Release Notes for the Cisco 10000 Series ESR for Cisco IOS Release 12.2(4)BZ2
October 7, 2002
These release notes provide information about Cisco IOS Release 12.2(4)BZ2, which provides broadband aggregation features for the Cisco 10000 series edge services router (ESR).
These notes are identical to the release notes for Cisco IOS Release 12.2(4)BZ1, but were updated to include fixes for caveats discovered and resolved since the release of Cisco IOS Release 12.2(4)BZ1 (see Resolved Caveats in Cisco IOS Release 12.2(4)BZ2).
These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode and related documents.
Cisco IOS Release 12.2(4)BZ2 is based on the following releases:
Cisco IOS Release 12.2(4)BZ1
Cisco IOS Release 12.0(19)SL for features specific to the Cisco 10000 series ESR
Cisco IOS Release 12.2B for platform-independent features
To review the release notes for Cisco IOS Release 12.0(19SL, go to www.cisco.com and click Technical Documents > Aggregation > Cisco 10000 Series Edge Services Routers > Cisco 10000 Series ESR Release Notes > Release Notes for the Cisco 10000 Series ESR for Cisco IOS Release 12.0(19)SL.
To review the release notes for Cisco IOS Release 12.2, go to www.cisco.com and click Technical Documents. Select Release 12.2 from the Cisco IOS Software drop-down menu. Then click Cisco IOS Release Notes > Cisco IOS Release 12.2.
For specific information about upgrading your Cisco 10000 series ESR to a new software release, see the Cisco 10000 Series ESR Software Configuration Guide.
For general information about upgrading to a new software release, see the product bulletin Cisco IOS Upgrade Ordering Instructions located at:
This broadband aggregation image requires that you have the PRE1 version (part number ESR-PRE1) of the Performance Routing Engine (PRE) installed in the Cisco 10000 series ESR chassis. To verify which PRE is installed in the ESR, use the show version command.
New Features in Cisco IOS Release 12.2(4)BZ1
This section lists the new features and improvements that are supported in Cisco IOS Release 12.2(4)BZ1. For more information, see the Cisco 10000 Series ESR Broadband Aggregation Feature Guide.
Access Protocols
PPPoE over Ethernet
PPPoE over IEEE 802.1Q VLANs
Aggregation and Virtual Private Networks
MPLS VPNs
Overlapping IP Address Pools
PPPoA to MPLS VPN
PPPoE to MPLS VPN
IP and Routing
IP Multicast
Managed L2TP Network Server
Overlapping IP Address Pools
PPP in L2TP Terminated (LNS) to VRF
VPDN Session Limiting per VRF
PPPoA Terminated (PTA) to VRF
PPPoE Terminated (PTA) to VRF
Per VRF AAA
Quality of Service
MPLS VPNs
Overlapping IP Address Pools
Per Session Rate Limiting
Per Session Service Policy
Remote Access to MPLS VPN
MPLS VPNs
PPPoA to MPLS VPN
PPPoE to MPLS VPN
Overlapping IP Address Pools
Traffic Filtering
ACLs per Session
Cisco 10000 Series ESR Software Features
Table 1 lists the leased line features based on Cisco IOS Release 12.0(19)SL, and supported in the Cisco 10000 series ESR.
Authentication, Authorization, and Accounting (AAA)
Kerberos authentication and client support on Telnet
RADIUS authentication
Terminal Access Controller Access Control System Plus (TACACS+)
Limitations and Restrictions
This section describes any limitations and restrictions that you should review before you use the Cisco 10000 series ESR.
Pre-cloning
To avoid a situation in which the Cisco 10000 series ESR runs out of memory, we recommend that you do not configure pre-cloning on virtual access interfaces.
AAA Method Lists
Cisco IOS Release 12.2(4)BZ1 supports a maximum of 99 authentication, authorization, and accounting (AAA) method lists. If you configure more than 99 AAA method lists using the aaa authentication ppporaaa authorizationnetwork command, traceback messages appear on the console.
Remote Access MPLS VPNs
With PPPoAoE configured, the Cisco 10000 series ESR running Cisco IOS Release 12.2(4)BZ1 supports only one remote access MPLS VPN.
