Release Notes for Cisco GGSN Release 9.x on the Cisco SAMI, Cisco IOS Release 12.4(22)YE
Available Languages
Table Of Contents
Release Notes for Cisco GGSN Release 9.x on the Cisco SAMI,
Cisco IOS Software Release 12.4(22)YEHardware and Software Requirements
Enhanced Service-Aware Billing
Determining the Software Version
Upgrading to a New Software Release
Limitations, Restrictions, and Important Notes
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE6
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE5
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE4
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE3
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE2
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE1
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE
Caveats - Cisco IOS Release 12.4(22)YE6
Caveats - Cisco IOS Release 12.4(22)YE5
Caveats - Cisco IOS Release 12.4(22)YE4
Caveats - Cisco IOS Release 12.4(22)YE3
Caveats - Cisco IOS Release 12.4(22)YE2
Caveats - Cisco IOS Release 12.4(22)YE1
Caveats - Cisco IOS Release 12.4(22)YE
Implementing GGSN Release 9.x on the Cisco SAMI
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco GGSN Release 9.x on the Cisco SAMI,
Cisco IOS Software Release 12.4(22)YE
Publication Date: July 7, 2011
Cisco IOS Release 12.4(22)YE6
This release note describes the requirements, dependencies, and caveats for the Cisco Gateway General Packet Radio Service (GPRS) Support Node (GGSN) Release 9.2, Cisco IOS Release 12.4(22)YE6 on the Cisco Service and Application Module for IP (SAMI). These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 12.4(22)YE, see the "Caveats" section and Caveats for Cisco IOS Release 12.4 T. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.4 located on Cisco.com.
Contents
This release note includes the following information:
•
MIBs
•
•
•
Cisco GGSN Introduction
The Cisco GGSN is a service designed for Global System for Mobile Communications (GSM) networks. GSM is a digital cellular technology that is used worldwide, predominantly in Europe and Asia. GSM is the world's leading standard in digital wireless communications.
General Packet Radio Service (GPRS) and Universal Mobile Telecommunication System (UMTS) are standardized by the European Telecommunications Standards Institute (ETSI). In a GPRS/UMTS packet-switched domain, data services are delivered to the mobile subscriber when a link is established through a Public Land Mobile Network (PLMN) to a GGSN.
The Cisco GGSN enables mobile wireless service providers to supply their mobile subscribers with packet-based data services in GSM networks.
The Cisco GGSN runs on the Cisco Service and Application Module for IP (SAMI), a new-generation high performance service module for the Cisco 7600 Series Router platforms. For more information about the Cisco SAMI, see the Cisco Service and Application Module for IP User Guide.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.4(22)YE and includes the following sections:
•
•
•
For hardware requirements, such as power supply and environmental requirements and hardware installation instructions, see the Cisco Service and Application Module for IP User Guide.
Memory Recommendations
Hardware and Software Requirements
Implementing a Cisco GGSN Release 9.2 on the Cisco 7600 series internet router platform requires the following hardware and software.
•
•
–
–
–
–
–
Or one of the following Cisco 7600 series Route Switch Processors running Cisco IOS Release 12.2(33)SRE or later
–
–
For details on upgrading the Cisco IOS release running on the supervisor engine, refer to the "Upgrading to a New Software Release" section in the Release Notes for Cisco IOS Release 12.2SR. For information about verifying and upgrading the LCP ROMMON image on the Cisco SAMI, refer to the Cisco Service and Application Module for IP User Guide.
Note
•
Note
•
Note
GTP-Session Redundancy
In addition to the required hardware and software above, implementing GTP-Session Redundancy (GTP-SR) requires at minimum:
•
•
Enhanced Service-Aware Billing
In addition to the required hardware and software, implementing enhanced service-aware billing requires an additional Cisco SAMI running the Cisco Content Services Gateway Second Generation software in each Cisco 7600 Series Router.
Determining the Software Version
To determine the version of Cisco IOS Software running on your Cisco SAMI PPCs, log in to the router on one of the SAMI PPCs and enter the show version EXEC command:
Router# show versionCisco Internetwork Operating System SoftwareIOS (tm) SAMI Software (g8ik9s), Version 12.4(22)YE6, EARLY DEPLOYMENT RELEASE SOFTWARETAC Support: http://www.cisco.com/tacCopyright (c) 1986-2002 by cisco Systems, Inc.Upgrading to a New Software Release
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
Upgrading the Cisco SAMI Software
For information on upgrading the Cisco SAMI software, see the Cisco Service and Application Module for IP User Guide:
Note
MIBs
Platform-Related MIBs
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Application-Related MIBs
•
•
•
•
•
•
•
•
•
•
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Limitations, Restrictions, and Important Notes
When configuring the Cisco GGSN, observe the following:
•
Therefore, to avoid the possibility of incomplete adjacency on VLAN interfaces for the redirected destination IP address and an impact to the upstream traffic flow for PDP sessions upon bootup, ensure that you configure the no ip cef optimize neighbor resolution command.
•
Note
Table 2 lists the maximum number of PDP contexts the Cisco SAMI with the 1-GB memory option can support. Table 3 lists the maximum number the Cisco SAMI with the 2-GB memory option can support:
Table 2 Number of PDPs Supported in 1-GB SAMI
IPv4
64,000
384,000
IPv6
8,000
48,000
PPP Regeneration
16,000
96,000
PPP
8,000
48,000
1 Maximum number per SAMI on which six GGSNs are configured.
Table 3 Number of PDPs Supported in 2-GB SAMI
IPv4
136,000
816,000
IPv6
16,000
96,000
PPP Regeneration
32,000
192,000
PPP
16,000
96,000
1 Maximum number per SAMI on which six GGSNs are configured.
With Cisco GGSN Release 8.0 and later, PDPs regenerated to a PPP session run on software interface description blocks (IDBs), which increases the number of sessions the GGSN can support. The GTP virtual template is a subinterface. If the no virtual-template subinterface command is configured in global configuration mode, PDPs regenerated to a PPP session run on hardware IDBs instead. When sessions are running on hardware IDBs, the GGSN supports fewer sessions.
•
–
–
–
!interface Virtual-Template1description GGSN-VTip unnumbered Loopback0encapsulation gtpno logging event link-statusgprs access-point-list gprsendFor implementation of a service-aware GGSN, the following additional important notes, limitations, and restrictions apply:
•
•
•
•
•
Specifically the SGSN N3*T3 must be greater than:
2 x RADIUS timeout + N x DCCA timeout + CSG2 timeout
where:
–
–
Note
New and Changed Information
The following section lists the new features in the Cisco IOS Release 12.4 YE releases:
•
•
•
•
•
•
•
For detailed information about the new and existing features in GGSN Release 9.x, Cisco IOS Release 12.4 YE releases, refer to the Cisco GGSN Release 9.x configuration guide and command reference located at the following URL:
http://www.cisco.com/en/US/products/sw/wirelssw/ps873/tsd_products_support_series_home.html
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE6
There are no new implementations or behavior changes in Cisco IOS Release 12.4(22)YE6.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE5
There are no new implementations or behavior changes in Cisco IOS Release 12.4(22)YE5.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE4
The following new features and behavior change are introduced in Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE4:
•
–
–
•
The following MIBs have been updated with objects related to the Granular Charging, enhanced G-CDRs (eG-CDRs), GTP Session Redundancy (GTP-SR), iSCSI, and Geo-Redundancy features:
–
–
–
–
–
–
–
–
•
[no] gprs gtp tpdu reorder-required sequence receive mandatory
When the gprs gtp tpdu reorder-required sequence receive mandatory command is configured, when the GTPv1 PDP has reorder_required set to TRUE, if the Cisco GGSN receives a GTPv1 TPDU without a sequence number (s=0), it considers the TPDU an out-of-sequence TPDU, and drops it.
