Release Notes for Cisco IOS XE Catalyst SD-WAN Device, Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x
Note |
To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, and Cisco vSmart to Cisco Catalyst SD-WAN Controller. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product. |
These release notes accompany the Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x, which provides Cisco SD-WAN capabilities. They include release-specific information for Cisco Catalyst SD-WAN Controllers, Cisco Catalyst SD-WAN Validators, and Cisco SD-WAN Manager, as applicable to Cisco IOS XE Catalyst SD-WAN devices.
For release information about Cisco vEdge Devices, refer to Release Notes for Cisco vEdge Devices, Cisco SD-WAN Release 20.3.x.
What's New for Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x
This section applies to Cisco IOS XE Catalyst SD-WAN devices.
Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.
Feature | Description |
---|---|
Systems and Interfaces |
|
This feature enables tracking of a Point-to-Point Protocol (PPP) session over a dialer interface on Cisco IOS XE SD-WAN devices. Dialer interface is used in Digital Subscriber Line (DSL) in the deployments of Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA). Dialer interface always stay up irrespective of the PPP session status. This helps to avoid the need for additional configuration such as IP SLA and tracking for routing failover to work while using dialer interfaces. The command dialer down-with-vInterface is added to bring down the dialer interface when the PPP session goes down. |
|
Routing |
|
Open Shortest Path First version 3 (OSPFv3) is an IPv4 and IPv6 link-state routing protocol that supports IPv6 and IPv4 unicast address families. |
|
This feature enables support for transport location (TLOC) which allows addition of the peers transport to avoid the extra cost of additional IP and allows the use of dynamic load balance across multiple transports. |
|
Cloud OnRamp |
|
This feature enables the ability to establish peer connections between transit gateways in different AWS regions. With this feature, you can connect to various Transit Virtual Private Clouds (TVPCs) and on-premise networks using a single gateway. The ability to peer transit gateways between different AWS regions enables you to extend the connectivity and build global networks spanning multiple other regions. To support inter-region connectivity, mapping and audit functions are enhanced. |
|
Policies |
|
Cisco IOS XE Catalyst SD-WAN devices support the NAT fallback feature for Direct Internet Access (DIA). The NAT fallback feature provides a routing-based mechanism for all traffic that is sent to the DIA route to use an alternative route when required. With this release, fallback is supported on the service and tunnel side. |
Feature | Description |
---|---|
User Documentation and Interactive Help in Cisco vManage |
|
Starting from this release, we've restructured the listing page of our configuration guides to display category-wise book and chapter contents. This new page lets you switch between releases using the View Documents by Release drop-down list. |
|
This feature helps you navigate Cisco vManage and complete vManage procedures using guided workflows. The Interactive Help points to elements within the Cisco SD-WAN Manager interface and shows you where to click next and what to do to complete a selected workflow. |
|
Cisco SD-WAN Getting Started |
|
Generate a Bootstrap File For Cisco IOS XE SD-WAN Devices Using the CLI |
This feature enables you to generate a minimum bootstrap configuration file directly on a device, that enables a device to reconnect to the controller in case the full configuration is ever lost or removed. |
When enabling Cloud onRamp for SaaS to manage Office 365 traffic, you can limit best path selection to apply only to some Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft, or to include all Office 365 traffic. The Cisco SD-AVC Cloud Connector provides support for this functionality. |
|
This feature extends the on-premise Plug and Play implementation support to Cisco IOS XE SD-WAN routers. |
|
Starting from Cisco vManage Release 20.3.1 you can onboard a device to Cisco vManage by directly uploading a .csv file containing details of your device, from your system. |
|
This feature outlines the upgrade procedure for Cisco vManage servers in a cluster to Cisco vManage Release 20.3.1. |
|
Systems and Interfaces |
|
This feature lets you configure a supported router as an NTP primary router. Other nodes in a Cisco SD-WAN deployment synchronize their clocks to the NTP primary router. This configuration is useful if you do not have an NTP server in your deployment. |
|
The Cisco vManage NMS exports audit logs in syslog message format to a configured external syslog server. This feature allows you to consolidate and store network activity logs in a central location. |
|
This feature enables password policy rules in Cisco SD-WAN Manager. Once enabled, Cisco SD-WAN Manager enforces the use of strong passwords. |
|
This feature lets you see all HTTP sessions open within Cisco vManage. It gives you details about the username, source IP address, domain of the user, and other information. A user with User Management Write access, or a netadmin user can trigger a log out of any suspicious user's session. You can set client session timeouts, session lifetimes, server session timeouts, and enable the maximum number of user sessions in Cisco vManage. |
|
Identity Services Engine (ISE) Posture functions are intergrated into Cisco 1100 Integrated Services Routers. This feature enables you to utilize Posture Assessment capabilities to validate the compliance of endpoints according to security policies of your enterprise. For Cisco vManage Release 20.3.1 this feature can only be configured using CLI Add-On feature templates in Cisco vManage. |
|
This feature allows you to use a subject SUDI serial number instead of a certificate serial number to add a device to a Cisco SD-WAN overlay network. |
|
This release adds support for using a feature template to enable Cisco IP-based media services. |
|
This feature enables you to configure an Inactive state for tunnels between edge devices, reducing performance demands on devices and reducing network traffic. |
|
This feature enables you to configure IPv4 static route endpoint tracking for service VPNs. For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device. To configure Static Route Tracking on Cisco vManage, configure an endpoint tracker using Cisco System template, and Configure a static route using the Cisco VPN template. |
|
This feature allows you to configure a system tracker to probe the transport interface periodically to determine if the Internet or external network becomes unavailable. You can configure DIA Tracker using the Tracker tab of the Cisco System template. You can apply the tracker to a transport interface using either Cisco VPN Interface Ethernet or Cisco VPN Interface Cellular templates. |
|
This feature allows you to configure inside and outside NAT on data traffic traveling to and from the service-side hosts of the network overlay. The service-side NAT configuration allows you to translate the source IP addresses for data traffic from service- side hosts to the overlay and traffic from the overlay to service-side hosts. To configure service-side NAT using Cisco vManage, configure a centralized data policy using the , and configure a dynamic NAT Pool and Static NAT address using the Service VPN template. |
|
Qualified Commands for Cisco IOS XE Release Amsterdam 17.3.1a |
Starting Cisco IOS XE Catalyst SD-WAN Release 17.3.1a, you can use additional commands in CLI Add-on feature templates. |
Routing |
|
This feature enables propagation of BGP communities between routing protocols during route redistribution. One one node, the OMP redistributes routes from BGP and on the other node, the OMP redistributes node into BGP. The BGP AS Path is propagated over OMP so that it can be preserved between Cisco SD-WAN nodes. The BGP community propagation helps in propagating BGP communities between Cisco SD-WAN sites, across VPNs using OMP redistribution. |
|
This feature is an enhancement where OMP route aggregation is performed only for the routes that are configured for route redistribution to avoid black hole routing. This enhancement is applicable for OSPF, Connected, Static, BGP and other protocols only if the redestribution is requested. |
|
This feature enables you to leak routes bidirectionally between the global VRF and service VPNs. Route leaking allows service sharing and is beneficial in migration use cases because it allows bypassing hubs and provides migrated branches direct access to non-migrated branches. |
|
This feature extends BFD support to BGP, OSPF, and EIGRP protocols in the Cisco SD-WAN solution. BFD provides a consistent failure detection method to detect forwarding path failures at a uniform rate, therefore enabling faster reconvergence time. |
|
Forwarding and QoS |
|
This feature enables WAN interface shapers and per-tunnel shapers at the enterprise edge to adapt to the available WAN bandwidth. The capability to adapt to the bandwidth controls differentiated packet drops at the enterprise edge and reduces or prevents packet drops in the network core. |
|
Policies |
|
This feature enables support for configuring application-aware routing policy for multicast traffic on Cisco IOS XE SD-WAN devices based on source and destination, protocol matching and SLA requirement. |
|
This feature allows you to configure up to six SLA classes per policy on Cisco IOS XE SD-WAN devices. This allows additional options to be configured in an application-aware routing policy. |
|
This feature adds support for defining custom applications. |
|
This feature extends support for service chaining to Cisco IOS XE SD-WAN devices. On Cisco IOS XE SD-WAN devices and Cisco vEdge devices, it adds a tracking feature that logs the availability of a service. |
|
Security |
|
This feature enables Cisco IOS XE SD-WAN edge devices to propagate Security Group Tag (SGT) inline tags that are generated by Cisco TrustSec-enabled switches in the branches to other edge devices in the Cisco SD-WAN network. While Cisco TrustSec-enabled switches does classification, propagation (inline SGT tagging) and enforcement on the branches, Cisco IOS XE SD-WAN devices carry the inline tags across the edge devices. |
|
Cloud OnRamp |
|
This feature updates the existing Cloud onRamp for SaaS configuration workflow for Cisco IOS XE SD-WAN devices. The feature allows you to limit the use of best path selection to some or all Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft. |
|
Cisco SD-WAN Cloud OnRamp for Infrastructure as a Service (IaaS) extends enterprise WAN to public clouds. This multi-cloud solution helps to integrate public cloud infrastructure into Cisco SD-WAN fabric. This feature enables Transit Gateway (TGW) when the standard Cloud OnRamp solution is not sufficient. For example, one host VPC is connected to the Cisco SD-WAN edge router using an Internet Gateway (IGW). If the IGW bandwidth limit is less, then TGW is used for SD-WAN integration. TGW provides a way to interconnect VPCs and VPNs. |
|
Support Catalyst 48Y4C (Cloud OnRamp for Colocation) |
This release supports the use of Cisco Catalyst 9500-48Y4C switches in the Cloud onRamp for colocation cluster that enables 80G-200G of bidirectional throughput. |
Flexible Topologies (Cloud OnRamp for Colocation) |
This feature provides the ability to flexibly insert the NIC cards and interconnect the devices (CSP devices and Catalyst 9500 switches) within the Cloud onRamp for colocation cluster. Any CSP ports can be connected to any port on the switches. The Stackwise Virtual Switch Link (SVL) ports can be connected to any port and similarly the uplink ports can be connected to any port on the switches. |
TACACS Authentication (Cloud OnRamp for Colocation) |
This feature allows you to configure the TACACS authentication for users accessing the Cisco CSP and Cisco Catalyst 9500 devices. Authenticating the users using TACACS validates and secures their access to the Cisco CSP and Cisco Catalyst 9500 devices. |
Network Assurance –VNFs: Stop/Start/Restart (Cloud OnRamp for Colocation) |
This feature provides the capability to stop, start, or restart VNFs on Cisco CSP devices from the Colocation Clusters tab. You can easily perform the operations on VNFs using Cisco vManage. |
TCP Optimization |
|
TCP Optimization |
TCP optimization support extended to Cisco ISR4221, Cisco ISRv, and Cisco 1000 Series Integrated Services Routers. See Supported Platforms for more information. |
Monitor and Maintain |
|
This feature is an onboard packet capture facility that allows network administrators to capture packets flowing to, through, and from the device and to analyze them locally or save and export them for offline analysis through Cisco vManage. This feature facilitates application analysis, security, and troubleshooting by gathering information about the packet format. |
|
TAC Access |
|
TAC Access to Cisco SD-WAN Manager |
When working with the Cisco Technical Assistance Center (TAC) to address an issue in Cisco SD-WAN Manager, users may provide TAC with access to Cisco SD-WAN Manager or TAC teams may access Cisco SD-WAN Manager using the consent token mechanism. In the past, this access has relied on a user account called viptelatac. In this release, two separate user accounts have been added, one with read-only access and one with write access. The accounts use a challenge-response authentication method. |
Cisco SD-WAN for Government |
|
FedRAMP, the Federal Risk and Authorization Management Program, is a United States-government program that provides a specific set of standards to ensure that a cloud provider meets the requirements to be eligible for use by the U.S. federal government. With Cisco SD-WAN for Government, you can quickly and easily deploy a Cisco SD-WAN overlay network using the Cisco Self-Service Portal. This ensures that your Cisco SD-WAN network meets the stringent requirements of FedRAMP with enhanced security and rapid deployments. |
New and Enhanced Hardware Features
New Features
Hardware support added in Cisco IOS XE Release 17.3.2:
-
Cisco Catalyst 8300 Series Edge Platforms
-
Modules on Cisco Catalyst 8300 Series Edge Platforms:
-
10G Modules
-
SM to NIM Slot Adapter
-
-
Cisco Catalyst 8500 Series Edge Platforms
-
Cisco Cellular Gateway CG418-E
Important Notes, Known Behavior, and Workaround
-
Cisco IOS XE Catalyst SD-WAN devices with the SFP-10G-SR module do not support online insertion and removal (OIR) of this module.
