41011 7% 7% 7% cctl_spa_server
65602 1% 1% 1% pse_driver
77895 5% 5% 5% jacket
86096 1% 1% 1% stats_svr
225393 59% 59% 59% spa_ge_v2
Conditions:
This issue is can be seen while doing SPA oir for 10 GIG
Workaround:
If the error messages are continuous and the CPU usage is high then as a first recourse the offending
processes can be restarted: syslog_dev and spa_ge_v2 or spa_xge_v2
If the issue persists then reload the SPA
There are also SMUs available for this issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 3.9.1.1i.BASE |
|
Known Fixed Releases: | 4.0.4.1i.BASE, 4.1.1, 4.1.1.13i.BASE, 4.1.2, 4.2.0, 4.2.0.1i.BASE, 4.2.1, 4.2.2, 4.2.3, 4.2.3.99i.BASE |
|
|
| |
| |
Bug Id: | CSCut77468 |
Title: | APRIL 2015 NTPd Vulnerabilities |
|
Description: | Symptom:
This product includes a version of ntpd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-1798 and CVE-2015-1799
This bug has been opened to address the potential impact on this product.
Conditions:
ntp authenticate
ntp authentication-key 1234 md5 104D000A0618 7
ntp trusted-key 1234
ntp peer 1.2.3.4 key 1234
>
< All versions before first commit are affected >
Workaround:
"Not available."
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 4.3/3.2
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 22-JUL-2015 |
|
Known Affected Releases: | 5.3.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv10275 |
Title: | SSTE: Traffic loss in l2vpn stream after switchover to transit router |
|
Description: | Symptom:
During an NSR switchover, ISIS may originate an LSP that is missing the segment-routing adj-sid and prefix-sid sub-TLVs. This can cause a fallback to IP forwarding rather than segment routing.
Conditions:
The problem has only been seen when the ISIS lsp-gen-interval initial-wait is configured to a low value. It has not been observed with the default (50ms) initial delay value.
Workaround:
Remove the ISIS lsp-gen-interval line from the configuration to allow the default values to be used.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | 5.3.2.18i.ROUT |
|
|
| |
| |
Bug Id: | CSCuv39265 |
Title: | DHCP umbrella for XR release 5.2.4 |
|
Description: | Symptom:
This is an umbrella SMU for the following bug fixes:
CSCuu79258 Sev2 [dhcp ] dhcpd process crash when checkpointing data
CSCuq60314 Sev3 [dhcp ] DHCP do not delete inflight sessions same as iedge when iedge crashed
CSCus25426 Sev3 [dhcp ] Request for chaddr 0000.0000.0000 clients support in IOS-XR dhcp-relay
CSCut04004 Sev3 [dhcp ] option 82 remote-id only removed from 1st DHCP request
CSCuu62902 Sev2 [dhcp ] DHCP relay fails after RSP switchover
CSCus66426 Sev3 [dhcp ] SSTE: DHCPv6 shoudl free memory after VRF unconfigured.
CSCuq69048 Sev3 [dhcp ] ROUTING-RIB-3-ECMP_ERR_ADD messages upon ifmgr process restart
CSCut30119 Sev2 [dhcp ] ASR9000 randomly sends incorrect server-id to clients
These fixes are highly recommended for BNG deployments on IOS XR release 5.2.4.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.2.4.MGBL |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus19554 |
Title: | Ucast partial pkt drop on topaz MSC during topaz s13 reload |
|
Description: | Symptom:
In Multi-Chassis system, upon S13 fabric card reload UCAST partial packet drops seen.
LC/6/4/CPU0:Dec 16 11:13:53.981 : fabricq_mgr[181]: %FABRIC-FABRICQ-3-PCL_PKT : Minor error in PCL of fabricq asic 0. PCL UC Partial Packet: CAOPCI: 0x7ec (7/11, UC, LO)
RP/6/RP1/CPU0:Dec 16 11:13:54.023 : fabricq_mgr[229]: %FABRIC-FABRICQ-3-PCL_PKT : Minor error in PCL of fabricq asic 0. PCL UC Partial Packet: CAOPCI: 0x529 (5/RP0, UC, HI)
RP/6/RP0/CPU0:Dec 16 11:13:54.495 : fabricq_mgr[229]: %FABRIC-FABRICQ-3-PCL_PKT : Minor error in PCL of fabricq asic 0. PCL UC Partial Packet: CAOPCI: 0x229 (2/4, UC, HI)
Conditions:
In Multi-Chassis system, reload S13 fabric card.
Workaround:
Before reloading S13 fabric card, disable fabric plane which belong to reloading S13 fabric card.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur04029 |
Title: | Wrong values of SD/SF BER threshold for non-Bonavista/non-Torngate plim |
|
Description: | Symptom:
Not able to configure SD/SF threshold values.
Output of "show controller dwdm r/s/i/p" command shows garbage values for SD/SF threshold default.
RP/0/RP1/CPU0:CRS-BB-05(config-dwdm)#g709 odu threshold sf-ber 5 ?
RP/0/RP1/CPU0:CRS-BB-05(config-dwdm)#g709 odu threshold sf-ber 5
RP/0/RP1/CPU0:CRS-BB-05(config-dwdm)#commit
Thu Sep 4 03:57:40.370 UTC
% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors
Conditions:
when you set the SF/SD threshold value. commit in failing.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | 5.1.4.9i.FWDG, 5.3.1.10i.FWDG, 6.0.0.5i.FWDG |
|
|
| |
| |
Bug Id: | CSCuo44606 |
Title: | A-RIB crash on recabling LC |
|
Description: | Symptom:
Conditions:
Originally recabling of a LC caused this but it has also been seen during ISSU upgrade from 5.1.1 to 5.1.2.
Workaround:
None.
Fix is defensive.
Further Problem Description:
RP/0/RSP0/CPU0:May 19 23:00:28.667 : bgp[1053]: %ROUTING-BGP-3-RIB_FAIL : [15] : Failed to flush nexthop registrations for while calling the RIB instance 0: 'Subsystem(1445)' detected the 'warning' condition 'Code(26)'
RP/0/RSP0/CPU0:May 19 23:00:28.667 : dumper[60]: %OS-DUMPER-4-SIGSEGV : Thread 1 received SIGSEGV - Segmentation Fault
RP/0/RSP0/CPU0:May 19 23:00:28.667 : dumper[60]: %OS-DUMPER-4-SIGSEGV_INFO : Accessed BadAddr 0x1 at PC 0x423fb44. Signal code 1 - SEGV_MAPPER. Address not mapped.
