Field Notice: FN - 63686 - RFGW10 with SUP7E Supervisor Card that Runs Cisco IOS-XE Release 3.2.2SQ Image Might Stop Processing L3/IP Traffic - Workaround Provided

Available Languages

Updated:May 22, 2018
Document ID:FN63686

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Publish Date Comments
1.0
24-Sep-13
Initial Release
10.0
20-Oct-17
Migration to new field notice system
10.1
22-May-18
Fixed Broken Image Links

Products Affected

Affected OS Type Affected Release Affected Release Number Comments
NON-IOS
3
3.2.2SQ
RFGW10 with RFGW-X45-SUP7-E

Defect Information

Defect ID Headline
CSCue76243 Sup7E/Sup7LE/4500X SW not receiving to router traffic: ping, telnet, ssh

Problem Description

RF Gateway (RFGW)10 with a SUP7E supervisor card that runs Cisco IOS-XE Release 3.2.2SQ image might stop processing all layer 3 (L3)/IP traffic on the device if the Management port FastEthernet1 (Fa1) is enabled and in use. All Downstream External PHY Interface (DEPI) sessions might also go down and not recover. Secure Shell (SSH)/TELNET/PING to/from the supervisor might also not work.

Conditions under which an issue can occur:

  • RFGW10 with a SUP7E Supervisor card that runs Cisco IOS-XE Release 3.2.2SQ image
  • Fa1 port is enabled (not shut down) and in use, where packets flow through Fa1
  • Fa1 port has Cisco Express Forwarding (CEF) fastpath enabled, which is the default behavior for Release 3.2.2SQ - the interface configuration does not have the no ip route-cache cef line.

The affected image shows that the unsupported drop counters increment for any access through the Management IP as shown here:

Background

The SUP7E Supervisor card of the RFGW10 platform might lose all L3 connectivity to/from the switch IP address. Switching continues to work, but IP traffic to/from the switch does not. This includes Simple Network Management Protocol (SNMP), Network Time Protocol (NTP), Telnet, and SSH. Once problem symptoms occur, they persist until the switch is reloaded.

The root cause is that packets get dropped in the CEF fast switch path. CEF uses a global counter that is not designed to be accessed from two threads; that is, the code is not reentrant. The addition of Fa1 functionality adds a second thread that accesses this counter when the Fa1 port has the CEF fastpath enabled. With two CPU cores on the SUP7E, the two threads get accessed at the same time, which corrupts this counter. All L3 packets get dropped if this counter exceeds a maximum value.

This issue only affects RFGW10 with a SUP7E Supervisor card that runs Cisco IOS-XE Release 3.2.2SQ when the Management port Fa1 is enabled. The image information is shown here:

Cisco IOS-XE Releases 3.2.0SQ and 3.2.1SQ are not affected since they do not support the Management port.

The issue is fixed in Cisco IOS-XE Release 3.3.0SQ or newer releases.

Problem Symptom

SSH/TELNET/PING to/from supervisor do not work.

All DEPI sessions might go down and fail to recover

Workaround/Solution

In order to avoid this issue, there are three alternatives:

  1. Keep the Management port Fa1 disabled (shutdown) (see Example 1)
  2. Disable CEF on Management port Fa1 (see Example 2)
  3. Upgrade to Cisco IOS-XE Release 3.3.0SQ or newer releases (if available)

*** If problem has already occurred, apply one of these workarounds and then reboot the system *** .

Example 1 - how to shut down the Fa1 port:

RFGW-10(config)#interf fa1
RFGW-10(config-if)#shutdown
RFGW-10(config-if)#end
RFGW-10#show run interf fa1
Building configuration...


Current configuration : xxx bytes
!

interface FastEthernet1
ip vrf forwarding Mgmt-vrf
no ip address
shutdown
speed auto
duplex auto
End

Example 2 -how to disable CEF on the Fa1 port:

RFGW10(config)#interf fa1
RFGW10(config-if)#no ip route-cache cef
RFGW10(config-if)#end

RFGW10#show run interf fa1
Building configuration...

Current configuration : xxx bytes
!
interface FastEthernet1
ip vrf forwarding Mgmt-vrf
ip address 10.45.100.31 255.255.254.0
no ip route-cache cef
speed auto
duplex auto
end

This issue is fixed in Cisco IOS-XE Release 3.3.0SQ, because it ensures that Fa1 traffic does not use the CEF fastpath.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco