Release Notes for Cisco GGSN Release 10.x on the Cisco SAMI, Cisco IOS Release 12.4(24)YE
Available Languages
Table Of Contents
Hardware and Software Requirements
Enhanced Service-Aware Billing
Determining the Software Version
Upgrading to a New Software Release
Limitations, Restrictions, and Important Notes
Single IP Cisco GGSN Usage Notes and Requirements
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE7
Automatic Stuck PDP Context Identification and Removal
Gy Interface Enhancement for Standalone Prepaid Subscribers
Throttling GTP Request Re-Enqueues
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE6
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE4
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3e
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3b
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE2
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE1
Authentication, Authorization, and Accounting Enhancements
Internet Small Computer System Interface Enhancements
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE
Caveats - Cisco IOS Release 12.4(24)YE7
Caveats - Cisco IOS Release 12.4(24)YE6
Caveats - Cisco IOS Release 12.4(24)YE5
Caveats - Cisco IOS Release 12.4(24)YE4
Caveats - Cisco IOS Release 12.4(24)YE3e
Caveats - Cisco IOS Release 12.4(24)YE3d
Caveats - Cisco IOS Release 12.4(24)YE3c
Caveats - Cisco IOS Release 12.4(24)YE3b
Caveats - Cisco IOS Release 12.4(24)YE3a
Caveats - Cisco IOS Release 12.4(24)YE3
Caveats - Cisco IOS Release 12.4(24)YE2
Unreproducible and Closed Caveats
Caveats - Cisco IOS Release 12.4(24)YE1
Unreproducible and Closed Caveats
Caveats - Cisco IOS Release 12.4(24)YE
Implementing GGSN Release 10.x on the Cisco SAMI
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco GGSN Release 10.x on the Cisco SAMI,
Cisco IOS Software Release 12.4(24)YE Releases
Latest Publication Date: March 6, 2013, Cisco IOS Release 12.4(24)YE3e
Last Publication Date: January 9, 2012, Cisco IOS Release 12.4(24)YE3dThis release note describes the requirements, dependencies, and caveats for the Cisco Gateway General Packet Radio Service (GPRS) Support Node (GGSN) Release 10.x, Cisco IOS Release 12.4(24)YE releases on the Cisco Service and Application Module for IP (SAMI). These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 12.4(24)YE releases, see the "Caveats" section on page 16 and Caveats for Cisco IOS Release 12.4 T. The caveats document is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.4 located on Cisco.com.
Note
•
•
•
Contents
This release note includes the following information:
•
•
•
•
•
•
•
•
•
•
Cisco GGSN Introduction
The Cisco GGSN is a service designed for Global System for Mobile Communications (GSM) networks. GSM is a digital cellular technology that is used worldwide, predominantly in Europe and Asia. GSM is the world's leading standard in digital wireless communications.
General Packet Radio Service (GPRS) and Universal Mobile Telecommunication System (UMTS) are standardized by the European Telecommunications Standards Institute (ETSI). In a GPRS/UMTS packet-switched domain, data services are delivered to the mobile subscriber when a link is established through a Public Land Mobile Network (PLMN) to a GGSN.
The Cisco GGSN enables mobile wireless service providers to supply their mobile subscribers with packet-based data services in GSM networks.
The Cisco GGSN runs on the Cisco Service and Application Module for IP (SAMI), a new-generation high performance service module for the Cisco 7600 series router platforms. For more information about the Cisco SAMI, see the Cisco Service and Application Module for IP User Guide.
System Requirements
This section describes the system requirements for Cisco IOS Release 12.4(24)YE releases and includes the following sections:
•
•
•
•
For hardware requirements, such as power supply and environmental requirements and hardware installation instructions, see the Cisco Service and Application Module for IP User Guide.
Memory Recommendations
Hardware and Software Requirements
Implementing a Cisco GGSN Release 10.x on the Cisco 7600 series Internet router platform requires the following hardware and software.
•
•
–
–
–
–
–
Or one of the following Cisco 7600 series route switch processors running Cisco IOS Release 12.2(33)SRE or later
–
–
For details on upgrading the Cisco IOS release running on the supervisor engine, refer to the "Upgrading to a New Software Release" section in the Release Notes for Cisco IOS Release 12.2SR. For information about verifying and upgrading the LCP ROMMON image on the Cisco SAMI, refer to the Cisco Service and Application Module for IP User Guide.
Note
•
Note
•
Note
GTP-Session Redundancy
In addition to the required hardware and software above, implementing GTP-Session Redundancy (GTP-SR) requires at minimum:
•
•
Enhanced Service-Aware Billing
In addition to the required hardware and software, implementing enhanced service-aware billing requires an additional Cisco SAMI running the Cisco Content Services Gateway Second Generation software in each Cisco 7600 series router.
Determining the Software Version
To determine the version of Cisco IOS software running on your Cisco SAMI PPCs, log in to PPC3 enter the show version EXEC command:
Router# show versionCisco Internetwork Operating System SoftwareIOS (tm) SAMI Software (g8ik9s), Version 12.4(24)YE6, EARLY DEPLOYMENT RELEASE SOFTWARETAC Support: http://www.cisco.com/tacCopyright (c) 1986-2002 by cisco Systems, Inc.Upgrading to a New Software Release
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
Upgrading the Cisco SAMI Software
For information on upgrading the Cisco SAMI software, see the Cisco Service and Application Module for IP User Guide:
Note
MIBs
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Limitations, Restrictions, and Important Notes
When configuring Cisco GGSN Release 10.x, note the following:
•
Therefore, to avoid the possibility of incomplete adjacency on VLAN interfaces for the redirected destination IP address and an impact to the upstream traffic flow for PDP sessions, ensure that you configure the no ip cef optimize neighbor resolution command.
•
–
–
–
!interface Virtual-Template1description GGSN-VTip unnumbered Loopback0encapsulation gtpno logging event link-statusgprs access-point-list gprsend•
Note
Table 2 lists the maximum number of PDP contexts the Cisco SAMI with the 1 GB memory option can support. Table 3 lists the maximum number the Cisco SAMI with the 2 GB memory option can support:
Table 2 Number of PDPs Supported in 1 GB SAMI
IPv4
384,000
IPv6
48,000
PPP Regeneration
96,000
PPP
48,000
Table 3 Number of PDPs Supported in 2 GB SAMI
IPv4
816,000
IPv6
96,000
PPP Regeneration
192,000
PPP
96,000
Note
With Cisco GGSN Release 8.0 and later, PDPs regenerated to a PPP session run on software interface description blocks (IDBs), which increases the number of sessions the GGSN can support. The GTP virtual template is a subinterface. If the no virtual-template subinterface command is configured in global configuration mode, PDPs regenerated to a PPP session run on hardware IDBs instead. When sessions are running on hardware IDBs, the GGSN supports fewer sessions.
For implementation of a service-aware GGSN, the following additional important notes, limitations, and restrictions apply:
•
•
•
•
•
Specifically, the SGSN N3*T3 must be greater than:
2 x RADIUS timeout + N x DCCA timeout + CSG2 timeout
where:
–
–
Note
Single IP Cisco GGSN Usage Notes and Requirements
The following changes exist between the non-single IP Cisco GGSN and the single IP Cisco GGSN:
•
The configuration of a single IP GGSN does not differ from a non-single IP GGSN. All configurations must be performed on the Proxy Control Processor (PCOP), which are then propagated to all Traffic and Control Plane processors (TCOPs). Failure of the command in any of the TCOPs causes a rollback of the configuration on the PCOP and other TCOPs.
A few values configured on the PCOP, for example the maximum number of PDP contexts, are distributed to the TCOPs as seen in the following example:
sup-06-3#configure terminalEnter configuration commands, one per line. End with CNTL/Z.PPC3(config)#gprs maximum-pdp-context-allowed ?<5-4294967295> Max PDP context allowedPPC3(config)#gprs maximum-pdp-context-allowed 10000PPC3(config)#endPPC3#PPC3#show run| i maximum-pdp-context-allowedgprs maximum-pdp-context-allowed 10000PPC3#execute-on all sh run | i maximum-pdp-context-allowedgprs maximum-pdp-context-allowed 2000gprs maximum-pdp-context-allowed 2000gprs maximum-pdp-context-allowed 2000gprs maximum-pdp-context-allowed 2000gprs maximum-pdp-context-allowed 2000PPC3#•
The display of most show commands are aggregated to display consolidated outputs of all the TCOPs. However, a few show commands display the outputs from each TCOP.
For example, the show ip iscsi session command displays output from all TCOPs:
PPC3#show ip iscsi session----------- Slot 6/CPU 3, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------8 LINUX Logged In 1----------- Slot 6/CPU 4, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------7 LINUX Logged In 1----------- Slot 6/CPU 5, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------7 LINUX Logged In 1----------- Slot 6/CPU 6, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------7 LINUX Logged In 1----------- Slot 6/CPU 7, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------7 LINUX Logged In 1----------- Slot 6/CPU 8, show ip iscsi session -------------ID TARGET STATE CONNECTIONS--------------------------------------------------------------7 LINUX Logged In 1PPC3#Whereas, the show gprs iscsi statistics command aggregates the output from all TCOPs:
PPC3#show gprs iscsi statisticsGPRS iSCSI statistics for iSCSI Profile LINUX:Profile Name: LINUXOpen Requests = 5 , Failed Open Attempts = 0Write Requests = 0 , Failed Write Requests = 0Read Requests = 5 , Failed Read Requests = 5Close Requests = 0 , Failed Close Requests = 0Number of DTRs in Write Queue = 0Number of DTRs in Read Queue = 0PPC3#•
For RADIUS responses to reach the correct TCOP, the following configuration on the Cisco GGSN is mandatory:
PPC3(config)#radius-server source-ports extended•
a.
PPC3#show file systemsFile Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 128947 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:PPC3#execute-on all show file systems----------- Slot 6/CPU 4, show file systems-------------File Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 129996 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:3217522688 3217506304 disk rw sda0:#----------- Slot 6/CPU 5, show file systems-------------File Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 129996 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:3217522688 3217506304 disk rw sda1:#----------- Slot 6/CPU 6, show file systems-------------File Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 129996 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:3217522688 3217506304 disk rw sda2:#----------- Slot 6/CPU 7, show file systems-------------File Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 129996 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:3217522688 3217506304 disk rw sda3:#----------- Slot 6/CPU 8, show file systems-------------File Systems:Size(b) Free(b) Type Flags Prefixes- - opaque rw archive:- - opaque rw system:- - opaque rw tmpsys:- - network rw snmp:- - opaque rw null:- - network rw tftp:* 27740160 27736064 flash rw bootflash:131072 129996 nvram rw nvram:- - opaque wo syslog:- - network rw rcp:- - network rw ftp:- - network rw http:- - network rw scp:- - opaque ro tar:- - network rw https:- - opaque ro cns:3217522688 3217506304 disk rw sda4:#PPC3#b.
sup#session slot 6 proc 4The default escape character is Ctrl-^, then x.You can also type 'exit' at the remote prompt to end the sessionTrying 127.0.0.64 ... Open************************************************************* !!! WARNING !!! **** **** You are accessing the Traffic Processor on this **** system. It is strongly advised to use the Control **** Processor (processor 3) for any activity. **** **** Please contact your Cisco Technical Support **** personnel for any support in using this interface. **** *************************************************************06-3-4>en06-3-4#06-3-4#show sda0:-#- --length-- -----date/time------ path1 0 Feb 08 2010 16:50:54 root2 64 Feb 08 2010 16:50:58 root/master.dat3 0 Feb 08 2010 16:50:56 salvage3217506304 bytes available (16384 bytes used)06-3-4#format sda0:Format operation may take a while. Continue?Format operation will destroy all data in "sda0:". Continue? Writing Monlib sectors..Monlib write completeFormat: All system sectors written. OK...Format: Total sectors in formatted partition: 6296544Format: Total bytes in formatted partition: 3223830528Format: Operation completed successfully.Format of sda0: complete06-3-4#SAMI 6/4: Feb 24 06:36:07.129: %RSM-3-WARNING: Warning: iSCSI target in profile LINUX cannot be used for storing/retrieving CDRs. Disk is formatted. Please disconnect and connect to the Target.•
If any debug error messages such as "Configuration in progress. Dropping the create PDP req. Please try later!" or "APN in config lock and disallows new create" is observed, verify the configure-related PDP creation blocking using the following command in privilege EXEC mode:
Router#show gprs configuration-lock countersystem level lock counter: 0access point 1 apn1 counter:0access point 2 apn2 counter:0This command displays GGSN configuration locking counters. There are two kinds of configuration locking counters, system level locking counters and access-point locking counters. If the system level locking counter is non-zero, any create PDP context requests are blocked. If one access-point locking counter is non-zero, any create PDP context requests referred to that access point are blocked. Typically these counters are zero and a non-zero state is transient. However, if a user observes a configuration-lock counter remains in a non-zero state, use the following command to reset all of the configuration lock counters to zero.
Router# clear gprs configuration-lock counterA warning message displays if there is non-zero counter.New and Changed Information
The following sections list the new features or changed behavior in the Cisco IOS Release 12.4(24) YE releases. Releases note listed do not contain new features or changed behavior.
•
•
•
•
•
•
•
•
•
For detailed information about the new and existing features in GGSN Release 10.x, Cisco IOS Release 12.4(24) YE releases, refer to the Cisco GGSN Release 10.x configuration guide and command reference located at the following URL:
http://www.cisco.com/en/US/products/sw/wirelssw/ps873/tsd_products_support_series_home.html
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE7
The following features are introduced with or incorporated in Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE7:
•
•
•
Automatic Stuck PDP Context Identification and Removal
Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE7 incorporates the support for automatic identification and removal of PDP contexts that are stuck in either the creation or deletion process, which was introduced in Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3b.
By default, this background process runs automatically every 15 minutes on the active GGSN in a redundant configuration. The process detects and notifies you of stuck PDPs. Optionally, you can configure the GGSN to automatically clear the stuck PDPs, or you can manually clear them.
Enabling the Automatic Detection and Clearing of Stuck PDPs
To configure the automatic identification, and optionally removal of stuck PDP contexts, complete the following task in global configuration mode:
The following is an example of a syslog message sent when a stuck PDP is detected:
SAMI 4/4: Sep 5 04:55:20.750: %GPRSFLTMG-4-GTP_PDP_STUCK: GSN: 110.50.0.50, TEID: 1122330000001211, APN: eggsn_postpaid,MSISDN: 112323000000121, Reason : 2, flags: 4C0091Manually clearing Stuck PDPs
Before manually clearing a stuck PDP, you must place the associated access point in maintenance mode by using the service-mode maintenance command in access-point configuration mode. Once you have cleared the command, place the access point back in operational mode by using the service-mode operational command in access-point configuration mode.
To manually clear a stuck PDP by Tunnel Identifier (TID) on the active GGSN, complete the following task in privilege EXEC mode.
Router# clear gprs gtp pdp-context access-point index force tid
Clears the stuck PDP by TID on the active GGSN.
Note
Gy Interface Enhancement for Standalone Prepaid Subscribers
With Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE7, you can configure the Cisco GGSN to create a PDP context and send a Credit-Control-Request (CCR-U) that includes either a configured Service-Identifier or the APN index number as the Service-Identifier when it receives a Credit-Control-Answer (CCA-I) from an Online Charging System (OCS), which does not contain a Service-Identifier.
Before enabling the Service-Identifier Gy interface enhancement, note the following:
•
•
•
•
•
•
To configure the GGSN to send a CCR-U that includes a Service-Identifier or an APN index ID as a Service-Identifier when it receives a CCA-I from the OCS that does not include a service ID, use the following command while in access-point configuration mode:
Throttling GTP Request Re-Enqueues
If there is a GTP request that the Cisco GGSN needs to service for an existing PDP context, and a pending request for that PDP context already exists, the GGSN cannot immediately service the new request.
In some cases the GTP request is re-enqueued in the GTP queue until the PDP is ready to be updated/created. Ideally, the GGSN should service all such GTP requests within a few re-enqueues, however, if for some reason it cannot, and a request is continuously re-queued, the GGSN attempts to process the same request again and again, which causes a very high CPU. To prevent requests from being process again and again, you can throttle the number of times a GTP request can be re-enqueued.
To configure the number of times a GTP request can be re-enqueued in the GTP queue, use the following command while in global configuration mode:
Using the no form of this command resets the value to the default (10).
Note
To display re-enqueue statistics, use the following command while in privileged EXEC mode:
For example, issuing the show gprs gtp request re-enqueue statistics command displays the following:
GGSN# show gprs gtp request re-enqueue statisticsGTP Req re-enqueue first_time 1 GTP Req re-enqueue total 1GTP Req re-enqueue dropped 1GGSN#To clear the re-enqueue statistics counters, use the following command while in privileged EXEC mode:
Router# clear gprs gtp request re-enqueue statistics
Clears the counters for the re-enqueue statistics.
When configuring the GTP request re-enqueue throttle, note the following:
•
SAMI 1/4: Jul 5 22:06:21.079: GPRS:1231230000000010:A GTP Req Packet has reached limit 0 for re-enqueue. Queue GTP msg, Re-enqueue reason:Delete Before RecreateSAMI 1/4: Jul 5 22:06:21.079: GPRS:1231230000000010:TID: 1231230000000010, PDP Internal Flags:40440001, PDP Update Flags:00000000, PDP Delete Flags:00000000, MCB Flags:00020008, APN: mani.com, Packet App flags 00000000, PDP:0x425B767C, MCB 0x4A423534•
MIB Changes
In Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE7 and later, the GetNext and GetBulk requests are disabled for the GGSN Subscriber table (cGgsnExtSubscriberTable) in the CISCO-GGSN-EXT-MIB.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE6
Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE6 introduces support for the diameter vendor supported 3gpp command always keyword option.
When enabling support for a Third-Generation Partnership Project (3GPP) Gy-compliant Diameter Credit Control Application (DCCA) implementation, when the Diameter peer advertises that it supports 3GPP during the capability exchange between the GGSN and the Diameter peer, you must configure the following commands:
•
•
However, if the Diameter server (also known as the Online Charging System [OCS]) supports 3GPP but does not negotiate 3GPP in the capability exchange, you must configure the following commands to ensure that the GGSN sends 3GPP AVPs even when the Diameter server does not advertise 3GPP support:
•
•
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE4
Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE4 introduces support for the following:
•
By default, when service-aware billing is implemented on the Cisco GGSN using a Diameter Credit Control Application, the Cisco GGSN receives a Diameter Credit-Control-Answer (CCA) and applies it uniformly for both prepaid and postpaid subscribers.
With Cisco GGSN Release 10.2 and later, you can associate up to 16 charging profiles with different subscribers in an APN. The ability to associate multiple charging profiles with different subscribers in an APN enables operators to customize the CCFH for both prepaid and postpaid subscribers. The CCFH determines how the GGSN behaves if a CCA failure occurs.
•
–
–
–
The International Mobile Equipment Identity (IMEI) in the User-Equipment-Info AVP (group level)
3GPP-SGSN-MCC-MNC AVP (message level)
3GPP-MS-Timezone AVP (message level)
•
For information about each of these features, see the Cisco GGSN Release 10.2 Configuration Guide.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3e
Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3e includes the following show command enhancements:
•
•
GGSN#sh gprs gtp statisticsGPRS GTP Statistics:version_not_support 0 msg_too_short 0unknown_msg 0 unexpected_sig_msg 0unexpected_data_msg 0 unsupported_comp_exthdr 0mandatory_ie_missing 0 mandatory_ie_incorrect 0optional_ie_invalid 0 ie_unknown 0ie_out_of_order 0 ie_unexpected 0ie_duplicated 0 optional_ie_incorrect 0pdp_activation_rejected 0 tft_semantic_error 0tft_syntactic_error 0 pkt_ftr_semantic_error 0pkt_ftr_syntactic_error 0 pdp_wo_tft_exist 0non_existent 1 path_failure 0total_dropped 0 signalling_msg_dropped 0data_msg_dropped 0 no_resource 0get_pak_buffer_failure 0 rcv_signalling_msg 1snd_signalling_msg 1 rcv_pdu_msg 0snd_pdu_msg 0 rcv_pdu_bytes 0snd_pdu_bytes 0 total created_pdp 0total deleted_pdp 0 total created_sec_pdp 0total deleted_sec pdp 0 total created_ppp_pdp 0total deleted stuck pdp 0 total stuck pdp 0total deleted_ppp_pdp 0 total MSinit pdp update 1ppp_regen_pending 0 ppp_regen_pending_peak 0ppp_regen_total_drop 0 ppp_regen_no_resource 0ntwk_init_pdp_act_rej 0 total ntwkInit created pdp 0single pdp-session cleared 0 total ntwkInit update pdp 0total update responses rcv 0 total COA msg received 0total COA msgs discarded 0 total COA triggered update 0total err indications rcvd 0 total err indications sent 0Number of times DT enabled 0 total EI rcvd on DT PDPs 0total update fail DT pdps 0 msg dropped on config 0invalid_tid_in_pdp 0 invalid_tid_in_pak 0pdp dropped invalid sigmsg 0 invalid_tid_in_pak 0pdp dropped invalid sigmsg 0created ipv6 pdp 0 rejected ipv6 pdp 0deleted ipv6 pdp 0 created ipv6 pdpmcb 0deleted ipv6 pdpmcb 0rcvd ipv6 pdu 0 sent ipv6 pdu 0rcvd ipv6 data bytes 0 sent ipv6 data bytes 0newinfo acct recs queued 0 newinfo acct recs failed 0Debug info:path_fail_local_del_pdp 0 ver_upgrade_local_del 0no_sgsn_local_del_pdp 0 ver_fallback_local_del 0no_wait_sgsn_local_del_pdp 0 no_req_sgsn_local_del_pdp 0create_collide_with_delete 0 version_changes 0rcv_retransmit_create_req 0 create_as_update 0GGSN#GGSN#sh gprs access-point statistics 3PDP activation intiated by MS: 0Successful PDP activation intiated by MS: 0Total secondary PDPs created: 0Total secondary PDPs deleted: 0Total Stuck pdp 0Total Stuck pdp deleted 0Dynamic PDP activation initiated by MS: 0Successful dynamic activation initiated by MS: 0PDP update initiated by MS: 0Successful PDP update initiated by MS: 0PDP deactivation initiated by MS: 0Successful PDP deactivation initiated by MS: 0Network initiated PDP activation: 0Successful network initiated PDP activation: 0PDP deactivation initiated by GGSN: 0Successful PDP deactivation initiated by GGSN: 0PDP update initiated by GGSN: 0Successful PDP update initiated by GGSN: 0upstream data volume in octets: 0downstream data volume in octets: 0upstream packet count: 0downstream packet count: 0DHCP address requests sent by GGSN: 0DHCP address requests successful: 0DHCP address release sent by GGSN: 0Total number of COA requests received: 0Total number of successful COA requests: 0Number of times direct tunnel enabled: 0GGSN#(CSCue57186)
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3b
The following new features supported in Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3b:
•
•
Enabling the Automatic Detection and Clearing of Stuck PDPs
To configure the automatic identification, and optionally removal of stuck PDP contexts, complete the following task in global configuration mode:
The following is an example of a syslog message sent when a stuck PDP is detected:
SAMI 4/4: Sep 5 04:55:20.750: %GPRSFLTMG-4-GTP_PDP_STUCK: GSN: 110.50.0.50, TEID: 1122330000001211, APN: eggsn_postpaid,MSISDN: 112323000000121, Reason : 2, flags: 4C0091Manually clearing Stuck PDPs
Before manually clearing a stuck PDP, you must place the associated access point in maintenance mode by using the service-mode maintenance command in access-point configuration mode. Once you have cleared the command, place the access point back in operational mode by using the service-mode operational command in access-point configuration mode.
To manually clear a stuck PDP by Tunnel Identifier (TID) on the active GGSN, complete the following task in privilege EXEC mode.
Router# clear gprs gtp pdp-context access-point index force tid
Clears the stuck PDP by TID on the active GGSN.
Note
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3
Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3 introduces support for RADIUS Controlled Redirection.
The RADIUS Controlled HTTP Redirection feature enables the Cisco GGSN to redirect the HTTP traffic of subscribers to an Advice-of-Charge (AoC) page that notifies them of new tariff changes when they are roaming in a foreign PLMN.
For information about configuring RADIUS controlled HTTP redirection, see the Cisco GGSN Release 10.1 Configuration Guide.
Additionally, in Cisco IOS Release 12.4(24)YE3, the ip keyword option was dropped from the syntax of the redirect all ip access-point configuration command.
Note
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE2
The following enhancements and features are introduced in Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE2.
•
Support for the Overlapping Local IP Address Pools feature is introduced in Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE2.
The Overlapping Local IP Address Pools feature improves flexibility in assigning IP addresses dynamically. This feature allows you to configure overlapping IP address pool groups to create different address spaces and concurrently use the same IP addresses in different address spaces.
For information about configuring overlapping local IP address pools, see the Cisco GGSN Release 10.0 Configuration Guide.
•
Cisco IOS Release 10.0, Cisco IOS Release 12.4(24)YE2 supports the copy command as a method of retrieving CDRs written to an iSCSI device in a single IP environment.
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE1
The following new implementations and behavior changes exist in this release of the Cisco GGSN:
•
•
•
Authentication, Authorization, and Accounting Enhancements
With Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE1, support for private Authentication, Authorization, and Accounting (AAA) server groups is introduced using existing CISCO-AAA-SERVER-MIB objects.
This support resolves CSCtg65556.
Internet Small Computer System Interface Enhancements
The following Internet Small Computer System Interface (iSCSI) enhancements are introduced in Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE1.
•
•
For detailed information about these new commands, see the Cisco GGSN Release 10.0 Configuration Guide.
MIB Updates
The following MIB files have been updated to support the following Cisco GGSN Release 10.0 features:
•
–
–
•
–
–
–
•
–
–
•
–
–
•
–
•
–
New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE
The following new implementations and behavior changes exist in this release of the Cisco GGSN:
•
–
Cisco GGSN Release 10.0 and later supports a single IP architecture. The single IP architecture enables all six Cisco GGSN instances running on the Cisco SAMI processors to function as one Cisco GGSN instance.
For single IP usage notes, see "Single IP Cisco GGSN Usage Notes and Requirements" section on page 7.
–
- Dynamic HTTP redirection and termination with Final Unit Indication (FUI)
- Activity-based time billing—Activity-based billing, as defined in 3GPP, bills users for only the periods of on the network that activity is occurring, instead of billing them for the entire time they are logged on the network.
–
With Release 10.0 and later, the Cisco GGSN supports dynamic IP address allocation. Dynamic IP address allocation enables operators to implement a Cisco GGSN without subnetting requirements. The Cisco GGSN supports dynamic IP address allocation from DHCP, RADIUS, and local pools.
–
With the advent of a single IP architecture of Cisco GGSN Release 10.0 and later, the Cisco GGSN quota server interface supports multiple Cisco CSG2s. Service-aware users from the Cisco GGSN are load-balanced among the Cisco CSG2s.
–
In earlier releases of the Cisco GGSN, you could configure only one DCCA server at a time per APN, but you could configure different DCCA servers for the same APN on the GGSN instances on the Cisco SAMI.
With the transition to a single IP architecture in Cisco GGSN Release 10.0, the separate GGSN instances running on the six Cisco SAMI processors function as a single GGSN, rather than six GGSNs. To enable an APN to communicate with multiple DCCA servers, with Cisco GGSN Release 10.0 and later, you can configure multiple DCCA profiles under a charging profile applied to an APN.
For more information about the features introduced in Cisco GGSN Release 10.0, see the Cisco GGSN Release 10.0 Configuration Guide.
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
All caveats in Cisco IOS Release 12.4 and Cisco IOS Release 12.4 T are also in Cisco IOS Release 12.4(24)YE.
For information on caveats in Cisco IOS Release 12.4, see Caveats for Cisco IOS Release 12.4.
For information on caveats in Cisco IOS Release 12.4 T, see Caveats for Cisco IOS Release 12.4T, which lists severity 1 and 2 caveats and select severity 3 caveats and is located on Cisco.com and the Documentation CD-ROM.
Using the Bug Navigator II
If you have an account with Cisco.com, you can use Bug Navigator II to find caveats the most current list of caveats of any severity for any software release. To reach Bug Navigator II, log in to Cisco.com and click Software Center: Cisco IOS Software: Cisco Bugtool Navigator II. Another option is to go directly to http://www.cisco.com/support/bugtools.
This section lists the following:
•
•
•
•
•
•
•
•
•
•
•
•
•
Caveats - Cisco IOS Release 12.4(24)YE7
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE7 image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE7:
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When PPP PDP type sessions are created, the transmit and receive counters displayed by using the the show gprs gtp pdp privileged EXEC command continuously increase even without traffic. The counters are getting incremented due to PPP LCP echo requests and responses.
This condition occurs only with PPP PDP type subscribers from Cisco IOS Release 12.4(24)YE4 and later.
Workaround: There is currently no known workaround.
•
A mismatch between the "InUse" counters in the show ip local pool command output between an active and standby GGSN might occur. The counters of the standby GGSN might display more IPs in use than the counters of the active GGSN.
This condition occurs on the standby Proxy Control Processor (PCOP) when it could not free an IP address under certain rare circumstances.
Workaround: There is currently no known workaround, however, this condition does not impact the standby GGSN because the actual IP allocation occurs from the Traffic Control Processors (TCOPs) of the standby GGSN.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE7:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 and later single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE7:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE7. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
Cisco GGSN Resolved Caveats
This section lists GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(24)YE7.
•
Even with charging characteristics reject configured (by using the gprs charging characteristics reject global configuration command), the GGSN selects the default charging profile for an unmatched charging characteristic value instead of sending a negative response to the SGSN as designed.
This condition occurs when the GGSN is configured to reject Create PDP Context requests for which no charging profile can be selected.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
•
When a new APN with charging characteristics is unconfigured, a traceback occurs.
This condition occurs when a new access point is configured with charging characteristics, and then the access point is unconfigured.
•
An SNMP walk for AAA-SERVER-MIB causes delayed show and configuration commands and delayed responses to SNMP polls.
This condition occurs when RADIUS is configured with more than 30 server entries using the following command:
radius-server host ip addr auth-port 1645 acct-port 1646•
A GTPv0 create request over an existing GTPv1 PDP causes a high CPU.
This condition occurs only when the existing GTPv1 PDP is waiting for the completion of an update request and then a GTPv0 create is initiated.
(CSCtr31369 and CSCtr30916 fix the symptom and free the CPU by dropping the new GTPv0 create request.)
•
The Cisco GGSN might arrive in a situation in which the CPU on certain Traffic and Control Plane processors (TCOPs) reaches almost 100%. When this condition occurs, stuck PDP sessions are also seen on the affected TCOPs.
This condition causes subscribers to experience problems in the GTP control path (for example, setting up PDP sessions) and in the data path (for example, sending data through the PDP session). This condition typically occurs in a service-aware implementation and appears to begin when the GGSN assumes a path restart has occurred, which indicates that the SGSN is restarting, when in fact, that is not the case.
•
When a very high number of GTPv0 and GTPv1 users handoff from one SGSN to another, the following error message with a traceback might be seen and could possibly lead to a reload of the standby GGSN.
IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)This condition could occur when a very high number of GTPv0 and GTPv1 users handoff from one SGSN to another at the same time at a very high rate.
•
In a redundant implementation, the active GGSN crashes when trying to free the Checkpoint-Facility (CF) buffer when a PDP is being deleted.
•
The GGSN does not create PDPs even when there is sufficient IP address space. The RefCount in the International Mobile Subscriber Identity (IMSI) sticky database is negative one (-1).
GGSN#show sami sm imsiIMSI: 214350000000001, Permanent: NO, Location: 7MSISDN: 9121436506000000F100 Length:94u87efCount:-1, version:1, SeqNum:2, NSAPI_MAP:0000IMSI: 214350000000002, Permanent: NO, Location: 4MSISDN: 9121436506000000F200 Length:9RefCount:-1, version:1, SeqNum:2, NSAPI_MAP:0000This condition occurs with a single IP architecture (Proxy Control Processor [PCOP] and Traffic and Control Plane processors [TCOP]) when all the IP addresses in a TCOP are "In Use" and the TCOP attempts a reassignment. The PCOP fails to reassign the session because of the RefCount -1.
•
"91" is added to the "calling-number" AVP in Incoming-Call-Request (ICRQ) messages even when the no gprs radius msisdn first-byte global configuration command is configured.
•
The GGSN retransmits a lot of RADIUS Accounting Start requests for postpaid subscribers. The current behavior is as follows:
a.
b.
c.
d.
e.
In this scenario, the GGSN relies on the RADIUS timeout and the signaling impacts the network.
The desired behavior is for the GGSN to not retransmit the RADIUS Accounting Start request after receiving a CoA with Auth_failed but instead send a Create PDP Context Deny.
This condition occurs with postpaid subscribers, whom are not allowed to use the Gx PCRF.
•
The following syslog message appears intermittently on the GGSN:
GPRSFLTMG-4-CHARGING: GSN: 0.0.0.0, TID: 0000000000000000, APN: NULL, Reason: 13, Trying to close a NULL cdr_entryThis condition occurs even when the charging function is not configured.
•
There is a mismatch of the local IP address pool "In Use" count between the Proxy Control Processor (PCOP) and Traffic and Control Plane processors (TCOP). This occurs because some of the IP address in the PCOP are not freed even though the PDP context is cleared.
For example:
GGSN#show gprs gtp statusGPRS GTP Status:activated gtpv0 pdp 0activated gtpv1 pdp 0activated ms 0activated ipv6 ms 0activated gtpv0 v6 pdp 0activated gtpv1 v6 pdp 0activated ppp regen pdp 0activated ppp pdp 0gtp's va hwidbs 0gtp's va swidbs 0gtp ipv6 swidbs 0gtp direct tunnel PDPs 0Service-aware Status:Prepaid PDPs 0Postpaid PDPs 0IST-GGSN-07#sh ip loIST-GGSN-07#sh ip local pooIST-GGSN-07#sh ip local poolPool Begin End Free In use Blocked** pool <internet> is in group <internet>internet 178.241.128.0 178.241.255.255 32744 24 0188.57.192.0 188.57.255.255 16373 11 0188.58.96.1 188.58.127.255 8184 7 031.142.96.0 31.142.127.255 8188 4 0** pool <wap> is in group <wap>wap 10.51.0.1 10.51.254.255 64798 481 0** pool <mgb> is in group <mgb>mgb 188.59.176.1 188.59.191.255 4095 0 0** pool <streaming> is in group <streaming>streaming 10.52.80.1 10.52.87.255 2044 3 0** pool <test15> is in group <test15>test15 31.142.96.0 31.142.127.255 8192 0 0•
Sometimes, the tunnel identifier (TID) value in a GTPv0 create PDP context response is corrupt. This condition occurs with roaming subscribers.
•
For PPP-Regen users, the Time to Live (TTL) value of the IP packet in the downstream direction (from L2TP network server [LNS] to mobile subscriber [MS]), is decremented by 1, whereas in the upstream direction (from MS to LNS server), the TTL value is not decremented.
This condition occurs only for PPP-Regen users.
•
Input errors are seen on Cisco GGSN Traffic and Control Plane processors (TCOPs) with specific traffic patterns and signaling.
This condition occurs when the idle timeout value is configured to a low value (300 seconds). When the idle timeout value is configured to a higher value (for example, 3600 or 7200 seconds), the input errors are not seen.
•
3GPP-Selection-Mode (12) is not added under Packet Switched Information (PS-Information) AVP, even though the gprs dcca avp grouped ps-information global configuration command is configured.
•
The Cisco SAMI might crash when connecting to the charging gateway.
This condition might occur when the charging gateway is connected to the GGSN, if the GGSN receives a different restart counter (recover information element [IE]) value from the charging gateway. Additionally, any pending call detail records (CDRs) in the GGSN could potentially lead to a crash.
•
A timing issue between a PDP deletion and a Diameter Credit Control Application (DCCA) response causes the Cisco SAMI to crash.
This condition occurs only for a standalone prepaid user, and only if the GGSN receives a protocol error response from DCCA during the deletion of a prepaid PDP.
Cisco SAMI Resolved Caveats
This section lists a Cisco SAMI caveat that is resolved with Cisco IOS Release 12.4(24)YE7.
•
When performing a write memory or copying a file to the bootflash of a PowerPC (PPC), the Cisco SAMI drops a few packets.
•
When the Cisco IOS Software image is loaded, the counter for gig 0/0 starts incrementing. If there is no traffic on the router, the input queue drops and continues to increment.
•
A configuration download error occurs with the following message:
%IPC-0-CFG_DOWNLOAD_ERROR: Configuration download/parse error: Failed to download config on one or more processors, traffic will get blocked -Process= "Init", ipl= 0, pid= 3This condition occurs when the erase bootflash command is issued on the PCOP.
Miscellaneous Resolved Caveat
This section lists the miscellaneous caveats that are resolved with Cisco IOS Release Cisco IOS Release 12.4(24)YE7.
•
Gateway might reload while handling a Virtual Private Dialup Network (VPDN) call due to invalid memory reference.
•
In a redundant implementation, a session is not synchronized to a standby unit if the MTU of the Gigabit0/0 interface of the active SAMI is set to1600 bytes. The router could also perform a redundancy framework (RF) self-reload.
•
A Layer 2 Tunneling Protocol Access Concentrator (LAC) router running Virtual Private Dialup Network (VPDN) might crash when it receives an invalid redirect from a peer with a of "SSS Manager Disconnected Session" Call-Disconnect-Notify (CDN) error message.
This symptom is observed when the LAC router receives an the following message from the multihop peer:
Error code(9): Try another directed and Optional msg: SSS Manager disconnected session <<<< INVALID•
The Cisco SAMI application could crash as a result of a memory corruption or accessing an invalid address. The logs from the crashinfo show that the PCRF sent Diameter protocol errors.
Caveats - Cisco IOS Release 12.4(24)YE6
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE6 image:
•
•
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE6:
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
•
Even with charging characteristics reject configured (by using the gprs charging characteristics reject global configuration command), the GGSN selects the default charging profile for an unmatched charging characteristic value instead of sending a negative response to the SGSN as designed.
This condition occurs when the GGSN is configured to reject Create PDP Context requests for which no charging profile can be selected.
Workaround: There is currently no known workaround.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
Workaround: There is currently no known workaround.
•
When a new APN with charging characteristics is unconfigured, a traceback occurs.
This condition occurs when a new access point is configured with charging characteristics, and then the access point is unconfigured.
Workaround: There is currently no known workaround.
•
When PPP PDP type sessions are created, the transmit and receive counters displayed by using the the show gprs gtp pdp privileged EXEC command continuously increase even without traffic. The counters are getting incremented due to PPP LCP echo requests and responses.
This condition occurs only with PPP PDP type subscribers from Cisco IOS Release 12.4(24)YE4 and later.
Workaround: There is currently no known workaround.
•
The Cisco GGSN might arrive in a situation in which the CPU on certain Traffic and Control Plane processors (TCOPs) reaches almost 100%. When this condition occurs, stuck PDP sessions are also seen on the affected TCOPs.
This condition causes subscribers to experience problems in the GTP control path (for example, setting up PDP sessions) and in the data path (for example, sending data through the PDP session). This condition typically occurs in a service-aware implementation and appears to begin when the GGSN assumes a path restart has occurred, which indicates that the SGSN is restarting, when in fact, that is not the case.
Workaround: Restart or failover the Cisco GGSN.
•
When a very high number of GTPv0 and GTPv1 users handoff from one SGSN to another, the following error message with a traceback might be seen and could possibly lead to a reload of the standby GGSN.
IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)This condition could occur when a very high number of GTPv0 and GTPv1 users handoff from one SGSN to another at the same time at a very high rate.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE6:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 and later single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
•
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE6:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE6. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
Cisco GGSN Resolved Caveats
This section lists GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(24)YE6.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
When a non existent or failed Diameter server is configured on the Cisco GGSN, it might exhaust all available sockets for Diameter communication.
•
The Cisco GGSN does not send 3GPP attribute-value pair (AVPs) to the Diameter peer even when the gprs dcca 3gpp global configuration command is configured.
This condition occurs if the Diameter peer does not negotiate the capability as 3GPP in the Capability Exchange Answer (CEA) message. If this occurs, the GGSN does not send the 3GPP AVPs.
For more information about this fix, see the "New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE6" section.
•
The Cisco GGSN might erroneously detect a serving GPRS support node (SGSN) path restart, even though there is no Recovery information element (IE) change in any of the PDP requests.
This condition might occur when a subscriber is trying to connect from one SGSN and immediately moves to another SGSN and sends a create PDP context request.
•
The Cisco GGSN might reload at PC gprs_red_unpack_pdpcb(). This condition might be triggered by the availability of secondary PDP sessions on the GGSN.
•
Under stress conditions, PDP sessions become stuck in a "Pending" state and they are unable to connect. This condition occurs with an enhanced GGSN (eGGSN) service-aware implementation.
•
The Cisco GGSN always sends the default Dynamic Feedback Protocol (DFP) weight of 8 to the Cisco IOS SLB on the supervisor regardless of the weight dynamically reported by the individual Traffic and Control Plane processors (TCOPs).
•
The Cisco GGSN load balancer state becomes stuck in a DFP_THROTTLED state when the maximum number of PDPs are created, and it is unable to exit from this state when the number of PDPs decreases. This condition occurs when GGSN is reporting dynamic weights to a Dynamic Feedback Protocol (DFP) manager like GTP SLB.
