Release Notes for Cisco IOS XE Catalyst SD-WAN Device, Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x


Note


To achieve simplification and consistency, the Cisco SD-WAN solution has been rebranded as Cisco Catalyst SD-WAN. In addition, from Cisco IOS XE SD-WAN Release 17.12.1a and Cisco Catalyst SD-WAN Release 20.12.1, the following component changes are applicable: Cisco vManage to Cisco Catalyst SD-WAN Manager, Cisco vAnalytics to Cisco Catalyst SD-WAN Analytics, Cisco vBond to Cisco Catalyst SD-WAN Validator, and Cisco vSmart to Cisco Catalyst SD-WAN Controller. See the latest Release Notes for a comprehensive list of all the component brand name changes. While we transition to the new names, some inconsistencies might be present in the documentation set because of a phased approach to the user interface updates of the software product.

These release notes accompany the Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x, which provides Cisco SD-WAN capabilities. They include release-specific information for Cisco Catalyst SD-WAN Controllers, Cisco Catalyst SD-WAN Validators, and Cisco SD-WAN Manager, as applicable to Cisco IOS XE Catalyst SD-WAN devices.

For release information about Cisco vEdge Devices, refer to Release Notes for Cisco vEdge Devices, Cisco SD-WAN Release 20.3.x.

What's New for Cisco IOS XE Catalyst SD-WAN Release Amsterdam 17.3.x

This section applies to Cisco IOS XE Catalyst SD-WAN devices.

Cisco is constantly enhancing the SD-WAN solution with every release and we try and keep the content in line with the latest enhancements. The following table lists new and modified features we documented in the Configuration, Command Reference, and Hardware Installation guides. For information on additional features and fixes that were committed to the SD-WAN solution, see the Resolved and Open Bugs section in the Release Notes.

Table 1. Cisco IOS XE Release 17.3.2
Feature Description

Systems and Interfaces

Support for Dialer Interface in DSL

This feature enables tracking of a Point-to-Point Protocol (PPP) session over a dialer interface on Cisco IOS XE SD-WAN devices.

Dialer interface is used in Digital Subscriber Line (DSL) in the deployments of Point-to-Point Protocol over Ethernet (PPPoE), Point-to-Point Protocol over Asynchronous Transfer Mode (PPPoA). Dialer interface always stay up irrespective of the PPP session status. This helps to avoid the need for additional configuration such as IP SLA and tracking for routing failover to work while using dialer interfaces.

The command dialer down-with-vInterface is added to bring down the dialer interface when the PPP session goes down.

Routing

OSPFv3 Support on Cisco IOS XE SD-WAN Devices

Open Shortest Path First version 3 (OSPFv3) is an IPv4 and IPv6 link-state routing protocol that supports IPv6 and IPv4 unicast address families.

Multicast over L3 TLOC Extension

This feature enables support for transport location (TLOC) which allows addition of the peers transport to avoid the extra cost of additional IP and allows the use of dynamic load balance across multiple transports.

Cloud OnRamp

Transit Gateway Peering

This feature enables the ability to establish peer connections between transit gateways in different AWS regions. With this feature, you can connect to various Transit Virtual Private Clouds (TVPCs) and on-premise networks using a single gateway. The ability to peer transit gateways between different AWS regions enables you to extend the connectivity and build global networks spanning multiple other regions. To support inter-region connectivity, mapping and audit functions are enhanced.

Policies

NAT Fallback on Cisco IOS XE Catalyst SD-WAN Devices

Cisco IOS XE Catalyst SD-WAN devices support the NAT fallback feature for Direct Internet Access (DIA). The NAT fallback feature provides a routing-based mechanism for all traffic that is sent to the DIA route to use an alternative route when required. With this release, fallback is supported on the service and tunnel side.

Table 2. Cisco IOS XE Release 17.3.1a
Feature Description

User Documentation and Interactive Help in Cisco vManage

User Documentation

Starting from this release, we've restructured the listing page of our configuration guides to display category-wise book and chapter contents. This new page lets you switch between releases using the View Documents by Release drop-down list.

Interactive Help in Cisco vManage

This feature helps you navigate Cisco vManage and complete vManage procedures using guided workflows. The Interactive Help points to elements within the Cisco SD-WAN Manager interface and shows you where to click next and what to do to complete a selected workflow.

Cisco SD-WAN Getting Started

Generate a Bootstrap File For Cisco IOS XE SD-WAN Devices Using the CLI

This feature enables you to generate a minimum bootstrap configuration file directly on a device, that enables a device to reconnect to the controller in case the full configuration is ever lost or removed.

Cisco SD-AVC Cloud Connector

When enabling Cloud onRamp for SaaS to manage Office 365 traffic, you can limit best path selection to apply only to some Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft, or to include all Office 365 traffic.

The Cisco SD-AVC Cloud Connector provides support for this functionality.

On Premises ZTP Server for Cisco SD-WAN

This feature extends the on-premise Plug and Play implementation support to Cisco IOS XE SD-WAN routers.

Device Onboarding Enhancement

Starting from Cisco vManage Release 20.3.1 you can onboard a device to Cisco vManage by directly uploading a .csv file containing details of your device, from your system.

Cisco vManage Cluster Upgrade

This feature outlines the upgrade procedure for Cisco vManage servers in a cluster to Cisco vManage Release 20.3.1.

Systems and Interfaces

Configure a Router as an NTP Primary

This feature lets you configure a supported router as an NTP primary router. Other nodes in a Cisco SD-WAN deployment synchronize their clocks to the NTP primary router. This configuration is useful if you do not have an NTP server in your deployment.

Export vManage Audit Log as Syslog

The Cisco vManage NMS exports audit logs in syslog message format to a configured external syslog server. This feature allows you to consolidate and store network activity logs in a central location.

Hardened Passwords

This feature enables password policy rules in Cisco SD-WAN Manager. Once enabled, Cisco SD-WAN Manager enforces the use of strong passwords.

Configure Sessions in Cisco vManage

This feature lets you see all HTTP sessions open within Cisco vManage. It gives you details about the username, source IP address, domain of the user, and other information. A user with User Management Write access, or a netadmin user can trigger a log out of any suspicious user's session.

You can set client session timeouts, session lifetimes, server session timeouts, and enable the maximum number of user sessions in Cisco vManage.

Posture Assessment Support

Identity Services Engine (ISE) Posture functions are intergrated into Cisco 1100 Integrated Services Routers. This feature enables you to utilize Posture Assessment capabilities to validate the compliance of endpoints according to security policies of your enterprise.

For Cisco vManage Release 20.3.1 this feature can only be configured using CLI Add-On feature templates in Cisco vManage.

Remove Certificate SUDI requirement.

This feature allows you to use a subject SUDI serial number instead of a certificate serial number to add a device to a Cisco SD-WAN overlay network.

Integration with Cisco Unified Communications

This release adds support for using a feature template to enable Cisco IP-based media services.

Dynamic On-Demand Tunnels

This feature enables you to configure an Inactive state for tunnels between edge devices, reducing performance demands on devices and reducing network traffic.

Static Route Tracker for Service VPNs

This feature enables you to configure IPv4 static route endpoint tracking for service VPNs.

For static routes, endpoint tracking determines whether the configured endpoint is reachable before adding that route to the route table of the device.

To configure Static Route Tracking on Cisco vManage, configure an endpoint tracker using Cisco System template, and Configure a static route using the Cisco VPN template.

NAT DIA Tracker for Cisco IOS XE SD-WAN Devices

This feature allows you to configure a system tracker to probe the transport interface periodically to determine if the Internet or external network becomes unavailable.

You can configure DIA Tracker using the Tracker tab of the Cisco System template.

You can apply the tracker to a transport interface using either Cisco VPN Interface Ethernet or Cisco VPN Interface Cellular templates.

Service Side NAT on Cisco IOS XE SD-WAN devices

This feature allows you to configure inside and outside NAT on data traffic traveling to and from the service-side hosts of the network overlay.

The service-side NAT configuration allows you to translate the source IP addresses for data traffic from service- side hosts to the overlay and traffic from the overlay to service-side hosts.

To configure service-side NAT using Cisco vManage, configure a centralized data policy using the Configure > Policies, and configure a dynamic NAT Pool and Static NAT address using the Service VPN template.

Qualified Commands for Cisco IOS XE Release Amsterdam 17.3.1a

Starting Cisco IOS XE Catalyst SD-WAN Release 17.3.1a, you can use additional commands in CLI Add-on feature templates.

Routing

BGP Community Propagation

This feature enables propagation of BGP communities between routing protocols during route redistribution. One one node, the OMP redistributes routes from BGP and on the other node, the OMP redistributes node into BGP. The BGP AS Path is propagated over OMP so that it can be preserved between Cisco SD-WAN nodes. The BGP community propagation helps in propagating BGP communities between Cisco SD-WAN sites, across VPNs using OMP redistribution.

OMP Route Aggregation

This feature is an enhancement where OMP route aggregation is performed only for the routes that are configured for route redistribution to avoid black hole routing. This enhancement is applicable for OSPF, Connected, Static, BGP and other protocols only if the redestribution is requested.

Route Leaking Between Global VRF and Service VPNs

This feature enables you to leak routes bidirectionally between the global VRF and service VPNs. Route leaking allows service sharing and is beneficial in migration use cases because it allows bypassing hubs and provides migrated branches direct access to non-migrated branches.

BFD for Routing Protocols in Cisco SD-WAN

This feature extends BFD support to BGP, OSPF, and EIGRP protocols in the Cisco SD-WAN solution. BFD provides a consistent failure detection method to detect forwarding path failures at a uniform rate, therefore enabling faster reconvergence time.

Forwarding and QoS

Adaptive QoS

This feature enables WAN interface shapers and per-tunnel shapers at the enterprise edge to adapt to the available WAN bandwidth. The capability to adapt to the bandwidth controls differentiated packet drops at the enterprise edge and reduces or prevents packet drops in the network core.

Policies

Application-Aware Routing Policy Support for Multicast

This feature enables support for configuring application-aware routing policy for multicast traffic on Cisco IOS XE SD-WAN devices based on source and destination, protocol matching and SLA requirement.

Support for six SLA Classes per Policy

This feature allows you to configure up to six SLA classes per policy on Cisco IOS XE SD-WAN devices. This allows additional options to be configured in an application-aware routing policy.

Support for Defining Custom Applications

This feature adds support for defining custom applications.

Service insertion tracker support

This feature extends support for service chaining to Cisco IOS XE SD-WAN devices. On Cisco IOS XE SD-WAN devices and Cisco vEdge devices, it adds a tracking feature that logs the availability of a service.

Security

Support for SGT Propagation with Cisco TrustSec Integration

This feature enables Cisco IOS XE SD-WAN edge devices to propagate Security Group Tag (SGT) inline tags that are generated by Cisco TrustSec-enabled switches in the branches to other edge devices in the Cisco SD-WAN network. While Cisco TrustSec-enabled switches does classification, propagation (inline SGT tagging) and enforcement on the branches, Cisco IOS XE SD-WAN devices carry the inline tags across the edge devices.

Cloud OnRamp

Support for Specifying Office 365 Traffic Categories for Cloud onRamp for SaaS on Cisco IOS XE SD-WAN Devices

This feature updates the existing Cloud onRamp for SaaS configuration workflow for Cisco IOS XE SD-WAN devices. The feature allows you to limit the use of best path selection to some or all Office 365 traffic, according to the Office 365 traffic categories defined by Microsoft.

Integration of AWS Branch with Cisco IOS XE SD-WAN Devices

Cisco SD-WAN Cloud OnRamp for Infrastructure as a Service (IaaS) extends enterprise WAN to public clouds. This multi-cloud solution helps to integrate public cloud infrastructure into Cisco SD-WAN fabric. This feature enables Transit Gateway (TGW) when the standard Cloud OnRamp solution is not sufficient. For example, one host VPC is connected to the Cisco SD-WAN edge router using an Internet Gateway (IGW). If the IGW bandwidth limit is less, then TGW is used for SD-WAN integration. TGW provides a way to interconnect VPCs and VPNs.

Support Catalyst 48Y4C (Cloud OnRamp for Colocation)

This release supports the use of Cisco Catalyst 9500-48Y4C switches in the Cloud onRamp for colocation cluster that enables 80G-200G of bidirectional throughput.