-
When you complete a Cisco SD-WAN software downgrade procedure on a device, the device goes into the configuration mode that it was in when you last upgraded the Cisco SD-WAN software on the device. If the device is in a different configuration mode when you start the downgrade than it was when you last upgraded, the device and Cisco SD-WAN Manager show different configuration modes after the downgrade completes. To put the configuration modes back in sync, reattach the device to a device template. After you reattach the device, both the device and Cisco SD-WAN Manager show that the device is in the vManage configuration mode.
- Cisco vManage Release 20.3.1 implements a hardened security posture to comply with FedRamp guidelines. As a result, your vAnalytics login credentials that are stored locally get erased on upgrading the software, and you cannot access the vAnalytics service directly through Cisco SD-WAN Manager. In this case, log in to vAnalytics using this URL: https://analytics.viptela.com. If you can’t find your vAnalytics login credentials, open a case with Cisco TAC support.
Cisco SD-WAN Manager Upgrade Paths
For information about Cisco SD-WAN Manager upgrade procedure, see Upgrade Cisco SD-WAN Manager Cluster.
Starting Cisco SD-WAN Manager Version | Destination Version | ||||
---|---|---|---|---|---|
19.2.x |
20.1.x |
20.3.x |
|||
18.x/19.2.x |
Direct Upgrade |
Direct Upgrade |
Check disk space*
For cluster upgrade procedure**: request nms configuration-db upgrade
|
||
20.1.x |
Not Supported |
Direct Upgrade |
Direct Upgrade For cluster upgrade procedure**: request nms configuration-db upgrade
|
||
20.3.x |
Not Supported |
Not Supported |
Direct Upgrade |
||
20.4.x |
Not Supported |
Not Supported |
Not Supported |
*To check the free disk space using CLI,
-
Use the vshell command to switch to vshell.
-
In vshell, use the df -kh | grep boot command.
**Cluster upgrade must be performed using CLI
-
Use the following command to upgrade the configuration database. This must be done on only one node that runs configuration-db in the cluster:
request nms configuration-db upgrade
Note
We recommend the data base size in the disk is less than or equal to 5GB. Use the
request nms configuration-db diagnostic
command to check the data base size. This is applicable only for upgrades of devices running Cisco SD-WAN Manager Release 20.1.1 and later.
-
Enter login credentials, if prompted. Login credentials are prompted if all Cisco SD-WAN Manager server establish control connection with each other. After a successful upgrade, all configuration-db services are UP across the cluster and the application-server is started.
Note |
The autoscale issue is fixed in Cisco SD-WAN Release 20.3.x. If your device is running on Cisco SD-WAN Release 18.4.x and mapped to a transit VPC, you must skip the upgrade to Cisco SD-WAN Release 19.2.x and Cisco SD-WAN Release 20.1.x, and upgrade directly to Cisco SD-WAN Release 20.3.x. |
Resolved and Open Bugs
About the Cisco Bug Search Tool
Use the Cisco Bug Search Tool to access open and resolved bugs for a release.
The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.
You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8a
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8a
Bug ID |
Description |
---|---|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8
Identifier |
Headline |
---|---|
RTP packets not forwarded when packet duplication enabled, no issue without duplication feature |
|
Cisco Catalyst SD-WAN control packets getting dropped when ACL applied |
|
Simulated flows with NAT DIA result in crash consistently |
|
17.6.2ES-2: BFD down on spoke after 'clear sdwan omp all' on HUB due to CD_IN_PKT_OUT_OF_WINDOW eror |
|
Prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to Firewall Policy |
|
The Cisco Catalyst 8500 Procyon Packets drop due to MACSEC post-encryption padding behavior |
|
SNMP v2 community name encryption problem |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8
Identifier |
Headline |
---|---|
FNF ucode crash when add or remove interface |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8
Identifier |
Headline |
---|---|
IPV4 Subnet Mask drop-down options are floating and Cisco SD-WAN Manager is getting frozen in Firefox browser |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7
Identifier |
Headline |
---|---|
The TLS control-connections down, traffic from controller dropped with SdwanImplicitAclDrop. |
|
The Simulated flows with NAT DIA result in crash consistently. |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7
Identifier |
Headline |
---|---|
The 17.6.2ES-2: BFD down on spoke after 'clear sdwan omp all' on HUB due to CD_IN_PKT_OUT_OF_WINDOW eror. |
|
Cisco SD-WAN control packets getting dropped when ACL applied. |
|
The prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to FirewallPolicy |
|
The SNMP v2 community name encryption problem. |
Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
Identifier |
Headline |
---|---|
Admin-tech on Cisco SD-WAN Manager cluster nodes takes one hour due to elastic search |
|
Control connections down due to controller certificate missing on all the controllers. |
|
Cisco SD-WAN Software Denial of Service Vulnerability |
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7
Identifier |
Headline |
---|---|
Cisco SD-WAN Manager 20.10 "vedge-ESR-6300-NCP" is an invalid value for template push. |
|
The DTLS session with the Cisco SD-WAN Validator does not come up due to OOO packets received at the Cisco vEdge devices. |
|
MT overlay not coming up with 20.3.7 image |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6
Identifier |
Headline |
---|---|
17.6 to 17.7 : Continuous 4461 Octeon crypto crash. does not stay up. |
|
DNS endpoint-tracker doesn't work properly for dialer when DNS server configured later |
|
Replicator with direct multicast source reachability should be preferred among selected replicators |
|
Cellular interface tracker Down but NAT route persists in the Service VPN Routing Table |
|
RG B2B(Box to Box), Interchassis HA, STBY is stuck in STANDBY COLD-BULK on ISR 4461 |
|
Cisco Catalyst SD-WAN tunnels are not coming up in Multilink Frame relay sub-interface |
|
Cisco IOS XE Catalyst SD-WAN device OMPd crash during RIB-out attribute aspath/community processing |
|
UDP based DNS resolution doesn't work with IS-IS EMCP on IOX-XE |
|
Destination prefix packets getting dropped because forwarding plane is not programming the next hop. |
|
Cisco IOS XE Catalyst SD-WAN device: Multicast UnconfiguredIpv4Fia drop when multicast interworks with service chain/NAT DIA |
|
[SIT] OMPD process memory leak seen on Cisco IOS XE Catalyst SD-WAN device |
|
DIA not working as expected when Service Side NAT is in place. |
|
Cisco Catalyst SD-WAN HUB with firewall configured incorrectly dropping return packets when routing between VRFs |
|
Pending obejcts and download failure with policy update from 17.7.1 throttle image |
|
Cisco Catalyst SD-WAN ASR Cisco IOS XE Catalyst SD-WAN device sees Anti-Replay drops when sequence number is beyond 32 bit |
|
AOM pending objects with loopbacks binded to tloc-extended interfaces |
|
Incorrect Cisco IOS XE Catalyst SD-WAN device COR for SAAS Policy Sequence Programming |
|
ISR1K and ISR4K gets unexpected reload due to memory corruption |
|
Cisco IOS XE Catalyst SD-WAN device reloads unexpectedly when issuing OMP shutdown from the CLI |
|
Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working |
|
C1111 device crashed when PPPoE(running NAT) cable pulled out |
|
Slowness issues casued by intermittent traffic drop on ISRv ingress from GRE tunnel |
|
Assert failure while showing FTM (Forwarding Traffic Manager) data in NH TYPE switch case |
|
CXP for SaaS takes more than 5 min to detect indirect path failure over TLOC-extension |
|
Checks of route leaks creates memory corruption. |
|
SIT : vedaemon assert noticed in the ISR 4221 over weekend longevity |
|
CSR BFD tunnel are zero with Cisco Catalyst SD-WAN version 17.03.03.0.7 |
|
Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request |
|
Remove warning log QOS-3-INVALID_BQS_QUEUE_INFO due to LSM/0 for Cisco IOS XE Catalyst SD-WAN device multicast traffic |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6
Identifier |
Headline |
---|---|
Cisco IOS XE Catalyst SD-WAN device: IOS XE image installation fails |
|
"Best of Worst" Fallback mode causes reachability issue when routes flap |
|
Cisco Catalyst SD-WAN control packets getting dropped when ACL applied |
|
Cannot remove NAT configuration from the template in a single operation if NAT translation is active |
|
SSH to Loopback not working |
|
Can not update local-address in a crypto keyring |
|
Device stuck in bootloop due to PNP process when Gi0 is DHCP enabled for a new device. |
|
[SIT] Speed Test to Internet failing on vEdges and Cisco IOS XE Catalyst SD-WAN devices running 20.3/17.3 |
|
tunnel interface remains up even when the physical interface not have IP address |
|
Simulated flows with NAT DIA result in crash consistently |
|
Crash seen with umbrella config during soak run |
|
"show Cisco SD-WAN tunnel statistics bfd" and "clear Cisco SD-WAN tunnel statistics" issues |
|
yang-management process confd is not running, controller mode 17.6.2a |
|
Prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to FirewallPolicy |
|
17.5 ZBFW + NAT: Traffic flow In2Out scenario failed |
|
BFD Tunnel on Cisco SD-WAN router is not staying up, 1 out of 40 tunnels. |
|
Cisco IOS XE Catalyst SD-WAN device app-route policy not load balancing traffic as expected when SLA doesn't meet |
|
[17.5 Umbrella] DNS Packets are not redirected to configured Custom DNS after Umbrella Template Edit |
|