Cisco SAMI Resolved Caveats
There are no newly resolved Cisco SAMI caveats with Cisco IOS Release 12.4(24)YE6.
Caveats - Cisco IOS Release 12.4(24)YE5
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE5 image:
•
•
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE5:
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
•
Even with charging characteristics reject configured (by using the gprs charging characteristics reject global configuration command), the GGSN selects the default charging profile for an unmatched charging characteristic value instead of sending a negative response to the SGSN as designed.
This condition occurs when the GGSN is configured to reject Create PDP Context requests for which no charging profile can be selected.
Workaround: There is currently no known workaround.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
Workaround: There is currently no known workaround.
•
When a new APN with charging characteristics is unconfigured, a traceback occurs.
This condition occurs when a new access point is configured with charging characteristics, and then the access point is unconfigured.
Workaround: There is currently no known workaround.
•
When PPP PDP type sessions are created, the transmit and receive counters displayed by using the the show gprs gtp pdp privileged EXEC command continuously increase even without traffic. The counters are getting incremented due to PPP LCP echo requests and responses.
This condition occurs only with PPP PDP type subscribers from Cisco IOS Release 12.4(24)YE4 and later.
Workaround: There is currently no known workaround.
•
An SNMP walk for AAA-SERVER-MIB causes delayed show and configuration commands and delayed responses to SNMP polls.
This condition occurs when RADIUS is configured with more than 30 server entries using the following command:
radius-server host ip addr auth-port 1645 acct-port 1646Workaround: Instead of using the radius-server host command, use the aaa group server radius command to configure the RADIUS servers.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE5:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 and later single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE5:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE5. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
Cisco GGSN Resolved Caveats
This section lists GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(24)YE5.
•
With the single IP architecture, when a local IP address pool contains just a few IP addresses (for example, less than 10), the block count on the Cisco SAMI Proxy Control Processor (PCOP) increments (viewable using the show ip local pool privileged EXEC command) even though there are some addresses available in the pool.
•
When the Cisco GGSN is running Cisco IOS Release 12.4(24)YE3 or later, frequently clearing the signalling path using the clear gprs gtp pdp-context path privileged EXEC command on the Cisco GGSN causes a traceback to occur.
•
The show gprs charging status access-point access-point-index command output displays negative values for the following fields:
–
–
–
–
This condition occurs when the primary and secondary charging gateway or storage device is unreachable, and more PDP contexts are closed and opened, causing the closed buffered CDRs value to peak to a higher value.
Workaround: There is currently no known workaround.
•
In an enhanced GGSN (eGGSN) scenario, in which the Cisco GGSN and Cisco CSG2 are implemented together to provide service-aware billing, if the Diameter Credit Control Application (DCCA) server does not send the Volume/Time threshold in the Volume-Quota-Threshold AVP and the Time-Quota-Threshold AVP in a Credit Control Answer (CCA) to the quota server interface on the Cisco GGSN, the Cisco GGSN continues to dictate a Volume/Time threshold of zero (0) to the Cisco CSG2 via GTP', as seen below:
Granted Quadrans Quadrans: 1843200Granted Quadrans Units: Bytes IPGranted Quadrans Flags: 0x03Granted Quadrans Threshold: 0The 0x03 flag indicates that this is a dictated and mandatory value to which the Cisco CSG2 must comply.
This condition occurs when the DCCA server does not send a Volume/Time threshold value to the Cisco GGSN quota server interface. The Cisco GGSN sends a Volume/Time threshold value of zero to the Cisco CSG2 with a 0x3 flag. The 0x3 flag indicates that the value is valid.
•
High CPU on the Cisco SAMI Traffic and Control Plane processors (TCOPs) in the GTP management process prevent create PDP context requests from being answered.
This condition occurs with the Cisco GGSN Cisco IOS Release 12.4(24)YE4 image with non-transparent APNs.
•
When the Cisco GGSN is configured to allocate the IP addresses to PDP contexts using a RADIUS, and RADIUS allocates a duplicate IP address by mistake, while the PDP is rejected, the GGSN inadvertently sends Accounting Start and Accounting Stop messages for the duplicate users.
This condition occurs when the GGSN uses a RADIUS IP address allocation and the RADIUS allocates duplicate IP addresses to PDPs.
•
The Cisco GGSN experiences SNMP MIB polling time outs, delayed responses to show and configuration commands when object identifiers (OIDs) related to AAA-SERVER-MIB are polled.
This condition occurs when the AAA-SERVER-MIB related OIDs need to polled from the SNMP server, and a large list of AAA server-groups have been configured.
•
When a newly configured APN is unconfigured, the GGSN crashes.
This condition occurs when you configure a new access point and then unconfigure it. This condition does not occur when the charging profile access point configuration command is configured under the new APN and then the new APN is unconfigured.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI caveats that are resolved with Cisco IOS Release 12.4(24)YE5.
•
When the Lawful Intercept feature is used, a Safeblk memory leak occurs, which depletes the Safeblk memory.
Caveats - Cisco IOS Release 12.4(24)YE4
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.2, Cisco IOS Release 12.4(24)YE4 image:
•
•
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE4:
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
•
With the single IP architecture, when a local IP address pool contains just a few IP addresses (for example, less than 10), the block count on the Cisco SAMI Proxy Control Processor (PCOP) increments (viewable using the show ip local pool privileged EXEC command) even though there are some addresses available in the pool.
Workaround: Configure more IP addresses within the local IP address pool range.
•
When the Cisco GGSN is running Cisco IOS Release 12.4(24)YE3 or later, frequently clearing the signalling path using the clear gprs gtp pdp-context path privileged EXEC command on the Cisco GGSN causes a traceback to occur.
Workaround: There is currently no known workaround.
•
Even with charging characteristics reject configured (by using the gprs charging characteristics reject global configuration command), the GGSN selects the default charging profile for an unmatched charging characteristic value instead of sending a negative response to the SGSN as designed.
This condition occurs when the GGSN is configured to reject Create PDP Context requests for which no charging profile can be selected.
Workaround: There is currently no known workaround.
•
The show gprs charging status access-point access-point-index command output displays negative values for the following fields:
–
–
–
–
This condition occurs when the primary and secondary charging gateway or storage device is unreachable, and more PDP contexts are closed and opened, causing the closed buffered CDRs value to peak to a higher value.
Workaround: There is currently no known workaround.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE4:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 and later single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE4:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE4. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
•
Cisco GGSN Resolved Caveats
This section lists GGSN-specific caveats that are resolved in Cisco IOS Release 12.4(24)YE4.
•
In a Cisco GGSN/PGW with a Cisco CSG2 implementation, the quota server interface goes down in few of the Cisco SAMI PowerPCs (PPCs) after a reload occurs.
This condition occurs only after the Cisco GGSN/PGW is reloaded and the Cisco CSG2 is not.
•
The Cisco GGSN address allocation fails when a PDP session is being reassigned.
This condition occurs when a PDP session is being reassigned from one Cisco SAMI Traffic Processor (TCOP) to another. The reason for the reassignment could be that the TCOP does not have a free IP address to allocate to the PDP, so the PDP is reassigned to a TCOP that has a free IP address.
•
In the Cisco GGSN Cisco IOS 12.4(24)YE3 image, the syntax of the redirect all ip command changed to redirect all.
Although the new syntax is accepted, in the running configuration, the command syntax is redirect all ip. Therefore, after a reload, the command is rejected.
•
The number of connections to Traffic and Control Plane processors (TCOPs) shows the maximum connection value when in fact, only a limited number of sessions actually exist.
•
The following message continuously displays when CPU utilization is over 90 percent.
GPRSFLTMG-0-GTPv1NORESOURCE "Number of pending signalling messages reaches limit"This condition occurs on the active GGSN when it receives a changed restart counter from an SGSN post switchover.
•
RADIUS controlled redirection RCR is not enabled when using a value like "gprs:url-redirect."
This condition occurs when you configure a domain name as "gprs:url-redirect" in a RADIUS profile. The GGSN is unable to create an RCR-enabled PDP context.
•
When a subscriber connects to an APN configured to support routing behind the mobile station (the network-behind-mobile access-point configuration command is configured), the Cisco GGSN sends an Access-Request to RADIUS and receives the framed-ip-route in return, as expected.
However, one of the framed routes is illegitimate according to the IANA IPv4 Address Space Registry. Once the invalid address is downloaded and installed, the same routing entry is added for every minute until the user disconnects the PDP. This occurs for only illegitimate subnets. Upon disconnecting the PDP, only one entry is deleted and the remaining entries remain present. This causes the memory consumption on the Cisco GGSN to continuously raise.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI caveats that are resolved with Cisco IOS Release 12.4(24)YE4.
•
A duplicate IP is seen in an active SAMI (card 1) when another SAMI (card 2) with the same configuration as card 1 is booting up even though no SVCLC (service line card) is configured for card 2.
When traffic is sent in card 1 when a duplicate IP is occurring, there might be an impact to traffic.
•
At high traffic loads, the Cisco SAMI might reload as a result of a failure of power convertor 0x5.
%OIR-SP-6-PWRFAILURE: Module 2 is being disabled due to power convertor failure 0x5 %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (FRU-power failed)•
Packets larger than 3072 bytes, which is the maximum supported packet size for the Cisco SAMI, are being forwarded to the Cisco SAMI PowerPCs (PPCs), causing the following error message to display:
%ETSEC-1-ERROR_INT_CAUSE IEVENT_BABRThis condition occurs when packets larger than 3072 bytes are forwarded to the Cisco SAMI.
Miscellaneous Resolved Caveat
This section lists an additional miscellaneous caveat that is resolved in Cisco IOS Release 12.4(24)YE4:
•
Generic Attribute Registration (GARP) packet seen on peer device from unit under test (UUT) interface when the line protocol of the UUT interface is down.
Caveats - Cisco IOS Release 12.4(24)YE3e
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3e image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3e.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
High CPU usage occurs.
This condition occurs when a Terminal Access Controller Access-Control System (TACACS) server is configured with a single connection.
Workaround: Remove the single connection option.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3e.
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3e. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3e.
•
The Cisco GGSN gateway rejects PDP contexts because of the following error:
%GPRSFLTMG-0-GTPv1NORESOURCE: GSN: <IP Address>, TEID: <TEID#>, APN: <APN name>, MSISDN: <MSISDN>, Reason: 3, System failureThis condition occurs when the Network Behind the Mobile feature is configured under an APN as seen in bold in the following example configuration:
access-point XXXaccess-point-name YYYaccess-mode non-transparentip-address-pool radius-clientaggregate X.X.X.0 255.255.255.0vrf VRF-NAMEnetwork-behind-mobileredirect all ip <IP>dns primary <IP> secondary <IP>Additionally, stale routes under the Traffic and Control Plane processors (TCOPs) display when the execute-on all show ip route vrf command is executed.
•
The IP address pools on the active GGSN and the standby GGSN are not in sync.
This condition is seen when the show ip local pool command is issued on both the standby and active gateway.
This is a counter issue on the PCOP because with Cisco GGSN Release 10 and later, IP address allocation occurs on the Traffic and Control Plane processors (TCOPs).
•
The Cisco GGSN crashes while freeing a PDP context.
This condition occurs when a newly active GGN receives a create on create PDP context request.
•
The Cisco GGSN crashes when it receives an invalid APN AVP from a RADIUS server.
This condition occurs when the APN name does not exist in APN list configured on the GGSN or when an APN AVP with an invalid length, etc., is received.
•
The show gprs gtp statistics command and show gprs access-point statistics all command do not contain the number of update PDP context requests received.
This is not a condition and is observed in prior releases of GGSN as well.
For more information, see the "New Implementations and Behavior Changes in Cisco IOS Release 12.4(24)YE3e" section.
Cisco SAMI Resolved Caveat
There are no newly resolved Cisco SAMI caveats with Cisco IOS Release 12.4(24)YE3e.
Miscellaneous Resolved Caveats
This section lists the miscellaneous caveats resolved with Cisco IOS Release 12.4(24)YE3e.
•
The Cisco SAMI crashes when the no ip csg iscsi profile command is issued.
•
The following error message displays, followed by a traceback:
%IFS-3-FSMAX: Failed to add sda4, maximum filesystems 64This condition occurs when an operator configures ip csg iscsi profile FAS-POZ-A format and then unconfigures the format using the no form of the command.
Caveats - Cisco IOS Release 12.4(24)YE3d
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3d image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3d.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3d.
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE3d.
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3d. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3d.
•
For PPP-Regen users, the Time to Live (TTL) value of the IP packet in the downstream direction (from L2TP network server [LNS] to mobile subscriber [MS]), is decremented by 1, whereas in the upstream direction (from MS to LNS server), the TTL value is not decremented.
This condition occurs only for PPP-Regen users.
•
Input errors are seen on Cisco GGSN Traffic and Control Plane processors (TCOPs) with specific traffic patterns and signaling.
This condition occurs when the idle timeout value is configured to a low value (300 seconds). When the idle timeout value is configured to a higher value (for example, 3600 or 7200 seconds), the input errors are not seen.
•
The Cisco GGSN Proxy Control Processor (PCOP) might drop RADIUS packets that are encapsulated over GRE tunnel and sent to the GGSN.
This issue applies to any RADIUS packet that is encapsulated over a GRE tunnel, with or without VPN Routing and Forwarding (VRF).
•
The Cisco GGSN might potentially reload at "gprs_ipfib_validate_addrs()."
This condition is possibly created by a race condition in the application code. Typically, the condition might happen during user handoff (from one SGSN to another) and for that same user upstream user data packets with the wrong MN IP address are received.
•
The history displayed by using the show gprs throughput history command is not synced with the Proxy Control Processor (PCOP) at the interval configured with the gprs throughput intervals command. Therefore, the PCOP does not show the aggregated value for the interval.