Flexible Topologies (Cloud OnRamp for Colocation)

This feature provides the ability to flexibly insert the NIC cards and interconnect the devices (CSP devices and Catalyst 9500 switches) within the Cloud onRamp for colocation cluster. Any CSP ports can be connected to any port on the switches. The Stackwise Virtual Switch Link (SVL) ports can be connected to any port and similarly the uplink ports can be connected to any port on the switches.

TACACS Authentication (Cloud OnRamp for Colocation)

This feature allows you to configure the TACACS authentication for users accessing the Cisco CSP and Cisco Catalyst 9500 devices. Authenticating the users using TACACS validates and secures their access to the Cisco CSP and Cisco Catalyst 9500 devices.

Network Assurance –VNFs: Stop/Start/Restart (Cloud OnRamp for Colocation)

This feature provides the capability to stop, start, or restart VNFs on Cisco CSP devices from the Colocation Clusters tab. You can easily perform the operations on VNFs using Cisco vManage.

TCP Optimization

TCP Optimization

TCP optimization support extended to Cisco ISR4221, Cisco ISRv, and Cisco 1000 Series Integrated Services Routers. See Supported Platforms for more information.

Monitor and Maintain

Embedded Packet Capture

This feature is an onboard packet capture facility that allows network administrators to capture packets flowing to, through, and from the device and to analyze them locally or save and export them for offline analysis through Cisco vManage. This feature facilitates application analysis, security, and troubleshooting by gathering information about the packet format.

TAC Access

TAC Access to Cisco SD-WAN Manager

When working with the Cisco Technical Assistance Center (TAC) to address an issue in Cisco SD-WAN Manager, users may provide TAC with access to Cisco SD-WAN Manager or TAC teams may access Cisco SD-WAN Manager using the consent token mechanism. In the past, this access has relied on a user account called viptelatac. In this release, two separate user accounts have been added, one with read-only access and one with write access. The accounts use a challenge-response authentication method.

Cisco SD-WAN for Government

Cisco SD-WAN for Government

FedRAMP, the Federal Risk and Authorization Management Program, is a United States-government program that provides a specific set of standards to ensure that a cloud provider meets the requirements to be eligible for use by the U.S. federal government. With Cisco SD-WAN for Government, you can quickly and easily deploy a Cisco SD-WAN overlay network using the Cisco Self-Service Portal. This ensures that your Cisco SD-WAN network meets the stringent requirements of FedRAMP with enhanced security and rapid deployments.

New and Enhanced Hardware Features

New Features

Hardware support added in Cisco IOS XE Release 17.3.2:

  • Cisco Catalyst 8300 Series Edge Platforms

  • Modules on Cisco Catalyst 8300 Series Edge Platforms:

    • 10G Modules

    • SM to NIM Slot Adapter

  • Cisco Catalyst 8500 Series Edge Platforms

  • Cisco Cellular Gateway CG418-E

Important Notes, Known Behavior, and Workaround

  • Cisco IOS XE Catalyst SD-WAN devices with the SFP-10G-SR module do not support online insertion and removal (OIR) of this module.

  • When you complete a Cisco SD-WAN software downgrade procedure on a device, the device goes into the configuration mode that it was in when you last upgraded the Cisco SD-WAN software on the device. If the device is in a different configuration mode when you start the downgrade than it was when you last upgraded, the device and Cisco SD-WAN Manager show different configuration modes after the downgrade completes. To put the configuration modes back in sync, reattach the device to a device template. After you reattach the device, both the device and Cisco SD-WAN Manager show that the device is in the vManage configuration mode.

  • Cisco vManage Release 20.3.1 implements a hardened security posture to comply with FedRamp guidelines. As a result, your vAnalytics login credentials that are stored locally get erased on upgrading the software, and you cannot access the vAnalytics service directly through Cisco SD-WAN Manager. In this case, log in to vAnalytics using this URL: https://analytics.viptela.com. If you can’t find your vAnalytics login credentials, open a case with Cisco TAC support.

Cisco SD-WAN Manager Upgrade Paths

For information about Cisco SD-WAN Manager upgrade procedure, see Upgrade Cisco SD-WAN Manager Cluster.

Starting Cisco SD-WAN Manager Version Destination Version

19.2.x

20.1.x

20.3.x

18.x/19.2.x

Direct Upgrade

Direct Upgrade

Check disk space*

  • If the disk space is more than 2GB: Direct Upgrade

  • If the disk space is less than 2GB: Step upgrade through 20.1

  • If you are upgrading to 20.3.5, the available disk space should be at least 2.5 GB.

For cluster upgrade procedure**: request nms configuration-db upgrade

Note

 

We recommend the data base size in the disk is less than or equal to 5GB. Use the request nms configuration-db diagnostic command to check the data base size. This is applicable only for upgrades of devices running Cisco SD-WAN Manager Release 20.1.1 and later.

20.1.x

Not Supported

Direct Upgrade

Direct Upgrade

For cluster upgrade procedure**: request nms configuration-db upgrade

Note

 

We recommend the data base size in the disk is less than or equal to 5GB. Use the request nms configuration-db diagnostic command to check the data base size. This is applicable only for upgrades of devices running Cisco SD-WAN Manager Release 20.1.1 and later.

20.3.x

Not Supported

Not Supported

Direct Upgrade

20.4.x

Not Supported

Not Supported

Not Supported

*To check the free disk space using CLI,

  1. Use the vshell command to switch to vshell.

  2. In vshell, use the df -kh | grep boot command.

**Cluster upgrade must be performed using CLI

  • Use the following command to upgrade the configuration database. This must be done on only one node that runs configuration-db in the cluster:
    request nms configuration-db upgrade

    Note


    We recommend the data base size in the disk is less than or equal to 5GB. Use the request nms configuration-db diagnostic command to check the data base size. This is applicable only for upgrades of devices running Cisco SD-WAN Manager Release 20.1.1 and later.


  • Enter login credentials, if prompted. Login credentials are prompted if all Cisco SD-WAN Manager server establish control connection with each other. After a successful upgrade, all configuration-db services are UP across the cluster and the application-server is started.


Note


The autoscale issue is fixed in Cisco SD-WAN Release 20.3.x. If your device is running on Cisco SD-WAN Release 18.4.x and mapped to a transit VPC, you must skip the upgrade to Cisco SD-WAN Release 19.2.x and Cisco SD-WAN Release 20.1.x, and upgrade directly to Cisco SD-WAN Release 20.3.x.


Resolved and Open Bugs

About the Cisco Bug Search Tool

Use the Cisco Bug Search Tool to access open and resolved bugs for a release.

The tool allows you to search for a specific bug ID, or for all bugs specific to a product and a release.

You can filter the search results by last modified date, bug status (open, resolved), severity, rating, and support cases.

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8a

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8a

Bug ID

Description

CSCwh87343

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8

Identifier

Headline

CSCwc68069

RTP packets not forwarded when packet duplication enabled, no issue without duplication feature

CSCvx25157

Cisco Catalyst SD-WAN control packets getting dropped when ACL applied

CSCwb44275

Simulated flows with NAT DIA result in crash consistently

CSCwb07307

17.6.2ES-2: BFD down on spoke after 'clear sdwan omp all' on HUB due to CD_IN_PKT_OUT_OF_WINDOW eror

CSCwc77003

Prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to Firewall Policy

CSCwe38296

The Cisco Catalyst 8500 Procyon Packets drop due to MACSEC post-encryption padding behavior

CSCwb18223

SNMP v2 community name encryption problem

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.8

Identifier

Headline

CSCwf14727

FNF ucode crash when add or remove interface

Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8

Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.8

Identifier

Headline

CSCwh68093

IPV4 Subnet Mask drop-down options are floating and Cisco SD-WAN Manager is getting frozen in Firefox browser

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7

Identifier

Headline

CSCwe43341

The TLS control-connections down, traffic from controller dropped with SdwanImplicitAclDrop.

CSCwb44275

The Simulated flows with NAT DIA result in crash consistently.

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.7

Identifier

Headline

CSCwb07307

The 17.6.2ES-2: BFD down on spoke after 'clear sdwan omp all' on HUB due to CD_IN_PKT_OUT_OF_WINDOW eror.

CSCvx25157

Cisco SD-WAN control packets getting dropped when ACL applied.

CSCwc77003

The prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to FirewallPolicy

CSCwb18223

The SNMP v2 community name encryption problem.

Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7

Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7

Identifier

Headline

CSCwb52326

Admin-tech on Cisco SD-WAN Manager cluster nodes takes one hour due to elastic search

CSCwc72071

Control connections down due to controller certificate missing on all the controllers.

CSCwd46383

Cisco SD-WAN Software Denial of Service Vulnerability

Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.7

Identifier

Headline

CSCwe07891

Cisco SD-WAN Manager 20.10 "vedge-ESR-6300-NCP" is an invalid value for template push.

CSCwd85846

The DTLS session with the Cisco SD-WAN Validator does not come up due to OOO packets received at the Cisco vEdge devices.

CSCwe38227

MT overlay not coming up with 20.3.7 image

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6

Identifier

Headline

CSCvz37661

17.6 to 17.7 : Continuous 4461 Octeon crypto crash. does not stay up.

CSCwb35884

DNS endpoint-tracker doesn't work properly for dialer when DNS server configured later

CSCwa52915

Replicator with direct multicast source reachability should be preferred among selected replicators

CSCwb32059

Cellular interface tracker Down but NAT route persists in the Service VPN Routing Table

CSCwa92082

RG B2B(Box to Box), Interchassis HA, STBY is stuck in STANDBY COLD-BULK on ISR 4461

CSCvz40788

Cisco Catalyst SD-WAN tunnels are not coming up in Multilink Frame relay sub-interface

CSCwb43605

Cisco IOS XE Catalyst SD-WAN device OMPd crash during RIB-out attribute aspath/community processing

CSCwa67886

UDP based DNS resolution doesn't work with IS-IS EMCP on IOX-XE

CSCvz84588

Destination prefix packets getting dropped because forwarding plane is not programming the next hop.

CSCvy99344

Cisco IOS XE Catalyst SD-WAN device: Multicast UnconfiguredIpv4Fia drop when multicast interworks with service chain/NAT DIA

CSCwa04960

[SIT] OMPD process memory leak seen on Cisco IOS XE Catalyst SD-WAN device

CSCvx30410

DIA not working as expected when Service Side NAT is in place.

CSCwa49721

Cisco Catalyst SD-WAN HUB with firewall configured incorrectly dropping return packets when routing between VRFs

CSCvz69103

Pending obejcts and download failure with policy update from 17.7.1 throttle image

CSCwb21195

Cisco Catalyst SD-WAN ASR Cisco IOS XE Catalyst SD-WAN device sees Anti-Replay drops when sequence number is beyond 32 bit

CSCwa81471

AOM pending objects with loopbacks binded to tloc-extended interfaces

CSCwa73783

Incorrect Cisco IOS XE Catalyst SD-WAN device COR for SAAS Policy Sequence Programming

CSCwb02851

ISR1K and ISR4K gets unexpected reload due to memory corruption

CSCvz38018

Cisco IOS XE Catalyst SD-WAN device reloads unexpectedly when issuing OMP shutdown from the CLI

CSCvx27965

Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working

CSCvy47279

C1111 device crashed when PPPoE(running NAT) cable pulled out

CSCwa92411

Slowness issues casued by intermittent traffic drop on ISRv ingress from GRE tunnel

CSCwb76509

Assert failure while showing FTM (Forwarding Traffic Manager) data in NH TYPE switch case

CSCwa64993

CXP for SaaS takes more than 5 min to detect indirect path failure over TLOC-extension

CSCwa98545

Checks of route leaks creates memory corruption.

CSCvz81428

SIT : vedaemon assert noticed in the ISR 4221 over weekend longevity

CSCwb59736

CSR BFD tunnel are zero with Cisco Catalyst SD-WAN version 17.03.03.0.7

CSCwa57873

Incorrect reload reason - Last reload reason: LocalSoft for Netconf Initiated request

CSCvy89362

Remove warning log QOS-3-INVALID_BQS_QUEUE_INFO due to LSM/0 for Cisco IOS XE Catalyst SD-WAN device multicast traffic

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.6

Identifier

Headline

CSCwb43423

Cisco IOS XE Catalyst SD-WAN device: IOS XE image installation fails

CSCvy33007

"Best of Worst" Fallback mode causes reachability issue when routes flap

CSCvx25157

Cisco Catalyst SD-WAN control packets getting dropped when ACL applied

CSCvx25217

Cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvy37285

SSH to Loopback not working

CSCvv48885

Can not update local-address in a crypto keyring

CSCwa77373

Device stuck in bootloop due to PNP process when Gi0 is DHCP enabled for a new device.