By default this command is not configured, and the default behavior is when the GTPv1 PDP context has reorder_required set to TRUE. If the Cisco GGSN receives a GTPv1 TPDU without a sequence number (s=0), the GGSN allows the TPDU and treats it as a valid TPDU, which does not require reordering and sequence number checks.
If the PDP context has reorder_required set to FALSE, the GGSN accepts the TPDU without any check for sequence number. In this case, the GGSN accepts both s=0 and s=1). This is an existing behavior and has not changed in Cisco IOS Release 12.4(22)YE4.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE3
There are no new implementations or behavior changes in Cisco IOS Release 12.4(22)YE3.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE2
The following new features and behavior change are introduced in Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE2:
New Features
Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE2, introduces support of the exchange of service control messages on an enhanced quota server interface between the Cisco GGSN and Cisco CSG2.
This support enables the Cisco GGSN to generate eG-CDRs for the following types of users in addition to the service-aware prepaid and service-aware postpaid users supported in releases before Cisco GGSN Release 9.2:
•
•
•
Note
For information about configuring the enhanced quota server interface and enabling support for the exchange of service control messages, refer to the Cisco GGSN Release 9.2 Configuration Guide.
Behavior Changes
To ensure that the most recent Long Sequence Record Number (LSRN) ID value is used in charging records, before downgrading from Cisco IOS Release 12.4(22)YE2 or later to Cisco IOS Release 12.4(22)YE1 or YE, or to Cisco IOS Release 12.4(15)XQ4, XQ3, XQ2, XQ1, or XQ, execute the sami sync-nvvar ios-to-rommon privileged EXEC command at each of the PPC consoles.
Note
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE1
Cisco GGSN Release 9.0, Cisco IOS Release 12.4(22)YE1, introduces support for the following features:
•
•
New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE
Cisco GGSN Release 9.0, Cisco IOS Release 12.4(22)YE introduces support for the following features:
•
•
•
•
•
•
•
And enhancements to the following existing features:
•
•
•
•
•
•
Caveats
Caveats describe unexpected behavior in Cisco IOS Software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
All caveats in Cisco IOS Release 12.4 and Cisco IOS Release 12.4 T are also in Cisco IOS Release 12.4(22)YE.
For information on caveats in Cisco IOS Release 12.4, see Caveats for Cisco IOS Release 12.4.
For information on caveats in Cisco IOS Release 12.4 T, see Caveats for Cisco IOS Release 12.4T, which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.
Using the Bug Navigator II
If you have an account with Cisco.com, you can use Bug Navigator II to find caveats the most current list of caveats of any severity for any software release. To reach Bug Navigator II, log in to Cisco.com and click Software Center: Cisco IOS Software: Cisco Bugtool Navigator II. Another option is to go directly to http://www.cisco.com/support/bugtools.
This section lists the following:
•
•
•
•
•
•
•
Caveats - Cisco IOS Release 12.4(22)YE6
This section contains the following types of caveats that apply to the Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE6 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE6.
•
The iSCSI connection closes when the CPU usage is high, and the write function does not work after the connection is restored. The disk goes into an unusable state after the connection is restored.
This condition occurs when the CPU usage is approximately 70% and the disk size is large (approximately 100 GB). This condition is not seen when the disk size is lower (10 GB or less).
Workaround: Unconfigure the iSCSI function using the gprs iscsi command and then reconfigure the connection.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveats
This section lists the SAMI-specific caveats that are open in Cisco IOS Release 12.4(22)YE6.
•
The hw-module module module no shutdown command causes the Cisco SAMI to reload rather than shut down. This condition is seen in Cisco SAMI version 03.0(05)SAM and later.
Workaround: Use the no power enable module mod-num command on the supervisor to shut down the Cisco SAMI.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE6.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: The debug message entries can be manually deleted by setting cTap2DebugStatus object to destroy(6).
Resolved Caveats
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE6.
•
A Diameter Credit Control Application (DCCA) Credit Control Answer (CCA) update message sent to the GGSN with a manipulated Session ID causes the GGSN to crash.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
•
The downstream traffic volume in GGSN CDRs stays at 0. This condition occurs when an MS has sent or received more than 4 GB of data.
•
The Cisco GGSN running Cisco IOS Software Release 12.4(24)YE1 reloads and the PC of the reload points to serv_tmr_service_chain routine.
This condition occurs under rare circumstances while the Cisco GGSN is experiencing high traffic conditions.
•
When a subscriber connects to an APN configured to support routing behind the mobile station (the network-behind-mobile access-point configuration command is configured), the Cisco GGSN sends an Access-Request to RADIUS and receives the framed-ip-route in return, as expected.
However, one of the framed routes is illegitimate according to the IANA IPv4 Address Space Registry. Once the invalid address is downloaded and installed, the same routing entry is added for every minute until the user disconnects the PDP. This occurs for only illegitimate subnets. Upon disconnecting the PDP, only one entry is deleted and the remaining entries remain present. This causes the memory consumption on the Cisco GGSN to continuously raise.
•
The Cisco GGSN might erroneously detect a serving GPRS support node (SGSN) path restart, even though there is no Recovery information element (IE) change in any of the PDP requests.
This condition might occur when a subscriber is trying to connect from one SGSN and immediately moves to another SGSN and sends a create PDP context request.
•
The Cisco GGSN might reload at PC gprs_red_unpack_pdpcb(). This condition might be triggered by the availability of secondary PDP sessions on the GGSN.
•
Under stress conditions, PDP sessions become stuck in a "Pending" state and they are unable to connect. This condition occurs with an enhanced GGSN (eGGSN) service-aware implementation.
•
In a redundant implementation, the active GGSN crashes when trying to free the Checkpoint-Facility (CF) buffer when a PDP is being deleted.
•
In an enhanced GGSN (eGGSN) scenario, in which the Cisco GGSN and Cisco CSG2 are implemented together to provide service-aware billing, if the Diameter Credit Control Application (DCCA) server does not send the Volume/Time threshold in the Volume-Quota-Threshold AVP and the Time-Quota-Threshold AVP in a Credit Control Answer (CCA) to the quota server interface on the Cisco GGSN, the Cisco GGSN continues to dictate a Volume/Time threshold of zero (0) to the Cisco CSG2 via GTP', as seen below:
Granted Quadrans Quadrans: 1843200
Granted Quadrans Units: Bytes IP
Granted Quadrans Flags: 0x03
Granted Quadrans Threshold: 0The 0x03 flag indicates that this is a dictated and mandatory value to which the Cisco CSG2 must comply.
This condition occurs when the DCCA server does not send a Volume/Time threshold value to the Cisco GGSN quota server interface. The Cisco GGSN sends a Volume/Time threshold value of zero to the Cisco CSG2 with a 0x3 flag. The 0x3 flag indicates that the value is valid.