SNMP v2 community name encryption problem |
Bugs For Cisco Catalyst SD-WAN Control Components Release 20.3.6
Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6
Identifier |
Headline |
---|---|
Custom application list not replicated in Disaster Recovery for a Single Node Cisco SD-WAN Manager Cluster |
|
Memory leak in Cisco SD-WAN Controller-OMP |
|
Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context |
|
OMP crashing due to OOM during initial boot up or churn |
|
Huge Data replication observed during DR process of 3 node cluster running 20.3.4 |
|
Null Pointer Exception is seen on visiting software image repo page on Cisco SD-WAN Manager |
|
Password getting written in clear text in NSO audit log and Cisco SD-WAN Manager log |
|
Root cert sync not working for large scale deployments |
|
Cisco SD-WAN: Cisco SD-WAN Manager Software Information Disclosure Vulnerability |
Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6
Identifier |
Headline |
---|---|
Control connections down due to controller certificate missing on all the controllers. |
|
Admin-tech generation takes ~1 hour |
|
Traffic engineering needs to be reconfigured every time new site is added to ondemand tunnels policy |
|
Cisco SD-WAN Manager Site Health shows wrong number of sites |
|
Cisco SD-WAN Manager takes 10 mins to resume template push following control connection flap |
|
TLOC down/up events do not match in Cisco SD-WAN Manager cluster |
|
Certificate is displayed on the Cisco SD-WAN Manager UI even though controller CLI no longer hold the certificate |
|
Replication will start from time 0 if replication leader entry not present replicationstatus table |
|
Configdb restore results in erroneous view on Software repository and Enable ZTP |
|
Getting Maximum session limit reached when trying to ssh to Cisco edge devices from Cisco SD-WAN Manager |
|
Cisco SD-WAN Manager does not display realtime information if the user is logged in through TACACS. |
|
DPI stats processing is limited to 1 to 1.3 TB per day |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5
Bug ID |
Description |
---|---|
ISR4451 rebooted with reason_code "CPU Usage due to Memory Pressure exceeds threshold" |
|
Cisco IOS XE Catalyst SD-WAN device-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working. |
|
17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on ASR1K |
|
OMPd crash seen on WAN Edge with policy push/access |
|
SunRPC ALG resets connection with ZBFW inspection enabled |
|
The data traffic failing in SIG + firewall config |
|
Cisco IOS XE Catalyst SD-WAN device Packet-Duplication is duplicating traffic on same transport |
|
Endpoint-tracker is not pushed from 20.4.1 Cisco SD-WAN Manager and Cisco IOS XE Catalyst SD-WAN device running 17.03.02 |
|
[SIT] Cisco IOS XE Catalyst SD-WAN device ISR 1100 multi process crash on 17.4.2 |
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met |
|
Cisco IOS XE Catalyst SD-WAN device : Cloudexpress Office 365 probes are hitting 100% loss |
|
Cisco IOS XE Catalyst SD-WAN device C1121-4P crahed with Localsoft error |
|
Cisco IOS XE Catalyst SD-WAN device: High CPU usage due to misconfigured data policy matching multicast traffic |
|
Cisco Catalyst SD-WAN policy is not correctly programmed in Cisco IOS XE Catalyst SD-WAN device |
|
Bootstrap aaa config issues due to default aaa config |
|
Cisco IOS XE Catalyst SD-WAN device-Auto-rp is not propagating some of the multicast groups properly |
|
Data-policy direction-all with empty action is causing to ignore app-route-policy |
|
ISR4k:BFD scaling: Not able to scale more that 2048 BFD sessions |
|
Cisco IOS XE Catalyst SD-WAN device crash with sdwan overlay multicast: "CPU Usage due to Memory Pressure exceeds threshold" |
|
The tracker stale probe present in router |
|
FTMD message error |
|
Installing new enterprise wan edge cert does not remove old cert causing device to use old cert |
|
Infinite output from command show sdwan tunnel sla |
|
SIT : ftmd core seen is seen during a Cisco IOS XE Catalyst SD-WAN device reboot (one of dual router) |
|
Umbrella Certificate is not getting copied to HW device causing umbrella integration to fail |
|
The ftmd crash during reload |
|
Unexpected reset in ftmd process during stress test |
|
Show endpoint tracker does not show timeout happening after mul value of multiplier and interval |
|
Remote Server: Dont send userid and password in download notifications |
|
DP CPU degradation in Collab and Contact center flows on ISR4451 platform on 17.3 throttle |
|
CSV file upload does not import values for variables used in cli add on template |
|
Response message (with IDP "success" status) does not match request via Cisco SD-WAN Manager SAML logout |
|
Cisco SD-WAN Manager Multicoud on ramp, cant attach 8kv - GUI form cant see the UUIDs entered |
|
20.4 Getting Wrong Control Site Down Alarm alarms |
|
Cisco SD-WAN Manager GUI down 20.3.3 due to Full GC (Allocation Failure) |
|
Cisco SD-WAN Manager crashed due to kernal panic [20.3.3.1.2] |
|
OMP control connections of Cisco IOS XE Catalyst SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge |
|
AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build |
|
Control connection to the vBond failing because of ERR_SER_NUM_NT_PRESENT on the vBond. |
|
The omp route propagation delays due to constant marker resets on TLOC flap |
|
Cisco SD-WAN Manager disaster recovery not replicating the statistics database |
|
Cisco SD-WAN Manager CSR generation failed |
|
"request nms update-internal-ip new-ip" does not work on Cisco SD-WAN Manager 20.3.4 |
|
Cisco SD-WAN Manager is not able to discover VPCs for Multi-cloud when >14 AWS accounts provisioned |
|
Cisco SD-WAN Manager - After upgrade to 20.4.2 or 20.6.1 feature template field is not optional anymore |
|
Change user groups from operator to netadmin fails |
|
Tenant creation is failing on 20.3.3 MT cluster Cisco SD-WAN Manager |
|
Cisco SD-WAN Manager GUI Authentication with RADIUS working only if user with random password configured in CLI |
|
Continuous logs of "Could not load host key: /var/run/ssh/ssh_host_dsa_key" |
|
Template push to Cisco IOS XE Catalyst SD-WAN device fails when changing system-ip due to vsmart centralized policy |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5
Bug ID |
Description |
---|---|
Can not update local-address in a crypto keyring |
|
dhcpv6_relay:dhcp-client on branch not receive ipv6 address |
|
AMP Retrospective events not showing on API endpoint |
|
17.3: Pool overlod and Static Inside In2Out/Out2In fragmented packets are getting dropped |
|
sdwan control packets getting dropped when ACL applied |
|
Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working |
|
Tunnel interface remains up even when the physical interface not have IP address |
|
"Best of Worst" Fallback mode causes reachability issue when routes flap |
|
SSH to Loopback not working |
|
C1111 device crashed when PPPoE(running NAT) cable pulled out |
|
router multiple crash. - session hash corrupted |
|
Cisco IOS XE Catalyst SD-WAN devices are dropping incoming GRe keepalives due to implicit ACL |
|
17.5 ZBFW + NAT: Traffic flow In2Out scenario failed |
|
Cisco SD-WAN Manager became unusable after CPU spiked to 100% - no were operations performed during hike |
|
Cisco SD-WAN Manager Site Health shows wrong number of sites |
|
Cisco SD-WAN Manager user sessions not getting cleaned up, approx 19700 active sessions |
|
Huge Data replication observed during DR process of 3 node cluster running 20.3.4 |
|
custom application list not replicated in Disaster Recovery for a Single Node Cisco SD-WAN Manager Cluster |
|
replication will start from time 0 if replication leader entry not present replicationstatus table |
|
Security policies applied to incorrect interface in cluster mode, iptables |
|
Cisco SD-WAN Manager: Noticed RouteMap attribute modification failure , while attempting through CLI Template |
|
vEdge Does Not Respond Properly to vSmart Policy Prefix-list Changes (CLI Policy) |
|
New sequence in RPL with set as-path has both prepend and exclude as required fields |
|
Cisco SD-WAN Manager 20.3.5: Cisco IOS XE Catalyst SD-WAN device upgrade fails with java.lang.Exception |
|
Filtering the data based on local tloc is returning no data in Cisco SD-WAN Manager GUI for DPI stats |
|
DB backup fail after upgrade 20.3 -> 20.6 -> 20.7 |
|
Token fails to get generated when trying to login to Cisco hosted Cisco SD-WAN Manager via GUI |
|
17.3.5: TSN crash with qfp-ucode-tsn-le |
|
17.3.5: ISR 4221 router crashed with multiple core files |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a
Bug ID |
Description |
---|---|
SDWAN 17.3/20.3- Cisco IOS XE Catalyst SD-WAN device1002HX- FTMD crash during traffic test run |
|
Cisco IOS XE Catalyst SD-WAN device is sending incorrect if index values for the sub-interfaces. |
|
App-aware policy need to be honored when queuing is not set by localized policy |
|
ASR1001-X may crash when ZBFW HSL(High Speed Logging) is configured |
|
BFD sessions go down on Service VPN after UTD is enabled on Cisco IOS XE Catalyst SD-WAN device |
|
c1111 vtcp may cause packet drop for sip packets causing phones to reset |
|
Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4 |
|
AWS:c8kv crashed and reboots if shut/no shut an interface a number of times |
|
Cisco IOS XE Catalyst SD-WAN device crashes while running web traffic testing with security features enabled |
|
CSR1000v crashing frequently with Critical software exception error. |
|
Cisco IOS XE Catalyst SD-WAN device running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE |
|
C8500-12X4QC: Traffic drops on 10G interface with large packet size 9000bytes with High priority. |
|