CSCvx18302

[SIT] Speed Test to Internet failing on vEdges and Cisco IOS XE Catalyst SD-WAN devices running 20.3/17.3

CSCvx69420

tunnel interface remains up even when the physical interface not have IP address

CSCwb44275

Simulated flows with NAT DIA result in crash consistently

CSCwb05743

Crash seen with umbrella config during soak run

CSCvz04121

"show Cisco SD-WAN tunnel statistics bfd" and "clear Cisco SD-WAN tunnel statistics" issues

CSCwb74821

yang-management process confd is not running, controller mode 17.6.2a

CSCwc77003

Prefix through hub not intalled in FIB, with OD Tunnels, seeing drops due to FirewallPolicy

CSCvx40516

17.5 ZBFW + NAT: Traffic flow In2Out scenario failed

CSCwc55467

BFD Tunnel on Cisco SD-WAN router is not staying up, 1 out of 40 tunnels.

CSCwa53223

Cisco IOS XE Catalyst SD-WAN device app-route policy not load balancing traffic as expected when SLA doesn't meet

CSCvx74917

[17.5 Umbrella] DNS Packets are not redirected to configured Custom DNS after Umbrella Template Edit

CSCwb18223

SNMP v2 community name encryption problem

Bugs For Cisco Catalyst SD-WAN Control Components Release 20.3.6

Resolved Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6

Identifier

Headline

CSCvz32341

Custom application list not replicated in Disaster Recovery for a Single Node Cisco SD-WAN Manager Cluster

CSCwc13452

Memory leak in Cisco SD-WAN Controller-OMP

CSCvy73412

Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context

CSCvx61152

OMP crashing due to OOM during initial boot up or churn

CSCvz28684

Huge Data replication observed during DR process of 3 node cluster running 20.3.4

CSCvx77774

Null Pointer Exception is seen on visiting software image repo page on Cisco SD-WAN Manager

CSCvy40849

Password getting written in clear text in NSO audit log and Cisco SD-WAN Manager log

CSCvz24023

Root cert sync not working for large scale deployments

CSCvy67842

Cisco SD-WAN: Cisco SD-WAN Manager Software Information Disclosure Vulnerability

Open Bugs for Cisco Catalyst SD-WAN Control Components Release 20.3.6

Identifier

Headline

CSCwc72071

Control connections down due to controller certificate missing on all the controllers.

CSCwc82326

Admin-tech generation takes ~1 hour

CSCwc68006

Traffic engineering needs to be reconfigured every time new site is added to ondemand tunnels policy

CSCvv64821

Cisco SD-WAN Manager Site Health shows wrong number of sites

CSCwc52341

Cisco SD-WAN Manager takes 10 mins to resume template push following control connection flap

CSCwc08344

TLOC down/up events do not match in Cisco SD-WAN Manager cluster

CSCwc82000

Certificate is displayed on the Cisco SD-WAN Manager UI even though controller CLI no longer hold the certificate

CSCvz34413

Replication will start from time 0 if replication leader entry not present replicationstatus table

CSCwc83720

Configdb restore results in erroneous view on Software repository and Enable ZTP

CSCwc44186

Getting Maximum session limit reached when trying to ssh to Cisco edge devices from Cisco SD-WAN Manager

CSCwc41731

Cisco SD-WAN Manager does not display realtime information if the user is logged in through TACACS.

CSCwb76421

DPI stats processing is limited to 1 to 1.3 TB per day

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5

Bug ID

Description

CSCvu32446

ISR4451 rebooted with reason_code "CPU Usage due to Memory Pressure exceeds threshold"

CSCvw60359

Cisco IOS XE Catalyst SD-WAN device-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working.

CSCvw73769

17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on ASR1K

CSCvw79936

OMPd crash seen on WAN Edge with policy push/access

CSCvw85989

SunRPC ALG resets connection with ZBFW inspection enabled

CSCvw88366

The data traffic failing in SIG + firewall config

CSCvx68704

Cisco IOS XE Catalyst SD-WAN device Packet-Duplication is duplicating traffic on same transport

CSCvx84031

Endpoint-tracker is not pushed from 20.4.1 Cisco SD-WAN Manager and Cisco IOS XE Catalyst SD-WAN device running 17.03.02

CSCvy09857

[SIT] Cisco IOS XE Catalyst SD-WAN device ISR 1100 multi process crash on 17.4.2

CSCvy54314

Data-policy local-tloc with app-route is dropping packets when SLA is not met

CSCvy58115

Cisco IOS XE Catalyst SD-WAN device : Cloudexpress Office 365 probes are hitting 100% loss

CSCvy64180

Cisco IOS XE Catalyst SD-WAN device C1121-4P crahed with Localsoft error

CSCvy78123

Cisco IOS XE Catalyst SD-WAN device: High CPU usage due to misconfigured data policy matching multicast traffic

CSCvy91411

Cisco Catalyst SD-WAN policy is not correctly programmed in Cisco IOS XE Catalyst SD-WAN device

CSCvz09330

Bootstrap aaa config issues due to default aaa config

CSCvz16095

Cisco IOS XE Catalyst SD-WAN device-Auto-rp is not propagating some of the multicast groups properly

CSCvz55789

Data-policy direction-all with empty action is causing to ignore app-route-policy

CSCvz69124

ISR4k:BFD scaling: Not able to scale more that 2048 BFD sessions

CSCvz70734

Cisco IOS XE Catalyst SD-WAN device crash with sdwan overlay multicast: "CPU Usage due to Memory Pressure exceeds threshold"

CSCvz71121

The tracker stale probe present in router

CSCvz80197

FTMD message error

CSCwa25256

Installing new enterprise wan edge cert does not remove old cert causing device to use old cert

CSCwa19074

Infinite output from command show sdwan tunnel sla

CSCvy22338

SIT : ftmd core seen is seen during a Cisco IOS XE Catalyst SD-WAN device reboot (one of dual router)

CSCwa11628

Umbrella Certificate is not getting copied to HW device causing umbrella integration to fail

CSCwa22412

The ftmd crash during reload

CSCvy43586

Unexpected reset in ftmd process during stress test

CSCvx89142

Show endpoint tracker does not show timeout happening after mul value of multiplier and interval

CSCvz09460

Remote Server: Dont send userid and password in download notifications

CSCvz31260

DP CPU degradation in Collab and Contact center flows on ISR4451 platform on 17.3 throttle

CSCvu92178

CSV file upload does not import values for variables used in cli add on template

CSCvw32884

Response message (with IDP "success" status) does not match request via Cisco SD-WAN Manager SAML logout

CSCvx97579

Cisco SD-WAN Manager Multicoud on ramp, cant attach 8kv - GUI form cant see the UUIDs entered

CSCvy07698

20.4 Getting Wrong Control Site Down Alarm alarms

CSCvy22914

Cisco SD-WAN Manager GUI down 20.3.3 due to Full GC (Allocation Failure)

CSCvy56278

Cisco SD-WAN Manager crashed due to kernal panic [20.3.3.1.2]

CSCvy59469

OMP control connections of Cisco IOS XE Catalyst SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge

CSCvy88437

AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build

CSCvy92487

Control connection to the vBond failing because of ERR_SER_NUM_NT_PRESENT on the vBond.

CSCvy97321

The omp route propagation delays due to constant marker resets on TLOC flap

CSCvz02284

Cisco SD-WAN Manager disaster recovery not replicating the statistics database

CSCvz16093

Cisco SD-WAN Manager CSR generation failed

CSCvz28451

"request nms update-internal-ip new-ip" does not work on Cisco SD-WAN Manager 20.3.4

CSCvz43823

Cisco SD-WAN Manager is not able to discover VPCs for Multi-cloud when >14 AWS accounts provisioned

CSCvz69856

Cisco SD-WAN Manager - After upgrade to 20.4.2 or 20.6.1 feature template field is not optional anymore

CSCvz78622

Change user groups from operator to netadmin fails

CSCvz07202

Tenant creation is failing on 20.3.3 MT cluster Cisco SD-WAN Manager

CSCvx83494

Cisco SD-WAN Manager GUI Authentication with RADIUS working only if user with random password configured in CLI

CSCvy75593

Continuous logs of "Could not load host key: /var/run/ssh/ssh_host_dsa_key"

CSCvw68402

Template push to Cisco IOS XE Catalyst SD-WAN device fails when changing system-ip due to vsmart centralized policy

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.5

Bug ID

Description

CSCvv48885

Can not update local-address in a crypto keyring

CSCvv82985

dhcpv6_relay:dhcp-client on branch not receive ipv6 address

CSCvw70245

AMP Retrospective events not showing on API endpoint

CSCvw78294

17.3: Pool overlod and Static Inside In2Out/Out2In fragmented packets are getting dropped

CSCvx25157

sdwan control packets getting dropped when ACL applied

CSCvx27965

Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working

CSCvx69420

Tunnel interface remains up even when the physical interface not have IP address

CSCvy33007

"Best of Worst" Fallback mode causes reachability issue when routes flap

CSCvy37285

SSH to Loopback not working

CSCvy47279

C1111 device crashed when PPPoE(running NAT) cable pulled out

CSCvy55408

router multiple crash. - session hash corrupted

CSCvy55507

Cisco IOS XE Catalyst SD-WAN devices are dropping incoming GRe keepalives due to implicit ACL

CSCvx40516

17.5 ZBFW + NAT: Traffic flow In2Out scenario failed

CSCvs90123

Cisco SD-WAN Manager became unusable after CPU spiked to 100% - no were operations performed during hike

CSCvv64821

Cisco SD-WAN Manager Site Health shows wrong number of sites

CSCvx98106

Cisco SD-WAN Manager user sessions not getting cleaned up, approx 19700 active sessions

CSCvz28684

Huge Data replication observed during DR process of 3 node cluster running 20.3.4

CSCvz32341

custom application list not replicated in Disaster Recovery for a Single Node Cisco SD-WAN Manager Cluster

CSCvz34413

replication will start from time 0 if replication leader entry not present replicationstatus table

CSCvz40247

Security policies applied to incorrect interface in cluster mode, iptables

CSCvz62751

Cisco SD-WAN Manager: Noticed RouteMap attribute modification failure , while attempting through CLI Template

CSCvz63280

vEdge Does Not Respond Properly to vSmart Policy Prefix-list Changes (CLI Policy)

CSCvz75471

New sequence in RPL with set as-path has both prepend and exclude as required fields

CSCwa38524

Cisco SD-WAN Manager 20.3.5: Cisco IOS XE Catalyst SD-WAN device upgrade fails with java.lang.Exception

CSCvz66256

Filtering the data based on local tloc is returning no data in Cisco SD-WAN Manager GUI for DPI stats

CSCwa08191

DB backup fail after upgrade 20.3 -> 20.6 -> 20.7

CSCvy69307

Token fails to get generated when trying to login to Cisco hosted Cisco SD-WAN Manager via GUI

CSCwa75574

17.3.5: TSN crash with qfp-ucode-tsn-le

CSCwa75343

17.3.5: ISR 4221 router crashed with multiple core files

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a

Bug ID

Description

CSCvu93871

SDWAN 17.3/20.3- Cisco IOS XE Catalyst SD-WAN device1002HX- FTMD crash during traffic test run

CSCvv53387

Cisco IOS XE Catalyst SD-WAN device is sending incorrect if index values for the sub-interfaces.

CSCvv92064

App-aware policy need to be honored when queuing is not set by localized policy

CSCvv95280

ASR1001-X may crash when ZBFW HSL(High Speed Logging) is configured

CSCvw23197

BFD sessions go down on Service VPN after UTD is enabled on Cisco IOS XE Catalyst SD-WAN device

CSCvw42048

c1111 vtcp may cause packet drop for sip packets causing phones to reset

CSCvw81572

Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4

CSCvw83359

AWS:c8kv crashed and reboots if shut/no shut an interface a number of times

CSCvw88098

Cisco IOS XE Catalyst SD-WAN device crashes while running web traffic testing with security features enabled

CSCvw93490

CSR1000v crashing frequently with Critical software exception error.

CSCvx02009

Cisco IOS XE Catalyst SD-WAN device running 17.3.2 crashed - Critical software exception / IOSXE-WATCHDOG: Process = SNMP ENGINE

CSCvx11702

C8500-12X4QC: Traffic drops on 10G interface with large packet size 9000bytes with High priority.