Cisco SAMI Resolved Caveats
This section list the SAMI-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE6.
•
Input queue drops increment every 7-10 seconds on G0/0 with minimal traffic.
When Layer 2 packets reach the home agents, the show interface GigabitEthernet 0/0 input queue drops increments with minimal traffic.
This condition does not impact any data traffic from the mobile nodes.
•
At high traffic loads, the Cisco SAMI might reload as a result of a failure of power convertor 0x5.
%OIR-SP-6-PWRFAILURE: Module 2 is being disabled due to power convertor failure 0x5%C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (FRU-power failed)•
After modifying the Internet Small Computer System Interface (iSCSI) configuration, the iSCSI login fails.
The Cisco SAMI debug shows the following error message:
iSCSI ERROR: login error status class 2, status details 7The server log shows the following error message:
Initiator did not specify target name in LOGIN requestMiscellaneous Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(22)YE6
•
Generic Attribute Registration (GARP) packet seen on peer device from unit under test (UUT) interface when the line protocol of the UUT interface is down.
Unreproducible Caveats
This section lists the GGSN-specific caveat that is unreproducible in Cisco IOS Release 12.4(22)YE6.
•
After the format command is run on a disk larger than 32 GB, the show command displays that only 4 Gbs are free on the device.
This condition occurs when formatting a disk that is larger than 32 Gb from Cisco IOS software.
•
The GGSN connection to the Internet Small Computer System Interface (iSCSI) target fails and the following logs are seen:
SAMI 1/3: Oct 9 06:34:11.126 BST: %RSM-4-UNEXPECTED: Error: Drive sda0 unusable (File inuse in an incompatible mode)SAMI 1/3: Oct 9 06:34:12.118 BST: %RSM-4-UNEXPECTED: Error: iSCSI target in profile ISCSI_FWORKSMSA2KT_PROFILE cannot be used for storing/retrieving CDRs. Failed to set the read/write locations in the disk. Disk is not formatted or is corrupted. Please format the disk.SAMI 1/3: Oct 9 06:34:12.118 BST: %GPRSISCSIFLTMG-4-GPRS_ISCSI_OPEN_FAILURE: Unable to establish session to SAN for target profile ISCSI_FWORKSMSA2KT_PROFILECaveats - Cisco IOS Release 12.4(22)YE5
This section contains the following types of caveats that apply to the Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE5 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE5.
•
The iSCSI connection closes when the CPU usage is high, and the write function does not work after the connection is restored. The disk goes into an unusable state after the connection is restored.
This condition occurs when the CPU usage is approximately 70% and the disk size is large (approximately 100 GB). This condition is not seen when the disk size is lower (10 GB or less).
Workaround: Unconfigure the iSCSI function using the gprs iscsi command and then reconfigure the connection.
•
The Cisco GGSN running Cisco IOS Software Release 12.4(24)YE1 reloads and the PC of the reload points to serv_tmr_service_chain routine.
This condition occurs under rare circumstances while the Cisco GGSN is experiencing high traffic conditions.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
Cisco SAMI Open Caveats
This section lists the SAMI-specific caveats that are open in Cisco IOS Release 12.4(22)YE5.
•
The hw-module module module no shutdown command causes the Cisco SAMI to reload rather than shut down. This condition is seen in Cisco SAMI version 03.0(05)SAM and later.
Workaround: Use the no power enable module mod-num command on the supervisor to shut down the Cisco SAMI.
•
Input queue drops increment every 7-10 seconds on G0/0 with minimal traffic.
When Layer 2 packets reach the home agents, the show interface GigabitEthernet 0/0 input queue drops increments with minimal traffic.
This condition does not impact any data traffic from the mobile nodes.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE5.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: The debug message entries can be manually deleted by setting cTap2DebugStatus object to destroy(6).
Resolved Caveats
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE5.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
The charging gateway is not able to decode a CDR correctly when the TrafficVolume data contains user location information. This condition occurs because the GGSN does not put the correct length for the userLocationInformation IE.
This condition occurs with Cisco GGSN Release 9.0 or later, when the PDP context contains user location information. Under these conditions, generated CDRs have the decoding error.
•
When IP address allocation is configured using local pools, sometimes the active-standby GGSN pairs are out of sync. Once this condition occurs, the standby does not following the active GGSN.
This condition occurs when the ip local pool command is configured with the group keyword option specified (for example ip local pool mypool 1.1.1.1 1.1.1.255 group mygroup).
•
The synchronization of PDPs on the GGSN fails, which leads to a high CPU.
•
The connection to the quota server is flapping on the Cisco CSG2 when implemented in an eGGSN solution. This condition occurs when the Cisco GGSN is running Cisco IOS Release 12.4(15)XQ5 or later.
•
The A-flag is not set in the Cisco GGSN IPv6 router advertisement.
This condition occurs when the virtual-template on the GGSN is configured with the ipv6 nd prefix default infinite infinite off-link command.
•
The Cisco GGSN crashes when an snmpwalk is made over cGtpPathStatisticsTable. This condition occurs when paths are created and removed (PDPs are created and deleted, or charging gateways are configured and unconfigured) during the snmpwalk.
This issue is seen in Cisco GGSN 12.4(24)YE1 or prior releases when an snmpwalk is made over cGtpPathStatisticsTable.
•
Downstream traffic fails at the Cisco GGSN for IPv6 PDP contexts.
This issue is seen in all Cisco GGSN releases where the IPv6 address is dynamically allocated, and the UE modifies the interface ID.
•
GTPv0 PDPs are hanging. This condition occurs when the Cisco GGSN is running Cisco IOS Software Release 12.4(24)YE4 and is specific GTPv0 when an SGSN sends a create request for an already existing PDP associated with a virtual APN.
•
When a user starts in a generic radio access network (GRAN) or GSN EDGE Radio Access Network (GERAN), the QoS is either 128 or 472, depending on if the Edge is available or not in GERAN. Then, if the user moves to a location where customer has Universal Terrestrial Radio Access Network (UTRAN) coverage, the SGSN sends the new QoS parameters to the GGSN, but policing is still done on the QoS parameters from the Create PDP Request. All updates appear to be discarded.
Cisco SAMI Resolved Caveats
This section list the SAMI-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE5.
•
The crash info file produced by the SAMI application (CSG2, GGSN, etc.) is either be empty or contains files with limited or no content.
This condition occurs only when the application is crashing due to some other unrelated defect.
•
In a redundant Cisco SAMI configuration, the "RF induced reload" error message and a traceback display on the supervisor engine when the Cisco SAMI is reloaded or reset.
•
A Cisco SAMI processor reloads saying Rf-INTERDEV self-induced reload. This condition occurs when the implementation is redundant and there is a momentary communication breakdown between the SAMI processors.
Miscellaneous Resolved Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(22)YE5
•
The console could stop responding when the TACACS+ server is used as an AAA server and the single connection option is configured.
•
In a redundant implementation, the Cisco SAMI application is not able to write to the core file when forced to crash with the process watchdog timeout option.
•
In a virtual private dialup network (VPDN)/Layer 2 Tunneling Protocol (L2TP) configuration, the Cisco GGSN could encounter a fatal error. This error could occur in rare conditions when the physical connectivity on interface to the L2TP network server (LNS) is lost while there are active sessions and traffic.