•
The "InUse" counter is set in the show ip local pool command output on the Proxy Control Processor (PCOP) even when there are zero (0) PDP contexts.
This condition is seen when a burst of PDP deletions occurs or a session flap at 1500 cps.
•
The Cisco GGSN does not accept fragmented RADIUS responses (Access-Accept) encapsulated over general encapsulated tunnel (GRE) tunnel. The fragment re-assembly timeout increments during the re-assembly of the packet in the Traffic and Control Plane processor (TCOP) when the first fragment reaches the TCOP, but the trailing fragment goes to the Proxy Control Processor (PCOP) and hence, the Radius response is dropped.
•
Data traffic over general encapsulated (GRE) tunnels with packet sizes larger the 1476 bytes are not switched through GGSN.
This condition occurs when the GRE tunnel endpoint on the Gi (PDN side) is configured with a value greater than 1476 bytes, which leads to the fragmentation of IP/GRE when a data packet is larger than 1476 bytes.
Cisco SAMI Resolved Caveat
There are no newly resolved Cisco SAMI caveats with Cisco IOS Release 12.4(24)YE3d.
Miscellaneous Resolved Caveats
This section lists the miscellaneous caveats that are resolved with Cisco IOS Release 12.4(24)YE3d.
•
Interface counters on line cards might show incorrect packet input statistics in the show interface command output.
This condition occurs when the "CEF LC IPC Backg" process causes the line card CPU to exceed 90%. This is seen when an unstable network causes excessive Cisco Express Forwarding (CEF) updates.
•
Gateway might reload while handling a Virtual Private Dialup Network (VPDN) call due to invalid memory reference.
•
Cisco IOS Software contains four vulnerabilities related to Cisco IOS Zone-Based Firewall features. These vulnerabilities are as follows:
–
–
–
–
Workarounds that mitigate these vulnerabilities are not available.
Cisco has released free software updates that address these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw
•
A vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation of Cisco IOS Software and Cisco IOS XE Software could allow a remote, unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp
•
The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition.
The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability.
Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ssh
•
A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device.
Products that are not running Cisco IOS Software are not vulnerable.
Cisco has released free software updates that address these vulnerabilities.
The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai
•
The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability.
Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ike
Caveats - Cisco IOS Release 12.4(24)YE3c
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3c image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3c.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3c.
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE3c.
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3c. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3c.
•
In an enhanced GGSN (eGGSN) implementation, which is the Cisco GGSN and Cisco CSG2 configured together to provide enhanced service-aware billing, the eGGSN is unable to establish PDPs for service-aware postpaid subscribers.
This condition occurs only with a service-aware postpaid eGGSN configuration with the Cisco IOS Release 12.4(24)YE3b image.
•
The Cisco GGSN drops a create PDP context request when the source IP address of the create PDP context request is different from the GPRS support node (GSN) IP address in the GTP header.
This condition occurs only with Cisco IOS Release 12.4(24)YE3a and later when the source IP address of the create PDP context request is different from the GSN IP address.
•
In a redundant implementation, the following traceback appears on the active GGSN for a brief period of time during the bootup.
%IDMGR-3-INVALID_ID: bad id in id_delete (id: 0xD0D0D0C),This condition occurs only in a redundant implementation when the redundancy state of a GGSN is not yet "ACTIVE." Once the GGSN state is "ACTIVE," the traceback stops displaying.
Cisco SAMI Resolved Caveat
This section lists a Cisco SAMI caveat that is resolved with Cisco IOS Release 12.4(24)YE3c.
•
A specific configuration sequence causes a configuration download/parse error on the SAMI.
The condition is logged as follows:
SAMI 1/3: Feb 18 09:27:43.779: %IPC-0-CFG_DOWNLOAD_ERROR: Configurationdownload/parse error: Failed to download config on one or more processors,traffic will get blocked -Process= "Init", ipl= 0, pid= 3If inter-device redundancy is configured, a peer SAMI might reload with the redundancy framework (RF)/Cisco IOS Hot Standby Routing Protocol (HSRP) state broken.
The following configuration sequence causes the configuration download/parse error:
a.
b.
c.
d.
After the reload, the SAMI receives the configuration download/parse error.
Miscellaneous Resolved Caveat
This section lists a miscellaneous resolved caveat that is resolved with Cisco IOS Release Cisco IOS Release 12.4(24)YE3c.
•
In a redundant implementation, a session is not synchronized to a standby unit if the MTU of the Gigabit0/0 interface of the active SAMI is set to1600 bytes. The router could also perform a redundancy framework (RF) self-reload.
Caveats - Cisco IOS Release 12.4(24)YE3b
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3b image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3b.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3b.
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE3b.
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3b. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3b.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
•
In an enhanced GGSN (eGGSN) scenario, in which the Cisco GGSN and Cisco CSG2 are implemented together to provide service-aware billing, if the Diameter Credit Control Application (DCCA) server does not send the Volume/Time threshold in the Volume-Quota-Threshold AVP and the Time-Quota-Threshold AVP in a Credit Control Answer (CCA) to the quota server interface on the Cisco GGSN, the Cisco GGSN continues to dictate a Volume/Time threshold of zero (0) to the Cisco CSG2 via GTP', as seen below:
Granted Quadrans Quadrans: 1843200Granted Quadrans Units: Bytes IPGranted Quadrans Flags: 0x03Granted Quadrans Threshold: 0The 0x03 flag indicates that this is a dictated and mandatory value to which the Cisco CSG2 must comply.
This condition occurs when the DCCA server does not send a Volume/Time threshold value to the Cisco GGSN quota server interface. The Cisco GGSN sends a Volume/Time threshold value of zero to the Cisco CSG2 with a 0x3 flag. The 0x3 flag indicates that the value is valid.
•
High CPU on the Cisco SAMI Traffic and Control Plane processors (TCOPs) in the GTP management process prevent create PDP context requests from being answered.
This condition occurs with non-transparent APNs.
•
When a non existent or failed Diameter server is configured on the Cisco GGSN, it might exhaust all available sockets for Diameter communication.
•
A high CPU in the GTP management process occurs, with "No Resource Pending" signal messages.
This condition occurs when RADIUS cannot be reached or the connection is flapping. The PDPs that are waiting for a RADIUS response are marked for deletion.
•
The Cisco GGSN might erroneously detect a serving GPRS support node (SGSN) path restart, even though there is no Recovery information element (IE) change in any of the PDP requests.
This condition might occur when a subscriber is trying to connect from one SGSN and immediately moves to another SGSN and sends a create PDP context request.
•
The Cisco GGSN might reload at PC gprs_red_unpack_pdpcb(). This condition might be triggered by the availability of secondary PDP sessions on the GGSN.
•
A GTPv0 create request over an existing GTPv1 PDP causes a high CPU.
This condition occurs only when the existing GTPv1 PDP is waiting for the completion of an update request and then a GTPv0 create is initiated.
(CSCtr31369 and CSCtr30916 fix the symptom and free the CPU by dropping the new GTPv0 create request.)
•
A GTPv0 create request over an existing GTPv1 PDP causes a high CPU.
This condition occurs only when the existing GTPv1 PDP is waiting for the completion of an update request and then a GTPv0 create is initiated.
(CSCtr31369 and CSCtr30916 fix the symptom and free the CPU by dropping the new GTPv0 create request.)
•
The Cisco GGSN might arrive in a situation in which the CPU on certain Traffic and Control Plane processors (TCOPs) reaches almost 100%. When this condition occurs, stuck PDP sessions are also seen on the affected TCOPs.
This condition causes subscribers to experience problems in the GTP control path (for example, setting up PDP sessions) and in the data path (for example, sending data through the PDP session). This condition typically occurs in a service-aware implementation and appears to begin when the GGSN assumes a path restart has occurred, which indicates that the SGSN is restarting, when in fact, that is not the case.
•
Under stress conditions, PDP sessions become stuck in a "Pending" state and they are unable to connect. This condition occurs with an enhanced GGSN (eGGSN) service-aware implementation.
•
When path deletion is triggered by a new recovery information element (IE) value, the GGSN does not support the creation of new PDPs until the path is completely deleted.
This condition worsens when there is a stuck PDP in the path being deleted, the GGSN does not allow the creation of any PDPs until the old path is deleted, and the path cannot be deleted because of the stuck PDP. This situation is called a "deadlock."
•
In a redundant implementation, the active GGSN crashes when trying to free the Checkpoint-Facility (CF) buffer when a PDP is being deleted.
•
The Cisco GGSN always sends the default Dynamic Feedback Protocol (DFP) weight of 8 to the Cisco IOS SLB on the supervisor regardless of the weight dynamically reported by the individual Traffic and Control Plane processors (TCOPs).
•
The Cisco GGSN load balancer state becomes stuck in a DFP_THROTTLED state when the maximum number of PDPs are created, and it is unable to exit from this state when the number of PDPs decreases. This condition occurs when GGSN is reporting dynamic weights to a Dynamic Feedback Protocol (DFP) manager like GTP SLB.
•
The GGSN does not create PDPs even when there is sufficient IP address space. The RefCount in the International Mobile Subscriber Identity (IMSI) sticky database is negative one (-1).
GGSN#show sami sm imsiIMSI: 214350000000001, Permanent: NO, Location: 7MSISDN: 9121436506000000F100 Length:9RefCount:-1, version:1, SeqNum:2, NSAPI_MAP:0000IMSI: 214350000000002, Permanent: NO, Location: 4MSISDN: 9121436506000000F200 Length:9RefCount:-1, version:1, SeqNum:2, NSAPI_MAP:0000This condition occurs with a single IP architecture (Proxy Control Processor [PCOP] and Traffic and Control Plane processors [TCOP]) when all the IP addresses in a TCOP are "In Use" and the TCOP attempts a reassignment. The PCOP fails to reassign the session because of the RefCount -1.
•
The GGSN retransmits a lot of RADIUS Accounting Start requests for postpaid subscribers. The current behavior is as follows:
a.
b.
c.
d.
e.
In this scenario, the GGSN relies on the RADIUS timeout and the signaling impacts the network.
The desired behavior is for the GGSN to not retransmit the RADIUS Accounting Start request after receiving a CoA with Auth_failed but instead send a Create PDP Context Deny.
This condition occurs with postpaid subscribers, whom are not allowed to use the Gx PCRF.
•
The following syslog message appears intermittently on the GGSN:
GPRSFLTMG-4-CHARGING: GSN: 0.0.0.0, TID: 0000000000000000, APN: NULL, Reason: 13, Trying to close a NULL cdr_entryThis condition occurs even when the charging function is not configured.
•
There is a mismatch of the local IP address pool "In Use" count between the Proxy Control Processor (PCOP) and Traffic and Control Plane processors (TCOP). This occurs because some of the IP address in the PCOP are not freed even though the PDP context is cleared.
For example:
GGSN#show gprs gtp statusGPRS GTP Status:activated gtpv0 pdp 0activated gtpv1 pdp 0activated ms 0activated ipv6 ms 0activated gtpv0 v6 pdp 0activated gtpv1 v6 pdp 0activated ppp regen pdp 0activated ppp pdp 0gtp's va hwidbs 0gtp's va swidbs 0gtp ipv6 swidbs 0gtp direct tunnel PDPs 0Service-aware Status:Prepaid PDPs 0Postpaid PDPs 0IST-GGSN-07#sh ip loIST-GGSN-07#sh ip local pooIST-GGSN-07#sh ip local poolPool Begin End Free In use Blocked** pool <internet> is in group <internet>internet 178.241.128.0 178.241.255.255 32744 24 0188.57.192.0 188.57.255.255 16373 11 0188.58.96.1 188.58.127.255 8184 7 031.142.96.0 31.142.127.255 8188 4 0** pool <wap> is in group <wap>wap 10.51.0.1 10.51.254.255 64798 481 0** pool <mgb> is in group <mgb>mgb 188.59.176.1 188.59.191.255 4095 0 0** pool <streaming> is in group <streaming>streaming 10.52.80.1 10.52.87.255 2044 3 0** pool <test15> is in group <test15>test15 31.142.96.0 31.142.127.255 8192 0 0•
While PDPs are being created, the following traceback might display:
%IDMGR-3-INVALID_ID: bad id in id_delete (id: 0xD0D0D0C), -Traceback= 0x460E1CC4z 0x442FA37Cz 0x442DFB94z 0x442D2A28z 0x442D35ECz 0x45943804z 0x45946EE4zThis traceback might could display during a rare condition in which several hundred PDPs are opened at high rate.
•
Sometimes, the tunnel identifier (TID) value in a GTPv0 create PDP context response is corrupt.
This condition occurs with roaming subscribers.
Cisco SAMI Resolved Caveat
This section lists a Cisco SAMI caveat that is resolved with Cisco IOS Release 12.4(24)YE3b.
•
When performing a write memory or copying a file to the bootflash of a PowerPC (PPC), the Cisco SAMI drops a few packets.
Miscellaneous Resolved Caveat
This section lists a miscellaneous resolved caveat that is resolved with Cisco IOS Release Cisco IOS Release 12.4(24)YE3b.
•
The Cisco SAMI application could crash as a result of a memory corruption or accessing an invalid address. The logs from the crashinfo show that the PCRF sent Diameter protocol errors.
Caveats - Cisco IOS Release 12.4(24)YE3a
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3a image:
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3a.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
•
When the Diameter Credit Control Application (DCCA) server is down, and the Credit-Control-Fault-Handling (CCFH) action is set to default (terminate), PDP sessions are being converted to postpaid sessions instead of being terminated.
Workaround: There is currently no known workaround.
•
In an enhanced GGSN (eGGSN) scenario, in which the Cisco GGSN and Cisco CSG2 are implemented together to provide service-aware billing, if the Diameter Credit Control Application (DCCA) server does not send the Volume/Time threshold in the Volume-Quota-Threshold AVP and the Time-Quota-Threshold AVP in a Credit Control Answer (CCA) to the quota server interface on the Cisco GGSN, the Cisco GGSN continues to dictate a Volume/Time threshold of zero (0) to the Cisco CSG2 via GTP', as seen below:
Granted Quadrans Quadrans: 1843200Granted Quadrans Units: Bytes IPGranted Quadrans Flags: 0x03Granted Quadrans Threshold: 0The 0x03 flag indicates that this is a dictated and mandatory value to which the Cisco CSG2 must comply.