RP/0/RSP0/CPU0:May 19 23:00:28.667 : dumper[60]: %OS-DUMPER-4-CRASH_INFO : Crashed pid = 573729 (pkg/bin/ipv4_rib)
RP/0/RSP0/CPU0:May 19 23:00:28.667 : dumper[60]: %OS-DUMPER-7-PROC_PAGES : Process memory pages 413
RP/0/RSP0/CPU0:May 19 23:00:28.672 : dumper[60]: %OS-RSVDPMEM-7-NO_MATCHING_STRING : Failed to find any line in /etc/platform_reserved_physmem for infra-structure : buffman
RP/0/RSP0/CPU0:May 19 23:00:28.674 : dumper[60]: %OS-DUMPER-6-FALLBACK_CHOICE : Fall back choice: 0(harddisk:/dumper) in use
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : EDI ESI EBP(fp) EXX
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : R0 1001af94 100484b8 041ff118 fd231cd0
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : EBX EDX ECX EAX
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : R4 041ff5c4 00000006 0000001e 00000001
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : EIP(pc) CS EFL ESP
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : R8 0423fb44 000000f3 00001293 041ff118
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : SS
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-REGISTERS_INFO : R12 000000fb
RP/0/RSP0/CPU0:May 19 23:00:28.675 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #0 0x423fb44
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #1 0x423f25b
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #2 0x42438c7
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #3 0x4243e55
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #4 0x4244591
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #5 0x420189c
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #6 0x4202ff1
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #7 0x823be8a
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #8 0x823be32
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #9 0x8238f57
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #10 0x823a451
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #11 0x828d513
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #12 0x828d90f
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #13 0x828d158
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #14 0x4204eaa
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DUMPER-7-TRACE_BACK : #15 0x4205cd1
RP/0/RSP0/CPU0:May 19 23:00:28.684 : dumper[60]: %OS-DU
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.1.3.ROUT |
|
Known Fixed Releases: | 4.3.4.SP7, 4.3.4.SP8, 5.1.3.12i.BASE, 5.2.1.26i.BASE, 5.2.2.16i.BASE, 5.2.3.1i.BASE, 5.3.0.1i.BASE |
|
|
| |
| |
Bug Id: | CSCuu99081 |
Title: | MPLS LDP process continuous respawn / crash with 5.3.1 FCS ASR9K |
|
Description: | Symptom:
Continuous LDP crash is seen when IPv4 mapped IPv6 addresses are used on LDP enabled interfaces.
Conditions:
IPv4 mapped IPv6 address
Workaround:
do not enable LDP on interfaces that have v4 mapped v6 addresses.
Further Problem Description:
Per RPC 7552, IPv4 mapped IPv6 addresses should not be used in LDP. Below is the excerpt from the RFC section A.3.
A.3. Why prohibit IPv4-mapped IPv6 addresses in LDP?
Per discussion with the 6MAN and V6OPS working groups, the
overwhelming consensus was to not promote IPv4-mapped IPv6 addresses
appearing in the routing table, as well as in LDP (address and label)
databases.
Also, [RFC4038], Section 4.2 suggests that IPv4-mapped IPv6-addressed
packets should never appear on the wire.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | 5.3.2.15i.MPLS |
|
|
| |
| |
Bug Id: | CSCuv34536 |
Title: | Issue in creating tengig port with GFPF termination on odu2 controller |
|
Description: | Symptom:
Issue in creating tengig port with GFPF termination on odu2 controller
Conditions:
Issue in creating tengig port with GFPF termination on odu2 controller
Workaround:
Further Problem Description:
For GFPF termination scenario ,we are facing following issue while bringing up the interface with ODU2 controller.
Ten gig gfpf terminated interfaces are not coming up whereas same is working for odu4 . We tried all possible workaround like commit replace followed by router reload & fresh config. Changed the port / pluggable on router but no result.
RP/0/RP0:ios#show interfaces brief
Wed Jul 15 04:54:24.047 UTC
Intf Intf LineP Encap MTU BW
Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Nu0 up up Null 1500 0
Hu0/6/0/0 up up ARPA 1514 100000
Hu0/6/0/0.100 up up 802.1Q 1518 100000
Hu0/6/0/0.200 up up 802.1Q 1518 100000
Te0/6/0/2 up up ARPA 1514 10000
Te0/6/0/2.10 up up 802.1Q 1518 10000
Te0/6/0/3 up up ARPA 1514 10000
Te0/6/0/3.20 up up 802.1Q 1518 10000
Te0/6/0/6 down down ARPA 1514 10000
Mg0/RP0/CPU0/0 admin-down admin-down ARPA 1514 1000000
controller ODU20/6/0/6
terminate ether mapping GfpF
!
controller Optics0/6/0/6
port-mode Otn framing opu2
!
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCth43355 |
Title: | ROUTING-FIB-3-INVALID_BGP_ PATH_FLAGS |
|
Description: | Symptoms:
With PIC-edge config, on primary PE-CE link flap, fib_mgr ios-msg is seen. In one instance, a fib_mgr crash was seen.
Conditions:
This issue happens with PIC-edge with following BGP config -
* Primary PE has install backup as well as eiBGP multi-path config.
* Backup PE has best external config.
* CE has redistribute connected.
Workaround:
Recommend removal of redistribute connected configuration on the CE side.
Further problem description:
With redistribute connected on CE side, BGP on PE side learns the connected route from the CE as well as from the backup PE, which is lower priority than the connected route. However, on link flap and connected route withdrawal, the BGP route gets installed for a very short duration, until the CE/backup PE withdraw the route and BGP deletes the route on the primary PE.