RBE Sub-interfaces with Per session rate limiting
With Cisco IOS Release 12.2(4)BZ1, the Cisco 10000 series ESR supports a maximum of 2,000 RBE RFC 1483 routed sub-interfaces with per-session rate limiting.
Unshaped UBR PVCs
Cisco IOS Release 12.2(4)BZ1 supports a maximum of 8000 unshaped UBR VCs on the OC-12 ATM line card. An unshaped UBR PVC is a PVC that has no rate configured on it. You can configure up to 16,000 shaped UBR VCs per port on the OC-12 line card if you configure the VCs with a shaped rate less than 299 Mbps.
Controlling the Rate of Logging Messages
It is important that you limit the rate that system messages are logged by the Cisco 10000 series ESR. This helps to avoid a situation in which the router becomes unstable and the CPU is overloaded. To control the output of messages from the system, use the logging rate-limit command.
We recommend that you configure the logging rate-limit command as follows:
Router(config)# logging rate-limit console all 10 except critical
This rate-limits all messages to the console to 10 per second, except for messages with critical priority (level 3) or greater.
For more information on the logging rate-limit command, see the Cisco IOS Configuration Fundamentals Command Reference.
Testing Performance of High-Speed Interfaces
Cisco IOS software running on the Cisco 10000 series ESR has multiple queues for all classes of traffic over high-speed interfaces. The software selects a queue based on the source and destination address for the packet. This ensures that a traffic flow always uses the same queue and the packets are transmitted in proper order.
When the Cisco 10000 series ESR is installed in a real network, the high-speed interfaces work efficiently to spread traffic flow equally over the queues. However, using single traffic streams in a laboratory environment may result in less-than-expected performance.
Therefore, to ensure accurate test results, you should test the throughput of the gigabit Ethernet, POS, or ATM uplink with multiple source or destination addresses.
Tip To determine if traffic is being properly distributed, use the show hardware pxf cpu queue command.
Important Notes
This section contains important issues that you should be aware of with Cisco IOS Release 12.2(4)BZ1.
Available Memory with Features Enabled
The features that you enable on the Cisco 10000 series ESR consume available memory which may affect the operational capability of the ESR. To help you manage the memory available for features, use the information in Table 2.
Table 2 Available Memory with Features Enabled and Sessions Established
Features
Number of Sessions
Memory Available
RA-MPLS
32,000 PPPoX with 99 VRF
40-50 MB
QoS Policing
32,000 Unidirectional PPPoX
26-29 MB
QoS Policing
24,000 Bidirectional PPPoX
54 MB
PPPoE over VLANs
1000 VLANs with 32,000 PPPoE
126 MB
Full Virtual-Access Interface (VAI)
18,000
44 MB
Provisioning for Scaling
Cisco engineers have identified several configuration parameters that enable the Cisco 10000 series ESR to scale the configuration. Please ensure that you have the following commands and parameters in your configuration. For more information about configuring the Cisco 10000 series ESR for the highest scaling, see the Cisco 10000 Series ESR Broadband Aggregation Feature Guide.
PPPoA sessions with IP QoS Static Routes
To scale to 32,000 PPPoA with IP QoS enabled, you must limit the number of IP QoS static routes to 4,000 unidirectional QoS static routes.
Call Per Second Rate
When the Cisco 10000 series ESR is configured as a PPPoEoE server, the call-per-second (CPS) rate that the router can support is related to the session configuration and existing session number. With a per-session configuration, such as an ACL or QoS, the time required to establish sessions increases. Also, with higher numbers of existing sessions, the time required to establish new sessions increases.
To help you configure the Cisco 10000 series ESR for the highest scaling, the CPS performance of the router was bench-marked, and the following characteristics were observed:
Using local authentication with no other per-session configuration such as ACL or QOS, the router can support up to 300 CPS after 16,000 existing sessions
Using local authentication, with an outbound ACL and service-policy for each session, the router can support up to 300 CPS or higher, even after 8,000 existing sessions.