This condition occurs when the DCCA server does not send a Volume/Time threshold value to the Cisco GGSN quota server interface. The Cisco GGSN sends a Volume/Time threshold value of zero to the Cisco CSG2 with a 0x3 flag. The 0x3 flag indicates that the value is valid.
Workaround: There is no known workaround.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3a.
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE3a.
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3a. Only severity 1 and 2 caveats and select severity 3 caveats are listed.
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3a.
•
Some of the Cisco SAMI Traffic and Control Plane processors (TCOPs) are move to a MAXCONNS state and the number of connections reach the maximum value even though the actual number of sessions in a TCOPs are few as is displayed by the show ip slb real command:
sami-7#show ip slb realreal server farm weight state conns-------------------------------------------------------------------127.0.0.94 CISCO-LB-SFAR 3 OPERATIONAL 0127.0.0.95 CISCO-LB-SFAR 3 MAXCONNS 4294967295127.0.0.96 CISCO-LB-SFAR 3 MAXCONNS 0127.0.0.97 CISCO-LB-SFAR 3 MAXCONNS 0127.0.0.98 CISCO-LB-SFAR 3 MAXCONNS 0sami-7#This condition occurs with the Single IP architecture.
•
The show gprs charging status access-point access-point-index command output displays negative values for the following fields:
–
–
–
–
This condition occurs when the primary and secondary charging gateway or storage device is unreachable, and more PDP contexts are closed and opened, causing the closed buffered CDRs value to peak to a higher value.
•
An R99 charging status mismatch with the status under the APN occurs. The discrepancy is viewable by using the show gprs charging status command and the show gprs charging status access-point command.
This condition occurs when one session with multiple CDRs exists.
•
When handoffs from GTPv1 to GTPv0 occur for a large number of PDP contexts, and then all of the GTPv0 PDP contexts are deleted, an unexpected error "real->num_conns-with real = 0 in rr_real_conn_remove" and tracebacks occur.
•
In a Cisco GGSN/PGW with a Cisco CSG2 implementation, the quota server interface goes down in few of the Cisco SAMI PowerPCs (PPCs) after a reload occurs.
This condition occurs only after the Cisco GGSN/PGW is reloaded and the Cisco CSG2 is not.
•
The Cisco GGSN address allocation fails when a PDP session is being reassigned.
This condition occurs when a PDP session is being reassigned from one Cisco SAMI Traffic and Control Plane Processor (TCOP) to another. The reason for the reassignment could be that the TCOP does not have a free IP address to allocate to the PDP, so the PDP is reassigned to a TCOP that has a free IP address.
•
In the Cisco GGSN Cisco IOS 12.4(24)YE3 image, the syntax of the redirect all ip command changed to redirect all.
Although the new syntax is accepted, in the running configuration, the command syntax is redirect all ip. Therefore, after a reload, the command is rejected.
•
The number of connections to TCOPs shows the maximum connection value when in fact, only a limited number of sessions actually exist.
•
The following message continuously displays when CPU utilization is over 90 percent.
GPRSFLTMG-0-GTPv1NORESOURCE "Number of pending signalling messages reaches limit"
This condition occurs on the active GGSN when it receives a changed restart counter from an SGSN post switchover
•
RADIUS controlled redirection RCR is not enabled when using a value like "gprs:url-redirect."
This condition occurs when you configure a domain name as "gprs:url-redirect" in a RADIUS profile. The GGSN is unable to create an RCR-enabled PDP context.
•
When a subscriber connects to an APN configured to support routing behind the mobile station (the network-behind-mobile access-point configuration command is configured), the Cisco GGSN sends an Access-Request to RADIUS and receives the framed-ip-route in return, as expected.
However, one of the framed routes is illegitimate according to the IANA IPv4 Address Space Registry. Once the invalid address is downloaded and installed, the same routing entry is added for every minute until the user disconnects the PDP. This occurs for only illegitimate subnets. Upon disconnecting the PDP, only one entry is deleted and the remaining entries remain present. This causes the memory consumption on the Cisco GGSN to continuously raise.
•
When the Cisco GGSN receives a changed recovery information element (IE), it restarts the path, thereby deleting the existing PDP contexts on the path and creating new PDP contexts for requests that have arrived with an updated recovery IE.
When this delete and create message information is synchronized to the standby GGSN, the Proxy Control Processor (PCOP) of the standby GGSN might send a negative response for an International Mobile Subscriber Identity (IMSI) create message from a Traffic and Control Plane processor (TCOP), especially when the path that is restarting has higher number of sessions (60k+).
The negative response sent by the PCOP enables the TCOP on standby to retry the IMSI create. In the retry path, a startover start of timer is performed instead of restart start. This causes the serv timer links to become corrupt, which leads to the standby GGSN crashing.
•
With the single IP architecture, when a local IP address pool contains just a few IP addresses (for example, less than 10), the block count on the Cisco SAMI Proxy Control Processor (PCOP) increments (viewable using the show ip local pool privileged EXEC command) even though there are some addresses available in the pool.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI caveat that is resolved with Cisco IOS Release 12.4(24)YE3a.
•
When one of the Cisco SAMI daughter cards has a sudden hardware failure during run time, such as a reset circuitry failure, the control processor fails to detect the failure and assumes that the system is UP. The supervisor engine continues to display the Cisco SAMI status as OK. The standby unit remains unaware of the active failure, and fails to switch over until the keepalive timeout occurs. This condition results in total outage for minutes until the standby takes over. Under these conditions, the hardware and software watchdogs also fail to act.
•
When the Lawful Intercept feature is used, a Safeblk memory leak occurs, which depletes the Safeblk memory.
•
A duplicate IP is seen in an active SAMI (card 1) when another SAMI (card 2) with the same configuration as card 1 is booting up even though no SVCLC (service line card) is configured for card 2.
When traffic is sent in card 1 when a duplicate IP is occurring, there might be an impact to traffic.
•
At high traffic loads, the Cisco SAMI might reload as a result of a failure of power convertor 0x5.
%OIR-SP-6-PWRFAILURE: Module 2 is being disabled due to power convertor failure 0x5
%C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (FRU-power failed)•
Packets larger than 3072 bytes, which is the maximum supported packet size for the Cisco SAMI, are being forwarded to the Cisco SAMI PowerPCs (PPCs), causing the following error message to display:
%ETSEC-1-ERROR_INT_CAUSE IEVENT_BABR
This condition occurs when packets larger than 3072 bytes are forwarded to the Cisco SAMI.
Miscellaneous Resolved Caveats
This section lists the miscellaneous resolved caveat that is resolved with Cisco IOS Release Cisco IOS Release 12.4(24)YE3a.
•
Generic Attribute Registration (GARP) packet seen on peer device from unit under test (UUT) interface when the line protocol of the UUT interface is down.
Caveats - Cisco IOS Release 12.4(24)YE3
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.1, Cisco IOS Release 12.4(24)YE3 image:
•
•
Open Caveats
Note
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE3:
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The normal burst size in bytes (BC) and excess burst size in bytes (BE) is used for policy PDPs even when BC and BE values are configured under the policy-map.
This condition occurs on any policy PDP and does not cause a serious result, but rather confusion on why the user configuration does not work. If a user has enough space for a larger token bucket, this condition can effect the user's ability to optimize system performance.
Workaround: There is currently no known workaround.
•
When the RADIUS Controlled Redirection feature is enabled, when a prepaid subscriber is converted to a postpaid subscriber, the conversion is not synchronized to the standby GGSN. In the standby GGSN, the subscriber continues to be a postpaid user only.
This condition occurs only when RADIUS Controlled Redirection is enabled when running Cisco IOS Release 12.4(24)YE3.
Workaround: Disable the RADIUS Controlled Redirection feature.
Cisco SAMI Open Caveats
This section lists the Cisco SAMI caveats that are open with Cisco IOS Release 12.4(24)YE3:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available as follows:
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]•
During a redundancy switchover initiated from a command line interface by using the redundancy switch-activity force command, debug information is written in all of the Cisco SAMI processors and collected in the LCP core: like with an RF-induced reload.
Workaround: There is currently no known workaround.
•
A duplicate IP is seen in an active SAMI (card 1) when another SAMI (card 2) with the same configuration as card 1 is booting up even though no SVCLC (service line card) is configured for card 2.
When traffic is sent in card 1 when a duplicate IP is occurring, there might be an impact to traffic.
Workaround: There is currently no known workaround. Do not bring up a SAMI with the same configuration as an existing SAMI while that card is up and active.
Miscellaneous Open Caveats
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE3:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE3. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
Cisco GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE3.
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
•
The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of the following protocols:
–
–
–
All the vulnerabilities described in this document are caused by packets in transit on the affected devices when those packets require application layer translation.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
•
GTPv0 PDPs are hanging. This condition occurs when the Cisco GGSN is running Cisco IOS Software Release 12.4(22)YE4 and later and is specific to GTPv0 when an SGSN sends a create request for an already existing PDP associated with a virtual APN.
•
When adding an application configuration on a Cisco SAMI, the following error message occurs:
%IPC-4-CFG_SYNC_ERROR: Configuration Sync error: rollback failed, cmd = no exit-address-family -Process= "config rollback", ipl= 0, pid= 172
•
When a subscriber attempts to configure a multiline banner message, the session or console prompt goes into an "unknown mode" state and cannot recover.
This condition is not seen with preexisting multiline banner messages, but only when one is configured at the prompt.
•
When a subscriber starts in a generic radio access network (GRAN) or GSN EDGE Radio Access Network (GERAN), the QoS is either 128 or 472, depending on if the Edge is available or not in GERAN. Then, if the subscriber moves to a location where customer has Universal Terrestrial Radio Access Network (UTRAN) coverage, the SGSN sends the new QoS parameters to the GGSN, but policing is still done on the QoS parameters from the Create PDP Request. All updates appear to be discarded.
•
A traffic leak occurs between the Cisco SAMI and the supervisor engine module even if the svclc commands have been removed.
This condition occurs when an operator installs a new Cisco SAMI, removes the svclc module command from the existing Cisco SAMI, and configures the new module exactly like the old one.
•
The Cisco GGSN running Cisco IOS Software Release 12.4(24)YE1 and later reloads, and the PC of the reload points to serv_tmr_service_chain routine.
This condition occurs under rare circumstances while the Cisco GGSN is experiencing high traffic conditions.
•
An AAA access-request returns with an internal error, and on the Cisco GGSN the following unconditional bug information is printed: "AAA had an unexpected return."
This condition occurs when an access-request is sent to the AAA server during periods of stress conditions on the client process and a failure to build the RADIUS packet occurs.
•
The cHsrpExtIfTrackedIpNone object is not fetching when trying to get cHsrpExtIfStandbyTable objects. This condition is seen when the standby [group-number] track interface-type interface-number [interface-priority] command is not configured.
•
The weight of Diameter Credit Control Application (DCCA) profile under the charging profile can't be configured through SNMP. By default, the weight is 1.
This condition exists when the DCCA profile is configured under a charging profile using SNMP.
•
With Cisco GGSN Release 10.0, when the Diameter peer goes down, an SNMP trap appears to not be sent.
•
A PDP is not created with a duplicate create PDP context request for local pools.
This condition occurs when the duplicate PDP is created with the recycle delay configured and there are no addresses present in the Traffic and Control Plane processors (TCOP) to serve the request.
•
The downstream traffic volume in GGSN CDRs stays at 0. This condition occurs when an MS has sent or received more than 4 GB of data.
Cisco SAMI Resolved Caveats
This section lists the Cisco SAMI caveat that is resolved with Cisco IOS Release 12.4(24)YE3.
•
The iSCSI classified name does not conform to the iSCSI specification. It contains invalid characters.
Caveats - Cisco IOS Release 12.4(24)YE2
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE2 image:
•
•
•
Open Caveats
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE2:
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic commands.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with Cisco Express Forwarding (CEF) enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The cHsrpExtIfTrackedIpNone object is not fetching when trying to get cHsrpExtIfStandbyTable objects. This condition is seen when the standby [group-number] track interface-type interface-number [interface-priority] command is not configured.
Workaround: Ensure that the standby [group-number] track interface-type interface-number [interface-priority] command and the standby [group-number] ip none command are configured before querying the cHsrpExtIfTrackedIpNone object.
•
The weight of Diameter Credit Control Application (DCCA) profile under the charging profile cannot be configured through SNMP. By default, the weight is 1.
This condition exists when the DCCA profile is configured under a charging profile using SNMP.
•
With Cisco GGSN Release 10.0, when the Diameter peer goes down, an SNMP trap appears to not be sent.
Workaround: There is currently no known workaround.
•
A PDP is not created with a duplicate create PDP context request for local pools.
This condition occurs when the duplicate PDP is created with the recycle delay configured and there are no addresses present in the Traffic and Control Plane processors (TCOP) to serve the request.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveat
This section lists the Cisco SAMI caveat that is open with Cisco IOS Release 12.4(24)YE2:
•
The Cisco SAMI running the Cisco GGSN Release 10.0 single IP image generates 0 byte crashinfo files on the core: of the Line Control Processor (LCP) when there is no space available on the core.
This condition occurs only when there is not enough space in the core:
Workaround: Delete the core: files and ensure enough space is available.
sup#delete sami#7-fs:core/*.*Delete filename [core/*.*]?Delete sami#7-fs:core/crashinfo_collection-20100923-175329.tar? [confirm]Miscellaneous Open Caveat
This section lists an additional miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE2:
•
The Internet Small Computer System Interface (iSCSI) connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is at approximately 70%, and 50k PDPs exist with downstream traffic flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE2. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
•
GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE2.