SD-WAN:Cisco IOS XE Catalyst SD-WAN device ipsec replay-window size decreases to 128 after a peer reloading |
|
SDWAN custom policy that does not looked to be programmed correctly on the Cisco IOS XE Catalyst SD-WAN device. |
|
The FIB is not programmed as per the RIB entries |
|
FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed |
|
Wrong reload reason reflected after a power outage. |
|
SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details |
|
DCHP offer frame getting dropped on Cisco IOS XE Catalyst SD-WAN device ISR4431 due to Policy |
|
Zone Based Firewall on Cisco IOS XE Catalyst SD-WAN device router dropping web traffic with the reason Zone-pair without policy |
|
skip statistics update when crypto engine is busy and throttling msgs |
|
CSR1000v: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass |
|
cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging |
|
Cisco SD-WAN Manager pushing invalid "no shutdown" command to ISR Service-Engine interface |
|
For-us Icmp packets are collected by cflowd which against the data-policy |
|
fman_fp_image crashed with ZBFW config change |
|
sdwan control packets getting dropped when ACL applied |
|
ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent |
|
Remove "show internal omp rib vroute" cli from admin tech |
|
C8500-12X4QC does not send logs to Cisco SD-WAN Manager when harddisk is not installed |
|
ISR4431/K9 rebooting due to CPP crashing becaue of UTD feature. |
|
LTE (Last resort ) Tunnel10 is flapping from up and down |
|
OnDemand Tunnel- Site-ID doesnt update after change it |
|
"show sdwan policy service-path/tunnel-path" command cause device crash |
|
custom app not getting detected after attached removed and re-attached- app-visibility is disabled |
|
SDWAN OnDemand Policy and ZBFW Packet drop due to Firewall Invalid Zone |
|
[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled |
|
An IOS XE device might crash at DoubleExceptionVector |
|
SDWAN Cisco IOS XE Catalyst SD-WAN device : traffic simulation tool shows traffic blackhole |
|
ISR - Appnav service controller ucode crash during packet intercept from network |
|
Packets dropped due to firewall + data policy interop issue |
|
vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset |
|
Config out of sync after upgrading to 17.4.1 |
|
BFD tunnels stuck in down state after port-hop |
|
ISR4331 are crashing frequently 17.4.1b |
|
ASR1002HX-IPSECHW octeon ucode crashes when provisioned via SD-WAN |
|
Security container is dropping legitimate FIN,ACK Packets |
|
Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED |
|
cpp-mcplo-ucode crash due to stuck thread with extranet route leaking between vpns |
|
vDaemon crashes due to buffer overflow with read/write in TAM |
|
Cisco SD-WAN Controller crash because of ompd process |
|
Cisco SD-WAN Controller Upgrade From 20.1.12 to 20.3.1 Failing With Error "Failed to install: " |
|
Incorrect mapping for device specific variables from interface shaping rate |
|
Incorrect tag for omp routes in Real Time view |
|
Variables missing in Cisco SD-WAN Manager during template push. |
|
OIB: without change any ND global parameters, Cisco SD-WAN Manager automatically push template to all sites again |
|
ND template stay in DB when no branch associated to and cause image delete failure |
|
Limit of 30 notifications / min restriction for webhook alarm to be removed from UI |
|
Not able to copy a feature template if the description or name contains "|" |
|
Cisco SD-WAN Manager GUI not accessible due to too many open file descriptors. |
|
OSPF alarm down seen on vamange, OSPF process is UP |
|
"Invalid IPv4 address" is shown when inputting IPV6 DNS field |
|
ND Template attach "Failed to create input variables for template: Failed to create input variables" |
|
Cisco SD-WAN Validator upgrade from 20.3.1 to 20.3.2 fails |
|
sdwan - Cisco SD-WAN Manager - ip helper not more than 1 is possible with Feature and Device Templates |
|
We are not able to change Controller Certificate Authorization options in Cisco SD-WAN Manager GUI |
|
UI showing console error after clicking on active/completed task as fails to show the details |
|
20.4 policy name restrictions may break existing templates on upgrade |
|
SSH via Cisco SD-WAN Manager GUI timeout in 180 seconds |
|
Cisco SD-WAN Manager not displaying tunnel state correctly |
|
Cisco SD-WAN Manager showing old device hostname |
|
Not all routes getting pushed to device |
|
CLI template does not push snmp-server community config |
|
DPD with default values on feature template is not pushed to Cisco IOS XE Catalyst SD-WAN device |
|
Service proxy does not restart after ui certiticate upload |
|
Cisco SD-WAN Validator software upgrade fails when selecting activate/reboot while upgrading |
|
nms_bringup file has ^M in each line after service restart as part of DR |
|
UC - unable to make modification to the translation rule once created from Cisco SD-WAN Manager UI |
|
Could not load host key: /var/run/ssh/ssh_host_ed25519_key |
|
CLI template does not push logging buffered community config |
|
Cisco IOS XE Catalyst SD-WAN device- template failure - An element value is not correct : inspect. |
|
Cisco SD-WAN Manager logs are not pruned |
|
Update button stops working after adding DHCP option |
|
Remove "show internal omp rib vroute" cli from admin tech |
|
Cisco IOS XE Catalyst SD-WAN device Upgrade to 17.3.3 failing due to "Failed to check active partition information" error message |
|
Issues detaching template when device is in CSR generated state |
|
Cisco SD-WAN Manager manage-user function is not working properly |
|
Changing Config-DB ID/Password from default to non-default on a cluster of more than 3 members |
|
ZTP software version enforcement does not respect software install timeout |
|
Cisco SD-WAN Manager dashboard doesn't show device status even when control is up/up |
|
invalid value for: prefix-entry Error when push advertise OMP prefix under vpn |
|
Configuration DB upgrade in cluster failed in 20.3.3 code |
|
The CSR properties in Cisco SD-WAN Manager config DB does not match with the certificate settings on Cisco SD-WAN Manager UI. |
|
c8500 / 17.3.2 / 17.4.1a / Cisco SD-WAN Manager is not pushing auto negotiation for 10Gig Interfaces on Cisco IOS XE Catalyst SD-WAN device |
|
X-Forwarded-For header is passed through to local auth, leading to session creation errors |
|
20.3.3 alarms not working for BFD/Control issues |
|
Device template policy dissapears from UI after selecting edit device template |
|
Cisco SD-WAN Manager becomes unresponsive after a high amount of email notifications getting generated. |
|
mismatch self-signed root certs between primary and secondary clusters |
|
Cisco SD-WAN Manager is not able to discover VPCs for Multi-cloud when >7 AWS accounts provisioned |
|
Socket connect leak when dr is enabled |
|
Unable to generate ciscotacro/rw token due to sessions being full |
|
API sessions not getting cleared out when "Max Sessions Per User" is set |
|
continuous logs of "Could not load host key: /var/run/ssh/ssh_host_ed25519_key" |
|
all stat-db settings except DPI is not available after DR registration |
|
VPN ethernet interface-Load interval-Cisco SD-WAN Manager config generate failure |
|
20.4 : Secure SDWAN TUC's : Failed to aquire lock, template or policy lock in edit mode |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a
Bug ID |
Description |
---|---|
Cisco IOS XE Catalyst SD-WAN device-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working. |
|
sdwan control packets getting dropped when ACL applied |
|
cannot remove NAT configuration from the template in a single operation if NAT translation is active |
|
Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working |
|
Cisco IOS XE Catalyst SD-WAN device Experiences Unexpected reboot with: Last reload reason: Critical software exception |
|
NAT ALG breaks(Drops) ICMP control messages (ICMP Fragmentation Needed) for PMTUD |
|
CSR in Azure can fail to authenticate using AAD |
|
CSR crashes after oce_lookup_one_adj_id_handle while reading emu_mem. |
|
"Best of Worst" Fallback mode causes reachability issue when routes flap |
|
SDWAN: CSR1000v deployed in Microsoft Azure throwing continuous errors on consol. |
|
SSH to Loopback not working |
|
EIO: Packets getting reassembled and are forwarded as it is to the Gigabit interface |
|
csr1kv/c8kv: Console Port Access change CLI does not work in CONTROLLER mode |
|
Data-policy local-tloc with app-route is dropping packets when SLA is not met |
|
C1121 router multiple crash. - session hash corrupted |
|
Cisco IOS XE Catalyst SD-WAN devices are dropping incoming GRe keepalives due to implicit ACL |
|
Cisco IOS XE Catalyst SD-WAN device : Cloudexpress Office 365 probes are hitting 100% loss |
|
Cisco IOS XE Catalyst SD-WAN device C1121-4P crahed with Localsoft error |
|
URL Filtering regex pattern match not working on large pattern |
|
Cisco IOS XE Catalyst SD-WAN device QFP starts dropping traffic - UTD Service Node not healthy ident |
|
[FW] All traffic drops when edit security template on Cisco IOS XE Catalyst SD-WAN device (18.4.6) from 20.3.4 Cisco SD-WAN Manager |
|
Cisco IOS XE Catalyst SD-WAN device: High CPU usage due to Multicast and Data Policy configuration. |
|
Cisco IOS XE Catalyst SD-WAN device traceroute result shows destination IP at first hop instead of actual next hop |
|
Cisco IOS XE Catalyst SD-WAN device dropping packets [combination /16, /17 data prefix with multiple ports in policy] |
|
BFD session flap/down while control connection with Cisco SD-WAN Manager is going down |
|
On Demand Tunnel not working in 17.3.2 |
|
AAR not correctly programmed in ASR1001-X |
|
ND Failed with device template: Failed to edite device template if add-on CLI empty |