•
In a redundant implementation, a few processes in RF running even after a crash leads to a reload of the box.
•
In an enhanced GGSN (eGGSN) deployment with Gx-enabled users, the Cisco CSG2 could stop processing certain requests, such as Gx (Diameter requests), causing subscriber outages. The CSG2 could also fail to log in remotely over SSH, generating the following message:
SAMI 4/3: %IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)
•
The Cisco SAMI application could crash as a result of a memory corruption or accessing an invalid address. The logs from the crashinfo show that the PCRF sent Diameter protocol errors.
Unreproducible Caveats
This section lists the GGSN-specific caveat that is unreproducible in Cisco IOS Release 12.4(22)YE5.
•
The signaling SGSN address is not synchronized to the standby GGSN when the SGSN sends different recovery IEs in quick succession.
This issue is seen when the following conditions occur:
1.
2.
Caveats - Cisco IOS Release 12.4(22)YE4
This section contains the following types of caveats that apply to the Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE4 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE4.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
The iSCSI connection closes when the CPU usage is high, and the write function does not work after the connection is restored. The disk goes into an unusable state after the connection is restored.
This condition occurs when the CPU usage is approximately 70% and the disk size is large (approximately 100 GB). This condition is not seen when the disk size is lower (10 GB or less).
Workaround: Unconfigure the iSCSI function using the gprs iscsi command and then reconfigure the connection.
•
The cHsrpExtIfTrackedIpNone object is not fetching when trying to get cHsrpExtIfStandbyTable objects. This condition is seen when the standby [group-number] track interface-type interface-number [interface-priority] command is not configured.
Workaround: Ensure that the standby [group-number] track interface-type interface-number [interface-priority] command and the standby [group-number] ip none command are configured before querying the cHsrpExtIfTrackedIpNone object.
•
A GPRS iSCSI error message displays when a charging group is unconfigured. This condition occurs when an iSCSI target is configured under the charging group.
Workaround: Unconfigure the iSCSI target associated with a charging group before unconfiguring the charging group. First unconfigure iscsi and then charging group,
•
Large number of failed read requests occurring during iSCSI read operation. This condition occurs when the Cisco GGSN is sending an extra read request even though it has received an empty record in a previous read request.
Workaround: There is currently no known workaround.
•
The signaling SGSN address is not synchronized to the standby GGSN when the SGSN sends different recovery IEs in quick succession.
This issue is seen when the following conditions occur:
3.
4.
Workaround: Ensure that the Gn path echo is set to the default (60 seconds). If the Gn path echo is set to the default, the chances of this issue occurring is very remote because the PDP context will be deleted on the GGSN before the SGSN recovers. Therefore, the create request sent after the SGSN recovers will be a fresh create request. If the mismatch has already occurred, reload the standby node to ensure that the correct value is synchronized to the standby during the bulk synchronization.
Cisco SAMI Open Caveats
This section lists the SAMI-specific caveats that are open in Cisco IOS Release 12.4(22)YE4.
•
The hw-module module module no shutdown command causes the Cisco SAMI to reload rather than shut down. This condition is seen in Cisco SAMI version 03.0(05)SAM and later.
Workaround: Use the no power enable module mod-num command on the supervisor to shut down the Cisco SAMI.
•
Input queue drops increment every 7-10 seconds on G0/0 with minimal traffic.
When Layer 2 packets reach the home agents, the show interface GigabitEthernet 0/0 input queue drops increments with minimal traffic.
This condition does not impact any data traffic from the mobile nodes.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE4.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: The debug message entries can be manually deleted by setting cTap2DebugStatus object to destroy(6).
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(22)YE4. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE4.
•
Under very rare conditions, the Cisco GGSN might end up with stale PDP contexts when different GTP version create PDP context requests with different Restart values are received from different SGSNs (signaling and data different), and the different restart values are received within a duration of less than 60 seconds.
•
When an iSCSI connection is up, the format of the bootflash generates a traceback.
•
When a create PDP context request message is received after an SGSN reload, an infinite loop occurs in the "GTP Management" process.
•
GTP and access-point statistics are not sychronized to the standby GGSN. This issue is seen on the standby GGSN when the show gprs gtp statistics command and the show gprs access-point statistics command are executed.
•
The GGSN processor receives a fatal error when the show ip iscsi session detail command is executed. This condition occurs when two iSCSI sessions have been created, and the show ip iscsi command issued for both sessions.
•
When using TCP as the path protocol for the charging interface, the Cisco GGSN CPU is sometimes seen at 100% utilization with the GTP I/O process occupying the bulk of the CPU. Because of this, GTP transfer failures occur on the charging path and CDRs start accumulating (buffering) on the system. The Cisco GGSN does not recover from this condition, which can eventually cause system memory depletion and related symptoms due to continuous buffering of CDRs.
This condition is seen when the charging gateway sends corrupted or invalidbyte streams towards the GGSN on the TCP socket established between the GGSN and the charging gateway. The corrupted byte stream results in system error logs such as "LFN bit in CHRG msg should be set" since the charging gateway sends packets with 20-byte headers even though the charging path and GGSN are configured to process 6-byte headers. Eventually, the corrupted byte stream causes the GTP I/O process in the GGSN to take up the bulk of the CPU causing the symptoms listed above.
•
The iSCSI session fails to come up when iSCSI is configured under a charging group and the Cisco GGSN has received a fatal error. This condition is only seen when a target profile name is 7 characters (for example, TRIAL-1), which leads to memory corruption.
•
A fatal error might occur while when unconfiguring an iSCSI target using the no ip iscsi target command. This condition occurs when an iSCSI session is in a failed state and the user attempts to unconfigure the target.
•
The Cisco GGSN permits adding, removing, or modifying the gprs charging source interface command when the charging gateways are configured.
•
The Cisco GGSN default behavior of dropping T-PDUs without a sequence number (s=0) was changed to allow T-PDUs without a sequence number. This new behavior applies to when the Cisco GGSN receives a T-PDU without a sequence number (s=0) in the GTPv1 header, and the reorder-required in the PDP is set to TRUE.
The [no] gprs gtp tpdu reorder-required sequence receive mandatory global configuration command has been added to enable the configuration of the Cisco GGSN behavior:
For more information, see the "New Implementations and Behavior Changes in Cisco IOS Release 12.4(22)YE4" section.
•
The iSCSI state in the show ip iscsi session command output displays as "Free" when the connection to the iSCSI target is brought down asynchronously.
•
When service-aware billing is enabled on the GGSN using the gprs service-aware command, Lawful Intercept does not work.
This condition occurs with only GTPv1 when the following configuration exists:
a.
b.
•
When the enhanced quota server interface between the GGSN and Cisco CSG2 is configured to enable the exchange of service control messages that enable the GGSN to generate enhanced G-CDRs (eG-CDRs) for service-aware prepaid GTP' users, a memory leak occurs on the standby GGSN. The memory leak eventually causes the standby GGSN to reload.
Related configuration commands on GGSN include the ggsn quota-server server-name service-msg command and the charging record type egcdr command.
The active GGSN is not impacted by this issue, except for some temporary additional processing required to synchronize state information from the active to the standby GGSN once the standby GGSN has completed reloading. In addition, the service-aware Gy/CLCI prepaid functionality and configuration on the GGSN is not impacted by this issue.