AAA Authentication on the NME Port
If you use AAA authentication on the NME port, set both the in and out interface hold queues to 4096. For example:
Router(config)# int fe 0/1
Router(config-if)# hold-queue 4096 in
Router(config-if)# hold-queue 4096 out
Call Admission Control
For maximum scalability, we recommend that you set the Call Admission Control (CAC) to a maximum of 95. For example:
Router(config)# call admission limit 95
Inserting a New Line Card
Unlike other Cisco routers, if you insert a new or different line card into a Cisco 10000 series ESR chassis slot that previously had a line card installed, the line card initially reports that it is administratively up.
Resolved Caveats in Cisco IOS Release 12.2(4)BZ2
This section lists caveats that have been resolved in Cisco IOS Release 12.2(4)BZ2.
CSCdx47342
Previously, if you entered the show mpls forwarding command or the show tag forwarding command, the memory of the Cisco 10000 series ESR became corrupted, which caused the router to stop responding. This problem has been fixed.
CSCdy43587
Previously, if you attempted to configure a VT controller on the channelized OC-12 line card installed in the Cisco 10000 series ESR, the router did not configure the VT controller correctly. This problem has been fixed.
CSCdy45444
Previously, when a packet was received by the Cisco 10000 series ESR in an L2TP tunnel (on an interface with multiple ports or channels), and the packet was diverted to the Route Processor (RP), the channel ID in the divert header was sometimes incorrect, resulting in the packet being improperly processed. This problem has been fixed.
CSCdy63036
Previously, if you changed the maximum transmission unit (MTU) value for a gigabit Ethernet interface, the change did not take effect immediately for incoming packets. If you increased the MTU value, the PXF dropped large incoming packets. If you decreased the MTU value, large packets (that should have been dropped) were allowed through. This problem has been fixed.
CSCdy68051
Previously, for ATM interfaces on the Cisco 10000 series ESR, the drop statistics for mtu_too_big were incorrectly combined with the drop statistics for mtu_too_wee, and caused confusion during debug sessions. This problem has been fixed.
CSCdy66350
Previously, if you configured PBR on the Cisco 10000 series ESR with the set ip next-hop action, a PXF crash could occur. This problem has been fixed.
Workaround: Disable PBR or the associated action.
Open Caveats in Cisco IOS Release 12.2(4)BZ1
Table 3 describes Open Caveats in Cisco IOS Release 12.2(4)BZ1.
Table 3 Open Caveats in Cisco IOS Release 12.2(4)BZ1
Caveat
Description
CSCdt47926
If you enter the dir disk0 command from ROMMON mode on the Cisco 10000 series ESR, the router reloads unexpectedly. This happens only if you use new disks that are shipped directly from the disk manufacturer.
Workaround: Reformat the disk.
CSCdv77601
If you add configuration commands to an existing configuration that has a large number of VCs, CPU use may increase. For example, in laboratory tests, adding the encapsulation aal5mux ppp Virtual-Template2 command to an existing configuration of 8000 VCs caused CPU use to increase.
Workaround: Add configuration commands when you create the VC configuration.
CSCdw09973
If you configure ToS on a virtual template, the inner (users) IP ToS settings are reflected in the outer L2TP IP ToS settings.
Workaround: There is currently no workaround.
CSCdw35723
If you copy the configuration of the router from bootflash or a TFTP server, the PerVRF Server definitions are not correctly restored, and the following error message appears on the console:
% Unknown VRF name=<vpn#>
Workaround: Manually configure the PerVRF Server definition using the ip vrf forwarding <vpn> command.
CSCdw36797
If PPPoE is configured on the router, the output of the show vpdn session packets command does not include locally-generated packets (ping packets sent to the PPPoE client) in the output fields, while packets that are passing through are included correctly.
Workaround: Use the show int virtual-access x.y command to display locally generated packets correctly.
CSCdw47382
If you configure the OC-12 ATM line card with more than 8000 unshaped UBR PVCs, and more than 8000 UBR PVCs are active, the SAR firmware on the line card experiences buffer leaks. This results in a reduced buffer pool for active VCs as well as an SAR firmware failure.
Workaround: Use shaped UBR with a shaped rate less than 299 Mbps. The OC-12 ATM line card supports up to 16000 shaped UBR PVCs per port.