•
The Cisco GGSN running a Cisco GGSN Release 9.0 image encounters a CPU spike on the SNMP-ENGINE process when an snmpwalk is made over ciscoGprsAccPtMIB. This condition occurs when querying ciscoGprsAccPtMIB when there are existing PDPs.
•
When IP address allocation is configured using local pools, sometimes the active-standby GGSN pairs are out of sync. Once this condition occurs, the standby does not following the active GGSN.
This condition occurs when the ip local pool command is configured with the group keyword option specified (for example ip local pool mypool 1.1.1.1 1.1.1.255 group mygroup).
•
The Cisco GGSN prints the following bug information when there is no debug enabled:
gtp_udp_unreachable: path found <mem address>This condition occurs when the GGSN receives an ICMP UNREACHABLE message for the GTP path destination. It prints the above debug even without any debug enabled.
This debug information is rarely displayed because the ICMP UNREACHABLE is a rare scenario for an existing path.
•
The Cisco GGSN R10 single ip image displays the following message:
DUP_IPv4ADDR_IN_IXP_PDPACTIVATIONFAILThis condition exists when the following events occur:
–
–
–
•
When an access control list (ACL) with Layer 4 (L4) information is configured to permit packets with specific L4 information (for example, port range, etc.), the non-initial fragments are dropped. This behavior is dependent on the complete ACL lines. Equivalent undesired behavior might be observed when the ACL is for deny.
This condition occurs with an ACL with L4 information configured under an APN, and incoming packets (upstream or downstream) have IP fragmentation. With upstream packets, this problem occurs when the inner packets are fragments and the out (GTP) packets are complete.
•
The synchronization of PDPs on the GGSN fails, which leads to a high CPU.
•
The standby GGSN has less PDP contexts than the active GGSN.
This condition occurs when IP addresses are assigned from a local pool, and the total number of allocated addresses exceeds 5/6th of the total number of addresses available.
•
A buffer leak occurs due to an error indication in the Cisco GGSN.
•
The connection to the quota server is flapping on the Cisco CSG2 when implemented in an eGGSN solution. This condition occurs when the Cisco GGSN is running Cisco IOS Release 12.4(15)XQ5 or later.
•
The A-flag is not set in the Cisco GGSN IPv6 router advertisement.
This condition occurs when the virtual-template on the GGSN is configured with the ipv6 nd prefix default infinite infinite off-link command.
Cisco SAMI Resolved Caveats
This section lists Cisco SAMI caveats that are resolved with Cisco IOS Release 12.4(24)YE2.
•
The Cisco SAMI reloads with an "HM failure" or "RF induced reload" error message.
This condition occurs when fragmented packets are received by the Cisco SAMI running a Cisco IOS Release 12.4(24)YE1 image.
•
The Cisco SAMI LCP crashes and reloads while attempting to collect core dump information. This condition occurs only when the IXP network processor is hung.
•
The Cisco SAMI reloads with an HM failure.
•
The Cisco SAMI crashes when fragmented packets, which do not belong to a valid session, hit a condition that causes the fragments to be dropped.
•
The Cisco SAMI reloads with an "RF induced reload" error message with a traceback.
This condition occurs when a momentary communication breakdown between two redundantly configured Cisco SAMIs, leading the SAMIs to active, and causing a reload of one the Cisco SAMIs.
•
A core file is not written when the following configuration exists, and a PPC crashes:
exception core-file abhv/core_4gb compress timestampexception dump 10.153.144.25The following logs are seen:
writing crashinfo to bootflash:crashinfo_proc3_20100702-105423writing compressed tftp://10.153.144.25/abhv/core_4gb_proc3_20100702-105423.ZSAMI 2/3: Jul 2 10:54:23.027: %SYS-2-EXCEPTIONDUMP: System Crashed, Writing Core......... [Failed]writing compressed tftp://10.153.144.25/abhv/core_4gbiomem_proc3_20100702-105423.Z%Error opening tftp://10.153.144.25/abhv/core_4gb_proc3_20100702-105423.Z (Timed out)..... [Failed]%Error opening tftp://10.153.144.25/abhv/core_4gbiomem_proc3_20100702-105423.Z (Timed out)A general write core command issued from the command line interface is successful.
•
In a redundant Cisco SAMI configuration, the "RF induced reload" error message and a traceback display on the supervisor engine when the Cisco SAMI is reloaded or reset.
•
When two Cisco SAMIs are configured as an active standby pairs running Cisco IOS Release 12.4(24)YE1, any unexpected reload of one of the processors in the standby SAMI can cause the active SAMI to reload because of an RF induced self-reload.
This condition occurs if the HSRP priority of the standby SAMI is greater than the priority of the active SAMI, either because of explicit configuration or based on the IP address of the active and standby SAMIs.
Miscellaneous Resolved Caveats
This section lists miscellaneous caveats that are resolved in Cisco IOS Release 12.4(24)YE2.
•
Console might hang when the TACACS+ server is being used as an AAA server and the single connection option is configured.
•
When using the Cisco RSP720, the show module command output shows the software version as the firmware version for the Cisco SAMI.
This condition occurs when the RSP720 is a part of a redundant implementation and a switchover is forced.
•
In a virtual private dialup network (VPDN)/Layer 2 Tunneling Protocol (L2TP) configuration, the Cisco GGSN might encounter a fatal error. This error might occur in very rare conditions when the physical connectivity on interface to the L2TP network server (LNS) is lost while there are active sessions and traffic.
Unreproducible and Closed Caveats
This section lists caveats that have been closed or not reproduced in Cisco IOS Release 12.4(24)YE2.
•
The Cisco SAMI resets after the PPCs display an IXP network processor health monitoring failure. This failure message is also present in the collected crash information. On very rare occasions, this issue might occur when thousands of sessions are initiated per second by network behind mobile subscriber (NBMS) users.
Caveats - Cisco IOS Release 12.4(24)YE1
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE1 image:
•
•
•
Open Caveats
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE1:
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic commands.
•
The Cisco GGSN drops the downstream traffic sent over IPv6 PDP with CEF enabled.
This condition occurs only with downstream traffic. Upstream traffic is switched correctly.
Workaround: There is currently no known workaround.
•
The Cisco SAMI resets after the PPCs display an IXP network processor health monitoring failure. This failure message is also present in the collected crash information. On very rare occasions, this issue might occur when thousands of sessions are initiated per second by network behind mobile subscriber (NBMS) users.
Workaround: There is currently no known workaround.
•
The iSCSI connection to the iSCSI target is timed out and terminated when the CPU usage is high, and the disk is not in a usable state even after the TCP connection is re-established.
This condition occurs when the CPU usage is approximately 70%, and 50k PDPs and downstream traffic is flowing through all the PDPs on the Cisco GGSN.
This issue occurs with EMC and Linux iSCSI targets.
Workaround: Unconfigure the gprs iscsi command and then reconfigure the command.
•
The cHsrpExtIfTrackedIpNone object is not fetching when trying to get cHsrpExtIfStandbyTable objects. This condition is seen when the standby [group-number] track interface-type interface-number [interface-priority] command is not configured.
Workaround: Ensure that the standby [group-number] track interface-type interface-number [interface-priority] command and the standby [group-number] ip none command are configured before querying the cHsrpExtIfTrackedIpNone object.
•
When the Cisco GGSN receives a Delete PDP Context request from SGSN and tears down its Layer 2 Tunneling Protocol (L2TP) tunnel to the LNS, the L2TP Call-Disconnect-Notify (CDN) packet sent from the GGSN contains the following Result-Error Code AVP:
Result-Error Code AVPResult code: 2 - Session disconnected for the reason indicated in Error CodeError code: 6 - A generic vendor-specific error occurredError Message: admin-reset/VPDN Admin Disconnect <<<<<The Error Message should be "user-requst" instead of "admin-reset".Workaround: There is currently no known workaround.
•
The weight of Diameter Credit Control Application (DCCA) profile under the charging profile can't be configured through SNMP. By default, the weight is 1.
This condition exists when the DCCA profile is configured under a charging profile using SNMP.
Workaround: There is currently no known workaround.
Cisco SAMI Open Caveats
There are no known caveats open in Cisco IOS Release 12.4(24)YE1.
Miscellaneous Open Caveat
This section lists the Miscellaneous caveat that is open in Cisco IOS Release 12.4(24)YE1.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: Manually delete the debug message entries by setting the cTap2DebugStatus object to 6 (destroy).
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE1. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
•
•
GGSN Resolved Caveats
This section lists GGSN caveats that are resolved in Cisco IOS Release 12.4(24)YE1.
•
GTP and access-point statistics are not sychronized to the standby GGSN. This issue is seen on the standby GGSN when the show gprs gtp statistics command and the show gprs access-point statistics command are executed.
•
A traceback is seen when the quota server interface is unconfigured. This condition occurs only when the enhance quota server interface is not enabled between the Cisco GGSN and Cisco CSG2.
•
The charging gateway is not able to decode a CDR correctly when the TrafficVolume data contains user location information. This condition occurs because the GGSN does not put the correct length for the userLocationInformation IE.
This condition occurs with Cisco GGSN Release 9.0 or later, when the PDP context contains user location information. Under these conditions, generated CDRs will have the decoding error.
•
The counters that display when framed routes are inserted are not incremented in the show gprs gtp statistics command output. This condition occurs when framed routes are inserted for network-behind mobile.
•
PDP contexts might become stale when the Cisco GGSN receives more than one change during the recovery of the same SGSN (for example, within the duration of 60 seconds).
This condition occurs when the SGSN reloads and the Cisco GGSN detects it has reloaded more than once in the last 60 seconds. Stale PDP contexts do not occur if the reloads of the SGSN are more than 60 seconds apart from one another. An SGSN reloading more than once in 60 seconds is an extremely rare condition.
•
Under very rare conditions, when in a high stress and load, the Cisco GGSN might end up with stale PDP contexts after the PDP idle timer expires or occurs in combination with delete PDP context requests. This condition occurs with service-aware or Policy Charging Control (PCC)-enabled PDPs where enhanced G-CDR (eG-CDR) generation is activated.
•
The counters displayed by the show gprs charging statistics command are not incremented for GTP PPP type PDP contexts. This condition occurs when the charging Release 99 is configured.
•
An iSCSI session with the EMC is not reestablished on the Cisco GGSN after a session timeout.
The condition occurs when the iSCSI connection drops because of a session timeout and a login retry is attempted.
•
When more than 200 RADIUS servers are configured, executing the show aaa server command on the Cisco SAMI Proxy Control Processor (PCOP) causes the Traffic and Control Plane processors (TCOPs) to crash.
•
The Cisco GGSN default behavior of dropping Transport Protocol Data Unit (T-PDUs) without a sequence number (s=0) was changed to allow T-PDUs without a sequence number. This new behavior applies to when the Cisco GGSN receives a T-PDU without a sequence number (s=0) in the GTPv1 header, and the reorder-required in the PDP is set to TRUE.
The [no] gprs gtp tpdu reorder-required sequence receive mandatory global configuration command has been added to enable the configuration of the Cisco GGSN behavior.
•
The Cisco GGSN sends CDRs even if the charging gateway sends the Xoff character in an echo request. This condition occurs with basic charging configuration.
•
When service-aware billing is enabled on the GGSN using the gprs service-aware command, Lawful Intercept does not work.
This condition occurs with only GTPv1 when the following configuration exists:
a.
b.
•
The Cisco GGSN writes extra data to the iSCSI target. This condition occurs when the GGSN has CDRS ready to be transmitted and when connectivity to the iSCSI target is restored after a failure.
•
Under high stress and load conditions (with 500 APNs and deleting PDP sessions approximately 2000 cps and above, which is equal to the rate at which the PDPs are created), the Cisco GGSN occupies the CPU at 99%, and a few sessions were unable to clear. These sessions were left as stale sessions on the GGSN. This condition impacts the serviceability to subscribers.
•
When the enhanced quota server interface between the GGSN and Cisco CSG2 is configured to enable the exchange of service control messages that enable the GGSN to generate enhanced G-CDRs (eG-CDRs) for service-aware prepaid GTP' users, a memory leak occurs on the standby GGSN. The memory leak eventually causes the standby GGSN to reload.
Related configuration commands on GGSN include the ggsn quota-server server-name service-msg command and the charging record type egcdr command.
The active GGSN is not impacted by this issue, except for some temporary additional processing required to synchronize state information from the active to the standby GGSN once the standby GGSN has completed reloading. In addition, the service-aware Gy/CLCI prepaid functionality and configuration on the GGSN is not impacted by this issue.
•
When the TCP connection between the Cisco GGSN and the charging gateway goes down due to network issues, the GGSN writes a syslog that indicates the receipt of "CORRUPTED BYTES" from the charging gateway. This syslog should be seen only when the GGSN receives unexpected data in the TCP stream and not for the error conditions mentioned above.
This condition occurs whenever the TCP connection between the GGSN and charging gateway goes down because of network issues.
•
A service-aware prepaid session fails due to an invalid Credit Control Record (CCR).
This condition occurs when the DCCA interface is not configured with the gprs dcca clci command or the gprs dcca 3gpp command, and the OCS server is based on a DCCA interface compatible with non VF-CLCI (the default in Cisco GGSN Release 8.0 and prior versions).
•
A Cisco GGSN fatal error occurs when a GTPv0 create PDP context request is received while a GTPv1 PDP creation is in progress for the same IMSI.
This condition occurs only when the GTPv1 PDP creation is in progress (waiting for a RADIUS or Diameter server response, etc.), and the SGSN falls back to GTPv0 and sends a GTPv0 create request for the same IMSI.
•
Large number of failed read requests occurring during iSCSI read operation. This condition occurs when the Cisco GGSN is sending an extra read request even though it has received an empty record in a previous read request.
•
The Cisco GGSN attempts to access a freed socket pointer for the TCP connection between the charging gateway and the GGSN when the TCP read attempt fails. This incorrect access of a freed pointer might cause memory corruption issues.