That BGP route download causes the FIB traceback and leaves an inconsistent forwarding chain in FIB. If that inconsistent forwarding chain is traversed due to a change to a recursive route pointing to the connected prefix, the crash can happen.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 3.9.1.ROUT, 3.9.2.ROUT, 3.9.3.ROUT, 4.0.2.BASE, 4.1.2.BASE, 4.1.2.ROUT |
|
Known Fixed Releases: | 4.2.1, 4.2.1.16i.FWDG, 4.2.2, 4.2.3, 4.2.3.1i.FWDG, 4.2.4, 4.3.0, 4.3.0.2i.FWDG, 4.3.1, 4.3.2 |
|
|
| |
| |
Bug Id: | CSCuu32035 |
Title: | RSVP is requesting delete of the old LSPs after active RP reload |
|
Description: | Symptom:
After Active RP reload/ RP side switch, Traffic for some odu-group-te tunnels goes down.
Conditions:
1. Configure several odu-group-te tunnels with a mix of 1+1 and 1+1+R protection types.
2. Toggle status of GCC communication channel between the node participating the in above circuit.
3. Reload or side switch the active RP.
4. Traffic will go down on the some of the tunnels created in Step1.
Workaround:
None
Further Problem Description:
Reproducibility : 10% (Very Rare)
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv40032 |
Title: | IPv6 umbrella for BNG deployments on XR release 5.2.4 |
|
Description: | Symptom:
This is an umbrella SMU for the following bug fixes:
CSCut40941 Sev2 [ipv6-ma ] SSTE:IPv6_ma crash with scale IPoE V6 session
CSCut42484 Sev2 [ipv6-nd ] After Rpfo seeing high CPU 25% for ipv6_nd while bringing up v4 sess
CSCus33478 Sev3 [ipv6-nd ] Router send bogus ipv6 address in IPV6 NA message to peer side
CSCuu74580 Sev2 [ipv6-nd ] Geo 532-9I:seeing dual partial-up on SLAVE with RPFOs
These fixes are highly recommended for BNG deployments on IOS XR release 5.2.4.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu86520 |
Title: | [NCS4K] 1+1 long traffic hit on revert switch after mid node power cycle |
|
Description: | Symptom:
Traffic hit observed after mid node powercycle
Conditions:
1. Create multiple GMPLS tunnels (1+0, 1+1, 1+1+R)
2. Once the traffic is up and running. Powercycle MID node(s) in the path of tunnels above.
3. Traffic could be observed on Some/All of the tunnels
Workaround:
None
Further Problem Description:
Reproducibility(%) - 80%
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum63084 |
Title: | IGMP stops working after static join on an interface |
|
Description: | Symptom:
igmp process stops working and the only resolution is to restart the igmp process. It does not matter if the customer join a group or deletes an old join that is currently active on the interface the protocol stops working in any way.
Conditions:
- A static join configured on an interface
- IGMP "version 2" configured explicitly
Workaround:
1. restart igmp process.
2. remove explicit "version 2" from the router igmp configuration.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.3.4.BASE |
|
Known Fixed Releases: | 5.1.2.17i.BASE, 5.1.3.1i.BASE, 5.2.0.20i.BASE |
|
|
| |
| |
Bug Id: | CSCus36236 |
Title: | Bfd sessions stuck in INIT state after LC OIR and shut/noshut ints |
|
Description: | Symptom:
multiple bfd sessions will stay in INIT
Conditions:
after LC OIR following a successful ISSU or router reload following a successful ISSU
Workaround:
None
Recovery:
ping the destination IP of the INIT state bfd sessions will help recover the session.
RP/0/RP0/CPU0:Panini-P#sh bfd session interface Hu0/0/0/8.19
Fri Jan 23 16:44:22.840 EASST
Interface Dest Addr Local det time(int*mult) State
Echo Async H/W NPU
------------------- --------------- ---------------- ---------------- ----------
Hu0/0/0/8.19 100.19.2.2 0s 6s(2s*3) INIT
No n/a
RP/0/RP0/CPU0:Panini-P#ping 100.19.2.2
Fri Jan 23 16:44:31.638 EASST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.19.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/11 ms
RP/0/RP0/CPU0:Panini-P#
RP/0/RP0/CPU0:Panini-P#sh bfd session interface Hu0/0/0/8.19
Fri Jan 23 16:44:36.493 EASST
Interface Dest Addr Local det time(int*mult) State
Echo Async H/W NPU
------------------- --------------- ---------------- ---------------- ----------
Hu0/0/0/8.19 100.19.2.2 300ms(100ms*3) 6s(2s*3) UP
No n/a
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.2.3.BASE, 5.4.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj61034 |
Title: | Can't SSH into router. |
|
Description: | Cannot SSH into router.
The router generates the following log messages:
RP/0/RP0/CPU0 : SSHD_[65915]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RP0/CPU0 : devc-vty[181]: %MGBL-TTY-3-KERNEL : Unexpected internal error encountered 'Resource temporarily unavailable' : pkg/bin/devc-vty : (PID=536791) : -Traceback= 83d56c4 bc28137 bc28e2a 83d0882 83d181a 83d6c56 83d25a7 83d3577 822706e 8227016 82242c5 83e85fa 83e9a4a 42000c1 4200038
Cannot SSH into router.
The router generates the following log messages:
RP/0/RP0/CPU0 : SSHD_[65915]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RP0/CPU0 : devc-vty[181]: %MGBL-TTY-3-KERNEL : Unexpected internal error encountered 'Resource temporarily unavailable' : pkg/bin/devc-vty : (PID=536791) : -Traceback= 83d56c4 bc28137 bc28e2a 83d0882 83d181a 83d6c56 83d25a7 83d3577 822706e 8227016 82242c5 83e85fa 83e9a4a 42000c1 4200038
Symptom:Cannot SSH into router.