CSCdw61985
If you remove the PVC range for active PPPoA sessions, the following traceback message appears on the console:
The Cisco 10000 series ESR may reload unexpectedly during incoming authentication if the AAA method-type (that is using MS-CHAP) on the virtual-template is undefined, or if the user fails authentication.
Workaround: Delete the AAA method list before deleting the AAA method list that is configured on the virtual-template, or the configuration that refers to the AAA method list. Also, verify that the username is defined in either RADIUS or on the LNS.
CSCdw74379
If you add static routes to the Cisco 10000 series ESR configuration, traceback messages appear on the console.
Workaround: There is currently no workaround.
CSCdw77563
If you enter the server-private command on the Cisco 10000 series ESR, the following warning message appears on the console:
%RADIUS-4-NOSERV: Warning: Server <IP-addr > is not defined
Workaround: There is currently no workaround. However, this problem does not affect the functionality or performance of the router.
CSCdw80543
If you configure 32,000 PPPoA sessions with IP QoS marking functionality, the remaining memory on the Cisco 10000 series ESR decreases to 26-29 MB.
Workaround: There is currently no workaround.
CSCdw90713
When you enter the show run command on a Cisco 10000 series ESR that is configured for remote access MPLS with 32,000 PPPoA sessions and 32,000 VRF routes, malloc failure occurs.
Workaround: There is currently no workaround. If you reduce the number of VRF routes in the configuration, you are unlikely to experience this problem.
CSCdx08689
If you clear an L2TP session on a Cisco 10000 series ESR that is configured as an LNS by entering the clear int vi4.xx command, accounting attributes 52,53.43,48 may contain incorrect values.
Workaround: There is currently no workaround.
CSCdx10298
If you clear VRF routes, spurious memory access problems may occur on the Cisco 10000 series ESR.
Workaround: There is currently no workaround.
CSCdx21007
If an LCP mismatch occurs with either the MTU size or authentication method between the LAC and the Cisco 10000 series ESR (that is configured as an LNS with CHAP/PAP), AAA accounting and VRF domain stripping may not work.
Workaround: Configure the lcp renegotiation on-mismatch command under the vpdn-group. For example:
If the Cisco 10000 series ESR has PPPoEoE sessions on a Gigabit Ethernet (GE) interface, and you add the first VLAN sub-interface, and you continue to build more PPPoEoE sessions on the GE interface, the router may crash after you enter the clear pppoe session command followed by the show pppoe session command.
Workaround: Shut down the GE interface before you add the VLAN sub-interface. Wait for all the PPPoEoE sessions to timeout instead of using the clear pppoe session command.
CSCdx27736
If you download IP Pools from a AAA server to the Cisco 10000 series ESR, the following message may appear on the console:
%SCHED-3-UNEXPECTEDEVENT: Process received unknown event (maj 80, min 0).
-Process= "PPP IPCP", ipl= 0, pid= 77
Workaround: There is currently no workaround. However, this problem does not affect the functionality or performance of the router.
CSCdx41630
If you remove an existing ACL from the configuration of the Cisco 10000 series ESR, and reconfigure the ACL, CPU HOG messages may appear on the console.
Workaround: There is currently no workaround. However, this problem does not affect the functionality or performance of the Cisco 10000 series ESR.
CSCdx42869
If you configure an Access List on a virtual template, the setup time for sessions may increase.
Workaround: There is currently no workaround.
CSCdx43070
The input rate-limited data on an ATM interface with a UBR PVC on the Cisco 10000 series ESR may exceed the configured police rate of the policy-map.
Workaround: There is currently no workaround.
CSCdx45033
If you enter the clear counters command to clear virtual-access sub-interface counters, the counters are not cleared.
Workaround: Clear the session by entering the clear int virtual-access <x>.<y> command.
CSCdx45925
Outbound ACLs configured with AAA per-user have no effect.
Workaround: To avoid this problem, use a locally configured ACL and include one of the following in the configuration:
Add the ip access-group in/out command under the virtual-template.
Add the lcp:interface-config=ip access-group in/out command under a RADIUS per-user VSA.