The condition occurs when freed memory access is done when the GGSN attempts to read from the TCP socket and the read fails due to incorrect data length.
•
A Cisco GGSN fatal error occurs after the GGSN transitions from standby to active.
This fatal error occurs under the following conditions:
1.
2.
3.
Cisco SAMI Resolved Caveat
This section lists the Cisco SAMI caveat that is resolved in Cisco IOS Release 12.4(24)YE1.
•
During a Health-Monitoring failure in SAMI, each processor writes more than one debuginfo. Some of the debuginfos are incomplete and there will be crashinfo written in the name of debuginfo.
Other Resolved Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(24)YE1.
•
Sporadic write failures are seen while writing to an iSCSI target. This issue is seen during a race condition when the files are created and deleted from the file system.
•
The ip radius source-interface command for Accounting-On/Off does not work if is configured under an AAA group.
•
When a single Open Shortest Path First (OSPF) process is removed, the Cisco GGSN passive-interface interface on-standby command is removed from all OSPF processes.
•
After the Cisco GGSN transitions from standby to active, the SNMP counters for the cgprsAccPtStatisticsEntry and cGgsnStatistics objects are incorrect. This condition is seen only after a transition from standby GGSN to active GGSN.
•
A fatal error might occur on the iSCSI IOS initiator during a SCSI command operation. The crash does not always occur, and it is due to a timing issue in the iSCSI infrastructure using NON-BLOCKING TCP write where the TCP is not able to send the packet immediately. In this scenario, the iSCSI infrastructure is not properly handling the callback from TCP.
This condition occurs when a Small Computer System Interface (SCSI) command is sent to an iSCSI target.
•
The aggregated U-routes present in the routing table are deleted, even when valid PDP contexts are present on a route.
This condition is seen only when there are more than 65535 PDP contexts corresponding to the same U-route (when single route aggregation is used for IP pools that have more than 65535 IP addresses).
•
The charging gateway status on the Traffic and Control Plane processors (TCOPs) go out of sync when one of the TCOPs receives a corrupted byte stream on the TCP connection between the GGSN and the charging gateway. While the charging gateway status is UNDEFINED in the TCOP that received the corrupted byte stream, the other TCOPs sill show its status as ACTIVE.
This condition is seen if one or more TCOPs receives a corrupted byte stream from the charging gateway and closes the TCP connection.
Unreproducible and Closed Caveats
This section lists caveats that have been closed or not reproduced in Cisco IOS Release 12.4(24)YE1.
•
After a "High congestion threshold" alert message related to Dynamic Feedback Protocol (DFP) occurred, and when a standby GGSN was moved to active (after executing a switchover) and data was sent across approximately 800K PDP contexts, a series of malloc failures and tracebacks occurred.
This behavior was observed only when the GGSN involved the DFP configuration, and the corresponding DFP configuration was not present on the supervisor.
•
Malloc failures occur when the Cisco GGSN hits low memory threshold, and the exec-all command from the Proxy Control Processor (PCOP) to the Traffic and Control Plane processors (TCOPs) fails because the TCOPs cannot execute the commands due to insufficient memory.
This condition occurs under rare and high stress conditions when there are approximately 800K PDP contexts and over one million CDR records accumulated in memory due to outage of all charging gateways.
•
When the charging path protocol set to UDP and the GTP n3 requests timer is set to 1 (instead of the default value of 5), charging gateways go down upon switchover to the standby GGSN and display as UNDEFINED in the show gprs charging parameters command output issued against active and standby charging gateways. The syslogs indicate that the charging path is going down on the new active GGSN because of echo request response failure.
This condition occurs when the values of the N3 requests and T3 retransmission timers are set to 1. Effectively, this setting provides only one second of network delay to be allowed by the Cisco GGSN for the echo response before it takes down the paths to the charging gateways. This condition does not occur if the values of the N3 requests and T3 retransmission timers are left at their default values (5 and 1 respectively), and are not manually configured to lower values. The default values allow a higher delay to be tolerated by the Cisco GGSN when receiving an echo request response.
•
The wrong AAA server statistics are returned when queried using SNMP. This issue is seen in Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE.
This condition occurs when the objects of the casStatisticsTable are queried using SNMP.
•
After the format command is run on a disk larger than 32 GB, the show command displays that only 4 Gbs are free on the device.
This condition occurs when formatting a disk that is larger than 32 Gb from Cisco IOS software.
•
The Cisco GGSN crashes when its interface to RADIUS is down, the SGSN restart triggers a create request with a restart counter, and the existing PDP context is deleted and a new PDP context is created.
Caveats - Cisco IOS Release 12.4(24)YE
This section contains the following types of caveats that apply to the Cisco GGSN Release 10.0, Cisco IOS Release 12.4(24)YE image:
•
•
Open Caveats
The following sections document possible unexpected behavior and describe only severity 1 and 2 caveats, and select severity 3 caveats.
•
•
•
Cisco GGSN Open Caveats
This section lists the GGSN-specific caveats that are open in Cisco IOS Release 12.4(24)YE:
•
The transmit counter is not updated in the output of the show vlans command for a Gn interface.
Workaround: For the correct data traffic counters, use the show interface, show gprs gtp statistics, or show ip traffic command for the correct data traffic counters.
•
After a reboot, traffic from the user data plane does not leave the Cisco GGSN any longer because no Address Resolution Protocol (ARP) entry exists on the GGSN for the default route (next hop, Cisco CSG2).
This condition occurs only when the redirect all ip command is configured when running new CEF code. The new CEF code introduces neighbor resolution optimization (enabled by default) which has issues with ARP packet handling.
Workaround: Disable the optimization by using the no ip cef optimize neighbor resolution command on the Cisco GGSN.
•
A traceback is seen when the quota server interface is unconfigured. This condition occurs only when the enhance quota server interface is not enabled between the Cisco GGSN and Cisco CSG2.
Workaround: Configure an enhanced quota server interface between the Cisco GGSN and Cisco CSG2 by specifying the service-msg keyword option when issuing the ggsn quota-server command.
•
After a "High congestion threshold" alert message related to Dynamic Feedback Protocol (DFP) occurred, and when a standby GGSN was moved to active (after executing a switchover) and data was sent across approximately 800K PDP contexts, a series of malloc failures and tracebacks occurred.
This behavior was observed only when the GGSN involved the DFP configuration, and the corresponding DFP configuration was not present on the supervisor.
Workaround: Ensure that the corresponding DFP configuration is configured on the supervisor.
•
Malloc failures occur when the Cisco GGSN hits low memory threshold, and the exec-all command from the Proxy Control Processor (PCOP) to the Traffic and Control Plane processors (TCOPs) fails because the TCOPs cannot execute the commands due to insufficient memory.
This condition occurs under rare and high stress conditions when there are approximately 800K PDP contexts and over one million CDR records accumulated in memory due to outage of all charging gateways.
Workaround: To prevent this condition from occurring, ensure secondary charging gateways are available to recover from outage of the primary gateway. Otherwise, bring up the primary gateway before the low memory threshold is reached. If bringing up a charging gateway is not possible, shut down some interfaces to free additional memory, or reload the Cisco SAMI and let the standby GGSN takeover. Reloading the module will resolve the fragmentation issue when the module comes up as the new standby GGSN. Perform another reload of the active GGSN to restore the formerly active GGSN as the active GGSN.
•
The Cisco SAMI resets after the PPCs display an IXP health monitoring failure. This failure message is also present in the collected crash information. On very rare occasions, this issue might occur when thousands of sessions are initiated per second by network behind mobile subscriber (NBMS) users.
Workaround: There is currently no known workaround.
•
PDP contexts might become stale when the Cisco GGSN receives more than one change during the recovery of the same SGSN (for example, within the duration of 60 seconds).
This condition occurs when the SGSN reloads and the Cisco GGSN detects it has reloaded more than once in the last 60 seconds. Stale PDP contexts do not occur if the reloads of the SGSN are more than 60 seconds apart from one another. An SGSN reloading more than once in 60 seconds is an extremely rare condition.
Workaround: There is currently no known workaround.
•
Under very rare conditions, when in a high stress and load, the Cisco GGSN might end up with stale PDP contexts after the PDP idle timer expires or occurs in combination with delete PDP context requests. This condition occurs with service-aware or Policy Charging Control (PCC)-enabled PDPs where enhanced G-CDR (eG-CDR) generation is activated.
Workaround: There is currently no known workaround.
•
The counters displayed by the show gprs charging statistics command are not incremented for GTP PPP type PDP contexts. This condition occurs when the charging release 99 is configured.
Workaround: There is currently no known workaround.
•
The Cisco GGSN does not increment the no_resource counter in the show gprs gtp statistics command output when a create PDP context request is rejected due to address allocation failure.
Workaround: There is currently no known workaround.
•
When the charging path protocol set to UDP and the GTP n3 requests timer is set to 1 (instead of the default value of 5), charging gateways go down upon switchover to the standby GGSN and display as UNDEFINED in the show gprs charging parameters command output issued against active and standby charging gateways. The syslogs indicate that the charging path is going down on the new active GGSN because of echo request response failure.
This condition occurs when the values of the N3 requests and T3 retransmission timers are set to 1. Effectively, this setting provides only one second of network delay to be allowed by the Cisco GGSN for the echo response before it takes down the paths to the charging gateways. This condition does not occur if the values of the N3 requests and T3 retransmission timers are left at their default values (5 and 1 respectively), and are not manually configured to lower values. The default values allow a higher delay to be tolerated by the Cisco GGSN when receiving an echo request response.
Workaround: To bring back up the path between a charging gateway and the Cisco GGSN, send a node-alive request from each charging gateway to the Cisco GGSN once the standby GGSN transitions to the active GGSN completely (the show gprs redundancy command output shows the GGSN state as ACTIVE). To avoid the condition, use the default N3 requests and N3 retransmission timer values or ensure that the timers are set to a value greater than 1.
Cisco SAMI Open Caveats
There are no known caveats open in Cisco IOS Release 12.4(24)YE.
Miscellaneous Open Caveats
This section lists the Miscellaneous caveats that are open in Cisco IOS Release 12.4(24)YE.
•
Entries in the cTap2DebugTable are not deleted after the time duration specified in the cTap2DebugAge object. This condition is seen for all debug message entries created in the cTap2DebugTable.
Workaround: Manually delete the debug message entries by setting the cTap2DebugStatus object to 6 (destroy).
•
File creation or file delete sporadically fails with a "File In Use in Incompatible mode" error message.
This condition occurs when file create and delete operations are executed simultaneously on the same path and both files have the same first six characters.
Workaround: Do not execute file create and delete operations at the same time, or ensure that the first six characters of the file names are not the same characters.
•
A fatal error might occur while when unconfiguring an iSCSI target using the no ip iscsi target command.
This condition occurred when an iSCSI session was in a failed state and the user attempted to unconfigure the target.
Workaround: There is currently no known workaround.
Resolved Caveats
The following sections list caveats that have been resolved, or are closed or unreproducible, in Cisco IOS Release 12.4(24)YE. Only severity 1 and 2 caveats and select severity 3 caveats are listed
•
Other Resolved Caveats
This section lists additional miscellaneous caveats that are resolved in Cisco IOS Release 12.4(24)YE.
•
Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sccp.shtml.
•
A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP).
A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process.
A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP).
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.
Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.
•
Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-cucme.shtml.
•
Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability.
Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-tcp.shtml.
•
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.
Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml.
•
The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100324-h323.shtml.
Related Documentation
Except for feature modules, documentation is available as printed manuals or electronic documents. Feature modules are available online on Cisco.com.
Use these release notes with these documents:
•
•
•
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.4 and are located at Cisco.com:
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Release Notes
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 T > Release Notes
Note
•
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline
Platform-Specific Documents
These documents are available for the Cisco 7600 series router platform on Cisco.com and the Documentation CD-ROM:
•
•
–
–
–
Cisco 7600 series router documentation is available at:
http://www.cisco.com/en/US/products/hw/routers/ps368/products_installation_guides_books_list.html
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference guide. Chapters in a configuration guide describe protocols, configuration tasks, Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference guide list command syntax information. Use each configuration guide with its corresponding command reference. On Cisco.com at:
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References
Documentation > Cisco IOS Software > Cisco IOS Software Releases 12.4 Mainline > Command References > Configuration Guides
Note
Implementing GGSN Release 10.x on the Cisco SAMI
The following sections list related documentation (by category and then by task) to use when you implement a Cisco GGSN on the Cisco SAMI platform.
General Overview Documents
Core Cisco 7609 Router Documents
http://cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
Documentation List by Task
For the most up-to-date list of documentation on the Cisco 7600 series router, refer to the Cisco 7600 Series Routers Documentation Roadmap on Cisco.com at:
http://cisco.com/en/US/products/hw/routers/ps368/products_documentation_roadmap09186a00801ebed9.html
Getting Started
•
http://cisco.com/en/US/products/hw/routers/ps368/products_quick_start09186a0080092248.html
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/rcsi/index.html
Unpacking and installing the Cisco 7609 router:
•
http://cisco.com/en/US/products/hw/routers/ps368/products_installation_guide_book09186a008007e036.html
Installing the Supervisor module and configuring the router (basic configuration, such as VLANs, IP):
•
http://cisco.com/en/US/products/hw/routers/ps368/products_module_installation_guide_book09186a008007cd9d.html
•
Installing and completing the Cisco SAMI configuration:
•
http://cisco.com/en/US/products/hw/routers/ps368/products_module_installation_guide_book09186a008007cd9d.html
•
http://www.cisco.com/en/US/docs/wireless/service_application_module/sami/user/guide/samiv1.html
Downloading the Cisco IOS software image containing GGSN feature set and configuring GGSNs on the SAMI:
•
http://www.cisco.com/en/US/products/sw/wirelssw/ps873/tsd_products_support_series_home.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the Cisco GGSN Release 10.x Configuration Guide and the Cisco GGSN Release 10.x Command Reference publications.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/web/siteassets/legal/trademark.html. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Copyright © 2013, Cisco Systems, Inc.
All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)