|
Cisco SD-WAN Manager Site Health shows wrong number of sites |
|
Attempt to create cluster fails when adding 2nd member to standalone Cisco SD-WAN Manager |
|
Frequent Cisco SD-WAN Manager UI timeout and stuck in Please continue waiting state. |
|
Cisco SD-WAN Manager reverting API changes after 5 minutes |
|
Push vEdge list fails to Cisco SD-WAN Controller with application error. |
|
Device Specific field is not usable |
|
20.4 Getting Wrong Control Site Down Alarm alarms |
|
IR1101 template push error: bad-cli - No interface |
|
Activating changes in Security Policy that is attached to the vEdge will fail and lock the database |
|
Cisco SD-WAN Manager API running too frequently under Rediscover Network resulting in Page Loading too often |
|
SCP of WAN edge list to Cisco SD-WAN Validators from Cisco SD-WAN Manager fails when TACACS is enabled on Cisco SD-WAN Validator. |
|
SD-WAN Analytics slowness in response to a query |
|
Security policies applied to incorrect interface in cluster mode, iptables |
|
Attach to the device fails, when CLI template is created via REST API in Cisco SD-WAN Manager |
|
zScalar configuration deletion happens in the wrong order. |
|
Cisco SD-WAN Manager upgrade is failing from 20.3.3.1 > 20.3.4 |
|
vEdge auth-order change not processed correctly |
|
Cisco SD-WAN Manager Webhooks doesn't work without Email notifications explicitly enabled |
|
Cisco SD-WAN Manager ver 19.2.4 crash, becomes unstable/unusable |
|
Cisco SD-WAN Manager pushes invalid service route command |
|
Failed to create deviceactionstatusnode table entry in DB for device: Validation |
|
vMange crashed due to kernal panic [20.3.3.1.2] |
|
OMP control connections of Cisco IOS XE Catalyst SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge |
|
Token fails to get generated when trying to login to Cisco hosted Cisco SD-WAN Manager via GUI |
|
Cisco SD-WAN Manager reports 'upgrade request failed in device' error after installing the software via ZTP |
|
Cisco SD-WAN Validator lost static route on vpn 0 and vpn 512 running 19.4.2 |
|
configuration db Cisco SD-WAN Manager ROOT CA node is not updated |
|
On-prem Cisco SD-WAN Manager cluster went into a bad state and template push started failing |
|
Cisco SD-WAN Manager giving error on login |
|
Cisco SD-WAN Manager UI is taking time to load first time |
|
Cisco SD-WAN Manager email notification - supporting special character & (ampersand) in the email address |
|
Cannot apply endpoint-tracker to Cisco IOS XE Catalyst SD-WAN device via Cisco SD-WAN Manager template in service VPN |
|
Cisco SD-WAN Manager cluster management page should not show Sys IP in drop down of "Cisco SD-WAN Manager IP Address" |
|
IPS signature update not consistent on routers after Cisco SD-WAN Manager upgrade to 20.3.3.1 |
|
Cisco SD-WAN Manager nodes in a cluster with Stats-db ran into full GC allocation failure |
|
After upgraded the Cisco SD-WAN Manager from 20.3 to 20.6, UI is not getting loaded |
|
Cisco SD-WAN Manager became unusable after CPU spiked to 100% - no were operations performed during hike |
|
VPN label is changing upon Edge reboot |
|
17.5 : Overnight OMPd traffic crash on Promethium. |
|
Web Server Certificate does not get imported ui certiticate upload |
|
AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build |
|
Control connection to the Cisco SD-WAN Validator failing because of ERR_SER_NUM_NT_PRESENT on the Cisco SD-WAN Validator. |
|
ISR4K :ompd memory incrementing for 17.3.2 |
|
17.3 Loblaw: Pool overlod and Static Inside In2Out/Out2In fragmented packets are getting dropped |
|
Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context |
Bugs for Cisco SD-WAN Controller Release 20.3.3.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Controller Release 20.3.3.1
Bug ID |
Description |
---|---|
vBond software upgrade fails when selecting activate/reboot while upgrading |
|
Cisco IOS XE Catalyst SD-WAN upgrade to 17.3.3 failing due to "Failed to check active partition information" error message |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3
Bug ID |
Description |
---|---|
Perf testing: Large policy config push took 60 mins for 75 Cisco IOS XE Catalyst SD-WAN devices |
|
Cisco Catalyst SD-WAN Validator connection Down Alarms or Events not appearing in Cisco SD-WAN Manager |
|
[SIT]: vsmart policy edit failed with transport closed error |
|
Seeing more hVNETs than maximum allowed |
|
Multilink interface can not be configured without ppp authentication |
|
Higher memory utilization on Cisco SD-WAN Manager 20.1 |
|
PPP feature templates cannot modify IP MTU on Dialer interfacce |
|
Task update issues, large customer setup with cluster |
|
20.3 config-db upgrade script reports success even when it fails |
|
Cisco SD-WAN Manager UI does not accept controller group more than 1 |
|
Cisco IOS XE SD-WAN device: Option field in EIGRP template interface section is not working |
|
Cisco SD-WAN Manager GUI dashboard does not show number of Cisco SD-WAN Manager up when single node in cluster is down |
|
Cisco SDWAN Cisco SD-WAN Manager 20.3.1 unable to display IP address of user access in audit log |
|
Cisco SD-WAN Manager: Template Push fails with Unable to send line feed after string |
|
Reassign "oom_score_adj" Values in "sysmgr.conf" |
|
Email Notifications: with custom devices list a Number of 'Devices Attached' is blank when edit it |
|
config preview failed with Exception in callback: BGP AS Number couldn't be retrieved in service VPN |
|
Kernel Panic is seen after upgrade the Cisco SD-WAN Manager to 20.3 (watchdog) |
|
SDWAN: IPv6 SDWAN Control connection between vSmart and Cisco IOS XE SD-WAN device lost |
|
Cluster activation failed because of a space in resource pool field in cluster config |
|
In a cluster, an App server starting dependency should check a cluster, not just local service |
|
Config-DB upgrade from 3.5.14 to 3.5.22 through Cisco SD-WAN Manager SW upgrade. |
|
Difference in ip address of interface and json causing the stats db and config db in waiting |
|
Add IPv6 OMP route support in Cisco SD-WAN Manager real time monitoring |
|
SDWAN: clear control connection on vsmart can cause missing DNS resolved entries for IPv4 sessions |
|
Confuguration-db upgrade allowed when not needed |
|
'dns-server-list' error seen when pushing DNS server IP update from Cisco SD-WAN Manager |
|
Cisco SD-WAN Manager dpi classification incorrect |
|
Cisco SD-WAN Manager template doesn't allow interface as next hop for static route |
|
Cisco SD-WAN Manager: Multiple DNS servers in DHCP template gives "Invalid IPv4 address" |
|
Translation profile/rules configured as part of a Voice policy not applied to dial-peers |
|
CLI template push to Cisco Catalyst SD-WAN Validator fails with "Device failed to process request. null" error |
|
IPS Signature update - username that's more than 32 characters will fail with 'Maximum length: 64' |
|
Cisco SD-WAN Manager Optional OSPF Configuration Removed when Device Template Updated |
|
Cisco SD-WAN Manager UI is not coming up thread are stuck while updating factory default templates during startup |
|
Logfiles flooded with message of tcgetattr: Input/output error |
|
on-prem Cisco SD-WAN Manager ungraded to 20.3.2 from 19.2.3 rebooting in an interval of 10-15 min |
|
UC SDWAN: Not able to see policy profile in Custom options. |
|
Reassign "oom_score_adj" Values for tracker |
|
Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood |
|
Automatically changing Stats-DB to read-write mode when app server restart |
|
Introduce basic stats collection backpressure [v1] |
|
Change for configdb query planner to hint more effectively via $param instead of old-style {param} |
|
Old vAnalytics setting should not be migrated into CloudServices from GUI |
|
Add validation check for Blocklist and Redirect URL |
|
Cisco SD-WAN Manager 6 Node CLuster on Azure takes 2 mins to login to Cisco SD-WAN Manager UI. |
|
Cisco IOS XE SD-WAN device policy change taking a long time, and timing out. |
|
Cisco SD-WAN Manager 20.3.2.1 requires read-replicas to speed up GUI access |
|
after upgrading to from 17.3.2 to 17.4.1, the device loses control connections |
|
Local configuration not showing preview of config on Cisco SD-WAN Manager 20.3.2 |
|
Audit log flooded with logouts from DR cluster |
|
consul service is not enabled in DR registartion wth arbitrator |
|
Increase process wait timeout for configdb upgrade |
|
Escalations: coordination service logs GB log file filling up disk |
|
root-cert corrupted after upgrading to 20.3.2 code |
|
17_3_1 throttle - Crash seen at ftmd process |
|
SIT : 'show sdwan bfd' output is empty even though bfd sessions are up |
|
Cisco IOS XE SD-WAN device: confd_cli may cause high cpu utilization after executing "show sdwan omp routes" |
|
[DyT]: TTM not updating link routes and omp routes are not getting updated |
|
17.4 : Dataplane Crash due to driver cpp_drv_i95_read_cb observed on 4461 with traffic |
|
Cisco IOS XE SD-WAN device: Cloud-onramp for SaaS may report packet loss for O365/Office365 |
|
Cisco IOS XE SD-WAN device Speed test in Cisco SD-WAN Manager meet interface Loopback111 critical alarm (need to suppress) |
|
No responder-bytes from Cisco IOS XE SD-WAN device when UTD is enabled |
|
SDWAN 17.2.1/17.4.1 - Cisco IOS XE SD-WAN device router may restart after pushing multiple traffic data policies together |
|
packet-trace platform conditions do not work |
|
CoR-SaaS shows 100% loss for dialer interface |
|
cisco C1111-8P - Ping to NAT pool ip punts CPU and responds to ping |
|
XE-SDWAN device would keep invalid IPv6 address in the tunnel to Cisco SD-WAN Manager and can not recover |
|
ISR/CSR: admin-tech-before not generated for IOS and non-viptela BinOS process failure |