The router generates the following log messages:
RP/0/RP0/CPU0 : SSHD_[65915]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty
RP/0/RP0/CPU0 : devc-vty[181]: %MGBL-TTY-3-KERNEL : Unexpected internal error encountered 'Resource temporarily unavailable' : pkg/bin/devc-vty : (PID=536791) : -Traceback= 83d56c4 bc28137 bc28e2a 83d0882 83d181a 83d6c56 83d25a7 83d3577 822706e 8227016 82242c5 83e85fa 83e9a4a 42000c1 4200038
Conditions:* SSH is configured
* Trying to connect to the router via SSH
Workaround:1. Restart the devc-vty process on the active RSP.
process restart devc-vty
2. Use Telnet
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE, 4.3.2.MGBL |
|
Known Fixed Releases: | 4.3.2.SP1, 4.3.2.SP2, 4.3.2.SP3, 4.3.2.SP5, 4.3.2.SP6, 4.3.2.SP7, 4.3.2.SP8, 4.3.4.9i.BASE, 5.1.0.SP1, 5.1.1.13i.BASE |
|
|
| |
| |
Bug Id: | CSCuu00270 |
Title: | Memory leak in BGP because of policy clientlib for attach point add/del |
|
Description: | Symptom:
policy_repository crash
Conditions:
after upgrade to 5.1.3
Workaround:
n/a
Further Problem Description:
there is no trigger is seen, customer is occasionally update the config by doing commit replace. This happen only on this router, other router in 5.1.3 same SMUs are working fine.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | 5.3.2.10i.ROUT, 6.0.0.5i.ROUT |
|
|
| |
| |
Bug Id: | CSCut96287 |
Title: | New working path created instead of restore After Mid node LC plug-out |
|
Description: | Symptom:
In linear topology, For 1+R GMPLS tunnels, Tunnel get resignalled, when working LC in the MID node is OIR'ed.
Conditions:
1. Create several 1+R tunnels, in network with Linear topology between head to tail
2. Once the circuit is up, OIR the LC along the working path on the MID node
3. Some of the tunnels created in Step 1, might get resignalled, instead of restore.
Workaround:
None
Further Problem Description:
Reproducibility: 10%
Expected Resolution : Future Release
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE, 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCug71770 |
Title: | cepki Coredump after OIR active RSP - |
|
Description: | Symptom:
Not happening once initialization is over with cepki.
Conditions:
Crash happens after OIR active RSP.
Workaround:
Wait for some time to get it initialized. No other workaround other than this, if we wait for the init to complete then crash is not seen.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE, 4.3.2.BASE, 4.3.3.BASE |
|
Known Fixed Releases: | 4.3.31.9i.BASE, 5.1.1.20i.BASE, 5.1.11.16i.BASE, 5.1.2.12i.BASE, 5.2.0.14i.BASE |
|
|
| |
| |
Bug Id: | CSCus26956 |
Title: | December 2014 - NTPd.org Vulnerabilities |
|
Description: | Symptom:
The following Cisco products
Cisco IOS XR Software running on:
NCS6K, NCS4K,ASR9K, CRS, C12K
CSCus26956 impacts all releases prior to XR 5.3.1.
include a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296
This bug has been opened to address the potential impact on this product.
Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information.
Conditions:
Ntpd service runs by default on router. All nodes in system sync to local clock of DLRSC node.
To configure ntp to sync to external server config cli is ::
ntp server
Workaround:
Use NTP Access Control Groups. The following shows an example of a Cisco IOS XR box, syncing to a NTP server, but not offering any timing services:
!
ntp
server 10.81.254.202 iburst
access-group ipv4 serve-only ntp-serve-only
source MgmtEth0/0/CPU0/2
!
ipv4 access-list ntp-serve-only
10 permit ipv4 host 10.81.254.202 any log
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 3.9.0.BASE, 4.1.0.BASE, 4.2.0.BASE, 4.3.0.BASE, 4.4.0.BASE, 5.1.0.BASE, 5.2.0.BASE, 5.3.0.BASE |
|
Known Fixed Releases: | 5.3.1.18i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCul68312 |
Title: | 4.2.4 - ping error :socket_nb_init failed, 'infra/aipc' detected |
|
Description: | Symptom:
- Ping failed with the following error: ping error :socket_nb_init failed, 'infra/aipc' detected
- In rare cases might be unable to connect to vty interface of the router
- process reports enf ids are exhausted and following error are observed:
RP/0/RP0/CPU0:Nov 11 19:56:11.563 SBY: raw_ip[370]: enf_new_req_id: exhausted all id's
RP/0/RP0/CPU0:Nov 11 19:56:11.569 SBY: raw_ip[370]: enf_client_req_add: enf_new_req_id failed. err='infra/enf' detected the 'fatal' condition 'Internal error in ENF Broker'
Conditions:
After a couple of hours while NMS scripts performing remote pings from the router.
Workaround:
- Periodic restart of the effected process. In this particular case, it is raw_ip process
- Deactivate CSCuj24517 SMU
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | 5.1.2.99i.BASE |
|
|
| |
| |
Bug Id: | CSCuv40017 |
Title: | Traffic hit on UNI circuit after re-establish management connectivity |
|
Description: | Symptom:Traffic loss due to RSVP session timing out.
Conditions:1. GMPLS-UNI tunnel.
2. Management connectivity (control-plane) disconnect for extended periods of time (greater than the RSVP session timeout - calculated as per RFC 2205 section 3.7)
Workaround:None for 5.1.4
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.1.4.MPLS |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv23745 |
Title: | nv_optical_satmgr crash seen on configuring satellite on Panini |
|
Description: | Symptom:
RP/0/RP0/CPU0:ios#RP/0/RP0/CPU0:Jan 21 00:16:14.138 : nv_optical_satmgr[1117]: %PKT_INFRA-ICPE_OWNER_CORE-3-DLL_OPEN_FAILURE : Failed to successfully open dependent DLL and load necessary symbols. DLL name: libcontroller_otn_odu_MA.dll. DLL initialization function: icpe_ma_dll_init. Error: libeth_intf_ea_plat_api.so: cannot open shared object file: No such file or directory. Process is unable to run and will exit
Above message continuously seen
Conditions:
Configure satellite on Panini
Workaround:
none
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj90438 |
Title: | CGSE+ XLP tampering L3 length when L2 layer is padded |
|
Description: |
Symptom:TCP and UDP packets smaller than 42 bytes will get padded to become 42 byte packets post NAT. The Total length field of the IP header is modified and this may cause some applications to break
Conditions:TCP or UDP packets with IP total length of less than 42 bytes are NATed using CGSE-PLUS
Workaround:
None
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.3.2.BASE |
|
Known Fixed Releases: | 5.1.1.19i.BASE |
|
|
| |
| |
Bug Id: | CSCuo16167 |
Title: | CGSE+ CGN App leaks packet buffers when dropping O2I GRE packets |
|
Description: | Symptom:
8 Or more CGSE+ cores do not respond to show commands (such as show cgn nat44 statistics).
There will be delay in displaying the response to show commands and partial loss of NAT traffic.