•
A service-aware prepaid session fails due to an invalid Credit Control Record (CCR).
This condition occurs when the DCCA interface is not configured with the gprs dcca clci command or the gprs dcca 3gpp command, and the OCS server is based on a DCCA interface compatible with non VF-CLCI (the default in Cisco GGSN Release 8.0 and prior versions).
•
In some scenarios, sending a SCSI command header and NOP OUT over a TCP connection fails because these scenarios are not properly handled. This condition can lead to fatal error.
This condition occurs when the TCP task is consumed with other TCP traffic in parallel to the iSCSI writes. The condition surfaces when the TCP connection does not have enough buffer to cater to the requests over TCP.
Cisco SAMI Resolved Caveats
There are no newly resolved SAMI caveats with Cisco IOS Release 12.4(22)YE4.
Miscellaneous Resolved Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(22)YE4
•
The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml.
•
The ip radius source-interface command for Accounting-On/Off does not work if is configured under an AAA group.
•
When a single Open Shortest Path First (OSPF) process is removed, the Cisco GGSN passive-interface interface on-standby command is removed from all OSPF processes.
•
After the Cisco GGSN transitions from standby to active, the SNMP counters for the cgprsAccPtStatisticsEntry and cGgsnStatistics objects are incorrect. This condition is seen only after a transition from standby GGSN to active GGSN.
•
The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•
The aggregated U-routes present in the routing table are deleted, even when valid PDP contexts are present on a route.
This condition is seen only when there are more than 65535 PDP contexts corresponding to the same U-route (when single route aggregation is used for IP pools that have more than 65535 IP addresses).
•
The scada gateway feature enable or disable commands do not work (scada gateway command and no scada gateway command).
Caveats - Cisco IOS Release 12.4(22)YE3
This section contains the following types of caveats that apply to the Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE3 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE3:
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
After a reboot, traffic from the user data plane does not leave the Cisco GGSN any longer because no Address Resolution Protocol (ARP) entry exists on the GGSN for the default route (next hop, Cisco CSG2).
This condition occurs only when the redirect all ip command is configured when running new CEF code. The new CEF code introduces neighbor resolution optimization (enabled by default) which has issues with ARP packet handling.
Workaround: Disable the optimization by using the no ip cef optimize neighbor resolution command on the Cisco GGSN.
Cisco SAMI Open Caveats
There are no known caveats open in Cisco IOS Release 12.4(22)YE3.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE3.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(22)YE3. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE3.
•
The Internet Small Computer System Interface (iSCSI) session fails to come up with an "Unknown iscsi pdu type" error message. The file system is deleted, and the iSCSI target device is not usable for reading or writing charging detail records (CDRs).
This condition is seen only when data greater than the MaxBurstSize negotiated during the iSCSI login phase is written to the target.
•
After the Cisco GGSN is reloaded, the charging gateway might not come up as active. This condition might occur when the Cisco GGSN reloads because of a user-initiated reset or because a fatal error occurs, and the charging gateway does not send a node alive.
•
PDP contexts are always being configured with the default BC and BE values, even when BC and BE configurations are entered by the user under the policy-map. This condition is seen on any policy PDP.
•
Cisco GGSN Release 9.0 displays an increased CPU utilization over Cisco GGSN Release 8.0 when simultaneous create PDP context requests and update PDP context requests are processed by the GGSN, and the GGSN is configured for service-aware CLCI prepaid with Gn-side triggers active.
•
The clear gprs gtp debug next-call tid command might delete the wrong PDP context from the list of nextcall debugged PDPs.
This condition occurs if the PDP TID has zeros preceding other digits (for example, 1023 and 1024). The first PDP in the list is deleted.
•
If the number of PDPs is less than 100, counters are updated immediately and the values in the show output show the most recent global counters. If the number of PDPs is greater than 100, and the show command is issued multiple times within 15 seconds, the output shows data that is 15 seconds old.
•
The no debug condition called command does not reset the APN flag. This condition occurs when conditional debugging is set using the debug condition called apn.com.
•
The active GGSN SAMI PPC resets at the same time the standby GGSN SAMI PPC resets.
This condition occurs when:
–
–
–
•
The Cisco GGSN sends CDRs to the charging gateway that contain invalid headers.
When the gprs auto-retrieve command is configured on the Cisco GGSN, and the path to the charging gateway is flip-flopping and iSCSI traffic is slowing down at the same time, the CDR recovered from iSCSI might not contain a valid header.
•
When connected to a Linux target, the iSCSI session fails to come up and a fatal error occurs on the Cisco GGSN. This condition is seen only when the iSCSI target profile name is seven characters long (for example, TRIAL-1), which leads to memory corruption.
•
The counters that display when framed routes are inserted are not incremented in the show gprs gtp statistics command output. This condition occurs when framed routes are inserted for network-behind mobile.
Cisco GGSN Closed or Unreproducible Caveats
This section list the GGSN-specific caveats that are closed or unreproducible in Cisco IOS Release 12.4(22)YE3.
•
Although the redundancy states Active-Standby are established, the reload peer command does not reload the peer. Debugs show that peer is reloaded upon redundancy reload peer command execution.
•
The Cisco GGSN does not create a new PDP for an existing one when there is a conflict of IP address for mobile station. Instead, the GGSN waits for the retransmission for the create PDP context request to be successful.
Workaround: There is currently no known workaround, however, in production deployment, there are typically retransmissions for a create PDP context request.
Cisco SAMI Resolved Caveats
There are no newly resolved SAMI caveats with Cisco IOS Release 12.4(22)YE3.
Miscellaneous Resolved Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(22)YE3.
•
When the reload command is issued, it takes some time to bring down the system, and during the process, it takes an unusually long amount of time for the redundancy protocols to notify peers. This condition causes some timing issues, and only occurs with redundancy protocols such as HSRP.
•
When an active device is reloaded using the reload command, HSRP might go through an unnecessary transition that causes a standby reload as well.
This condition can occur when:
–
–
–
–
•
The GM might not register. This condition has been seen after an interface is shutdown when a crypto map with a local address is configured and applied to multiple interfaces.
•
iSCSI sporadic write failures occurs with the EMC Celerra NX4. This condition is seen after upgrading to the Cisco GGSN Release 9.0, Cisco IOS 12.4(22)YE1 image.
•
File creation or file delete sporadically fails with a "File In Use in Incompatible mode" error message. This condition occurs when file create and delete operations are executed simultaneously on the same path and both files have the same first six characters.
Caveats - Cisco IOS Release 12.4(22)YE2
This section contains the following types of caveats that apply to the Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE2 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE2:
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
After a reboot, traffic from the user data plane does not leave the Cisco GGSN any longer because no Address Resolution Protocol (ARP) entry exists on the GGSN for the default route (next hop, Cisco CSG2).
This condition occurs only when the redirect all ip command is configured when running new CEF code. The new CEF code introduces neighbor resolution optimization (enabled by default) which has issues with ARP packet handling.
Workaround: Disable the optimization by using the no ip cef optimize neighbor resolution command on the Cisco GGSN.
•
Although the redundancy states Active-Standby are established, the reload peer command does not reload the peer. Debugs show that peer is reloaded upon redundancy reload peer command execution.
Workaround: Execute the reload on the peer by logging into the console.