Use the ACL default Direction feature by including the radius-server attribute 11 direction default command. Then, on the RADIUS server , use attributes 11 Filter-ID to choose the ACL.
CSCdx48570
If you have a high number of PPPoEoA sessions in a VRF, and you redistribute them using the RIP routing protocol, Version 2, and reset the BGP session using the clear ip bgp* command, the router may reload unexpectedly.
Workaround: Instead of using the full VRF routing table, send a summary route using RIP.
CSCdx52139
If you attempt to download two non-contiguous IP pools from a AAA server to the Cisco 10000 series ESR, PPPoX sessions only use the first IP pool
Workaround: Create a single pool.
CSCdx52886
If you attempt to download two non-contiguous IP pools from a AAA server to the Cisco 10000 series ESR, the second IP pool overwrites the first one.
Workaround: Create a single pool for all the PPPoX sessions. For example, if you want to create 300 sessions, create a pool with 300 IP addresses.
CSCdx61206
PPPoE over 802.1q VLAN sessions on the Cisco 10000 series ESR may take over 20 minutes to timeout after you remove or shut down the VLAN sub-interface.
Workaround: Enter the no pppoe enable command under the VLAN sub-interface before you remove or shut down the interface.
CSCdx61259
If the Cisco 10000 series ESR is configured for PPPoE VRF VPNs, PPPoA VRF VPNs, PPPoA with multicast, and PPPoA, the router may reload unexpectedly.
Workaround: There is currently no workaround.
CSCdx61323
If you configure 32,000 RFC 1483 RBE subinterfaces, the Cisco 10000 series ESR may run out of memory and reload unexpectedly.
If you configure the first VLAN subinterface, or remove the last VLAN interface on a Gigabit Ethernet interface, all the PPPoEoE sessions on the physical interface are cleared.
Workaround: There is currently no workaround.
CSCdx64344
If you configure the Cisco 10000 series ESR as a PE device, with 32,000 PPPoAoA and PPPoE sessions in a VRF VPN, and the ESR is receives BGP route information (with greater than 10,000 routes) from other PE routers, the ESR may consume an excessive amount of memory.
Workaround: There is currently no workaround.
CSCdx67501
The Cisco 10000 series ESR may run out of memory if you configure either 32,000 RBE subinterfaces with IP numbered interfaces, or 32,000 RFC 1483 routed ATM sub-interfaces with IP numbered interfaces.
Workaround: To scale up to 32,000 RBE sessions, use ip unnumbered subinterfaces.
CSCdx67749
If you enter the clear pppoe all command when there are greater than 20,000 PPPoE sessions active on the Cisco 10000 series ESR, Process Thrashing traceback messages may appear on the console.
Workaround: There is currently no workaround.
CSCdx67969
If you attach a VC class to a PVC on the Cisco 10000 series ESR, spurious memory access traceback messages may appear on the console.
Workaround: There is currently no workaround.
CSCdx69956
If you configure PPP idle timeout threshold under a virtual-template or the RADIUS attribute Idle-timeout, PPP sessions do not disconnect properly.
Workaround: There is currently no workaround.
CSCdx70422
If you configure three queues and a class map, and the queues receive traffic, the values displayed in the class map counters are double the actual traffic.
Workaround: There is currently no workaround. However, if you divide the value displayed in the class map counters by two, the result is accurate.
CSCdx76665
If the Cisco 10000 series ESR is transmitting and receiving MPLS traffic, or MPLS over Generic Routing Encapsulation (GRE) traffic, the Parallel eXpress Forwarding network processors on the PRE may crash.
Workaround: There is currently no workaround.
CSCdx76787
If the keepalive period for PPP sessions is configured for 60 seconds, and you enter the debug ppp packet command, the debug output does not show information for every keepalive packet.
Workaround: There is currently no workaround. However, this only affects the debug messages, and does not affect the feature.
CSCdx76920
If you perform a 1024-byte sweep ping (with the DF bit set) from a customer edge (CE) router that is connected to the Cisco 10000 series ESR over an RFC 1483 VPN, the PRE installed in the ESR may experience a PXF crash.
Workaround: There is currently no workaround.