Conditions:
PPTP ALG is disabled and GRE packets are sent to CGSE+ from outside to inside direction (public Internet towards subscribers)
Workaround:
Block GRE packets by applying an appropriate ACL on the outside ServiceApp interfaces
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE |
|
Known Fixed Releases: | 5.2.2.11i.BASE, 5.3.0.1i.BASE |
|
|
| |
| |
Bug Id: | CSCuu70833 |
Title: | l2fib-mgr process not getting restarted by resmon on high mem consumptio |
|
Description: | Symptom:
l2fib-mgr memory consumption at 1.46G on linecards
Conditions:
l2fib-mgr consumed high memory on a NCS6K multichassis 2+2 router running 521 image in customer network.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 5.2.1.CE |
|
Known Fixed Releases: | 5.2.5.3i.FWDG, 5.3.2.14i.FWDG, 6.0.0.9i.FWDG |
|
|
| |
| |
Bug Id: | CSCuo47056 |
Title: | mLDP - local label remains allocated after "clear mpls ldp forwarding" |
|
Description: | Symptom:
LSD may show a MPLS label as free although it is still being used by MLDP.
Due to this inconsistency, another LSD client may allocate the same label causing service disruption.
Conditions:
This issue may be observed when issuing "clear mpls ldp forwarding" on a router running MLDP based mVPN.
Workaround:
proc restart mpls_ldp
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | 5.1.3.16i.MPLS, 5.1.3.18i.MPLS, 5.2.0.25i.MPLS |
|
|
| |
| |
Bug Id: | CSCuo53501 |
Title: | CRS-X mixed speed link bundle unshut large packet lost |
|
Description: | Symptom:
Large packet lost are seen when unshut a member of a link bundle.
Conditions:
Mixed speed link bundle with both 100GE and 10GE members of 400G LC.
Workaround:
None.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 5.1.1.FWDG |
|
Known Fixed Releases: | 5.1.3.6i.BASE, 5.3.0.8i.BASE |
|
|
| |
| |
Bug Id: | CSCun77121 |
Title: | RSVP Mem leakage 5.1.0 |
|
Description: | Symptom:
Memory leak in rsvp process (on active RP/RSP -- rsvp process running on a redundant/standby node is not effected)
Conditions:
Race condition during signalling of MPLS-TE midpoint LSP's. More likely to occur when signalling fails and LSP is torn down before fully established.
Workaround:
No known workarounds.
To recover the leaked memory the rsvp process needs to be restarted - ether explicitly (process restart rsvp) or by performing a switch over to a redundant/standby node.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 5.1.0.ROUT |
|
Known Fixed Releases: | 5.1.1.SP1, 5.1.1.SP3, 5.1.1.SP4, 5.1.1.SP5, 5.1.1.SP6, 5.1.12.1i.MPLS, 5.1.2.20i.MPLS, 5.1.3.1i.MPLS, 5.2.0.18i.MPLS |
|
|
| |
| |
Bug Id: | CSCuo00153 |
Title: | Umbrella DDTS for CGSE Oversubscription reload issue |
|
Description: | Symptom:
See release notes for constituent DDTSs
CSCun46334 Oversubscription on CGSE reloads the card when in tandem with CGSE plus
CSCun93688 Remove reset of IngressQ ASIC for OOR condition
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 4.3.3.BASE |
|
Known Fixed Releases: | 5.2.3.99i.BASE |
|
|
| |
| |
Bug Id: | CSCuo88337 |
Title: | ipv4_rib crashes in HFR QFTS test |
|
Description: | Symptom:
The ipv4_rib process crashes generating dumper logs and writing a core flie to the harddisk:dumper directory.
The process recovers following the crash
Conditions:
From the crash trace it appears the issue is related to the removal of a prefix from the RIB, likely due to a routing protocol update.
Workaround:
None, process recovers by automatic restart following the crash
Further Problem Description:
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 5.2.2.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj73442 |
Title: | STDBY PRP crashed due to "Cause: wdsysmon: monitor thread hung" |
|
Description: | Symptom:
PRP crash due to wdsysmon thread hung
Conditions:
Unknown
Workaround:
No workaround
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 3.8.2.8i.BASE |
|
Known Fixed Releases: | 4.3.4.11i.BASE, 5.1.1.15i.BASE, 5.1.2.7i.BASE, 5.2.0.10i.BASE |
|
|
| |
| |
Bug Id: | CSCuv03059 |
Title: | [arwen] For traffic, instead of outer VLAN match exact match is done |
|
Description: | Symptom:
For tagged traffic exact VLAN match is done instead of outer VLAN match.
Conditions:
When traffic is sent extra inner tags than the number of configure encap vlans.
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCup77017 |
Title: | Protect sending spurious triggers and/or causing protect-server crash |
|
Description: | Symptom:
The protect database is not cleaned up properly after interface/controller flaps causing spurious protect triggers and process crashes in some cases.
When the protect-server is configured with some interface handle, this problem is not seen initially. Once the interface handle is un-configured (interface/controller is DOWN) and configured (interface/controller is UP) again, the protect database is not cleaned up properly, causing the database to be in inconsistent state. Because all of the data for interface is not freed, and sometimes memory chunks are reused, it is creating spurious fast-reroute triggers in which fast-reroute is activated for interfaces that have not gone down.
If it happens to be invalid memory (partially freed data structures), it leads to protect-server-process crash.
Conditions:
Issue can happen with neighbor router reloads or link flaps of POS, GE, or TENGIGE interfaces.
Workaround:
None
Further Problem Description:
The problem happens due to protect-server-db inconsistency. This inconsistency is formed due to the unregister operations come to protect-server. When the FRR-configured-interface goes down, it translates into unregister-operation to protect-server. While processing unregister operation, protect-server is not cleaning up the db completely causing this inconsistency.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUL-2015 |
|
Known Affected Releases: | 5.1.3.BASE |
|
Known Fixed Releases: | 5.1.3.16i.BASE, 5.1.3.18i.BASE, 5.2.2.20i.BASE, 5.2.3.8i.BASE, 5.3.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCtx30471 |
Title: | mibd_route crash observed while image upgrade |
|
Description: | Symptom:
One of the Sub-agnet (i.e all MIBDs) process will crashed while getting VRF
context info from snmp infra cache lib.