CSCvx15750

SD-WAN:Cisco IOS XE Catalyst SD-WAN device ipsec replay-window size decreases to 128 after a peer reloading

CSCvx21270

SDWAN custom policy that does not looked to be programmed correctly on the Cisco IOS XE Catalyst SD-WAN device.

CSCvx22449

The FIB is not programmed as per the RIB entries

CSCvx23159

FW-4-ALERT_ON: (target:class)-():getting aggressive seen when no half open feature configed

CSCvx32670

Wrong reload reason reflected after a power outage.

CSCvx34623

SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details

CSCvx36146

DCHP offer frame getting dropped on Cisco IOS XE Catalyst SD-WAN device ISR4431 due to Policy

CSCvx36763

Zone Based Firewall on Cisco IOS XE Catalyst SD-WAN device router dropping web traffic with the reason Zone-pair without policy

CSCvx41877

skip statistics update when crypto engine is busy and throttling msgs

CSCvx43331

CSR1000v: Crashes during reg_invoke_iosxe_license_export_controlled_enforcement_bypass

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

CSCvx49311

Cisco SD-WAN Manager pushing invalid "no shutdown" command to ISR Service-Engine interface

CSCvx51664

For-us Icmp packets are collected by cflowd which against the data-policy

CSCvx53399

fman_fp_image crashed with ZBFW config change

CSCvx54502

sdwan control packets getting dropped when ACL applied

CSCvx57615

ZBFW blocking ACK packets for applications using cloudexpress SaaS set to use a Gateway with synsent

CSCvx57718

Remove "show internal omp rib vroute" cli from admin tech

CSCvx58099

C8500-12X4QC does not send logs to Cisco SD-WAN Manager when harddisk is not installed

CSCvx59899

ISR4431/K9 rebooting due to CPP crashing becaue of UTD feature.

CSCvx60385

LTE (Last resort ) Tunnel10 is flapping from up and down

CSCvx60842

OnDemand Tunnel- Site-ID doesnt update after change it

CSCvx64846

"show sdwan policy service-path/tunnel-path" command cause device crash

CSCvx73741

custom app not getting detected after attached removed and re-attached- app-visibility is disabled

CSCvx74695

SDWAN OnDemand Policy and ZBFW Packet drop due to Firewall Invalid Zone

CSCvx77203

[17.5] Router crashed when sending traffic through non-SDWAN interface with DIA NAT + debug enabled

CSCvx78215

An IOS XE device might crash at DoubleExceptionVector

CSCvx79113

SDWAN Cisco IOS XE Catalyst SD-WAN device : traffic simulation tool shows traffic blackhole

CSCvx84617

ISR - Appnav service controller ucode crash during packet intercept from network

CSCvx88246

Packets dropped due to firewall + data policy interop issue

CSCvx97718

vtcp frees rx buffer when packet with expected next sequence arrives with no payload; phones reset

CSCvy06736

Config out of sync after upgrading to 17.4.1

CSCvy13735

BFD tunnels stuck in down state after port-hop

CSCvy14126

ISR4331 are crashing frequently 17.4.1b

CSCvy18691

ASR1002HX-IPSECHW octeon ucode crashes when provisioned via SD-WAN

CSCvy25957

Security container is dropping legitimate FIN,ACK Packets

CSCvy35044

Signature update failure - SSL-CERTIFICATE_VERIFY_FAILED

CSCvy44563

cpp-mcplo-ucode crash due to stuck thread with extranet route leaking between vpns

CSCvy58266

vDaemon crashes due to buffer overflow with read/write in TAM

CSCvu78406

Cisco SD-WAN Controller crash because of ompd process

CSCvv52442

Cisco SD-WAN Controller Upgrade From 20.1.12 to 20.3.1 Failing With Error "Failed to install: "

CSCvw14883

Incorrect mapping for device specific variables from interface shaping rate

CSCvw16238

Incorrect tag for omp routes in Real Time view

CSCvw20597

Variables missing in Cisco SD-WAN Manager during template push.

CSCvw28645

OIB: without change any ND global parameters, Cisco SD-WAN Manager automatically push template to all sites again

CSCvw37603

ND template stay in DB when no branch associated to and cause image delete failure

CSCvw53680

Limit of 30 notifications / min restriction for webhook alarm to be removed from UI

CSCvw62325

Not able to copy a feature template if the description or name contains "|"

CSCvw66441

Cisco SD-WAN Manager GUI not accessible due to too many open file descriptors.

CSCvw69181

OSPF alarm down seen on vamange, OSPF process is UP

CSCvw77794

"Invalid IPv4 address" is shown when inputting IPV6 DNS field

CSCvw78837

ND Template attach "Failed to create input variables for template: Failed to create input variables"

CSCvw82581

Cisco SD-WAN Validator upgrade from 20.3.1 to 20.3.2 fails

CSCvw83988

sdwan - Cisco SD-WAN Manager - ip helper not more than 1 is possible with Feature and Device Templates

CSCvw91545

We are not able to change Controller Certificate Authorization options in Cisco SD-WAN Manager GUI

CSCvw96264

UI showing console error after clicking on active/completed task as fails to show the details

CSCvw97278

20.4 policy name restrictions may break existing templates on upgrade

CSCvx00144

SSH via Cisco SD-WAN Manager GUI timeout in 180 seconds

CSCvx07049

Cisco SD-WAN Manager not displaying tunnel state correctly

CSCvx07210

Cisco SD-WAN Manager showing old device hostname

CSCvx22960

Not all routes getting pushed to device

CSCvx23886

CLI template does not push snmp-server community config

CSCvx27128

DPD with default values on feature template is not pushed to Cisco IOS XE Catalyst SD-WAN device

CSCvx33184

Service proxy does not restart after ui certiticate upload

CSCvx35130

Cisco SD-WAN Validator software upgrade fails when selecting activate/reboot while upgrading

CSCvx37901

nms_bringup file has ^M in each line after service restart as part of DR

CSCvx44643

UC - unable to make modification to the translation rule once created from Cisco SD-WAN Manager UI

CSCvx52154

Could not load host key: /var/run/ssh/ssh_host_ed25519_key

CSCvx52352

CLI template does not push logging buffered community config

CSCvx52789

Cisco IOS XE Catalyst SD-WAN device- template failure - An element value is not correct : inspect.

CSCvx55749

Cisco SD-WAN Manager logs are not pruned

CSCvx57151

Update button stops working after adding DHCP option

CSCvx57718

Remove "show internal omp rib vroute" cli from admin tech

CSCvx59998

Cisco IOS XE Catalyst SD-WAN device Upgrade to 17.3.3 failing due to "Failed to check active partition information" error message

CSCvx64613

Issues detaching template when device is in CSR generated state

CSCvx66954

Cisco SD-WAN Manager manage-user function is not working properly

CSCvx68246

Changing Config-DB ID/Password from default to non-default on a cluster of more than 3 members

CSCvx72390

ZTP software version enforcement does not respect software install timeout

CSCvx81621

Cisco SD-WAN Manager dashboard doesn't show device status even when control is up/up

CSCvx83654

invalid value for: prefix-entry Error when push advertise OMP prefix under vpn

CSCvx85487

Configuration DB upgrade in cluster failed in 20.3.3 code

CSCvx86601

The CSR properties in Cisco SD-WAN Manager config DB does not match with the certificate settings on Cisco SD-WAN Manager UI.

CSCvx86804

c8500 / 17.3.2 / 17.4.1a / Cisco SD-WAN Manager is not pushing auto negotiation for 10Gig Interfaces on Cisco IOS XE Catalyst SD-WAN device

CSCvx87163

X-Forwarded-For header is passed through to local auth, leading to session creation errors

CSCvx94730

20.3.3 alarms not working for BFD/Control issues

CSCvy01567

Device template policy dissapears from UI after selecting edit device template

CSCvy12257

Cisco SD-WAN Manager becomes unresponsive after a high amount of email notifications getting generated.

CSCvy12485

mismatch self-signed root certs between primary and secondary clusters

CSCvy18932

Cisco SD-WAN Manager is not able to discover VPCs for Multi-cloud when >7 AWS accounts provisioned

CSCvy27218

Socket connect leak when dr is enabled

CSCvy42621

Unable to generate ciscotacro/rw token due to sessions being full

CSCvy42629

API sessions not getting cleared out when "Max Sessions Per User" is set

CSCvy60928

continuous logs of "Could not load host key: /var/run/ssh/ssh_host_ed25519_key"

CSCvy65210

all stat-db settings except DPI is not available after DR registration

CSCvv58263

VPN ethernet interface-Load interval-Cisco SD-WAN Manager config generate failure

CSCvx79862

20.4 : Secure SDWAN TUC's : Failed to aquire lock, template or policy lock in edit mode

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.4a

Bug ID

Description

CSCvw60359

Cisco IOS XE Catalyst SD-WAN device-policy: set next-hop-ipv6 is not working next-hop-ip (ipv4) is working.

CSCvx25157

sdwan control packets getting dropped when ACL applied

CSCvx25217

cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvx27965

Cisco IOS XE Catalyst SD-WAN device ipv6 netflow with high scale flows FNF does not working

CSCvx42400

Cisco IOS XE Catalyst SD-WAN device Experiences Unexpected reboot with: Last reload reason: Critical software exception

CSCvx84786

NAT ALG breaks(Drops) ICMP control messages (ICMP Fragmentation Needed) for PMTUD

CSCvx90032

CSR in Azure can fail to authenticate using AAD

CSCvx94285

CSR crashes after oce_lookup_one_adj_id_handle while reading emu_mem.

CSCvy33007

"Best of Worst" Fallback mode causes reachability issue when routes flap

CSCvy33639

SDWAN: CSR1000v deployed in Microsoft Azure throwing continuous errors on consol.

CSCvy37285

SSH to Loopback not working

CSCvy41947

EIO: Packets getting reassembled and are forwarded as it is to the Gigabit interface

CSCvy52270

csr1kv/c8kv: Console Port Access change CLI does not work in CONTROLLER mode

CSCvy54314

Data-policy local-tloc with app-route is dropping packets when SLA is not met

CSCvy55408

C1121 router multiple crash. - session hash corrupted

CSCvy55507

Cisco IOS XE Catalyst SD-WAN devices are dropping incoming GRe keepalives due to implicit ACL

CSCvy58115

Cisco IOS XE Catalyst SD-WAN device : Cloudexpress Office 365 probes are hitting 100% loss

CSCvy64180

Cisco IOS XE Catalyst SD-WAN device C1121-4P crahed with Localsoft error

CSCvy67301

URL Filtering regex pattern match not working on large pattern

CSCvy73818

Cisco IOS XE Catalyst SD-WAN device QFP starts dropping traffic - UTD Service Node not healthy ident

CSCvy74482

[FW] All traffic drops when edit security template on Cisco IOS XE Catalyst SD-WAN device (18.4.6) from 20.3.4 Cisco SD-WAN Manager

CSCvy78123

Cisco IOS XE Catalyst SD-WAN device: High CPU usage due to Multicast and Data Policy configuration.

CSCvy79354

Cisco IOS XE Catalyst SD-WAN device traceroute result shows destination IP at first hop instead of actual next hop

CSCvy82696

Cisco IOS XE Catalyst SD-WAN device dropping packets [combination /16, /17 data prefix with multiple ports in policy]

CSCvy86497

BFD session flap/down while control connection with Cisco SD-WAN Manager is going down

CSCvy90479

On Demand Tunnel not working in 17.3.2

CSCvy91411

AAR not correctly programmed in ASR1001-X

CSCvu73826

ND Failed with device template: Failed to edite device template if add-on CLI empty

CSCvv64821

Cisco SD-WAN Manager Site Health shows wrong number of sites

CSCvw71474

Attempt to create cluster fails when adding 2nd member to standalone Cisco SD-WAN Manager

CSCvw73392

Frequent Cisco SD-WAN Manager UI timeout and stuck in Please continue waiting state.

CSCvx46554

Cisco SD-WAN Manager reverting API changes after 5 minutes

CSCvx93652

Push vEdge list fails to Cisco SD-WAN Controller with application error.

CSCvy01378

Device Specific field is not usable

CSCvy07698

20.4 Getting Wrong Control Site Down Alarm alarms

CSCvy10009

IR1101 template push error: bad-cli - No interface

CSCvy14627

Activating changes in Security Policy that is attached to the vEdge will fail and lock the database

CSCvy15370

Cisco SD-WAN Manager API running too frequently under Rediscover Network resulting in Page Loading too often

CSCvy20641

SCP of WAN edge list to Cisco SD-WAN Validators from Cisco SD-WAN Manager fails when TACACS is enabled on Cisco SD-WAN Validator.