|
Cisco IOS XE SD-WAN device crashes due to a large packet at vesen_ipsec_v4_input_get_vctrl_data |
|
Cisco IOS XE SD-WAN device: NATed tuple flips for HSL deleted flow |
|
Cloud-Saas action does not program in Modify case |
|
Fragmented packets may be dropped inbound on tunnel of Cisco IOS XE SD-WAN device with service-side NAT configuration |
|
SD-WAN appqoe optimization will drop SYN with ECN bit set and delay TCP setup. |
|
After reload Cisco IOS XE SD-WAN device cellular interfaces in shutdown state are brought up |
|
crash. seen during sh plat sof sdwan fo next-hop overlay id 0xf8000090 |
|
[SIT]: BFD sessions not established between Edges, with UTD enabled |
|
DPI flow telemetry generated by IOS-XE, for some flows tunnel identifiers are missing |
|
Dynamic Nat pool "ip aliases" are not created on the device |
|
Cisco IOS XE SD-WAN device ISR4351 crashed with Critical process ftmd fault on rp_0_0 (rc=139) running version 17.3.1a |
|
Cisco IOS XE SD-WAN device: Inspect rule cannot be modified to accept or drop without deactivating the policy |
|
ASR-1K router is not programming correct next-hop for the destination prefix. |
|
SDWAN ZBFW CPU punted traffic mishandling -- Out2In packet looped |
|
nat pool config using sub-interfaces does not work after reload |
|
17.4 ZBFW:Stale ACL entries seen on ASR1K |
|
Speed test initiated from ISR1k failed |
|
Packet towards LAN are sent towards VPN 0 WAN interface |
|
On-demand tunnel is not setup with AAR SLA class and CXP feature enabled |
|
Centralized policy does not work when contain local tloc entries in remote tloc(tloc-list) |
|
Default route missing for second TLOC during script run, and control connection get stuck |
|
AMP data is not populated in Graphs under network level |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3
Bug ID |
Description |
---|---|
ISR 4000 Cisco IOS XE SD-WAN device : Only one T1 card is getting enabled via CLI template while two are inserted |
|
Select control connection TAB for any vsmarts, it will never show Cisco Catalyst SD-WAN Validator connections |
|
Customer couldn't login to 19.2.3 Cisco SD-WAN Manager using SSO unless the browser cache is cleared |
|
Cloud OnRamp for Colo Port level view mapped ports on CSP to the wrong switch |
|
unable to perform packet capture on Cisco IOS XE SD-WAN device interface Sdwan-system-int-ipv4-172.16.155.15 |
|
Inconsistency between "show app flowd flows" and API response of DPI stats |
|
Incorrect tag for omp routes in Real Time view |
|
UI throwing "Failed to list cluster information:Unknown error" on cluster management page |
|
Mismatch in System CPU statistic -- "Real Time" and historical 1/3/6/12h |
|
Dashboard getting blank intermittently in singlenode 20.3.2.1-no response of agg APIs from stats-db |
|
Cisco IOS XE SD-WAN device Unable to configure ospf simple password authentication |
|
VNF Install fail - VNF packages are not sync'd/copied in new added Cisco SD-WAN Manager node in Cisco SD-WAN Manager cluster |
|
Cisco SD-WAN Manager Dashboard - Alarm time zone is tagging with incorrect time zone |
|
Cisco SD-WAN Manager GUI not accessible due to too many open file descriptors. |
|
Template push to Cisco IOS XE SD-WAN device fails when changing system-ip due to vsmart centralized policy |
|
OSPF alarm down seen on vamange, OSPF process is UP |
|
Attempt to create cluster fails when adding 2nd member to standalone Cisco SD-WAN Manager |
|
Frequent Cisco SD-WAN Manager UI timeout and stuck in Please continue waiting state. |
|
"Invalid IPv4 address" is shown when inputting IPV6 DNS field |
|
sdwan - Cisco SD-WAN Manager - ip helper not more than 1 is possible with Feature and Device Templates |
|
Cisco SD-WAN Manager: UI is incorrectly showing the current version for Cisco SD-WAN Manager and vSmarts. |
|
We are not able to change Controller Certificate Authorization options in Cisco SD-WAN Manager GUI |
|
Issues with template created by API call |
|
ACI APIC to Cisco SD-WAN Manager integration issue |
|
Cisco SD-WAN Manager goes into out of memory resulting in slowness while pushing the template and accessing GUI. |
|
serverproxy-access.log not rotating in /var/log/nms |
|
UI showing console error after clicking on active/completed task as fails to show the details |
|
SSO SAMLResponse Error validating SAML message at re-authentication |
|
SSH via Cisco SD-WAN Manager GUI timeout in 180 seconds |
|
Cisco SD-WAN Manager did not validate if the template value of an interface name was correct. |
|
Configurations allows for multiple primary DNS servers |
|
Cisco SD-WAN Manager -- Template rollback when migrating EIGRP interfaces & VRFs -- 17.3 |
|
"request nms all status" command returning Python exception if containter-mgr svc was stopped |
|
DHCP excluded-address command is not being pushed via Cisco SD-WAN Manager template |
|
Server slowness during GUI operations, system degrades until login is not possible |
|
Escalations: messaging service timeout |
|
Cisco IOS XE SD-WAN device reporting normal even though it is over warning threshold |
|
netconf connection failures while installing certificate |
|
Cisco SD-WAN Manager removes \ character when imported to cli template from running configuration |
|
audit-log: invalid session with a user due to inactivity even though app-server not shutdown |
|
Cisco SD-WAN Manager CLI template push failing due to controller transaction ID error |
|
Creation of Cisco SD-WAN Manager DR Cluster Failed, GUI showing duplicate entry for DR Cisco SD-WAN Manager |
|
Shaper Rate and QoS Map device specific variable get reset when changed to "Per-tunnel-QoS" hub |
|
CLI template does not push snmp-server community config |
|
cannot remove NAT configuration from the template in a single operation if NAT translation is active |
|
Cisco SD-WAN Manager cluster does not show Graphs for less than 7 Days |
|
Cisco SD-WAN Manager App Route Visualization - Citrix Flows are missed in GUI |
|
UTD signatures update stopped working suddenly |
|
"Server Error, Details: Unable to get pcap session" is printed in the Cisco SD-WAN Manager GUI |
|
Fail to upload images to software repository post Cisco SD-WAN Manager upgrade to 19.2.4 |
|
/dataservice/device/omp/routes/advertised?deviceId reply is empty |
|
Cisco SD-WAN Manager - TACACS requests are sourced from old interface IP after IP changed |
|
Cisco SD-WAN Manager is unable to push both interface and ip as a next-hop |
|
Cisco SD-WAN Manager: Control connection up with Edge devices however, do not show up on Dashboard |
|
Cisco SD-WAN Manager DB can not boot up due to neo4j complains about older version |
|
skip statistics update when crypto engine is busy and throttling msgs |
|
C1121x-8P - doesn not recognize any of its switch interfaces |
|
SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details |
|
SDWAN/Cisco IOS XE Catalyst SD-WAN device:Add errmsg() infra-structure to OMP Agent |
|
Cisco IOS XE Catalyst SD-WAN device can not apply speed, duplex and negotiation in one Cisco SD-WAN Manager transaction |
|
GD box crashed @ stile code with 17.3.1 FC1 image |
|
Can't update local-address in a crypto keyring |
|
The tunnel interface remains up even when the physical interface not have IP address |
|
Not all OMP routes getting installed |
|
Bfd session stuck in invalid state |
|
17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on ASR1K |
|
Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4 |
|
SunRPC ALG resets connection with ZBFW inspection enabled |
|
Cisco IOS XE Catalyst SD-WAN device crashes while running web traffic testing with security features enabled |
|
LTE interface is not getting IP address after upgrading teh router. |
|
The BFD sessions between Cisco IOS XE Catalyst SD-WAN device routers are down due to IN_US_V4_PKT_SA_NOT_FOUND_SPI |
|
"Show sdwan bfd session" showing application communication failure |
|
CSR1000v crashing frequently with Critical software exception error. |
|
Cisco IOS XE Catalyst SD-WAN device: TenGigabitEthernet interface in admin shut after reload |
|
It is possible to apply changes through TCL in Cisco IOS XE Catalyst SD-WAN device device in Cisco SD-WAN Manager Mode |
|
Cisco Catalyst SD-WAN:Cisco IOS XE Catalyst SD-WAN device ipsec replay-window size decreases to 128 after a peer reloading |
|
ISR4331/K9 running 16.12.04 crashed with Segmentation fault(11), Process = Cellular CNM |
|
Cisco IOS XE Catalyst SD-WAN device Plogd BFD events messages are not human readable for bfd-state-change |
|
SDWAN custom policy that does not looked to be programmed correctly on the Cisco IOS XE Catalyst SD-WAN device platform |
|
The FIB is not programmed as per the RIB entries |
|
crash seen on ISR4461 |
|
sdwan control packets getting dropped when ACL applied |
|
Cisco IOS XE Catalyst SD-WAN device unexpected reboot - Stuck CPP Thread |
|
Switchport Feature Template is not working Properly - Missing VLANs on VLAN-DATA BASE |
|
Cisco IOS XE Catalyst SD-WAN device crash on upgrade from 16.12.4 to 17.3.2 |
|
user locked out while upgrading Cisco IOS XE Catalyst SD-WAN device 16.09.06 to 17.3.2 |
|
DCHP offer frame getting dropped on Cisco IOS XE Catalyst SD-WAN device ISR4431 due to Policy |
|
Zone Based Firewall on Cisco IOS XE Catalyst SD-WAN device router dropping web traffic with the reason Zone-pair without policy |
|
Loopback flap error after upgrading the Cisco IOS XE Catalyst SD-WAN device's to 17.3.2 |
|
Cisco IOS XE Catalyst SD-WAN device Traceback @cpp_vbuginf_flags_error seen with 16.12.14 while connected to AWS 19.2.3 |
|
cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging |
Bugs for Cisco SD-WAN Controller Release 20.3.2.1
This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.