Conditions:
The crash occurs when multiple threads are calling snmp_rsi_context_lookup
(i.e to get the VRF info from snmp cache) API,
a pointer parameter in the cache is cleared by one thread and before setting
the value to NULL, other thread attempts to free.
Hence the crash occurs.
Workaround:
No workaround. Once sub-agent crashed it will recover couple of Sec and
working
normally.
Impact: at the time of the crash (I,e recover time of sub-agents) all
request
are timeouts.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 4.2.1.BASE |
|
Known Fixed Releases: | 4.2.1, 4.2.1.21i.BASE, 4.2.2, 4.2.3, 4.2.3.3i.BASE, 4.2.4, 4.3.0, 4.3.0.5i.BASE, 4.3.1, 4.3.2 |
|
|
| |
| |
Bug Id: | CSCuf89913 |
Title: | aipc_proxy crash seen after IMDR starts |
|
Description: | Symptom:
aipc_proxy process crashes
Conditions:
RPFO or IMDR
Workaround:
There is no workaround as such. As aipcproxy is designed to re-establish connection after it comes up
Further Problem Description:
The reason for crash is due to improper check and memory corruption. The validation of the memory is not accurate enough.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 4.3.3.BASE, 5.1.0.BASE, 5.2.0.BASE |
|
Known Fixed Releases: | 4.3.3.BASE, 4.3.31.7i.BASE, 4.3.4.7i.BASE, 5.1.0.4i.BASE |
|
|
| |
| |
Bug Id: | CSCui84560 |
Title: | No authorization for ctrl+c when exiting config mode |
|
Description: | Symptom:
The user without having commit permission can able to commit
with ctrl+c.
Conditions:
The user without having commit permission can able to commit
with ctrl+c.
Workaround:
One possible workaround: restrict the non-commit user from entering into config mode.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 4.3.1.BASE |
|
Known Fixed Releases: | 5.1.1.16i.BASE, 5.1.2.9i.BASE, 5.2.0.10i.BASE |
|
|
| |
| |
Bug Id: | CSCut94491 |
Title: | SCapa Code for CTC needs update on Network layer |
|
Description: | Symptom:
Occurs when adding the nodes of other platforms other than M16/M9
Conditions:
Occurs when adding the nodes of other platforms other than M16/M9
Workaround:
none
Further Problem Description:
Reproducibility : 100%
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 6.1.3.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut09519 |
Title: | Pluggable detail getting cleared after Power Cycle on DT-16 |
|
Description: | Symptom:
Some entites will be missing in show inventory after power cycle
Conditions:
A loaded setup being power cycled
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 5.2.3.BASE, 5.2.4.BASE |
|
Known Fixed Releases: | 5.2.4.11i.BASE, 5.2.5.8i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCuv21054 |
Title: | Few L2VPN AC's stuck in UR state after doing proc crash l2vpn_mgr |
|
Description: | Symptom:
After doing L2VPN_MGR proc crash, few L2VPN ckts stuck in UR state forever.Looks like vlan_ma from LC1 has not successfully initialized the AIPC channel to l2vpn_mgr. I can also see TXSEND paused for many peers after manual l2vpn_mgr process crash.
RP/0/RP0/CPU0:A51#show process l2vpn_mgr txgroup peer all detail >>>> many peers stuck in pause_peer state
Conditions:
After doing L2VPN_MGR proc crash, few L2VPN ckts stuck in UR state forever.Looks like vlan_ma from LC1 has not successfully initialized the AIPC channel to l2vpn_mgr. I can also see TXSEND paused for many peers after manual l2vpn_mgr process crash.
RP/0/RP0/CPU0:A51#show process l2vpn_mgr txgroup peer all detail >>>> many peers stuck in pause_peer state
Workaround:
None
Further Problem Description:
After doing L2VPN_MGR proc crash, few L2VPN ckts stuck in UR state forever.Looks like vlan_ma from LC1 has not successfully initialized the AIPC channel to l2vpn_mgr. I can also see TXSEND paused for many peers after manual l2vpn_mgr process crash.
RP/0/RP0/CPU0:A51#show process l2vpn_mgr txgroup peer all detail >>>> many peers stuck in pause_peer state
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 5.2.5.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuj58450 |
Title: | Unable to commit when configuring CDP on ASR9K |
|
Description: | Symptom:
Not able to execute "commit" for cdp config
commit
% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors.
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
interface GigabitEthernet0/4/0/15
cdp
!!% 'CfgMgr' detected the 'fatal' condition 'This configuration has not been verified and can not be accepted by the system.'
!
end
Conditions:
Configured CDP on certain line card for customer's ASR-9010-DC and globally on ASR-9001
Workaround:
process restart sysdb_svr_local loc 0/x/cpu0
on affected linecard
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 4.2.3.BASE |
|
Known Fixed Releases: | 5.1.3.12i.FWDG, 5.2.0.26i.FWDG |
|
|
| |
| |
Bug Id: | CSCut55687 |
Title: | Incorrect management of colours of port and LC icon on CTC |
|
Description: | Symptom:
Incorrect management of colours of port and LC icon on CTC
Conditions:
Occurs intermittently when working on multiple sessions
Workaround:
Either clicking the synchronize button or relaunching the CTC will fix the issue
Further Problem Description:
Expected Resolution: Will be fixed in 6.0.0 release
Reproducibility (%):25%
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu33862 |
Title: | KVM impacted by CVE-2015-3456 |
|
Description: | Symptom:
Cisco IOS-XR software include a version of QEMU/KVM that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-3456 (VENOM)
Cisco has analyzed these vulnerabilities and concluded that the issue does exist, but is not exploitable. The vulnerability is being proactively patched to remove the issue from future releases of Cisco IOS-XR Software.
Conditions:
Cisco ASR, CRS, and NCS devices running an affected version of IOS-XR software.
