| |
|
Alert Type: | Updated * |
Bug Id: | CSCux97951 | Title: | dpss packets are getting punted on CSR box |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
After upgrade to ios-xe 3.17 using image csr1000v-universalk9.03.17.00.S.156-1.S-std.SPA.bin, some basic onePK functionalities stopped to work correctly, now must of packets are punted instead of only the first packet of each flow.
#sh platform hardware qfp active feature dpss datapath global
sender_id: 652
cft handler: 0
cft feature id: 0
cft fo id: 0
flow timeout message: enable
rec packetless message stats: 0
send flow timeout stats: 11
Active flow stats: 1
Total flow stats: 8
Incomplete flow stats: 0
Failed deleted FO: 0
-------------------------------------------------------------------------
DPSS Global Packet Stats Packets Octets
-------------------------------------------------------------------------
INJECT PKT 2 2996
PUNT PKT 390 207860
SET_NEXTHOP PKT 2 2996
Conditions:
OnePK version is 1.5.0.69 on linux 64 bits.
ios-xe 3.17 using image csr1000v-universalk9.03.17.00.S.156-1.S-std.SPA.bin
This doesn't impact on ASR platform which supports onepk.
Workaround:
none
Further Problem Description:
Dpss_mp is reinjected the packet properly & appnav is dropping it in platform.
Please involve appnav team to debug this & you can use this testbed for further debugging.
csribra2#sh platform hardware qfp active feature dpss datapath global
sender_id: 456
cft handler: 0
cft feature id: 0
cft fo id: 0
flow timeout message: enable
rec packetless message stats: 0
send flow timeout stats: 0
Active flow stats: 1
Total flow stats: 1
Incomplete flow stats: 0
Failed deleted FO: 0
-------------------------------------------------------------------------
DPSS Global Packet Stats Packets Octets
-------------------------------------------------------------------------
PUNT PKT 1226 647328
csribra2#sh platform hardware qfp active statistics drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
AppNavInvSNpkt 1226 826336
BadUidbSubIdx 3238 219390
Disabled 121 10510
Ipv4NoRoute 8 586
Ipv4Null0 2 264
UnconfiguredIpv4Fia 1303 226252
UnconfiguredIpv6Fia 18 2308
|
|
Last Modified: | 22-JUN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | 15.6(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux35824 | Title: | CLI for restAPI application name is not fixed for AAA server |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cisco ACS server needs a hardcoded session name to allow AAA access. This configuration of REST API allows only a single session at a time so the session name can be hardcoded as restApp. Existing multiple sessions with unique session names is still supported and the default configuration
Conditions:
All
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-JUN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S2.1, 15.5(3)S3, 15.6(0.22)S0.13, 16.2(0.281), 16.3(0.78) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy50984 | Title: | RESTAPI/Doc:Need some example for global/cli |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
No JSON body examples for global/cli
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
No examples are existing in the CCO document for /api/v1/global/cli.
it is recommended to be added.
CCO document link:
http://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIglobal.html
|
|
Last Modified: | 21-JUN-2016 |
|
Known Affected Releases: | 16.2.1 |
|
Known Fixed Releases: | 16.2.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut66412 | Title: | Multiple Cisco Smart Licenses used after switching from CSL to SL |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:Multiple Smart license are consumed when switching from CSL to SL
Conditions:Problem happens only if the CSR had an Active,In-Use CSL license prior to switching to Smart license
Workaround:Need to reload the CSR when switching from CSL to SL
More Info:
|
|
Last Modified: | 01-JUL-2016 |
|
Known Affected Releases: * | 15.5(2)S, 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz11498 | Title: | CSR %VXE_VNIC_IF-3-MSGINITERROR messages when API add delete new intf |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Error messages on console when interfaces are hot removed from virtual machine such as:
*May 11 17:22:20.991: %VXE_VNIC_IF-3-MSGINITERROR: VXE vNIC interface command: stop failed: -1 for GigabitEthernet7
Conditions:
Hot removal of interface from KVM or ESXi based virtual machine with IOS 15.5(03)S or IOS-XE 3.16.
Workaround:
None.