CSCdx77345
In a laboratory test, with 300 multicast and 16,000 sessions configured on the Cisco 10000 series ESR, the ESR reloaded unexpectedly as ATM interfaces were configured, and de-configured many times.
Workaround: There is currently no workaround. However, the action required to cause this problem is considered extreme in a normal ESR installation, and you are unlikely to experience this problem.
CSCdx78109
If the Cisco 10000 series ESR is receiving traffic, and you modify the match access-group command under a class map, CPU HOG traceback messages may appear on the console.
Workaround: There is currently no workaround.
CSCdx78960
If you enter the clear pppoe all command with 32,000 sessions active on the Cisco 10000 series ESR, CPU HOG and Card Up/Down traceback messages appear on the console.
Workaround: There is currently no workaround.
CSCdx79296
If there are greater than 12,000 PPPoX sessions active on the Cisco 10000 series ESR, and you attach a QoS ACL class map, or you remove a QoS ACL class map in a policy map, CPU HOG traceback messages appear on the console, and the line cards may disconnect the sessions and become disabled.
Workaround: Configure the QOS ACLs before you establish the sessions. If you need to remove a QoS ACL class map from a policy map for a maximum of 12,000 sessions.
CSCdx82369
If two Cisco 10000 series ESRs are connected back-to-back, and you enter the clear ip mroute command on both ESRs, and the igmp query interval is set to 100, the line cards may stop functioning properly.
Workaround: There is currently no workaround.
CSCdx82771
If you enter the mtu <bytes> command for any value other than the default (1500), the clns mtu <bytes> command is also added to the configuration, which forces the use of a full virtual-access interface instead of a virtual-access subinterface.
Workaround: After you enter the mtu <bytes> command under a virtual template, remove the clns mtu <bytes> command by entering the no clns mtu <bytes> command.
CSCdx85133
If you establish a PPPoE L2TP tunnel over an OC-3 connection, LCP packet failures may occur, and the tunnel may fail to come up.
Workaround: Enter the class-int command with encapsulation aal5snap and protocol pppoe.
CSCdx85327
In some circumstances, the Cisco 10000 series ESR may use full virtual access interfaces instead of sub virtual access interfaces and consume an excessive amount of memory. Examples of configurations that could cause this condition include configurations with the no keepalive command, and configurations with an LCP interface with the config-ip-vrf forwarding vrf name command.
The following list shows the remaining memory for the number of sessions indicated:
19000 sessions—42 MB Memory
20000 sessions—25 MB Memory
21000 sessions—4 MB Memory
Workaround: If you must use full virtual access interfaces, limit the number of sessions to 21,000, or avoid configurations that use full virtual access interfaces.
CSCdx86733
The values for packets/bytes in/out as reported in the output of the show interface virtual-access command, or sent to the RADIUS server as part of the collection statistics, are not accurate in the case of L2TP re-assembly on the LNS.
Workaround: There is currently no workaround. However, traffic is not affected
CSCdx86735
If you have full virtual access configured on the Cisco 10000 series ESR, and you enter the no logging event link-status command under a virtual template, and the virtual access state changes from up to down, an event link-status message is logged.
Workaround: There is currently no workaround. However, this only occurs with ESRs configured to use full virtual access. ESRs configured to use sub virtual access are not affected.
CSCdx89083
If you remove a service policy from the configuration, and you enter the show policy-map interface command, the output may show incorrect counter values.
Workaround: There is currently no workaround.
CSCdx89990
If you remove an IP VRF configuration from a GRE tunnel, traceback messages may appear on the console.
Workaround: There is currently no workaround.
CSCdx91570
As the number of unreachable IP packets transmitted by the Cisco 10000 series ESR increases, the forwarding performance of the router may be affected as the PXF Context Utilization approaches 100%.
Workaround: There is currently no workaround.
CSCdx92156
If you copy a virtual template configuration to the running configuration, the following traceback message appears on the console:
BadSHARE : Bad Refcount Traceback
Workaround: There is currently no workaround.
CSCdx94676
If you enter the write erase command, for a large configuration, and reload the Cisco 10000 series ESR, spurious memory access may occur during the reload.