Workaround:
None Available
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.4/6.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C
CVE ID CVE-2015-3456 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 5.0.0.BASE |
|
Known Fixed Releases: | 5.3.2.9i.BASE, 6.0.0.5i.BASE |
|
|
| |
| |
Bug Id: | CSCus20855 |
Title: | observing the pm_collector crash continuously on 0/RP0 |
|
Description: | Symptom:
pm_Collector progress crashes every few minutes on IOS-XR platform
Conditions:
running ios-xr
Workaround:
none. To recover you may have to reload the router. RP switchover will not resolve
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 5.3.1.BASE |
|
Known Fixed Releases: | 5.2.4.6i.MGBL, 5.3.1.15i.MGBL, 6.0.0.5i.MGBL |
|
|
| |
| |
Bug Id: | CSCuu14640 |
Title: | ESD crash and traffic down after RP OIR |
|
Description: |
Symptom:ESD crash seen after RP OIR for a P2 card.
Conditions:RP OIR of a P2 LC. Issue seen on a single setup only
Workaround:None
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu15375 |
Title: | SNMP polling failures in Release 4.2.4 |
|
Description: | Symptom:
Slow response from MPLS TE MIBS
Conditions:
MPLS TE MIB Polling
Workaround:
Exclude MIBS from SNMP view, although this might not be applicable for most scenarios. Using a wildcard will block other MIBS as well.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv04806 |
Title: | SRLG vaule showing incorrect in te-link |
|
Description: | Symptom:
SRLG vaules showing incorrect in te-link for OTU link.
Conditions:
On bulk configuration of SRLG on controller.
Workaround:
Workaround: none
Reproducibility: 100%
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 6.0.0.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut94840 |
Title: | 4x40GE P2PLIM ODU SD-BER/SF-BER issues |
|
Description: | Symptom:
The ODU SD-BER/SF-BER support was committed in 4.3.0.
Subsequently bug was filed for ODU SF-BER to bring down interface, which was committed in 4.3.2.
However, in 5.1.4, we found following few issues:
1. Default of SD/SF changed from 6/3 to 8/6
2. The range of SD/SF is from 1 to 9, but values 1 to 4 cannot be committed in configuration.
Above changes is OK, but the CLI parer should only allow 5 to 9 to be entered to avoid the commit error.
3. Command to disable SF did not take effect, interface still down when SF-BER after configuring:
g709 odu report sf-ber disable
We expect after this configuration, SF-BER should not be reported, and interface should not go down.
4. When SF-BER, interface still down regardless of this config:
g709 bdi-to-client-gais
For OTU SF-BER to bring down interface, "g709 bdi-to-client-gais" command has to be configured before OTU SF-BER will bring down interface.
Therefore ODU SF-BER should be consistent with this behavior.
Conditions:
Interface & controller state went down over OTU/ODU -SF BER alarm even if the logging/reporting of the alarm is enabled/disabled.
Workaround:
NA
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 5.1.4.BASE |
|
Known Fixed Releases: | 5.3.2.18i.BASE |
|
|
| |
| |
Bug Id: | CSCuq33737 |
Title: | Multicast Auto-RP mappings leak when interface flaps |
|
Description: |
Symptom:
On a MPLS PE, it is possible for
auto-RP announcements from one VRF to leak into a different VRF
Conditions:
This issue can happen under the following conditions:
- Several VRFs on the same MPLS PE router, where more than two of them use multicast auto-RP
- MPLS PE with a customer MVPN VRF with a single PE-CE customer facing interface and that interface flaps down and comes back up.
- If the RP or Auto-RP MA stops sending announcement for 4.5 minutes and then resumes.
- RP and Auto-RP MA announcements are lost due to some other reason for 4.5 minutes and then resume.
Workaround:
In the case that the problem is triggered by an interface flap, add a secondary multicast interface in the originating VRF PE to prevent the (S,224.0.1.40) entry from expiring when one interface goes down.
In the cases in which the RP or Auto-RP MA announcements are lost for another reason in the originating VRF and then resume, there is no available workaround.
More Info:
From the receiving VRF perspective, this could interfere with the auto-RP
information in that VRF, if the ''received'' information (sending source address) is routable in that VRF.
From the sending VRF, this can be seen as a partial information disclosure, but the disclosed information is very limited, it consist of:
- Well known Auto-RP multicast groups.
- Address of the rendevouz point (RP) on the sending VRF.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score.
The Base and Temporal CVSS scores as of the time of evaluation are 2.6/2:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 4.1.2.MCAST |
|
Known Fixed Releases: | 5.2.2.26i.MCAST, 5.2.3.12i.MCAST, 5.2.4.1i.MCAST, 5.3.0.10i.MCAST |
|
|
| |
| |
Bug Id: | CSCuv39255 |
Title: | BNG AAA umbrella for XR release 5.2.4 |
|
Description: | Symptom:
This is an umbrella SMU for the following bug fixes:
CSCur31362 Sev2 [aaa-aaacore ] iedge process is crashing due to req_id leak.
CSCus57050 Sev2 [aaa ] BNG: iedge needs duplicate detection for COA retransmits
CSCur93199 Sev3 [aaa-radius ] asr9k BNG-iosxr 4.3.4-Memory leak at radiusd process
These fixes are highly recommended for BNG deployments on IOS XR release 5.2.4.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.2.4.MGBL |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu98480 |
Title: | DWDM-XFP-C V02 wavelength not programmed on 14x10G linecard |
|
Description: | Symptom:
When configuring the wavelength on a tunable DWDM-XFP-C V02 on a 14x10GBE-WL-XFP, the configured wavelength is not always applied on the XFP, which is using the default lambda:
RP/0/RP0/CPU0:75TH2-CRSXX-01-CR#sh controllers dwdm 0/8/0/5 optics
WaveChannelNumber GMPLS = 0Configured = 71 Default = 84
Optics Status
Optics Type: 10G-TUNABLE-by-CHANNEL,
Wavelength Info: C-Band, MSA ITU Channel=84, Frequency=191.95THz, Wavelength=1561.826nm <<<< incorrect wavelength
Wavelength Owner: Hardware Default, ITU Channel: GMPLS Signaled=None, Configured=71, Hardware Default=84
TX Power = 1.49 dBm
RX Power = -21.19 dBm
RP/0/RP0/CPU0:75TH2-CRSXX-01-CR#
Conditions:
DWDM-XFP-C V02
14x10GBE-WL-XFP
IOS-XR 5.1.3
Workaround:
Restart the plim_xge process on the linecard carrying the optic:
process restart plim_xge location 0/x/CPU0
Linecard reload is another workaround. The wavelength is correctly applied.