•
The charging gateway might not come up as active following a reload of the GGSN.
Workaround: Unconfigure and reconfigure the charging gateway or issue a node alive message from the charging gateway.
•
The creation of PDP contexts fails for PPP-layer 2tunneling protocol (L2TP) type PDPs. The create PDP response might reach the SGSN, but some GGSN show command do not display the PDP context. In addition, sending traffic to such a PDP might result in the GGSN reloading.
Workaround: There is currently no known workaround.
•
The Cisco GGSN does not create a new PDP for an existing one when there is a conflict of IP address for mobile station. Instead, the GGSN waits for the retransmission for the create PDP context request to be successful.
Workaround: There is currently no known workaround, however, in production deployment, there are typically retransmissions for a create PDP context request.
Cisco SAMI Open Caveats
There are no known caveats open in Cisco IOS Release 12.4(22)YE2.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE2.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: Manually delete the debug message entries by setting the cTap2DebugStatus object to 6 (destroy).
Resolved Caveats
The following sections list caveats that have been resolved with Cisco IOS Release 12.4(22)YE2. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE2.
•
Description: When a loopback interfaces is configured as the charging source address, and GGSN service has been disabled using the no gprs service global configuration command, the loopback interface cannot be unconfigured.
•
During periods of high stress conditions (>99 % CPU) for several hours for service-aware PDP contexts, a service-aware PDP context might remain in memory after that call is released.
•
When a create PDP context request is received that has an IP source address that is different from the SGSN address for signalling and data, the signalling message received on the path statistics does not increment correctly. This condition occurs only when the IP source address is different from the SGSN address for signalling and data.
•
Under very rare conditions, the Cisco GGSN might end up with stale PDP contexts when different GTP version create PDP context requests with different Restart values are received from different SGSNs (signaling and data different), and the different restart values are received within a duration of less than 60 seconds.
•
A Cisco router running the Cisco GGSN software made a spurious memory access while trying to send an Simple Network Management Protocol (SNMP) trap when PDP contexts were rejected due to low memory. This condition occurs only when the PDP contexts are rejected due to low memory and traps were configured.
•
The APN counter is not incremented as expected under the show gprs charging status charging-group <> command output. This condition is seen with the following steps:
Configure Charging-group (CGG1) under APN1 and disable charging globally.
2) Create PDP context for APN1 and make sure it is not generating any CDRs.
3) Delete the PDP context.
4) Enable charging in GGSN and create a PDP context. Make sure the PDP is generating CDRs.
•
The Cisco GGSN sends 3GPP TS 32.215 Release 7 charging info, radio access technology (RAT), User Location, and MS TimeZone, even when the configured charging configuration is earlier than Release 7.
•
Due to missing 3GPP specifications, the Cisco GGSN might mix two PDP sessions into one when one of the following scenarios occurs:
–
–
•
Under rare conditions, a fatal error might occur with GTP parsing of PPP.
•
Some Cisco GGSN processors on the standby SAMI reload with an "RF induced self-reload" syslog message.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI software caveats that are resolved in Cisco IOS Release 12.4(22)YE2.
•
I/O memory depleted if a packet has ICMP source and destination IP addresses that are the same as the PPC interface IP address
If a packet has an ICMP source and destination IP address that is the same as the PPC interface IP address, the SAMI runs out of I/O memory, and the following message appears:
%SYS-2-MALLOCFAIL: Memory allocation of 1708 bytes failed from 0x45407D18, alignment 32
•
The Cisco SAMI does not set the DBUS trust bit to 1, which in turn causes the Cisco 7600 series router to remark the DSCP of the packets.
Miscellaneous Resolved Caveats
This section lists additional caveats that are resolved in Cisco IOS Release 12.4(22)YE2.
•
Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sccp.shtml.
•
Cisco IOS Software configured with Authentication Proxy for HTTP(S), Web Authentication or the consent feature, contains a vulnerability that may allow an unauthenticated session to bypass the authentication proxy server or bypass the consent webpage.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090923-auth-proxy.shtml
•
A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP).
A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process.
A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP).
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml
•
Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.
Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.
•
Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml.
•
Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-tcp.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.
Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.
•
The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml.
•
The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml.
Caveats - Cisco IOS Release 12.4(22)YE1
This section contains the following types of caveats that apply to Cisco GGSN Release 9.2, Cisco IOS Release 12.4(22)YE1 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(22)YE1.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
The Cisco GGSN is unable to establish a session with the iSCSI target due to low memory. This condition occurs when there is a continuous, and higher rate of generated closed CDRs on the GGSN than the GGSN-to-iSCSI transfer rate can handle, leading to CDR accumulation on the GGSN.
Workaround: To ensure that the Cisco GGSN has sufficient memory to establish an iSCSI session to drain the pending CDRs, set the GGSN CDR triggers properly to avoid long durations of generated closed CDRs. Additionally, configure the GGSN memory trap so that when the GGSN reaches its memory threshold, no additional PDP sessions are sent into the GGSN using SLB DFP.
•
In a redundant configuration, a new Standby Cisco SAMI (formerly the Active SAMI) might perform an extra reload.
This condition occurs with an Active-Standby configuration after a switchover. The extra reload is seen intermittently, with approximately 3 percent of switchovers.
Workaround: There is currently no known workaround.
•
After a reboot, traffic from the user data plane does not leave the Cisco GGSN any longer because no Address Resolution Protocol (ARP) entry exists on the GGSN for the default route (next hop, Cisco CSG2).
This condition occurs only when the redirect all ip command is configured when running new CEF code. The new CEF code introduces neighbor resolution optimization (enabled by default) which has issues with ARP packet handling.
Workaround: Disable the optimization by using the no ip cef optimize neighbor resolution command on the Cisco GGSN.
•
When the Cisco GGSN charging service mode is moved from operational to maintenance, and then back to operational while call data records (CDRs) are being written to the iSCSI backup target, a few CDRs might get written to the iSCSI target twice.
Workaround: There is currently no known workaround.
•
During periods of high stress conditions (>99 % CPU) for several hours for service-aware PDP contexts, a service-aware PDP context might remain in memory after that call is released.
Workaround: Manually clear the PDP context using the clear gprs gtp pdp-context command.
•
When a create PDP context request is received that has an IP source address that is different from the SGSN address for signalling and data, the signalling message received on the path statistics does not increment correctly. This condition occurs only when the IP source address is different from the SGSN address for signalling and data.
Workaround: There is currently no known workaround.
•
Under very rare conditions, the Cisco GGSN might end up with stale PDP contexts when different GTP version create PDP context requests with different Restart values are received from different SGSNs (signaling and data different), and the different restart values are received within a duration of less than 60 seconds.
Workaround: There currently is no known workaround.
•
Although the redundancy states Active-Standby are established, the reload peer command does not reload the peer. Debugs show that peer is reloaded upon redundancy reload peer command execution.
Workaround: Execute the reload on the peer by logging into the console.
•
The Cisco GGSN does not remove the path to the secondary charging gateway even after the gateway is down.
Workaround: There is no known workaround.
•
Workaround: Wait until the configured number of status queries before deleting the corresponding PDP.
•
The new Standby Cisco SAMI (formerly Active Cisco SAMI) might perform an extra reload after a switchover. This reload is seen intermittently after an Active-Standby switchover (approximately 3%).