Workaround: There is currently no workaround.
CSCdy15504
If you have 32,000 PPPoA sessions configured on the Cisco 10000 series ESR, and a microcode reload occurs, CPU Hog traceback messages appear on the console.
Workaround: There is currently no workaround.
CSCdy15580
If you have 4000 PVCs configured on the Cisco 10000 series ESR, and you perform an Online Insertion and Removal (OIR) with the OC-12 ATM line card, CPU hog messages appear on the console for 4 minutes and 30 seconds. Then the ESR CPU stabilizes for 2 to 3 minutes, and another CPU hog message appears on the console for 1 to 2 minutes. Following this, the CPU usage is 100% until the PVCs are established again.
Workaround: There is currently no workaround.
CSCdy15990
If you apply a PBR policy to an ATM subinterface, the policy is ignored. If you apply a PBR policy on the main ATM interface, it is applied correctly to that main interface, but incorrectly applied to all the subinterfaces.
Workaround: There is currently no workaround.
CSCdy16777
RADIUS Attribute 45 (acct-authentic) is not included in the Accounting update/watchdog packet.
Workaround: There is currently no workaround.
CSCdy17201
If the Cisco 10000 series ESR is configured as an L2TP Network Server (LNS), and is operating under a stressful load, a double-fragmentation of the inner and outer L2TP packet may occur resulting in a PXF crash.
Workaround: When the outer L2TP fragmentation occurs, you can prevent the inner fragmentation by making sure the tunnel MTU (MTU configured on the virtual-template) is greater or equal to the large packet size destined in the downstream direction.
CSCdy18017
If two adjacent Cisco 10000 series ESRs are configured as PE routers, and are providing remote access MPLS VPN services, the remote PE router receiving BGP prefixes may run out of memory for the TagR entry in the PXF cef table.
Workaround: There is currently no workaround.
CSCdy18150
If the number of users do not match the number of IP addresses in the local pool on the Cisco 10000 series ESR, and debug ppp negotiation is configured, processor memory leaks occur.
Workaround: Do not use debug ppp negotiation for an extended period of time.
CSCdy18635
If 16,000 PPPoA sessions with 250 virtual templates and 250 VRFs (64 PPPoA sessions under each VT) are configured on the Cisco 10000 series ESR, a microcode reload may occur, and the following traceback message may appear on the console:
%IPRT-4-ROUTECOUNTNEGATIVE
Workaround: There is currently no workaround.
CSCdy18648
If 16,000 PPPoA sessions with 250 virtual templates and 250 VRFs (64 PPPoA sessions under each VT) are configured on the Cisco 10000 series ESR, a microcode reload may occur, and a CPU hog condition may occur for approximately 4 minutes.
Workaround: There is currently no workaround.
CSCdy26289
If you change the encapsulation type on an ATM subinterface that has an active PPPoEoA session, and the main interface has a class-int configuration containing a pppoe protocol statement, the Cisco 10000 series ESR reloads unexpectedly.
Workaround: Do not configure the class-int statement on the main ATM interface.
Resolved Caveats in Cisco IOS Release 12.2(4)BZ1
This section lists caveats that have been resolved in Cisco IOS Release 12.2(4)BZ1.
CSCdv73385
In the past, if you configured AAA per-user static routes and specified an administrative cost on the Cisco 10000 series ESR, the remote user could not pass IP traffic. This problem has been fixed.
CSCdw04680 and CSCdx15208
Previously, if you modified vpdn-group parameters while the sessions were authenticating, traceback messages appeared on the console. This problem has been fixed.
CSCdw30235 and CSCdx01967
In the past, on a Cisco 10000 series ESR with 16,000 PPPoA sessions on an OC-12 line card or 8,000 PPPoA sessions on an OC-3 line card, if you entered the hw-module slotslotshutdown command followed by the show memory summary command, the router reloaded unexpectedly. This problem has been fixed.
CSCdw44545 and CSCdw94378
Previously, under rare circumstances, PXF errors could cause sessions to disconnect. This problem has been fixed.