Further Problem Description:
The error messages are not harmful.
|
|
Last Modified: | 30-JUN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.5(3)S3.3, 15.6(1)S2.3, 16.2(1.20), 16.3(0.209), 16.4(0.34) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCva27661 | Title: | VASI subsystems are not packaged in ipbasek9 image for CSR1K platform |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
vasi subsys missing in security/ipbase package on CSR
Conditions:
vasi subsys missing in security/ipbase package on CSR
Workaround:
install AX license
Further Problem Description:
|
|
Last Modified: | 30-JUN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCva00363 | Title: | ENH: ZBF in IOS-XE does not support the CUBE feature. |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
This enhacement bug is to oficially support IOS-XE (ASR1K, ISR 4K, vCUBE/CSR1000v) running CUBE and ZBFW on the same platform.
Conditions:
Customer has found a workaround to make CUBE work with ZBF, however since this feature is not oficially supported, he does not want to implement that workaround.
Workaround:
we worked together with your customer in order to provide them a workaround for allowing the ZBF to work together with the CUBE on their ASR1K-IOS-XE and here the final ZBF configuration we confirmed is allowing the CUBE to work for receiving inbound calls with bi-directional audio:
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
parameter-map type inspect global
log dropped-packets
parameter-map type inspect sip-log
audit-trail on
access list ACL_WAN2SELF
20 permit tcp host 81.146.227.228 host 10.186.24.7
30 permit udp host 81.146.227.228 host 10.186.24.7
40 permit udp host 81.146.227.229 host 10.186.24.7
access-list TELCO-SIP-GATEWAYS
Extended IP access list TELCO-SIP-GATEWAYS
50 permit udp host 10.186.56.72 any
class-map type inspect match-any SIP_CUBE_TO_ITSP
match protocol sip
class-map type inspect match-any SIP_CUBE_FROM_ITSP
match access-group name TELCO-SIP-GATEWAYS
class-map type inspect match-any CM_SELF2WAN
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all CM_WAN2SELF
match protocol sip
match access-group name ACL_WAN2SELF
!
policy-map type inspect LAN2WAN
class type inspect SIP_CUBE_TO_ITSP
inspect
class class-default
drop log
policy-map type inspect WAN2LAN
class type inspect SIP_CUBE_FROM_ITSP
inspect sip-log
class class-default
drop log
policy-map type inspect SELF2WAN
class type inspect CM_SELF2WAN
inspect
class class-default
drop log
policy-map type inspect WAN2SELF
class type inspect CM_WAN2SELF
inspect sip-log
class class-default
drop log
!
zone security WAN
zone security LAN
zone-pair security LAN-TO-WAN source LAN destination WAN
description LAN-TO-WAN TRAFFIC
service-policy type inspect LAN2WAN
zone-pair security WAN-TO-LAN source WAN destination LAN
description WAN-TO-LAN TRAFFIC
service-policy type inspect WAN2LAN
zone-pair security WAN-TO-self source WAN destination self
description WAN-TO-self TRAFFIC
service-policy type inspect WAN2SELF
zone-pair security self-TO-WAN source self destination WAN
description self-TO-WAN TRAFFIC
service-policy type inspect SELF2WAN
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
After applying the above _ZBF configuration we confirmed the following logs appearing when the phone call was stablished:
010929: Jun 8 15:58:33.775 UTC: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00003718704025727904 %FW-6-SESS_AUDIT_TRAIL_START: (target:class)-(WAN-TO-self:CM_WAN2SELF):Start sip rtp data session: initiator (10.186.24.7:8228) -- responder (81.146.227.229:32828) from GigabitEthernet1
010930: Jun 8 15:58:34.474 UTC: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00003718704725399037 %FW-6-SESS_AUDIT_TRAIL_START: (target:class)-(WAN-TO-LAN:SIP_CUBE_FROM_ITSP):Start udp session: initiator (10.186.56.72:8230) -- responder (10.186.52.49:16646) from GigabitEthernet2
010931: Jun 8 15:58:50.034 UTC: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:000 TS:00003718720284614506 %FW-6-SESS_AUDIT_TRAIL: (target:class)-(WAN-TO-LAN:SIP_CUBE_FROM_ITSP&
|
|
Last Modified: | 09-JUN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
:
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论