CSCvy22394

SD-WAN Analytics slowness in response to a query

CSCvy22416

Security policies applied to incorrect interface in cluster mode, iptables

CSCvy29733

Attach to the device fails, when CLI template is created via REST API in Cisco SD-WAN Manager

CSCvy31058

zScalar configuration deletion happens in the wrong order.

CSCvy34596

Cisco SD-WAN Manager upgrade is failing from 20.3.3.1 > 20.3.4

CSCvy35209

vEdge auth-order change not processed correctly

CSCvy35564

Cisco SD-WAN Manager Webhooks doesn't work without Email notifications explicitly enabled

CSCvy38478

Cisco SD-WAN Manager ver 19.2.4 crash, becomes unstable/unusable

CSCvy39849

Cisco SD-WAN Manager pushes invalid service route command

CSCvy53930

Failed to create deviceactionstatusnode table entry in DB for device: Validation

CSCvy56278

vMange crashed due to kernal panic [20.3.3.1.2]

CSCvy59469

OMP control connections of Cisco IOS XE Catalyst SD-WAN device/vEdge devices goes down on decommissioning virtual vEdge

CSCvy69307

Token fails to get generated when trying to login to Cisco hosted Cisco SD-WAN Manager via GUI

CSCvy75420

Cisco SD-WAN Manager reports 'upgrade request failed in device' error after installing the software via ZTP

CSCvy75632

Cisco SD-WAN Validator lost static route on vpn 0 and vpn 512 running 19.4.2

CSCvy79095

configuration db Cisco SD-WAN Manager ROOT CA node is not updated

CSCvy82358

On-prem Cisco SD-WAN Manager cluster went into a bad state and template push started failing

CSCvy82623

Cisco SD-WAN Manager giving error on login

CSCvy83020

Cisco SD-WAN Manager UI is taking time to load first time

CSCvy88637

Cisco SD-WAN Manager email notification - supporting special character & (ampersand) in the email address

CSCvy89483

Cannot apply endpoint-tracker to Cisco IOS XE Catalyst SD-WAN device via Cisco SD-WAN Manager template in service VPN

CSCvy90229

Cisco SD-WAN Manager cluster management page should not show Sys IP in drop down of "Cisco SD-WAN Manager IP Address"

CSCvy90707

IPS signature update not consistent on routers after Cisco SD-WAN Manager upgrade to 20.3.3.1

CSCvy93261

Cisco SD-WAN Manager nodes in a cluster with Stats-db ran into full GC allocation failure

CSCvy93431

After upgraded the Cisco SD-WAN Manager from 20.3 to 20.6, UI is not getting loaded

CSCvs90123

Cisco SD-WAN Manager became unusable after CPU spiked to 100% - no were operations performed during hike

CSCvs08693

VPN label is changing upon Edge reboot

CSCvw79936

17.5 : Overnight OMPd traffic crash on Promethium.

CSCvy59073

Web Server Certificate does not get imported ui certiticate upload

CSCvy88437

AWS VPN based: IPSEC tunnels from CGW C8kvs to TGW down on latest 20.6 build

CSCvy92487

Control connection to the Cisco SD-WAN Validator failing because of ERR_SER_NUM_NT_PRESENT on the Cisco SD-WAN Validator.

CSCvy57678

ISR4K :ompd memory incrementing for 17.3.2

CSCvw78294

17.3 Loblaw: Pool overlod and Static Inside In2Out/Out2In fragmented packets are getting dropped

CSCvy73412

Templatepush failed for C8300-2N2S-4T2X with error bad-cli-negotiation auto,parser-context

Bugs for Cisco SD-WAN Controller Release 20.3.3.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Controller Release 20.3.3.1

Bug ID

Description

CSCvx35130

vBond software upgrade fails when selecting activate/reboot while upgrading

CSCvx59998

Cisco IOS XE Catalyst SD-WAN upgrade to 17.3.3 failing due to "Failed to check active partition information" error message

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3

Bug ID

Description

CSCvs31962

Perf testing: Large policy config push took 60 mins for 75 Cisco IOS XE Catalyst SD-WAN devices

CSCvu43317

Cisco Catalyst SD-WAN Validator connection Down Alarms or Events not appearing in Cisco SD-WAN Manager

CSCvv08199

[SIT]: vsmart policy edit failed with transport closed error

CSCvv36080

Seeing more hVNETs than maximum allowed

CSCvv40715

Multilink interface can not be configured without ppp authentication

CSCvv41341

Higher memory utilization on Cisco SD-WAN Manager 20.1

CSCvv45021

PPP feature templates cannot modify IP MTU on Dialer interfacce

CSCvv48087

Task update issues, large customer setup with cluster

CSCvv52763

20.3 config-db upgrade script reports success even when it fails

CSCvv56750

Cisco SD-WAN Manager UI does not accept controller group more than 1

CSCvv57951

Cisco IOS XE SD-WAN device: Option field in EIGRP template interface section is not working

CSCvv71357

Cisco SD-WAN Manager GUI dashboard does not show number of Cisco SD-WAN Manager up when single node in cluster is down

CSCvv79430

Cisco SDWAN Cisco SD-WAN Manager 20.3.1 unable to display IP address of user access in audit log

CSCvv86465

Cisco SD-WAN Manager: Template Push fails with Unable to send line feed after string

CSCvv88104

Reassign "oom_score_adj" Values in "sysmgr.conf"

CSCvv88334

Email Notifications: with custom devices list a Number of 'Devices Attached' is blank when edit it

CSCvv98608

config preview failed with Exception in callback: BGP AS Number couldn't be retrieved in service VPN

CSCvw04082

Kernel Panic is seen after upgrade the Cisco SD-WAN Manager to 20.3 (watchdog)

CSCvw20639

SDWAN: IPv6 SDWAN Control connection between vSmart and Cisco IOS XE SD-WAN device lost

CSCvw22190

Cluster activation failed because of a space in resource pool field in cluster config

CSCvw23740

In a cluster, an App server starting dependency should check a cluster, not just local service

CSCvw26979

Config-DB upgrade from 3.5.14 to 3.5.22 through Cisco SD-WAN Manager SW upgrade.

CSCvw28512

Difference in ip address of interface and json causing the stats db and config db in waiting

CSCvw31235

Add IPv6 OMP route support in Cisco SD-WAN Manager real time monitoring

CSCvw32352

SDWAN: clear control connection on vsmart can cause missing DNS resolved entries for IPv4 sessions

CSCvw37918

Confuguration-db upgrade allowed when not needed

CSCvw39302

'dns-server-list' error seen when pushing DNS server IP update from Cisco SD-WAN Manager

CSCvw41702

Cisco SD-WAN Manager dpi classification incorrect

CSCvw41883

Cisco SD-WAN Manager template doesn't allow interface as next hop for static route

CSCvw42971

Cisco SD-WAN Manager: Multiple DNS servers in DHCP template gives "Invalid IPv4 address"

CSCvw44368

Translation profile/rules configured as part of a Voice policy not applied to dial-peers

CSCvw46769

CLI template push to Cisco Catalyst SD-WAN Validator fails with "Device failed to process request. null" error

CSCvw47429

IPS Signature update - username that's more than 32 characters will fail with 'Maximum length: 64'

CSCvw50664

Cisco SD-WAN Manager Optional OSPF Configuration Removed when Device Template Updated

CSCvw52973

Cisco SD-WAN Manager UI is not coming up thread are stuck while updating factory default templates during startup

CSCvw53502

Logfiles flooded with message of tcgetattr: Input/output error

CSCvw56320

on-prem Cisco SD-WAN Manager ungraded to 20.3.2 from 19.2.3 rebooting in an interval of 10-15 min

CSCvw58305

UC SDWAN: Not able to see policy profile in Custom options.

CSCvw62577

Reassign "oom_score_adj" Values for tracker

CSCvw63960

Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood

CSCvw64026

Automatically changing Stats-DB to read-write mode when app server restart

CSCvw68661

Introduce basic stats collection backpressure [v1]

CSCvw68861

Change for configdb query planner to hint more effectively via $param instead of old-style {param}

CSCvw70138

Old vAnalytics setting should not be migrated into CloudServices from GUI

CSCvw73445

Add validation check for Blocklist and Redirect URL

CSCvw76649

Cisco SD-WAN Manager 6 Node CLuster on Azure takes 2 mins to login to Cisco SD-WAN Manager UI.

CSCvw79756

Cisco IOS XE SD-WAN device policy change taking a long time, and timing out.

CSCvw79982

Cisco SD-WAN Manager 20.3.2.1 requires read-replicas to speed up GUI access

CSCvw91717

after upgrading to from 17.3.2 to 17.4.1, the device loses control connections

CSCvw92805

Local configuration not showing preview of config on Cisco SD-WAN Manager 20.3.2

CSCvx03509

Audit log flooded with logouts from DR cluster

CSCvx07685

consul service is not enabled in DR registartion wth arbitrator

CSCvx09069

Increase process wait timeout for configdb upgrade

CSCvx09308

Escalations: coordination service logs GB log file filling up disk

CSCvx12847

root-cert corrupted after upgrading to 20.3.2 code

CSCvv16718

17_3_1 throttle - Crash seen at ftmd process

CSCvv18117

SIT : 'show sdwan bfd' output is empty even though bfd sessions are up

CSCvv24027

Cisco IOS XE SD-WAN device: confd_cli may cause high cpu utilization after executing "show sdwan omp routes"

CSCvv42381

[DyT]: TTM not updating link routes and omp routes are not getting updated

CSCvv58312

17.4 : Dataplane Crash due to driver cpp_drv_i95_read_cb observed on 4461 with traffic

CSCvv58652

Cisco IOS XE SD-WAN device: Cloud-onramp for SaaS may report packet loss for O365/Office365

CSCvv71831

Cisco IOS XE SD-WAN device Speed test in Cisco SD-WAN Manager meet interface Loopback111 critical alarm (need to suppress)

CSCvv78028

No responder-bytes from Cisco IOS XE SD-WAN device when UTD is enabled

CSCvv87062

SDWAN 17.2.1/17.4.1 - Cisco IOS XE SD-WAN device router may restart after pushing multiple traffic data policies together

CSCvv91732

packet-trace platform conditions do not work

CSCvv99096

CoR-SaaS shows 100% loss for dialer interface

CSCvw15509

cisco C1111-8P - Ping to NAT pool ip punts CPU and responds to ping

CSCvw21753

XE-SDWAN device would keep invalid IPv6 address in the tunnel to Cisco SD-WAN Manager and can not recover

CSCvw22905

ISR/CSR: admin-tech-before not generated for IOS and non-viptela BinOS process failure

CSCvw36514

Cisco IOS XE SD-WAN device crashes due to a large packet at vesen_ipsec_v4_input_get_vctrl_data

CSCvw36629

Cisco IOS XE SD-WAN device: NATed tuple flips for HSL deleted flow

CSCvw39530

Cloud-Saas action does not program in Modify case

CSCvw41778

Fragmented packets may be dropped inbound on tunnel of Cisco IOS XE SD-WAN device with service-side NAT configuration

CSCvw43365

SD-WAN appqoe optimization will drop SYN with ECN bit set and delay TCP setup.

CSCvw46753

After reload Cisco IOS XE SD-WAN device cellular interfaces in shutdown state are brought up

CSCvw52661

crash. seen during sh plat sof sdwan fo next-hop overlay id 0xf8000090

CSCvw54076

[SIT]: BFD sessions not established between Edges, with UTD enabled

CSCvw54383

DPI flow telemetry generated by IOS-XE, for some flows tunnel identifiers are missing

CSCvw55030

Dynamic Nat pool "ip aliases" are not created on the device

CSCvw56676

Cisco IOS XE SD-WAN device ISR4351 crashed with Critical process ftmd fault on rp_0_0 (rc=139) running version 17.3.1a

CSCvw58646

Cisco IOS XE SD-WAN device: Inspect rule cannot be modified to accept or drop without deactivating the policy

CSCvw61731

ASR-1K router is not programming correct next-hop for the destination prefix.