CSCdw45491
In the past, if you configured RADIUS user profiles with an ip route VSA containing VRF information, the route was parsed incorrectly. When the route was applied, the call disconnected. This problem has been fixed.
CSCdw49876
Previously, if the Cisco 10000 series ESR was configured for PPPoA and PPPoE with IP QoS, the interface counters displayed by the show policy-map command could not be cleared. This problem has been fixed.
CSCdw58162 and CSCdx42698
Previously, in a laboratory test, with 32K static routes configured, and with several thousand PPP sessions experiencing time-outs and retries, the I/O memory of the router became exhausted and the router became unstable. This problem has been fixed.
CSCdw65016 and CSCdx10762
In the past, if you added the range pvc command on a point-to-point sub-interface, traceback and PVC creation fail messages appeared on the console. This problem has been fixed.
CSCdw65330 and CSCdw18198
Previously, if you changed the service policy under a virtual template with 8,000 PPPoA sessions configured, the Cisco 10000 ESR reloaded unexpectedly. This problem has been fixed.
CSCdw67644
In the past, if you cleared a high number of PPPoE sessions (for example, 16K or more) on an OC-12 line card, the line card could stop functioning correctly. This problem has been fixed.
CSCdw79914
Previously, RADIUS attribute 1 (username) was sent two times in the RADIUS accounting stop. This problem has been fixed.
CSCdw91358
In the past, if you changed the number of PPPoE max-sessions on one VLAN sub-interface, the values for max-sessions changed on all VLAN sub-interfaces that had the same vlan id. This occurred even though they were on different physical interfaces. This problem has been fixed.
CSCdx23755
Previously, If you had RADIUS accounting configured and enabled on the Cisco 10000 series ESR, the RADIUS accounting records did not display the number of input and output packets passed by PPPoX sessions. This problem has been fixed.
Other Caveats
This section includes caveats listed in previous release notes that are regarded as resolved because they are unreproducible or do not affect the behavior of the Cisco 10000 series ESR. In the event a caveat listed in this section causes problems, please contact Cisco customer service.
CSCdw06215
Previously, it was reported that if you used the pvc range command, the aggregate Sustainable Cell Rate (SCR) could exceed the bandwidth of the interface. We have been unable to reproduce this problem.
CSCdw14567
Previously, it was reported that if you removed the pvc range command from your configuration, the following traceback message appeared:
%GENERAL-3-EREVENT: No vc_info for pppoa vccimap indexing
We have been unable to reproduce this problem.
CSCdw49627
Previously, it was reported that Write erase did not remove old database information from the fast ethernet interface, and pings to the new address assigned to the FE interface failed. We have been unable to reproduce this problem.
CSCdw56128
Previously, it was reported that scaling to higher numbers of PPPoA sessions caused a memory leak. We have been unable to reproduce this problem.
CSCdw57245
Previously, it was reported that while reloading the Cisco 10000 series ESR, the following error message appeared on the console:
RADIUS-3-NOSERVERS: No Radius hosts configured.
Then, after attempting to start 20 PPPoE sessions from a Cisco 7200 (PPPoE client), the following messages appeared on the Cisco 10000 series ESR console and were continuously added to the system log:
00:02:21: %RADIUS-3-ALLDEADSERVER: Group coopnet.or.jp: No active radius
servers
found. Id 28.
router#
00:02:57: %RADIUS-6-SERVERALIVE: Group coopnet.or.jp: Radius server
10.10.10.1
We have been unable to reproduce this problem.
CSCdw62173
Previously, it was reported that while bringing up PPPoE sessions into a VRF instance, assertion failure messages related to the virtual line appeared occasionally in the console. We have been unable to reproduce this problem.
CSCdw63282
Previously, it was reported that when the Cisco 10000 series ESR was configured with a remote access MPLS topology (with 32,000 PPPoA sessions configured and established), a smartbit started generating traffic to 16,000 of the PPPoA sessions and the toaster crashed on the PE. We have been unable to reproduce this problem.
Obtaining Documentation
The following sections provide sources for obtaining documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following sites:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:
Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS (6387).
Documentation Feedback
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn. Document Resource Connection Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Website
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.
CCIP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, Internet Quotient, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0208R)