Workaround: There is currently no known workaround.
•
The "umts qos_neg" field displayed when the show gprs gtp pdp tid <> executed is not expected after sending a COA update.
Workaround: There is currently no known workaround.
•
Cisco router running the Cisco GGSN software made a spurious memory access while trying to send an SNMP trap when PDP contexts were rejected due to low memory. This condition occurs only when the PDP contexts are rejected due to low memory and traps were configured.
Workaround: There is currently no known workaround.
•
The APN counter is not incremented as expected under the show gprs charging status charging-group <> command output. This condition is seen with the following steps:
Configure Charging-group (CGG1) under APN1 and disable charging globally.
2) Create PDP context for APN1 and make sure it is not generating any CDRs.
3) Delete the PDP context.
4) Enable charging in GGSN and create a PDP context. Make sure the PDP is generating CDRs.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveats
This section lists the SAMI-specific caveats that are open in Cisco IOS Release 12.4(22)YE1.
•
The Cisco SAMI does not set the DBUS trust bit to 1, which in turn causes the Cisco 7600 series router to remark the DSCP of the packets.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(22)YE1.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: Manually delete the debug message entries by setting the cTap2DebugStatus object to 6 (destroy).
Resolved Caveats
The following sections list caveats that have been resolved with Cisco IOS Release 12.4(22)YE1. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section list the GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(22)YE1.
•
Description: The Cisco GGSN currently does not have a way to send a quota of 0 when the DCCA server is unavailable due to server timeout or when server is down. The GGSN needs to send quota of 0 with cause code of 4 for handling the case of free service.
•
Cisco IOS devices that are configured with Cisco IOS Zone-Based Policy Firewall Session Initiation Protocol (SIP) inspection are vulnerable to denial of service (DoS) attacks when processing a specific SIP transit packet. Exploitation of the vulnerability could result in a reload of the affected device.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available within the workarounds section of the posted advisory.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
•
Description: When reporting usage owing to the Quota Holding Timer (QHT) expiry, the Cisco GGSN includes the Requested-Service-Unit AVP in the Multiple Services Credit Control (MSCC).
This condition is seen when the GGSN is sending a CCR-Update owing to the QHT expiration.
•
Cisco IOS Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available and are documented in the workarounds section of the posted advisory.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
•
A vulnerability exists in Cisco IOS software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml.
•
A vulnerability exists in Cisco IOS software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml.
•
A vulnerability exists in Cisco IOS software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml.
•
Cisco IOS Software with support for Network Time Protocol (NTP) version (v4) contains a vulnerability processing specific NTP packets that will result in a reload of the device. This results in a remote denial of service (DoS) condition on the affected device.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available and are documented in the workarounds section of the posted advisory.
This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
•
PDPs remain in a pending state for creates if the IP address pool has exhausted its available IP addresses. This condition is seen when the create PDP context request is assigned an IP address via downloadable pool name support on an APN (ip-address-radius-client access-point configuration command) and the IP address pool has exhausted its available addresses.
•
cTap2StreamInterceptEnable cannot be set to True (enabled) unless a stream is added and set to active. However, when the stream is deleted, cTap2StreamInterceptEnable remains in a True state when it should be set to False (disabled), or alternatively, the True state should prevent the stream from being deleted.
•
A vulnerability exists in Cisco IOS software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml.
•
Service-aware PDP contexts might remain in memory after a call is released. This condition might occur under high stress condition (>99% CPU) for several hours for service-aware PDPs.
•
A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition on an affected device when the Cisco Unified Border Element feature is enabled. Cisco has released free software updates that address this vulnerability. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml.
•
Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.
•
Description: Changing the Cisco GGSN charging configuration while billing records are being sent causes the GGSN to receive a fatal error. This condition is observed while billing records are being sent to an active Billing Mediation Agent (BMA) and the GGSN charging configuration is being changed at the same time.
•
Spurious memory access error message and tracebacks related to UMTS service policy might occur during PDP context creation. This condition might occur when PDPs with police and CAC policy are created and deleted, and the police policy is then unconfigured. The traceback might be seen when the PDP context is recreated.
•
The Cisco GGSN sometimes reloads when starting and stopping service gprs ggsn. This condition was seen after running a prepaid standalone feature test script, unconfiguring service gprs ggsn, and running a similar prepaid script again by first enabling service gprs ggsn.
•
A vulnerability exists in Cisco IOS software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml.
•
For a service-aware PDP, the CDR is closed for every service record due to an "sgsn-change," with a closure cause as sgsn-change when an update request is received with an SGSN change.
This condition occurs when the categories are armed with the SGSN trigger, and also only when the sgsn-change-limit is disabled or configured to a value anything other than 0 in the charging profile.
•
An extra Framed-Route is added as a Network-Behind-MS (NBMS) route in certain scenarios. This Framed-Route appears as first the NBMS route.
This condition occurs after the following sequence of events:
–
–
–
•
On charging gateway switchover, the Cisco GGSN sends pending and closed CDRs to the new active charging gateway only after charging collection timer expires.
•
The Cisco GGSN increments successful dynamic IPv6 PDP activation counter displayed under show gprs access-point statistics command, even when the IPv6 create PDP context request contains an invalid user. This issue is seen only for IPv6 PDPs.
•
The Cisco GGSN does not CEF switch down-link data traffic when the PPP-Regeneration allow-duplicate option is used. This condition is seen for any PDPs created when the PPP-Regeneration allow-duplicate option is used, even when the PDP addresses are unique.
•
If a new incoming PDP hits more than one set next-call debug condition, it will remove all of them rather than only remove one according to the priority. If a new incoming PDP hits more than one set next-call debug conditions, it will remove all of them rather than only remove one according to the priority.
•
When a QoS update occurs for a GTPv0 service aware postpaid PDP with a QoS trigger enabled, the categories are not affected. This condition occurs only with postpaid PDPs with the GGSN acting as the quota server with DCCA disabled.
•
The CISCO-GGSN-EXT-MIB is not accessible on Cisco GGSN Release 9.0 when the MIB is queried using the OID, 1.3.6.1.4.1.9.9.647.
•
A traceback seen in the Cisco GGSN after reloading the Cisco SAMI.
•
A PPP session setup failed because of a missing sequence number in the T-PDU packet.
•
A traceback is shown while reloading the Cisco GGSN. This reload only occurs with a route reload with a Cisco GGSN image that does not have service gprs ggsn configured.
•
The Cisco GGSN rejects any charging message when the charging source is configured under VRF. This condition occurs only when the charging source interface is configured under VRF.
•
There is traceback seen when configuring service gprs ggsn. This condition occurs when the ggsn service is removed (no service gprs ggsn) and then reconfigured (service gprs ggsn).
•
The Cisco GGSN running the Release 9.0 image encounters a CPU spike on the SNMP-ENGINE process when a snmpwalk is made over ciscoGprsAccPtMIB. This condition occurs when querying ciscoGprsAccPtMIB when there are existing PDPs.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI software caveats that are resolved in Cisco IOS Release 12.4(22)YE1.
•
Some debug information, such as show tech and show sami config-mode, might be missing from the debug-info files that generate prior to a reload following a critical error. This failure to collect all debug-info files rarely occurs, and the condition under which it occurs is unknown.