CSCvw62805

SDWAN ZBFW CPU punted traffic mishandling -- Out2In packet looped

CSCvw72021

nat pool config using sub-interfaces does not work after reload

CSCvw73701

17.4 ZBFW:Stale ACL entries seen on ASR1K

CSCvw88048

Speed test initiated from ISR1k failed

CSCvw95069

Packet towards LAN are sent towards VPN 0 WAN interface

CSCvx22995

On-demand tunnel is not setup with AAR SLA class and CXP feature enabled

CSCvx32130

Centralized policy does not work when contain local tloc entries in remote tloc(tloc-list)

CSCvu72391

Default route missing for second TLOC during script run, and control connection get stuck

CSCvv35569

AMP data is not populated in Graphs under network level

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.3

Bug ID

Description

CSCvv11604

ISR 4000 Cisco IOS XE SD-WAN device : Only one T1 card is getting enabled via CLI template while two are inserted

CSCvv13313

Select control connection TAB for any vsmarts, it will never show Cisco Catalyst SD-WAN Validator connections

CSCvv41954

Customer couldn't login to 19.2.3 Cisco SD-WAN Manager using SSO unless the browser cache is cleared

CSCvv86418

Cloud OnRamp for Colo Port level view mapped ports on CSP to the wrong switch

CSCvv86662

unable to perform packet capture on Cisco IOS XE SD-WAN device interface Sdwan-system-int-ipv4-172.16.155.15

CSCvw15630

Inconsistency between "show app flowd flows" and API response of DPI stats

CSCvw16238

Incorrect tag for omp routes in Real Time view

CSCvw38077

UI throwing "Failed to list cluster information:Unknown error" on cluster management page

CSCvw45135

Mismatch in System CPU statistic -- "Real Time" and historical 1/3/6/12h

CSCvw50483

Dashboard getting blank intermittently in singlenode 20.3.2.1-no response of agg APIs from stats-db

CSCvw54692

Cisco IOS XE SD-WAN device Unable to configure ospf simple password authentication

CSCvw55764

VNF Install fail - VNF packages are not sync'd/copied in new added Cisco SD-WAN Manager node in Cisco SD-WAN Manager cluster

CSCvw62341

Cisco SD-WAN Manager Dashboard - Alarm time zone is tagging with incorrect time zone

CSCvw66441

Cisco SD-WAN Manager GUI not accessible due to too many open file descriptors.

CSCvw68402

Template push to Cisco IOS XE SD-WAN device fails when changing system-ip due to vsmart centralized policy

CSCvw69181

OSPF alarm down seen on vamange, OSPF process is UP

CSCvw71474

Attempt to create cluster fails when adding 2nd member to standalone Cisco SD-WAN Manager

CSCvw73392

Frequent Cisco SD-WAN Manager UI timeout and stuck in Please continue waiting state.

CSCvw77794

"Invalid IPv4 address" is shown when inputting IPV6 DNS field

CSCvw83988

sdwan - Cisco SD-WAN Manager - ip helper not more than 1 is possible with Feature and Device Templates

CSCvw85706

Cisco SD-WAN Manager: UI is incorrectly showing the current version for Cisco SD-WAN Manager and vSmarts.

CSCvw91545

We are not able to change Controller Certificate Authorization options in Cisco SD-WAN Manager GUI

CSCvw91647

Issues with template created by API call

CSCvw91984

ACI APIC to Cisco SD-WAN Manager integration issue

CSCvw92189

Cisco SD-WAN Manager goes into out of memory resulting in slowness while pushing the template and accessing GUI.

CSCvw93203

serverproxy-access.log not rotating in /var/log/nms

CSCvw96264

UI showing console error after clicking on active/completed task as fails to show the details

CSCvw99518

SSO SAMLResponse Error validating SAML message at re-authentication

CSCvx00144

SSH via Cisco SD-WAN Manager GUI timeout in 180 seconds

CSCvx02002

Cisco SD-WAN Manager did not validate if the template value of an interface name was correct.

CSCvx03552

Configurations allows for multiple primary DNS servers

CSCvx04246

Cisco SD-WAN Manager -- Template rollback when migrating EIGRP interfaces & VRFs -- 17.3

CSCvx05353

"request nms all status" command returning Python exception if containter-mgr svc was stopped

CSCvx08817

DHCP excluded-address command is not being pushed via Cisco SD-WAN Manager template

CSCvx08942

Server slowness during GUI operations, system degrades until login is not possible

CSCvx09284

Escalations: messaging service timeout

CSCvx11296

Cisco IOS XE SD-WAN device reporting normal even though it is over warning threshold

CSCvx14444

netconf connection failures while installing certificate

CSCvx14750

Cisco SD-WAN Manager removes \ character when imported to cli template from running configuration

CSCvx16509

audit-log: invalid session with a user due to inactivity even though app-server not shutdown

CSCvx19853

Cisco SD-WAN Manager CLI template push failing due to controller transaction ID error

CSCvx19889

Creation of Cisco SD-WAN Manager DR Cluster Failed, GUI showing duplicate entry for DR Cisco SD-WAN Manager

CSCvx19948

Shaper Rate and QoS Map device specific variable get reset when changed to "Per-tunnel-QoS" hub

CSCvx23886

CLI template does not push snmp-server community config

CSCvx25217

cannot remove NAT configuration from the template in a single operation if NAT translation is active

CSCvx25441

Cisco SD-WAN Manager cluster does not show Graphs for less than 7 Days

CSCvx26988

Cisco SD-WAN Manager App Route Visualization - Citrix Flows are missed in GUI

CSCvx28675

UTD signatures update stopped working suddenly

CSCvx29421

"Server Error, Details: Unable to get pcap session" is printed in the Cisco SD-WAN Manager GUI

CSCvx29967

Fail to upload images to software repository post Cisco SD-WAN Manager upgrade to 19.2.4

CSCvx34074

/dataservice/device/omp/routes/advertised?deviceId reply is empty

CSCvx34991

Cisco SD-WAN Manager - TACACS requests are sourced from old interface IP after IP changed

CSCvx36896

Cisco SD-WAN Manager is unable to push both interface and ip as a next-hop

CSCvx37025

Cisco SD-WAN Manager: Control connection up with Edge devices however, do not show up on Dashboard

CSCvx37092

Cisco SD-WAN Manager DB can not boot up due to neo4j complains about older version

CSCvx41877

skip statistics update when crypto engine is busy and throttling msgs

CSCvx44202

C1121x-8P - doesn not recognize any of its switch interfaces

CSCvx34623

SIT : IOS exception seen and ASR reboots when a netconf is issued to get interface details

CSCvs61448

SDWAN/Cisco IOS XE Catalyst SD-WAN device:Add errmsg() infra-structure to OMP Agent

CSCvv02594

Cisco IOS XE Catalyst SD-WAN device can not apply speed, duplex and negotiation in one Cisco SD-WAN Manager transaction

CSCvv05682

GD box crashed @ stile code with 17.3.1 FC1 image

CSCvv48885

Can't update local-address in a crypto keyring

CSCvw02548

The tunnel interface remains up even when the physical interface not have IP address

CSCvw30618

Not all OMP routes getting installed

CSCvw46210

Bfd session stuck in invalid state

CSCvw73769

17.4 ZBFW:Cpp_cp crash seen when a rule is added at beginning in automation on ASR1K

CSCvw81572

Multiple crashes cpp_cp_svr and qfp-ucode on 16.12.4

CSCvw85989

SunRPC ALG resets connection with ZBFW inspection enabled

CSCvw88098

Cisco IOS XE Catalyst SD-WAN device crashes while running web traffic testing with security features enabled

CSCvw89001

LTE interface is not getting IP address after upgrading teh router.

CSCvw90699

The BFD sessions between Cisco IOS XE Catalyst SD-WAN device routers are down due to IN_US_V4_PKT_SA_NOT_FOUND_SPI

CSCvw91056

"Show sdwan bfd session" showing application communication failure

CSCvw93490

CSR1000v crashing frequently with Critical software exception error.

CSCvx04133

Cisco IOS XE Catalyst SD-WAN device: TenGigabitEthernet interface in admin shut after reload

CSCvx09453

It is possible to apply changes through TCL in Cisco IOS XE Catalyst SD-WAN device device in Cisco SD-WAN Manager Mode

CSCvx15750

Cisco Catalyst SD-WAN:Cisco IOS XE Catalyst SD-WAN device ipsec replay-window size decreases to 128 after a peer reloading

CSCvx17563

ISR4331/K9 running 16.12.04 crashed with Segmentation fault(11), Process = Cellular CNM

CSCvx18991

Cisco IOS XE Catalyst SD-WAN device Plogd BFD events messages are not human readable for bfd-state-change

CSCvx21270

SDWAN custom policy that does not looked to be programmed correctly on the Cisco IOS XE Catalyst SD-WAN device platform

CSCvx22449

The FIB is not programmed as per the RIB entries

CSCvx22522

crash seen on ISR4461

CSCvx25157

sdwan control packets getting dropped when ACL applied

CSCvx27086

Cisco IOS XE Catalyst SD-WAN device unexpected reboot - Stuck CPP Thread

CSCvx28872

Switchport Feature Template is not working Properly - Missing VLANs on VLAN-DATA BASE

CSCvx28956

Cisco IOS XE Catalyst SD-WAN device crash on upgrade from 16.12.4 to 17.3.2

CSCvx35533

user locked out while upgrading Cisco IOS XE Catalyst SD-WAN device 16.09.06 to 17.3.2

CSCvx36146

DCHP offer frame getting dropped on Cisco IOS XE Catalyst SD-WAN device ISR4431 due to Policy

CSCvx36763

Zone Based Firewall on Cisco IOS XE Catalyst SD-WAN device router dropping web traffic with the reason Zone-pair without policy

CSCvx36940

Loopback flap error after upgrading the Cisco IOS XE Catalyst SD-WAN device's to 17.3.2

CSCvx39761

Cisco IOS XE Catalyst SD-WAN device Traceback @cpp_vbuginf_flags_error seen with 16.12.14 while connected to AWS 19.2.3

CSCvx45788

cannot apply ciscosdwan.cfg due to vpg-log-server-acl ACL on VirtualPortGroup0 for logging

Bugs for Cisco SD-WAN Controller Release 20.3.2.1

This section details all fixed and open bugs for this release. These are available in the Cisco Bug Search Tool through the Resolved Bug Search.

Resolved Bugs for Cisco SD-WAN Controller Release 20.3.2.1

Bug ID

Description

CSCvv88104

Reassign "oom_score_adj" Values in "sysmgr.conf"

CSCvw04082

Kernel Panic is seen after upgrade the vmanage to 20.3

CSCvw26979

Config-DB upgrade from 3.5.14 to 3.5.22 through vManage SW upgrade.

CSCvw63960

Raise different alarm when reaching watermarks of Stats-DB disk allocation: low/high/flood

CSCvw65073

Cloudservices Radio button needs enable disable seperate check box for vAnalytics and Monitoring

CSCvw68661

Introduce basic stats collection backpressure [v1]

CSCvw68861

Change for configdb query planner to hint more effectively via $param instead of old-style {param}

Open Bugs for Cisco SD-WAN Controller Release 20.3.2.1

Bug ID

Description

CSCvw68410

Messaging server and App-server is not getting started upon VM shutdown/start

CSCvw72087

Full GC (Allocation Failure) on Standalone Cisco SD-WAN Manager running 264 devices

CSCvw72269

Cisco SD-WAN Manager GUI is not accessible: upstream connect error

CSCvw62577

Reassign "oom_score_adj" Values for tracker

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2

Bug ID

Description

CSCvr71672

Cisco PKI Root Certificates not installed in recent images - - Polaris Side commit

CSCvt48480

Flow monitor is removed from interface configuration on reload

CSCvt50136

ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config

CSCvt75088

ISR4451: 'Protocol not in this image' logs are seen after advertise network <prefix> config commit

CSCvt76844

ASR1002-X ESP crash in multikey_hash_ager_tw_timer_to()

CSCvt79205

ASR1001-X: 'show environment' is no longer monitoring R0 voltage sensors

CSCvt97086

ESPx : CMAN-FP process crash for get_fpga_version API fails

CSCvt97642

MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console

CSCvu02362

fmap_fp crash seen on removing utd ssl config with container uninstallation

CSCvu10006

Performance monitor caused QoS miss classification

CSCvu25212

The "from Tunnel" direction of the Traffic Data Policy does not get apply on the IOS XE SDWAN

CSCvu26585

"req plat software trace archive" faills with "STORAGE_TARGET: unbound variable Operation failed"

CSCvu27953

Crash due to a segmentation fault in the "IPsec background proc" process

CSCvu30539

Inbound CoPP policy causes outbound packets to fail to show up in EPC

CSCvu38580

Getvpn PFS logging enhancement

CSCvu47358

[Cisco IOS XE Catalyst SD-WAN device-DiaTracker]configuration not getting updated through device template ,

CSCvu49754

Deleting a Voice Port on CUCM Shuts Down Additional Voice Ports on MGCP Gateway

CSCvu53184

Cisco IOS XE Catalyst SD-WAN device - CLI should ask for confirmation of request software reset

CSCvu63628

17.3: Cisco IOS XE Catalyst SD-WAN device -show sdwan omp vpn <> 0.0.0.0/0 detail broken on Cisco IOS XE Catalyst SD-WAN device

CSCvu65369

Link auto-negotiation fails between C1111-4P ES-4 switch module and Meraki MX100

CSCvu73323

AAR policy does not work properly after Poweroff/Poweron Cisco IOS XE Catalyst SD-WAN device ISR4451

CSCvu75604

17.3: EFT Customer seeing an issue with show sdwan app-route stats command

CSCvu79087

ASR1K:16.12.4 => 17.3.1: sessions classified based on CTS SGT/DGT are not synced to the standby

CSCvu81329

sec policy pushing fail when remove L7 app from rule and action to drop

CSCvu89214

IOS-XE+ZBFW+CUBE: One-way Audio. TCP 5060 is not recognized as SIP.