However, new DWDM-XFP-C V02 insertion may not work.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.1.3.LC |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCek46966 |
Title: | Dumper takes too long to collect core dump |
|
Description: |
Symptom:
The process dumper in IOS XR may take a long time to dump the memory space of a process.
This may cause a CPU hog which may result in an RP switchover in some corner cases.
This may result in routing protocol flaps when the process being dumped is required to handle routing protocol packets (netio for instance).
Conditions:
This will happen when the process dumper tries to capture a dump of a process holding a lot of memory.
The dumper might be collecting a core dump due to a process crash or the "dumpcore" command.
Workaround:
There is no workaround.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 3.2.3.BASE, 3.3.1.2i.BASE, 3.3.1.BASE, 3.4.0.BASE, 3.5.0.BASE |
|
Known Fixed Releases: | 3.3.3.7i.ADMIN, 3.3.3.7i.BASE, 3.3.3.7i.LC, 3.3.3.7i.OSMBI, 3.4.1.16i.ADMIN, 3.5.0.19i.OSMBI, 3.6.0.10i.OSMBI |
|
|
| |
| |
Bug Id: | CSCuv09371 |
Title: | OIL is missing when Bundle-ether interface is shutdown |
|
Description: | Symptom:
OIL is missing in Outgoing List in mrib and pim topology table, which result in mcast traffic loss.
Conditions:
When PIM fragment packet is coming in other Bundle-Ether interfaces and Bundle-ether interface with no PIM Join is shutdown.
Workaround:
No shut Bundle-ether interface or process restart pifibm_server_rp
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 4.2.4.BASE |
|
Known Fixed Releases: | 5.3.2.16i.BASE, 5.3.3.3i.BASE |
|
|
| |
| |
Bug Id: | CSCus75878 |
Title: | MIB walk over lldpLocPortTable and lldpLocManAddrTable times out |
|
Description: | Symptom:
SNMP timeout seen while mibwalking over lldpLocPortTable and lldpLocMAAddrTable
Conditions:
Create 4000 subinterfaces on an enabled interface. Configure lldp globally on ASR9k box. Mibwalk over lldpLocPortTable and lldpLocManAddrTable from SNMP server reachable to the ASR9k box.
Workaround:
There are no workarounds available for this.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.2.3.BASE |
|
Known Fixed Releases: | 5.2.5.4i.FWDG, 5.3.2.18i.FWDG, 5.3.3.3i.FWDG, 6.0.0.9i.FWDG |
|
|
| |
| |
Bug Id: | CSCuv40020 |
Title: | IEDGE umbrella for XR release 5.2.4 |
|
Description: | Symptom:
This is an umbrella SMU for the following bug fixes:
CSCur67363 Sev3 [iedge4710 ] Iedged memory leak with "accounting send-stop setup-failure"
CSCur01848 Sev3 [iedge4710 ] Need hardening against attribute list leaks
CSCuu29883 Sev2 [iedge4710 ] Zero Counters in BNG RADIUS Accounting
CSCus90568 Sev2 [iedge4710 ] iedge did not call delete replica when LC was down
CSCur13588 Sev3 [iedge4710 ] Remove double free instances in acct_coord_api.c
CSCuu24041 Sev2 [iedge4710 ] [531] iedged crashes with invalid pqos string
CSCuu12648 Sev3 [iedge4710 ] 524: iedged crash at ch_process_coa_request
CSCut13358 Sev3 [subscriber-ipsub] XR 5.2.2 BNG : Session can't reconnect immediately after being cleared
These fixes are highly recommended for BNG deployments on IOS XR release 5.2.4.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.2.4.BASE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv51425 |
Title: | CGN stats not available in CLI - cgn_ma process blocked |
|
Description: | Symptom:
The "show" commands related to cgn stats do not respond and time out. Looking at the process blocked we see that the "cgn_ma" process is blocked:
RP/0/RP0/CPU0:X#show process blocked
Jid Pid Tid Name State TimeInState Blocked-on
...
1072 84640060 1 cgn_ma Reply 1:44:15:0993 290936 node 0/3/CPU0 cgn_ea <<<<<<<<<<<< This process is blocked since 1:44:15 hrs. ago
Conditions:
The trigger of this issue is entering the command "show cgn nat44 inside-vrf counters". Release 5.x introduced this command.
Workaround:
Restart cgn_ma process.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.1.3.CE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo22047 |
Title: | 5 Fabric card core durmps during OiR testing |
|
Description: | Symptom:
In a CRS-1 Single Chassis System, upon RPFO, multiple crashes of process sfe_drvr were seen followed by kernel dump
Conditions:
Issue seen upon RP Switchover
Workaround:
None
Further Problem Description:
sfe_drvr process is a mandatory process which runs on all fabric cards. Multiple crashes of sfe_drvr can lead to fabric card being reloaded in which the process crashes.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 5.1.1.BASE |
|
Known Fixed Releases: | 5.3.2.18i.BASE, 5.3.3.3i.BASE |
|
|
| |
| |
Bug Id: | CSCsd68855 |
Title: | config lost on upgrade caused by broken banner config in alternate confi |
|
Description: | Upgrading from rls 3.2.x to 3.2.y will result in partial loss of configuration
if a banner is present within the configuration before conducting the upgrade
banner
exec Set EXEC process creation banner
incoming Set incoming terminal line banner
login Set login banner
motd Set Message of the Day banner
prompt-timeout Set Message for login authentication timeout
slip-ppp Set Message for SLIP/PPP
Workaround: In order to avoid this problem the following steps are required:
1) Remove the banner from the running config
2) Clear the cache
Router#run nvgen -F 1
3) Trigger a cache update
Router#config <-- Trigger cache update by fake commit
Router#hostname
Router#commit
Router
|
没有评论:
发表评论