|
|
The information in this Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.1 supersedes all information in the Cisco VPN Solutions Center: MPLS Solution, referred to as MPLS VPN Solution, documentation set.
 |
Note Please read this document prior to reading any other manual for Cisco VPN Solutions Center: MPLS Solution. |
The information in this release note is organized into the following sections:
The materials included in the product box depend on which version of the product you ordered:
The materials included in the packaging for the Core product are:
Additionally, the Core product includes the Cisco IP Manager product, which includes the following components:
The materials included in the packaging for the API product are:
Additionally, the API product includes the Cisco IP Manager product, which includes the following components:
Effective operations management is one of the most important success factors for the Service Provider business. Cisco Virtual Private Network (VPN) Solutions Center: Multi Protocol Label Switching (MPLS) Solution, to be referred to as MPLS VPN Solution, is part of the operations management. MPLS VPN Solution is the provisioning and network management solution for MPLS VPN.
Provider MPLS VPN networks present new challenges to the provisioning of network services. The Provider must be able to share bandwidth among customers while simultaneously ensuring the network reliability and security remain at the same level as private leased lines. To effectively meet these requirements, network architecture, deployment, roll out, and operational support procedures must be well planned and defined. MPLS VPN Solution then enables the Service Provider to effectively manage and maintain the integrity of the network.
MPLS VPN Solution runs on a Sun Microsystems Solaris platform, Release 2.6. The setup function allows you to create targets from router configurations and define the Provider Administrative Domain, customers, and VPNs. MPLS VPN Solution is a service management system that allows service operators to use wizards to enter the requested service-related information. MPLS VPN Solution has an audit function that monitors and reports the current state of a VPN service request over its lifetime and the reasons why the service request is in its current state (audit detail). MPLS VPN Solution provides collection tasks and reports for accounting and SLA.
To implement MPLS VPN Solution, you use the wizards to specify a few parameters, and MPLS VPN Solution configures the customer-edge router (CE) and the provider-edge router (PE).
The CE is the router at the customer site that connects to the Service Provider. The customer site is connected to a VPN when the CE router attaches itself to a VPN service from the Service Provider.
The following topics are new or the implementation was changed dramatically from Release 1.0.2 to this Release 1.1:
You can now back up a repository using a third party backup program that is running with the same user ID as the VPN software. The syntax is as follows:
dbBackup -db <dbpath> -p "<progname -parameters>"
where:
<dbpath> is the path to the repository you wish to back up.
<progname -parameters> is the backup program name and all its parameters.
You can run dbBackup from <MPLS VPN Directory>/bin/solaris.
The committed access rate (CAR) management information base (MIB) collection feature covers the packets dropped based on the CAR command configured on the router. CAR provides the status for each interface on each router configured with CAR. CAR is a bandwidth management tool that controls internet protocol (IP) traffic transmission rates into the network during periods of network congestion. CAR achieves this control through rate limiting (with burst capabilities) and also classifies and marks packets using IP Precedence and quality-of-service (QoS) group settings. CAR MIBs provide the status for the token bucket parameters, associated access lists, and configurable action policies for each rate limit.
The CAR MIB status data is collected hourly and kept in the repository. The aggregator aggregates the hourly bin data to generate the daily, weekly, monthly, and yearly bin data.
You can view the collected data in the repository from the VPN Console, by selecting the Monitoring > View CAR MIB Reports option, and then you can choose reports By Customer or By Network.
Collect RTR Data for SLA was previously (Release 1.0.2) a menu selection under the Monitoring menu in the VPN Console. Instead of the input file implementation of the commands: create-sla, delete-sla, and collect and the utility rtrinputgenerator, the Release 1.1 implementation is a GUI implementation. The wizard begins when you select the Monitoring > Provision SLA Definitions and Collect SLA Data option, as explained in the Cisco VPN Solutions Center: MPLS Solution User Reference.
The provisioning enhancements are listed alphabetically, as follows:
When Border Gateway Protocol (BGP) routes are redistributed into Routing Information Protocol (RIP) routes, the transparent keyword is added. Therefore, the BGP metric is not converted into a RIP metric.