CSCvu95098

GETVPN group member drops traffic due to replay failure every 497 days

CSCvu95121

Static NAT outside breaks locally generated TCP/UDP traffic

CSCvu99045

NIM-1GE-CU-SFP/NIM-2GE-CU-SFP: Show interface output reports incorrect bandwidth

CSCvv00899

Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform

CSCvv01250

IGMP reports are forwarded to mrouter port untagged regardless of which VLAN the group is in

CSCvv01509

Data policy `from-tunnel` is not programmed if `from-service` presented

CSCvv03800

ASR1002X lost all configuration after upgrade from 16.12 to 17.3

CSCvv04236

IOS-XE: IPv6 OSPF authentication ipsec - adjacency fails

CSCvv04959

GRUB2 Arbitrary Code Execution Vulnerability

CSCvv05895

ASR1001-X: Issue a cpld reset instead of reboot in kcrash

CSCvv08341

Netconf deleting wrong IKEv2 parameters

CSCvv08952

FirewallNotInitiator drops with ZBFW for DIA traffic over Dialer interface with UTD enabled

CSCvv09538

[SIT] Ramanos lost control and crashed after attaching device template

CSCvv09651

NAT packet drops with IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED sub-code

CSCvv09707

Secondary KS does not push new policy after merge if IPD3P is configured

CSCvv12401

ZBFW HA redundancy stuck in STANDBY-COLK-BULK. Bulksync Traceback seen in logs

CSCvv14263

Day 0 Config Bringup after Power OFF/ON | C1121X-8PLTEP

CSCvv14438

Azure csr-Cisco IOS XE Catalyst SD-WAN device 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1

CSCvv17488

[ISR4K + SM-X-ES3-* module] Memory leak in iomd

CSCvv17730

IP DHCP Snooping not working for the voice vlan

CSCvv18712

QoS classification failing with DSCP bits on IPSEC+QoS+Mcast when applied on service side interfaces

CSCvv19063

ASR1K, C9800 Commit config clean up for cstate and pstate to 17.4, 17.3.2, 17.2.2: backout idle=poll

CSCvv20380

Removing and Adding Bulk ACL leads to Tracebacks and Error-Objects

CSCvv21398

sdwan multicast Cisco IOS XE Catalyst SD-WAN device rpf failure even with unicast route present in rib and omp

CSCvv25529

16.12.4 ucmk9 Cisco IOS XE Catalyst SD-WAN device not able to join overlay with 19.2.3 and 20.3

CSCvv25601

sipline: VG450 stopped operating due to low mem threshold

CSCvv26538

Crash due to a NULL pointer while bringing down PPPoE sessions.

CSCvv27349

tunnel interface remains up even when the physical interface not have IP address

CSCvv33349

%IOSXE_INFRA-3-PUNT_ADDR_RES_ENCAP_ERR: seen repeatedly in LISP coworking with VASI

CSCvv33576

IGMP snooping table not populated on ISR4k

CSCvv34057

ISR4351:Crash seen with ZBFW. Reboot reason:Critical process qfp_ucode_utah fault on fp_0_0 (rc=139)

CSCvv35386

Unexpected reload seeing after resequencing ACLs

CSCvv38449

cpp_sp_svr on XE router cpp_fm_cace_alloc_dp unable to allocate memory

CSCvv40754

Backward compatibility issue for model between Cisco SD-WAN Manager version 20.3 and device version 17.2

CSCvv55435

ASR1001-X ftmd crash: ftm_tunnel_sla_tunnels_get_object

CSCvv58919

Police to PPS is not configurable on ISR4K

CSCvv59662

Cisco IOS XE Catalyst SD-WAN device may crash when template with big security policy pushed

CSCvv63517

Static ip sdwan route does not work with endpoint tracker after upgrade to 17.3.1a

CSCvv64271

IOS-XE SD_WAN router crashed after upgrade to 17.3.1a

CSCvv67689

Cisco IOS XE Catalyst SD-WAN device data-policy breaks SRST media stream with default-action accept or accept in sequence

CSCvv71587

Alpha OEAP: AP not able to join eWLC due to the Keyman process is down

CSCvv73691

PMTU Discovery may negotiate an incorrect MTU on XE SDWAN routers

CSCvv73826

BFD sessions flap after multiple control connection flaps to the vSmart. - Polaris side commit

CSCvv75649

Large tcp stream fails DNS translation

CSCvv75771

XE SDWAN router crash due to system memory exhaustion caused by FTM memory growth

CSCvv82330

When large number of policies are applied to a ASR1001-X running 17.3.1, traffic is dropped.

CSCvv83271

endpoint-tracker for a tunnels malfunctioning

CSCvv83345

Summary/default-map routes getting ignored for p2p interface

CSCvu77890

CSR1000v rebooted with reason 'CPU Usage due to Memory Pressure exceeds threshold'

CSCvv85766

Memory leak upon ssh/scp connections to a router

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.2

Bug ID

Description

CSCvs29562

ISRv-Cisco IOS XE Catalyst SD-WAN device 16.12.1b RFC2544 IPv4 performance on CSP5436: 8VCPU SRIOV throughput degrade significant

CSCvt32383

ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5

CSCvt92164

sslvpn PD : large file download fails over sslvpn

CSCvt97326

ASR1k: harddisk usage is always zero in "show platform resource" for consolidated platforms

CSCvu06483

Data consistancy errors seen on configuring mac-sec on the underlay interface with ipsec configured

CSCvu32446

ISR4451 rebooted with reason_code "CPU Usage due to Memory Pressure exceeds threshold"

CSCvu46417

ASR1k crash when doing a FIB lookup

CSCvu59952

ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure

CSCvu63985

Telit case 00161045: IR1101 - Upon bootup LM960 modem Firstnet SIM no IP when LTE tech AUTO

CSCvu75453

ESP20 Rommon upgrade fails from 15.3(3r)S to 16.2(1r)

CSCvu77711

Missing Mandatory Transform Type (ESN) in IKEv2 ESP Protocol

CSCvu77745

PMAN-3-PROCFAIL: Chassis 1 R0/0: pman: R0/0: The process keyman has failed (rc 139)

CSCvu89597

RM crash at __be_address_cmp __be_avl_get_next while doing shut/no shut or BR

CSCvu89599

BR crash at __be_strlen __be_fman_rtmap_create_route_map_msg

CSCvv17346

unexpected reload due to Crypto IKEv2 process

CSCvv29416

CLI template push for banner login <> configuration fails on Cisco IOS XE Catalyst SD-WAN device

CSCvv40206

Router may crash under ZBF configuration

CSCvv42381

[DyT]: TTM not updating link routes and omp routes are not getting updated

CSCvv45963

QoS odd behaviour with percentage based policing

CSCvv48885

can not update local-address in a crypto keyring

CSCvv49788

Errors on WLC "Chassis 1 R0/0: wncd: Connection DOWN with Map server IP" for LISP map server

CSCvv50783

IPSEC tunnels to AWS TGW failing when VPN tunnel doesn't allow all traffic

CSCvv54152

CDP on interfaces is not enabled when CDP is enabled globally on ASR Routers in controller mode

CSCvv58652

O365 CoR-SaaS shows random losses

CSCvv59591

ENH: Add support for TACACS/RADIUS as sdwan tunnel service

CSCvv61071

memory leakage of cpp_sp_svr

CSCvv66589

Cisco IOS XE Catalyst SD-WAN device is not able to ping its own loopback

CSCvv71775

Cellular interface down/up frequently occurs with SORACOM sim(DoCoMo MVNO)

CSCvv76523

Recursive configuration with privilege exec level <level> show dmvpn [detail|static]

CSCvv78028

No responder-bytes from Cisco IOS XE Catalyst SD-WAN device when UTD is enabled

CSCvv79273

Router may crash when using Stateful NAT64

CSCvv81296

Protocol specific change for base path

CSCvv84345

ASR1K Crash on configuring IP NAT inside source list under VRF

CSCvv87062

SDWAN 17.2.1/17.4.1 - Cisco IOS XE Catalyst SD-WAN device router may restart after pushing template with QoS

CSCvv88621

GETVPN: All GM will crash when Primary KS recovers its COOP role after network outage

CSCvv91575

C1111-8P: NAT translations packet counter MIB OID counts unnecessary additional value

CSCvv92571

C1111 reboot-loop is seen once upgrade to 17.3.1a

CSCvv94743

Data Plane fails over L2TPv3 while disabling VLAN limit restrictions with ASR1002-HX

CSCvv97321

ISR44xx shows RP serial number instead of chassis serial in "sh license UDI" CLI output

CSCvv98708

Cisco IOS XE Catalyst SD-WAN device sees cpp-mcplo-ucode crash

CSCvv99096

CoR-SaaS shows 100% loss for dialer interface

CSCvw01038

[Cisco IOS XE Catalyst SD-WAN device/CSR1kv] IPv6 Underlay, IPv6 fragmented but packet size is smaller than MTU

CSCvw02527

ASR1k NAT66 communication failure when change the NAT66 prefix configuration.

CSCvw02548

tunnel interface remains up even when the physical interface not have IP address

CSCvw03736

Netflow exporter traffic is sent with a UDP source port of 0.

CSCvw05211

Pre-mature session deletion leading to churn and lower TPS at scale

CSCvw06719

"platform ipsec reassemble transit" tail-drops unencrypted IPv4 Fragments with specific payload

CSCvw06780

DMVPN with ipv6 link-locall address do not register to HUB

CSCvw09093

route not getting installed, need to remove and reattach the template

CSCvw10808

After SIM OIR, SIM is not detected after SIM failover on C1109-2PLTEGB

CSCvw10972

NAT64 ALG: Router crashes on nat64_process_token

CSCvw11902

Passive FTP doesn't work with NAT

CSCvw12561

GETVPN : Order of configuration of PFS in GKM group

CSCvw14836

ISR router running 16.9.6 crashes authenticating crypto certificate

CSCvw16091

vEdge/Cisco IOS XE Catalyst SD-WAN device - rekey timer expires, but tunnels stay up

CSCvw16253

IOS-XE 16.12.1 - platform punt-policer has some wrong default values

CSCvw16304

Async: First line of NIM/SM-async module get unexpected char when VDSL active

CSCvw16816

ISR 4k fails to install new IPSec SAs

CSCvw17996

Cisco IOS XE Catalyst SD-WAN device: fman-fp core / watch dog failure on 17.2.1r in do_lookup_x

Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

This section details all fixed and open bugs for this release. These bugs are available in the Cisco Bug Search Tool

Resolved Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Bug ID

Description

CSCuz84374

SPA modules on ASR1002-X/ASR1001-X does not get recognized under show platform

CSCvh24730

PfRv3: Crash while Printing the Same TCA Message

CSCvp24405

Router crash after adding macsec reply-protection command on an interface

CSCvp79052

Cisco SD-WAN Manager is not exhibiting the correct hostname of Cisco IOS XE Catalyst SD-WAN device

CSCvp88044

Performance Monitor crash

CSCvq84015

ISR1100 not booting up after power cycle and gets stuck in boot loop - cdb itself gets corrupted

CSCvr48928

Template push stuck on Cisco SD-WAN Manager Cluster when pushing new System IP to Edge router

CSCvr89957

CFT crashed frequently

CSCvs02000

%IOSXE-3-PLATFORM: R0/0: kernel: DMA: Out of SW-IOMMU space

CSCvs19084

UmbrellaConnector drops packets sent from Linux machine

CSCvs27907

Ctrl+Z causes syntax error: unknown argument

CSCvs28073

IOS-XE device has memory leak in linux_iosd-imag

CSCvs29412

x509 SSH authentication incorrect UPN value selected

CSCvs38028

Cisco IOS XE Catalyst SD-WAN device_Policy_regression: Service IPv6 ping is failing if the interface vrf forwarding is replaced

CSCvs42498

NAT Alias not created for some configuration when using application redundancy

CSCvs45107

AnyConnect fails to reconnect when original session expires

CSCvs47682

Router crashed when attempting to remove a nonexistent trustpoint from dspfarm profile

CSCvs48162

Seeing IpsecOutput drop for Cisco IOS XE Catalyst SD-WAN device even though ip packet size is less than 1442.