Resolved Bugs for Cisco SD-WAN Controller Release 20.3.2.1
Bug ID |
Description |
---|---|
Reassign "oom_score_adj" Values in "sysmgr.conf" |
|
Kernel Panic is seen after upgrade the vmanage to 20.3 |
|
Config-DB upgrade from 3.5.14 to 3.5.22 through vManage SW upgrade. |
|
Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood |
|
Cloudservices Radio button needs enable disable seperate check box for vAnalytics and Monitoring |
|
Introduce basic stats collection backpressure [v1] |
|
Change for configdb query planner to hint more effectively via $param instead of old-style {param} |
Open Bugs for Cisco SD-WAN Controller Release 20.3.2.1
Bug ID |
Description |
---|---|
Messaging server and App-server is not getting started upon VM shutdown/start |
|
Full GC (Allocation Failure) on Standalone Cisco SD-WAN Manager running 264 devices |
|
Cisco SD-WAN Manager GUI is not accessible: upstream connect error |
|
Reassign "oom_score_adj" Values for tracker |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2
Bug ID |
Description |
---|---|
Cisco PKI Root Certificates not installed in recent images - - Polaris Side commit |
|
Flow monitor is removed from interface configuration on reload |
|
ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config |
|
ISR4451: 'Protocol not in this image' logs are seen after advertise network <prefix> config commit |
|
ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to() |
|
ASR1001-X: 'show environment' is no longer monitoring R0 voltage sensors |
|
ESPx : CMAN-FP process crash for get_fpga_version API fails |
|
MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console |
|
fmap_fp crash seen on removing utd ssl config with container uninstallation |
|
Performance monitor caused QoS miss classification |
|
The "from Tunnel" direction of the Traffic Data Policy does not get apply on the IOS XE SDWAN |
|
"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed" |
|
Crash due to a segmentation fault in the "IPsec background proc" process |
|
Inbound CoPP policy causes outbound packets to fail to show up in EPC |
|
Getvpn PFS logging enhancement |
|
[Cisco IOS XE Catalyst SD-WAN device-DiaTracker]configuration not getting updated through device template , |
|
Deleting a Voice Port on CUCM Shuts Down Additional Voice Ports on MGCP Gateway |
|
Cisco IOS XE Catalyst SD-WAN device - CLI should ask for confirmation of request software reset |
|
17.3: Cisco IOS XE Catalyst SD-WAN device -show sdwan omp vpn <> 0.0.0.0/0 detail broken on Cisco IOS XE Catalyst SD-WAN device |
|
Link auto-negotiation fails between C1111-4P ES-4 switch module and Meraki MX100 |
|
AAR policy does not work properly after Poweroff/Poweron Cisco IOS XE Catalyst SD-WAN device ISR4451 |
|
17.3: EFT Customer seeing an issue with show sdwan app-route stats command |
|
ASR1K:16.12.4 => 17.3.1: sessions classified based on CTS SGT/DGT are not synced to the standby |
|
sec policy pushing fail when remove L7 app from rule and action to drop |
|
IOS-XE+ZBFW+CUBE: One-way Audio. TCP 5060 is not recognized as SIP. |
|
GETVPN group member drops traffic due to replay failure every 497 days |
|
Static NAT outside breaks locally generated TCP/UDP traffic |
|
NIM-1GE-CU-SFP/NIM-2GE-CU-SFP: Show interface output reports incorrect bandwidth |
|
Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform |
|
IGMP reports are forwarded to mrouter port untagged regardless of which VLAN the group is in |
|
Data policy `from-tunnel` is not programmed if `from-service` presented |
|
ASR1002X lost all configuration after upgrade from 16.12 to 17.3 |
|
IOS-XE: IPv6 OSPF authentication ipsec - adjacency fails |
|
GRUB2 Arbitrary Code Execution Vulnerability |
|
ASR1001-X: Issue a cpld reset instead of reboot in kcrash |
|
Netconf deleting wrong IKEv2 parameters |
|
FirewallNotInitiator drops with ZBFW for DIA traffic over Dialer interface with UTD enabled |
|
[SIT] Ramanos lost control and crashed after attaching device template |
|
NAT packet drops with IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED sub-code |
|
Secondary KS does not push new policy after merge if IPD3P is configured |
|
ZBFW HA redundancy stuck in STANDBY-COLK-BULK. Bulksync Traceback seen in logs |
|
Day 0 Config Bringup after Power OFF/ON | C1121X-8PLTEP |
|
Azure csr-Cisco IOS XE Catalyst SD-WAN device 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1 |
|
[ISR4K + SM-X-ES3-* module] Memory leak in iomd |
|
IP DHCP Snooping not working for the voice vlan |
|
QoS classification failing with DSCP bits on IPSEC+QoS+Mcast when applied on service side interfaces |
|
ASR1K, C9800 Commit config clean up for cstate and pstate to 17.4, 17.3.2, 17.2.2: backout idle=poll |
|
Removing and Adding Bulk ACL leads to Tracebacks and Error-Objects |
|
sdwan multicast Cisco IOS XE Catalyst SD-WAN device rpf failure even with unicast route present in rib and omp |
|
16.12.4 ucmk9 Cisco IOS XE Catalyst SD-WAN device not able to join overlay with 19.2.3 and 20.3 |
|
sipline: VG450 stopped operating due to low mem threshold |
|
Crash due to a NULL pointer while bringing down PPPoE sessions. |
|
tunnel interface remains up even when the physical interface not have IP address |
|
%IOSXE_INFRA-3-PUNT_ADDR_RES_ENCAP_ERR: seen repeatedly in LISP coworking with VASI |
|
IGMP snooping table not populated on ISR4k |
|
ISR4351:Crash seen with ZBFW. Reboot reason:Critical process qfp_ucode_utah fault on fp_0_0 (rc=139) |
|
Unexpected reload seeing after resequencing ACLs |
|
cpp_sp_svr on XE router cpp_fm_cace_alloc_dp unable to allocate memory |
|
Backward compatibility issue for model between Cisco SD-WAN Manager version 20.3 and device version 17.2 |
|
ASR1001-X ftmd crash: ftm_tunnel_sla_tunnels_get_object |
|
Police to PPS is not configurable on ISR4K |
|
Cisco IOS XE Catalyst SD-WAN device may crash when template with big security policy pushed |
|
Static ip sdwan route does not work with endpoint tracker after upgrade to 17.3.1a |
|
IOS-XE SD_WAN router crashed after upgrade to 17.3.1a |
|
Cisco IOS XE Catalyst SD-WAN device data-policy breaks SRST media stream with default-action accept or accept in sequence |
|
Alpha OEAP: AP not able to join eWLC due to the Keyman process is down |
|
PMTU Discovery may negotiate an incorrect MTU on XE SDWAN routers |
|
BFD sessions flap after multiple control connection flaps to the vSmart. - Polaris side commit |
|
Large tcp stream fails DNS translation |
|
XE SDWAN router crash due to system memory exhaustion caused by FTM memory growth |
|
When large number of policies are applied to a ASR1001-X running 17.3.1, traffic is dropped. |
|
endpoint-tracker for a tunnels malfunctioning |
|
Summary/default-map routes getting ignored for p2p interface |
|
CSR1000v rebooted with reason 'CPU Usage due to Memory Pressure exceeds threshold' |
|
Memory leak upon ssh/scp connections to a router |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2
Bug ID |
Description |
---|---|
ISRv-Cisco IOS XE Catalyst SD-WAN device 16.12.1b RFC2544 IPv4 performance on CSP5436: 8VCPU SRIOV throughput degrade significant |
|
ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5 |
|
sslvpn PD : large file download fails over sslvpn |
|
ASR1k: harddisk usage is always zero in "show platform resource" for consolidated platforms |
|
Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured |
|
ISR4451 rebooted with reason_code "CPU Usage due to Memory Pressure exceeds threshold" |
|
ASR1k crash when doing a FIB lookup |
|
ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure |
|
Telit case 00161045: IR1101 - Upon bootup LM960 modem Firstnet SIM no IP when LTE tech AUTO |
|
ESP20 Rommon upgrade fails from 15.3(3r)S to 16.2(1r) |
|
Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol |
|
PMAN-3-PROCFAIL: Chassis 1 R0/0: pman: R0/0: The process keyman has failed (rc 139) |
|
RM crash at __be_address_cmp __be_avl_get_next while doing shut/no shut or BR |
|
BR crash at __be_strlen __be_fman_rtmap_create_route_map_msg |
|
unexpected reload due to Crypto IKEv2 process |
|
CLI template push for banner login <> configuration fails on Cisco IOS XE Catalyst SD-WAN device |
|
Router may crash under ZBF configuration |
|
[DyT]: TTM not updating link routes and omp routes are not getting updated |
|
QoS odd behaviour with percentage based policing |
|
can not update local-address in a crypto keyring |
|
Errors on WLC "Chassis 1 R0/0: wncd: Connection DOWN with Map server IP" for LISP map server |
|
IPSEC tunnels to AWS TGW failing when VPN tunnel doesn't allow all traffic |
|
CDP on interfaces is not enabled when CDP is enabled globally on ASR Routers in controller mode |
|
O365 CoR-SaaS shows random losses |
|
ENH: Add support for TACACS/RADIUS as sdwan tunnel service |
|
memory leakage of cpp_sp_svr |
|
Cisco IOS XE Catalyst SD-WAN device is not able to ping its own loopback |
|
Cellular interface down/up frequently occurs with SORACOM sim(DoCoMo MVNO) |
|
Recursive configuration with privilege exec level <level> show dmvpn [detail|static] |
|
No responder-bytes from Cisco IOS XE Catalyst SD-WAN device when UTD is enabled |
|
Router may crash when using Stateful NAT64 |
|
Protocol specific change for base path |
|
ASR1K Crash on configuring IP NAT inside source list under VRF |
|
SDWAN 17.2.1/17.4.1 - Cisco IOS XE Catalyst SD-WAN device router may restart after pushing template with QoS |
|
GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage |
|
C1111-8P: NAT translations packet counter MIB OID counts unnecessary additional value |
|
C1111 reboot-loop is seen once upgrade to 17.3.1a |
|
Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX |
|
ISR44xx shows RP serial number instead of chassis serial in "sh license UDI" CLI output |
|
Cisco IOS XE Catalyst SD-WAN device sees cpp-mcplo-ucode crash |
|
CoR-SaaS shows 100% loss for dialer interface |
|
[Cisco IOS XE Catalyst SD-WAN device/CSR1kv] IPv6 Underlay, IPv6 fragmented but packet size is smaller than MTU |
|
ASR1k NAT66 communication failure when change the NAT66 prefix configuration. |
|
tunnel interface remains up even when the physical interface not have IP address |
|
Netflow exporter traffic is sent with a UDP source port of 0. |
|
Pre-mature session deletion leading to churn and lower TPS at scale |
|
"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload |
|
DMVPN with ipv6 link-locall address do not register to HUB |
|
route not getting installed, need to remove and reattach the template |
|
After SIM OIR, SIM is not detected after SIM failover on C1109-2PLTEGB |
|
NAT64 ALG: Router crashes on nat64_process_token |
|
Passive FTP doesn't work with NAT |
|
GETVPN : Order of configuration of PFS in GKM group |
|
ISR router running 16.9.6 crashes authenticating crypto certificate |
|
vEdge/Cisco IOS XE Catalyst SD-WAN device - rekey timer expires, but tunnels stay up |
|
IOS-XE 16.12.1 - platform punt-policer has some wrong default values |
|
Async: First line of NIM/SM-async module get unexpected char when VDSL active |
|
ISR 4k fails to install new IPSec SAs |
|
Cisco IOS XE Catalyst SD-WAN device: fman-fp core / watch dog failure on 17.2.1r in do_lookup_x |
Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a
This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool
Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a
Bug ID |
Description |
---|---|
SPA modules on ASR1002-X/ASR1001-X does not get recognized under show platform |
|
PfRv3: Crash while Printing the Same TCA Message |
|
Router crash after adding macsec reply-protection command on an interface |
|
Cisco SD-WAN Manager is not exhibiting the correct hostname of Cisco IOS XE Catalyst SD-WAN device |
|
Performance Monitor crash |
|
ISR1100 not booting up after power cycle and gets stuck in boot loop - cdb itself gets corrupted |
|
Template push stuck on Cisco SD-WAN Manager Cluster when pushing new System IP to Edge router |
|
CFT crashed frequently |
|
%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space |
|
UmbrellaConnector drops packets sent from Linux machine |
|
Ctrl+Z causes syntax error: unknown argument |
|
IOS-XE device has memory leak in linux_iosd-imag |
|
x509 SSH authentication incorrect UPN value selected |
|
Cisco IOS XE Catalyst SD-WAN device_Policy_regression: Service IPv6 ping is failing if the interface vrf forwarding is replaced |
|
NAT Alias not created for some configuration when using application redundancy |
|
AnyConnect fails to reconnect when original session expires |
|
Router crashed when attempting to remove a nonexistent trustpoint from dspfarm profile |
|
Seeing IpsecOutput drop for Cisco IOS XE Catalyst SD-WAN device even though ip packet size is less than 1442. |
|
Cisco IOS XE Catalyst SD-WAN device: 'security ipsec replay-window' needs to support 8192 |
|
EVPN RMAC stale routes seen |
|
show crypto pki server shows wrong expire certificate date |
|
spoke-to-spoke PLR packets should not change the interface PLR status |
|
NGIO Lite is crashed when MT SMS with special characters (EMS) is received |
|
Random IPSEC drops on ESP200 with esp-gcm transform set |
|
ASR1K ucode crash after too many locks in ZBF pair setup |
|
CFLOW_INSERT ABORT errors continue to increment |
|
Ping fails on hundred gig primary interface with FRR configured though MPLS traffic is not impacted |
|
SDWAN ISR1100: No SW Image listed when .bin image booted from flash / usb |
|
IOS PKI: P12 not generated on IOS Sub CA at rollover certificate generation |
|
XE SD-WAN Router SSH might get disabled followed by software reset and another reload |
|
ISR4331/K9 Dialer cannot make calls suddenly |
|
NAT doesn't translate SIP header's orignial source for return traffic on 16.9.3 and 16.9.4 |
|
Orthrus: Interface is down after shut/no shut. |
|
Fix for kernel driver issue causing wake up for empty block, packet too large to process |
|
ISR4K: %BOOT-3-BOOT_SRC: R0/0: No space on boot /dev/bootflash5 for packages, using bootflash! |
|
ISR G3 router crashes when rtp-nte DTMF packet arrives at MTP + BDI |
|
ISR4K / ASR / CBR8 crash in cpp_cp_svr due to watchdog timeout |
|
Cisco IOS XE Catalyst SD-WAN device reboot with UNIX-EXT-SIGNAL: Segmentation fault(11), Process = iosp_vty_100001_dmi_nesd |
|
On Cisco IOS XE Catalyst SD-WAN device all the BFD session flap if there is a control connection flap to Cisco SD-WAN Manager |
|
SDWAN device admin-tech has empty "show running config" in /tech/ios file |
|
ASR1k: Unicast DHCPREQUEST dropped when received on a EoGRE tunnel configured with VRF |
|
Packet drops in XE-SDWAN because of "IN_CD_COPROC_ANTI_REPLAY_FAIL" errors |
|
Skip SDWAN tunnel encapsulated packets in UTD DP and set inspected flag when skipping inspection |
|
PKI CLI - no warning that rsakeypair name starting from 0 (zero) is not working for cert regenerate |
|
Interface does down when "l2vpn xconnect" command is removed |
|
SD-WAN router running 16.10.3 crashes with cpp_cp_svr fault |
|
ISR4K Unexpectedly Reboots with CENT-BR-0 |
|
UltimaThule: ISR4451 router crashed when template is pushed from Cisco SD-WAN Manager |
|
Router reloads due to crypto pki crl request <trustpoint-name> during get a fresh copy of CRL |
|
cpp_cp_svr fault and fman_fp_image fault on ASR 1002-x routers running 16.12.2r |
|
SDWAN device and Cisco SD-WAN Manager is not in sync when manual software reset is done |
|
Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability UTD |
|
"Exporter Version" is not correct in the FNF cpp client exporter show command |
|
Cisco SD-WAN Solution Software Buffer Overflow Vulnerability |
|
XE SD-WAN : Cannot specify the specific vpn except <1-512> in show sdwan app-fwd cflowd flows vpn x |
|
Cisco IOS XE Catalyst SD-WAN device QOS Policy-Map on Parent Interface Maps Traffic to Wrong Queue When Traffic on Sub-Int |
|
Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low |
|
ASR1k:Router stops forwarding traffic with MPLS TE & FRR when member link of port-channel is shut |
|
Crash upon delete of virtual-access when virtual-template has "no tunnel protection ipsec initiate" |
|
unexpected reload in CPP ucode forced by nat 514 . |
|
VLAN1 is allowed on the trunk port even though it is not allowed in configurations of C111 interface |
|
XE SD-WAN : cflowd not working after re attaching template |
|
TBAR is not disabled in GM when it is disabled in KS |
|
CSR on AWS - PAYG Broken in 17.1, 17.2, and Polaris |
|
MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen |
|
Part of double encapsulated frames dropped with TunnelDecapTooManyTimes code reason |
|
Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI. |
|
Duplicate ipv6 address while connecting to remote client |
|
Cisco IOS XE Catalyst SD-WAN device crashes after changing flow-sampling-interval within a cflow policy |
|
GETVPN: KS 16.12.x - COOP switchover causes GMs to immediately use new TEK rekey |
|
Possible Regression ISR4K Mgmt Port ACL Breakage or simply Day One Implementation As Designed |
|
Route export not working as desired during failover testing |
|
Cisco IOS XE Catalyst SD-WAN device crashes after the push of a template for Umbrella |
|
IPsec tunnel is getting established for a backup NHS DMVPN hub |
|
SSH Process Thrash During Normal Operations |
|
Memory leak in SCCP TLS Client on unexpected deregister event |
|
Packet Duplication fails to duplicate packets in Cisco IOS XE Catalyst SD-WAN device Devices |
|
Device crashed after Boost license expire |
|
ASR1K crash when modifying crypto keyring configuration |
|
FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer |
|
Object (IPv6 ACL ) stuck in forwarding data plane. No ipv6 traffic goes towards the upstream router |
|
RTP-NTE to OOB DTMF Interworking Failure over BDI with Dot1q Tagging |
|
CSR stuck in Bootloop while upgrading to 17.2.1r on Azure. |
|
ASR1001-X 16GB: Kernel crashes repeatedly after upgrading from 16.12.2 to 17.2.1 |
|
Enabling guestshell gives "float division by zero" |
|
Template push error due to NAT-MIB process helper traceback/warm restart |
|
virtio interfaces not discovered by IOS when host MTU config > 1518 |
|
Incorrect PMTU programmed for XE SDWAN router tunnel control-plane while data-plane is correct |
|
IPSec HMAC drops between after stress traffic and link flap |
Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a
Bug ID |
Description |
---|---|
ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5 |
|
ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config |
|
MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console |
|
ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure |
|
IOS cannot boot with 16.12(1r) or later rommon due to cookie PID field incorrectly programmed |
|
AAR policy does not work properly after Poweroff/Poweron Cisco IOS XE Catalyst SD-WAN device ISR4451 |
|
sec policy pushing fail when remove L7 app from rule and action to drop |
|
CSR1000V not processing padded and unknown option Hop-by-Hop Options Headers |
|
Memory leak observed for FTM process leading to a device crash eventually. |
|
Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform |
|
ASR1001-HX, CCP crash due to invalid address accessed by DTL |
|
CXP Probe DNS packets are not exiting via correct source interface |
|
20.3 vSmart Failover Induced Cisco SD-WAN Manager/Device Connection Failure |
|
Azure csr-Cisco IOS XE Catalyst SD-WAN device 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1 |
|
sdwan multicast Cisco IOS XE Catalyst SD-WAN device rpf failure even with unicast route present in rib and omp |
|
[RM]-Observing router reload after saving the QOS+APP_PERF config in RAMONES |
|
SDWAN 17.3/20.3 - SNMP MIB Query for Interface Description OID return only up to 64 characters |
|
fmap_fp crash seen on removing utd ssl config with container uninstallation |
|
Template push on ISR1k not working due to no authentication timer "reauthenticateError" |
|
vAnalytics - Launch vAnalytics not working in Cisco SD-WAN Manager UI |
Interactive Help in Cisco SD-WAN Manager
To access the list of guided workflows for this release, from Cisco SD-WAN Manager, click Interactive Help.
The Interactive Help interface allows you to search for a specific workflow and filter the search results by workflow names.
This release provides guided workflows for the following procedures:
Workflow |
Description |
---|---|
Configure Controllers and Devices |
|
Configure Cisco Catalyst SD-WAN Validator |
Configure the Cisco Catalyst SD-WAN Validator and add it to the overlay network. |
Configure Cisco Catalyst SD-WAN Controller |
Configure a Cisco Catalyst SD-WAN Controller to control data traffic flow throughout the network. |
Configure Cisco SD-WAN Manager Instance |
Configure a Cisco SD-WAN Manager instance by creating a device configuration template and adding it to the overlay network. |
Configure Cisco Catalyst SD-WAN Devices |
Configure Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices by creating configuration templates. |
Manage Devices in Overlay Network |
|
Add Devices to the Overlay Network |
Add Cisco Catalyst SD-WAN devices either by using authorized serial numbers or from Cisco Smart account. |
Decommission Virtual Devices |
Decommission a Cisco IOS XE Catalyst SD-WAN device or Cisco vEdge device to remove the device serial number. |
Remove Devices from the Overlay Network |
Remove Cisco Catalyst SD-WAN devices to clear an old device configuration from the Cisco SD-WAN Manager server. |
Change Device Values |
Change Cisco Catalyst SD-WAN device configuration by populating the variable values for the device. |
Troubleshoot Device Issues |
Determine and fix common Cisco Catalyst SD-WAN device connectivity issues. |
Upgrade Devices and Controllers |
Install and activate an upgraded software for Cisco Catalyst SD-WAN control components and Cisco Catalyst SD-WAN devices. You cannot use this workflow for:
|
Whom to contact for feedback?
We value your opinion and please send us your feedback at, mailto:sdwan-workflow-fb@cisco.com
Cisco Catalyst SD-WAN Control Components Compatibility Matrix and Server Recommendations
For compatibility information and server recommendations, see Cisco Catalyst SD-WAN Control Components Compatibility Matrix and Server Recommendations.
Supported Devices
For device compatibility information, see Cisco Catalyst SD-WAN Device Compatibility.