You can now specify IP addresses for the loopback interfaces used for IP unnumbered interfaces.
You can specify an additional loopback interface on the CE, which is configured for IP numbered interfaces.
When giving access to a VPN, you can additionally give access to the management VPN.
For as-override, MPLS VPN Solution can now re-use the same autonomous system number (ASN) on all VPN sites.
For allowas-in, you can specify a maximum number of times (up to 10) a provider ASN can occur in the autonomous system (AS) path.
When provisioning a PE to CE Service Request, you can turn on NetFlow and Service Assurance Agent (SA Agent) responder.
You can now selectively export VPN routing/forwarding (VRF) routes with different route-targets. A PE may need to import routes based on criteria other than route-target only. Additionally, you can specify a maximum number of routes to be imported into a VRF.
The export and import commands accept a route-map.
The self-monitoring tool is a new Release 1.1 feature that monitors MPLS VPN Solution performance. This tool is by default turned off in the csm.properties file. Prior to launching this tool, set netsys.watchdog.server.watchdog_perf.enable to true in the csm.properties file and reboot the watchdog. To launch this tool, then issue the wdperf command. This tool provides detailed information about system performance and resource utilization. It uses system performance data that is continuously gathered by the watchdog and stored in the repository. The reporting features are useful for system monitoring, tuning, and troubleshooting. You can view performance metrics, including CPU utilization and memory usage, for each of the MPLS VPN Solution servers, as well as for collection tasks. The performance data can be aggregated for average, maximum, and minimum and can be viewed by hour or by minute. Colors highlight values that exceed thresholds. Using this information, you can reschedule tasks to try to improve resource usage.
This tool is intended to answer questions such as the following:
|
Note The watchdog's performance data is not immediately available. This is because the data is first written to a log file in the /tmp directory. Then once an hour, the log file is closed, renamed, and copied to the repository directory, from where it is subsequently imported into the repository itself. |
API clients can now delete service model objects, such as CEs or PEs, if they are not associated with any other service model objects. As an example, you can not delete a customer-edge routing community (CERC) if it is associated with a VRF.
API clients can now modify the non-key attributes of service model objects. For example, contact information can be modified in a CE object.
API clients now have greater control over Service Requests with the addition of the following optional parameters:
For additional information, refer to the VsmVPNConnectivityCreator interface in Cisco VPN Solutions Center: MPLS Solution API Programmer Reference (Part Number: 78-10522).
API clients can now modify more Service Request parameters, including some of the newly added parameters.
A new server, TaskServer, which provides a CORBA front end to the MPLS VPN Solution task repository, has been added in Release 1.1. A client program can use this server to remotely drive task management. Instead of handling task management through the VPN Console, a client's Operations Support System (OSS) can use this server to integrate task management.
A new topology feature has been added in Release 1.1. In the Tree View of the VPN Console, when you right-click on any node under Provider Administrative Domain, VPN Customers, or VPNs, a new selection Show Topology is available. Previously, the only way to view topology information was to use the Tools > Topology option from the main menu task bar, which resulted in all topology views for the current repository to be created. Using this new enhanced feature yields only the topology information of interest to be created and displayed, which saves a significant amount of time.
The name of the Annual Summary report has been changed to Summary Report, however, the contents are the same. New reports have been added. They are:
The system recommendations are explained in the following categories:
The following are the system recommendations for MPLS VPN Solution:
Number of CEs | Workstation | RAM | Disk Space |
Up to 500 | Minimum: Ultra 60 (1 CPU) For Growth: Enterprise 250 (2 CPUs) | 1 GB | 20+ GB |
500 to 1,500 | Minimum: Ultra 60 (2 CPUs) For Growth: Enterprise 250 (2 CPUs) | 1 GB | 20+ GB |
1,500 to more than 3,000 | Enterprise 450 (4 CPUs) | 1 GB | 20+ GB |
|
Note When you install Solaris 2.6, be sure to choose either the Developer System Support or the Entire Distribution software groups. Do not choose the End User System software group. The Developer System Support and Entire Distribution software groups contain the software required for a correct operating system installation (such as the SUNWbtool and SUNWsprot packages). |
Prior to installing the MPLS VPN Solution, you must install Cisco IP Manager (CIPM) Lite Version 2, which is bundled with this product. This is a requirement because it is the element manager for MPLS VPN Solution.