CSCvs51630

Cisco IOS XE Catalyst SD-WAN device: 'security ipsec replay-window' needs to support 8192

CSCvs53749

EVPN RMAC stale routes seen

CSCvs56559

show crypto pki server shows wrong expire certificate date

CSCvs56721

spoke-to-spoke PLR packets should not change the interface PLR status

CSCvs57212

NGIO Lite is crashed when MT SMS with special characters (EMS) is received

CSCvs59402

Random IPSEC drops on ESP200 with esp-gcm transform set

CSCvs60195

ASR1K ucode crash after too many locks in ZBF pair setup

CSCvs61402

CFLOW_INSERT ABORT errors continue to increment

CSCvs63606

Ping fails on hundred gig primary interface with FRR configured though MPLS traffic is not impacted

CSCvs63841

SDWAN ISR1100: No SW Image listed when .bin image booted from flash / usb

CSCvs65950

IOS PKI: P12 not generated on IOS Sub CA at rollover certificate generation

CSCvs66091

XE SD-WAN Router SSH might get disabled followed by software reset and another reload

CSCvs75958

ISR4331/K9 Dialer cannot make calls suddenly

CSCvs78594

NAT doesn't translate SIP header's orignial source for return traffic on 16.9.3 and 16.9.4

CSCvs81161

Orthrus: Interface is down after shut/no shut.

CSCvs81791

Fix for kernel driver issue causing wake up for empty block, packet too large to process

CSCvs81967

ISR4K: %BOOT-3-BOOT_SRC: R0/0: No space on boot /dev/bootflash5 for packages, using bootflash!

CSCvs85642

ISR G3 router crashes when rtp-nte DTMF packet arrives at MTP + BDI

CSCvs88686

ISR4K / ASR / CBR8 crash in cpp_cp_svr due to watchdog timeout

CSCvs89840

Cisco IOS XE Catalyst SD-WAN device reboot with UNIX-EXT-SIGNAL: Segmentation fault(11), Process = iosp_vty_100001_dmi_nesd

CSCvs90207

On Cisco IOS XE Catalyst SD-WAN device all the BFD session flap if there is a control connection flap to Cisco SD-WAN Manager

CSCvs96540

SDWAN device admin-tech has empty "show running config" in /tech/ios file

CSCvs96719

ASR1k: Unicast DHCPREQUEST dropped when received on a EoGRE tunnel configured with VRF

CSCvs98389

Packet drops in XE-SDWAN because of "IN_CD_COPROC_ANTI_REPLAY_FAIL" errors

CSCvs98586

Skip SDWAN tunnel encapsulated packets in UTD DP and set inspected flag when skipping inspection

CSCvs99705

PKI CLI - no warning that rsakeypair name starting from 0 (zero) is not working for cert regenerate

CSCvt01186

Interface does down when "l2vpn xconnect" command is removed

CSCvt01532

SD-WAN router running 16.10.3 crashes with cpp_cp_svr fault

CSCvt02534

ISR4K Unexpectedly Reboots with CENT-BR-0

CSCvt03264

UltimaThule: ISR4451 router crashed when template is pushed from Cisco SD-WAN Manager

CSCvt03869

Router reloads due to crypto pki crl request <trustpoint-name> during get a fresh copy of CRL

CSCvt04864

cpp_cp_svr fault and fman_fp_image fault on ASR 1002-x routers running 16.12.2r

CSCvt05373

SDWAN device and Cisco SD-WAN Manager is not in sync when manual software reset is done

CSCvt10151

Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability UTD

CSCvt10499

"Exporter Version" is not correct in the FNF cpp client exporter show command

CSCvt11538

Cisco SD-WAN Solution Software Buffer Overflow Vulnerability

CSCvt12299

XE SD-WAN : Cannot specify the specific vpn except <1-512> in show sdwan app-fwd cflowd flows vpn x

CSCvt15167

Cisco IOS XE Catalyst SD-WAN device QOS Policy-Map on Parent Interface Maps Traffic to Wrong Queue When Traffic on Sub-Int

CSCvt15551

Crash observed in QFP in ASR1001-X running 16.06.05 when GPM is running low

CSCvt19873

ASR1k:Router stops forwarding traffic with MPLS TE & FRR when member link of port-channel is shut

CSCvt21263

Crash upon delete of virtual-access when virtual-template has "no tunnel protection ipsec initiate"

CSCvt21373

unexpected reload in CPP ucode forced by nat 514 .

CSCvt21691

VLAN1 is allowed on the trunk port even though it is not allowed in configurations of C111 interface

CSCvt28541

XE SD-WAN : cflowd not working after re attaching template

CSCvt31561

TBAR is not disabled in GM when it is disabled in KS

CSCvt31588

CSR on AWS - PAYG Broken in 17.1, 17.2, and Polaris

CSCvt33018

MACsec 128/256 XPN on 40g/100g, stop passing traffic for one of AN and interface link flap seen

CSCvt33028

Part of double encapsulated frames dropped with TunnelDecapTooManyTimes code reason

CSCvt33799

Virtual address not reachable: "mac:0000:0c07:xxxx download to DP failed" for HSRP / VRRP over BDI.

CSCvt35947

Duplicate ipv6 address while connecting to remote client

CSCvt37676

Cisco IOS XE Catalyst SD-WAN device crashes after changing flow-sampling-interval within a cflow policy

CSCvt40523

GETVPN: KS 16.12.x - COOP switchover causes GMs to immediately use new TEK rekey

CSCvt42659

Possible Regression ISR4K Mgmt Port ACL Breakage or simply Day One Implementation As Designed

CSCvt46779

Route export not working as desired during failover testing

CSCvt50461

Cisco IOS XE Catalyst SD-WAN device crashes after the push of a template for Umbrella

CSCvt52051

IPsec tunnel is getting established for a backup NHS DMVPN hub

CSCvt52168

SSH Process Thrash During Normal Operations

CSCvt52825

Memory leak in SCCP TLS Client on unexpected deregister event

CSCvt53726

Packet Duplication fails to duplicate packets in Cisco IOS XE Catalyst SD-WAN device Devices

CSCvt54305

Device crashed after Boost license expire

CSCvt59311

ASR1K crash when modifying crypto keyring configuration

CSCvt65588

FlexVPN IKEv2 Tunnel route removed after establishing new IKEv2 SA to another peer

CSCvt67752

Object (IPv6 ACL ) stuck in forwarding data plane. No ipv6 traffic goes towards the upstream router

CSCvt80422

RTP-NTE to OOB DTMF Interworking Failure over BDI with Dot1q Tagging

CSCvu34653

CSR stuck in Bootloop while upgrading to 17.2.1r on Azure.

CSCvu57682

ASR1001-X 16GB: Kernel crashes repeatedly after upgrading from 16.12.2 to 17.2.1

CSCvu82189

Enabling guestshell gives "float division by zero"

CSCvu89033

Template push error due to NAT-MIB process helper traceback/warm restart

CSCvu54116

virtio interfaces not discovered by IOS when host MTU config > 1518

CSCvt44918

Incorrect PMTU programmed for XE SDWAN router tunnel control-plane while data-plane is correct

CSCvs84169

IPSec HMAC drops between after stress traffic and link flap

Open Bugs for Cisco IOS XE Catalyst SD-WAN Release 17.3.1a

Bug ID

Description

CSCvt32383

ASR1000 / RP2 upgrade fails from 16.9.4 to the 16.9.5

CSCvt50136

ASR1k - all Platform : Observing IpFragErr for EMIX traffic with basic IPSEC config

CSCvt97642

MIP100 - Continous %SCOOBY-5-SERIAL_BRIDGE_BLOCK_EVENT flooding on the console

CSCvu59952

ISR4461: Control Connections over sub-interface are down after upgrade, TX Channel create failure

CSCvu59956

IOS cannot boot with 16.12(1r) or later rommon due to cookie PID field incorrectly programmed

CSCvu73323

AAR policy does not work properly after Poweroff/Poweron Cisco IOS XE Catalyst SD-WAN device ISR4451

CSCvu81329

sec policy pushing fail when remove L7 app from rule and action to drop

CSCvu85325

CSR1000V not processing padded and unknown option Hop-by-Hop Options Headers

CSCvu92277

Memory leak observed for FTM process leading to a device crash eventually.

CSCvv00899

Adaptive QoS history record LOCAL-LOSS is always 0 on ISR1000 platform

CSCvv05364

ASR1001-HX, CCP crash due to invalid address accessed by DTL

CSCvv05776

CXP Probe DNS packets are not exiting via correct source interface

CSCvv06021

20.3 vSmart Failover Induced Cisco SD-WAN Manager/Device Connection Failure

CSCvv14438

Azure csr-Cisco IOS XE Catalyst SD-WAN device 17.3.1-throttle (7/16) fresh-deploy crash once@qfp-ucode-csr when shut/no shut Gi1

CSCvv21398

sdwan multicast Cisco IOS XE Catalyst SD-WAN device rpf failure even with unicast route present in rib and omp

CSCvv22768

[RM]-Observing router reload after saving the QOS+APP_PERF config in RAMONES

CSCvv27215

SDWAN 17.3/20.3 - SNMP MIB Query for Interface Description OID return only up to 64 characters

CSCvu02362

fmap_fp crash seen on removing utd ssl config with container uninstallation

CSCvv43957

Template push on ISR1k not working due to no authentication timer "reauthenticateError"

CSCvv48890

vAnalytics - Launch vAnalytics not working in Cisco SD-WAN Manager UI

Interactive Help in Cisco SD-WAN Manager

To access the list of guided workflows for this release, from Cisco SD-WAN Manager, click Interactive Help.

The Interactive Help interface allows you to search for a specific workflow and filter the search results by workflow names.

Figure 1. Interactive Help in Cisco SD-WAN Manager

This release provides guided workflows for the following procedures:

Table 3. List of Workflows Using Cisco SD-WAN Manager 20.3.1

Workflow

Description

Configure Controllers and Devices

Configure Cisco Catalyst SD-WAN Validator

Configure the Cisco Catalyst SD-WAN Validator and add it to the overlay network.

Configure Cisco Catalyst SD-WAN Controller

Configure a Cisco Catalyst SD-WAN Controller to control data traffic flow throughout the network.

Configure Cisco SD-WAN Manager Instance

Configure a Cisco SD-WAN Manager instance by creating a device configuration template and adding it to the overlay network.

Configure Cisco Catalyst SD-WAN Devices

Configure Cisco IOS XE Catalyst SD-WAN devices and Cisco vEdge devices by creating configuration templates.

Manage Devices in Overlay Network

Add Devices to the Overlay Network

Add Cisco Catalyst SD-WAN devices either by using authorized serial numbers or from Cisco Smart account.

Decommission Virtual Devices

Decommission a Cisco IOS XE Catalyst SD-WAN device or Cisco vEdge device to remove the device serial number.

Remove Devices from the Overlay Network

Remove Cisco Catalyst SD-WAN devices to clear an old device configuration from the Cisco SD-WAN Manager server.

Change Device Values

Change Cisco Catalyst SD-WAN device configuration by populating the variable values for the device.

Troubleshoot Device Issues

Determine and fix common Cisco Catalyst SD-WAN device connectivity issues.

Upgrade Devices and Controllers

Install and activate an upgraded software for Cisco Catalyst SD-WAN control components and Cisco Catalyst SD-WAN devices.

You cannot use this workflow for:

  • Cisco SD-WAN controll components releases earlier than 20.3.1

  • Cisco SD-WAN device releases earlier than 17.3.1a or 20.3.1

Whom to contact for feedback?

We value your opinion and please send us your feedback at, mailto:sdwan-workflow-fb@cisco.com