Miscellaneous Resolved Caveats
This section lists additional caveats that are resolved in Cisco IOS Release 12.4(22)YE1.
•
On Cisco GGSN R9.0, when the show record-storage-module target-info all detail command is executed while an iSCSI session is being torn down, spurious memory access is observed. The spurious memory access is observed only when the show command output is displayed while the iSCSI session is being torn down and terminal length is not 0.
•
With iSCSI link flaps, stale file systems remain in the system. Once the stale file descriptors reach the max supported limit, iSCSI link doesn't come up as new filesystem can not be created. GGSN box would need a reload to clear the stale file systems.
Caveats - Cisco IOS Release 12.4(22)YE
This section contains the following types of caveats that pertain to Cisco IOS Release 12.4(22)YE.
Open Caveats—Cisco GGSN
Note
This section documents possible unexpected behavior by Cisco IOS Release 12.4(22)YE and describes only severity 1 and 2 caveats and select severity 3 caveats.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: Manually delete the debug message entries by setting the cTap2DebugStatus object to 6 (destroy).
•
Service-aware PDP contexts might remain in memory after a call is released. This condition might occur under high stress condition (>99% CPU) for several hours for service-aware PDPs.
Workaround: Manually clear the PDP contexts using the clear gprs gtp pdp-context command.
•
A reload of a Standby GGSN causes the Active GGSN to reload. This condition occurs with HSRP version 2 when different HSRP standby group numbers are configured on the interfaces.
Workaround: Follow the recommended configuration for HSRP for GTP Session Redundancy, which is to use the same standby group number for all interfaces.
•
In a redundant configuration, a new Standby Cisco SAMI (formerly the Active SAMI) might perform an extra reload.
This condition occurs with an Active-Standby configuration after a switchover. The extra reload is seen intermittently, with approximately 3 percent of switchovers.
Workaround: There is no known workaround.
•
Spurious memory access error message and tracebacks related to UMTS service policy might occur during PDP context creation. This condition might occur when PDPs with police and CAC policy are created and deleted, and the police policy is then unconfigured. The traceback might be seen when the PDP context is recreated.
Workaround: To avoid the spurious memory access message and tracebacks, do not remove UMTS service policies once they are configured under the APN.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
After a reboot, traffic from the user data plane does not leave the Cisco GGSN any longer because no Address Resolution Protocol (ARP) entry exists on the GGSN for the default route (next hop, Cisco CSG2).
This condition occurs only when the redirect all ip command is configured when running new CEF code. The new CEF code introduces neighbor resolution optimization (enabled by default) which has issues with ARP packet handling.
Workaround: Disable the optimization by using the no ip cef optimize neighbor resolution command on the Cisco GGSN.
•
The Cisco GGSN is unable to establish a session with the iSCSI target due to low memory. This condition occurs when there is a continuous, and higher rate of generated closed CDRs on the GGSN than the GGSN-to-iSCSI transfer rate can handle, leading to CDR accumulation on the GGSN.
Workaround: To ensure that the Cisco GGSN has sufficient memory to establish an iSCSI session to drain the pending CDRs, set the GGSN CDR triggers properly to avoid long durations of generated closed CDRs. Additionally, configure the GGSN memory trap so that when the GGSN reaches its memory threshold, no additional PDP sessions are sent into the GGSN using SLB DFP.
•
An extra Framed-Route is added as a Network-Behind-MS (NBMS) route in certain scenarios. This Framed-Route appears as first the NBMS route.
This condition occurs after the following sequence of events:
–
–
–
Workaround: Ensure that the RADIUS server is configured to return only a Framed-Mask of 32 bits.
Open Caveats—Cisco SAMI
This section lists the SAMI caveats that are open with Cisco IOS Release 12.4(22)YE.
•
On the Cisco SAMI, TTL processing/decrementing does not occur for IP packets.
Workaround: There is no known workaround.
•
Under rare conditions, the Cisco SAMI PPC might encounter a fatal error during an image download/reload process, and display the following log at the PPC console:
%PLATFORM-0-SAMI_INVALID_SLOT_ID: Invalid slot id 0 in ROMMON cookie at Xfollowed by a traceback.
This fatal error occurs during an image upgrade of a PPC, or a PPC reload sequence for any reason. The PPC starts up properly on subsequent reloads.
Workaround: There is no known workaround.
Open Caveats—Other
This section lists additional caveats that are open and apply to Cisco IOS Release 12.4(22)YE.
•
cTap2StreamInterceptEnable cannot be set to True (enabled) unless a stream is added and set to active. However, when the stream is deleted, cTap2StreamInterceptEnable remains in a True state when it should be set to False (disabled), or alternatively, the True state should prevent the stream from being deleted.
Workaround: There is no known workaround.
Resolved Caveats—Other
The following caveats are resolved in Cisco IOS Release 12.4(22)YE. This section describes only severity 1 and 2 caveats, and select severity 3 and 4 caveats.
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
Related Documentation
Except for feature modules, documentation is available as printed manuals or electronic documents. Feature modules are available online on Cisco.com.
Use these release notes with these documents:
•
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.4 and are located at Cisco.com:
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Release Notes
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 T > Release Notes
Note
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline
Platform-Specific Documents
These documents are available for the Cisco 7600 series router platform on Cisco.com and the Documentation CD-ROM:
•
•
–
–
–
Cisco 7600 series router documentation is available at:
http://www.cisco.com/en/US/products/hw/routers/ps368/products_installation_guides_books_list.html
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference guide. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference guide list command syntax information. Use each configuration guide with its corresponding command reference. On Cisco.com at:
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References > Configuration Guides
Note
Implementing GGSN Release 9.x on the Cisco SAMI
The following sections list related documentation (by category and then by task) to use when you implement a Cisco GGSN on the Cisco SAMI platform.
General Overview Documents
Core Cisco 7609 Router Documents
http://cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
Documentation List by Task
For the most up-to-date list of documentation on the Cisco 7600 series router, refer to the Cisco 7600 Series Routers Documentation Roadmap on Cisco.com at:
http://cisco.com/en/US/products/hw/routers/ps368/products_documentation_roadmap09186a00801ebed9.html
Getting Started
•
http://cisco.com/en/US/products/hw/routers/ps368/products_quick_start09186a0080092248.html
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/rcsi/index.html
Unpacking and installing the Cisco 7609 router:
•
http://cisco.com/en/US/products/hw/routers/ps368/products_installation_guide_book09186a008007e036.html
Installing the Supervisor module and configuring the router (basic configuration, such as VLANs, IP):
•
http://cisco.com/en/US/products/hw/routers/ps368/products_module_installation_guide_book09186a008007cd9d.html
•
Installing and completing the Cisco SAMI configuration:
•
http://cisco.com/en/US/products/hw/routers/ps368/products_module_installation_guide_book09186a008007cd9d.html
•
http://www.cisco.com/en/US/docs/wireless/service_application_module/sami/user/guide/samiv1.html
Downloading the Cisco IOS software image containing GGSN feature set and configuring GGSNs on the SAMI:
•
http://www.cisco.com/en/US/products/sw/wirelssw/ps873/tsd_products_support_series_home.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the Cisco GGSN Release 9.0 Configuration Guide and the Cisco GGSN Release 9.0 Command Reference publications.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Copyright © 2011, Cisco Systems, Inc.
All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)