|
Note You must install CIPM on a separate machine from where you will install the MPLS VPN Solution software. |
For information on how to install CIPM, refer to the Cisco IP Manager Lite User's Guide: Version 2.0 distributed with the product. The recommendations for the workstation on which you are installing CIPM are as follows:
In addition to the MPLS VPN Solution and CIPM system requirements, the following is needed:
|
Note The recommendation is that one NetFlow workstation be connected to each PE. |
|
Note The Web Browser is specified during installation and in the csm.properties file. |
Be sure that all devices from which data is being collected are synchronized. For NetFlow collection, this means that not only does the MPLS VPN Solution system need to be synchronized to the NetFlow Collector, but that the PE routers must also be set to the same time and time zone. Otherwise, data will not be displayed or will be inaccurately displayed based on the router's time stamp imbedded in the data.
For this release, use the GUI interface (refer to the section Provision SLA Definitions and Collect SLA Data in the Cisco VPN Solutions Center: MPLS Solution User Reference) to create, collect, and delete SLAs.
The problems fixed since Release 1.0.2 are presented numerically in the following categories:
CSCdp08990 - /tmp should not be accepted for repository while installing.
CSCdm51591 - Existing data-link connection identifier (DLCI) on Frame Relay (FR) not
recognized.
CSCdm58289 - Possible to enter incorrect interfaces in provisioning wizard.
CSCdm67710 - Audit State change from Lost should go Deployed.
CSCdm76740 - Audit for CE Success; when redistribute is missing from Routing Information
Protocol (RIP).
CSCdm88251 - CERC cannot be deleted even after Remove VPN service.
CSCdm88632 - Not generating no ip vrf {name} during Modify.
CSCdm90539 - Loopback addresses can be reused in regular pool across regions.
CSCdp01305 - Audit tasks need successful completion message.
CSCdp04300 - Modify Static to RIP problem during Add VPN service wizard.
CSCdp04312 - Override for DLCI already provisioned.
CSCdp06314 - Modify unnumbered to numbered causes interface problems.
CSCdp08227 - Add VPN - In use interface check not working for IP unnumbered.
CSCdp09095 - Audit for VPNs with no Service Requests generates bad URLs.
CSCdp09274 - Audit successful after removal of redistribute statement.
CSCdp09484 - Incorrect BGP AS gives a misleading error message.
CSCdp10417 - DIPMServer not changing CIPM virtual element to vty.
CSCdp10657 - COS: WRED and FQ should be provisioned on major interface.
CSCdp11945 - Modify Asynchronous Transfer Mode (ATM)/Switch Service Request goes invalid
when changing subinterface number.
CSCdp12008 - Audit for Modified Request fails for CE BGP definition.
CSCdp12758 - ATM subinterface number causes Audit to fail.
CSCdp13618 - Modify Service Request does not release the earlier addresses.
CSCdp16063 - Invalid Service Request uses IP address pool and looks for new address when
redeployed.
CSCdp17567 - Removal of VPN on Ethernet interfaces removes VRF definitions.
CSCdp19096 - Removal of Invalid Service Request on Ethernet pushes deployed Service Request
to lost.
CSCdp19799 - Redistribute protocol into CE Open Shortest Path First (OSPF) forgot subnets.
CSCdp21092 - Task log provides no information when incorrect IP address used.
CSCdp29779 - Set VRF name still prepends VPN number to entered VRF name.
CSCdp37895 - Provisioning ATM subinterface > 4096 causes error.
CSCdp38674 - Audit successful when changing ATM encapsulation type.
CSCdp39454 - Service Request without VFIT tables after audit remains Functional.
CSCdp41863 - Changing directory name for a new install fails future audits.
CSCdp63087 - Auditing broadcast interface fails looking for extra CE loopback.
CSCdp67480 - VsmVPNServiceModifier returns wrong SRVC ID after addToRep.
CSCdp70299 - Modify serial interface from Point-to-Point Protocol (PPP) to High-Level Data Link
Control (HDLC) fails.
CSCdp77674 - Extra CE loopback for PE provisions wrong ip route statement.
CSCdp77811 - VRF Maximum Routes command - add support for threshold value.
CSCdp78278 - CNGSServer is disabled due to heartbeat failure.
CSCdp81501 - IP address for PE required in configlet when PE already has same address.
CSCdp83206 - Audit fails for export map.
CSCdp84250 - Provisioning allows overlap of ip address.
CSCdp90548 - Scheduler cores while deploying a Service Request.
CSCdm18510 - Tool will not exit until all Netscape windows killed.
CSCdm55253 - Refresh of task list does not work properly.
CSCdm65538 - Accounting objects leaking in Device Data GUI.
CSCdm69309 - Fully Meshed CERC uses both Hub and Spoke route-targets.
CSCdm72474 - Task Creation time displayed is ahead of current time - Time Zone problem.
CSCdm80340 - When you select a PE, you should verify it has the same BGP AS as the provider.
CSCdm84885 - Provisioning allows CE to be Hub and Spoke in same CERC.
CSCdm89442 - Display of dates from Java incorrect for some Time Zones and most Daylight
Savings Times.
CSCdm91125 - Routing Protocol displayed as Static in Add VPN service confirmer.
CSCdp02191 - Scheduler fails to come up after setting a repository in /tmp.
CSCdp04525 - New Provider Administrative Domain creation fails when the name is precisely 64
characters.
CSCdp06667 - The stopwd command generates an exception if any server is in the disabled state.
CSCdp07213 - Caching in SLA reports causes malfunction of refresh operation.
CSCdp07223 - User can request download of out-of-date Service Request.
CSCdp07436 - Importing of configuration can be set without choosing network.
CSCdp08850 - Creating new repository and creating new task crashes vpnconsole.
CSCdp10342 - Logs are directed to wrong repository when default changes.
CSCdp12039 - In Accounting Reports, a Java Exception occurs when attempting to filter by
Application Type in the Advanced Filter feature.
CSCdp13835 - Memory leak while loading config file and target creation.
CSCdp14497 - Unchecking Show only default COS profiles disables profiles.
CSCdp18284 - Invalid Service Request shows truncated state change entry for error message.
CSCdp20796 - VPN Console core during Modify - VPN/CERC membership changes.
CSCdp23514 - Button not appearing in SLA reports due to default size too small.
CSCdp26394 - MPLS VPN center: SLA reports - SLA ID not sorted numerically.
CSCdp28645 - Memory leak in JRE process.
CSCdp33439 - Task logs not displayed in browser due to sort/scalability problem.
CSCdp33717 - Description window/field should dynamically get a scroll bar.
CSCdp34266 - Wdgui window does not refresh when left open.
CSCdp35063 - Scheduled tasks seem to consume too many CPU cycles.
CSCdp35452 - Device Data Summary Report not releasing memory when closed.
CSCdp38881 - VPN Console fails to display all the Service Requests created.
CSCdp43659 - A small memory leak in the Scheduler process.
CSCdp48587 - Modify Service Request wizard should invoke a refresh of All VPN Service
Request report.
CSCdp48704 - Please create IP Pool usage report.
CSCdp50924 - Tool allows different BGP AS number for Provider Administrative Domain
and PE.
CSCdp52002 - Add VPN Service to CE fails with an error message.
CSCdp53083 - Time Zone error being displayed in schedule window of wizard.
CSCdp53722 - Repository Administration window does not show the newly created repository.
CSCdp54536 - Collect RTR/SA Agent Data task needs more reporting in the task logs.
CSCdp54549 - Task needs more reporting in task logs: Collect VPN Accounting.
CSCdp54560 - Task needs more reporting in task logs: Collect VPN Routing information.
CSCdp63596 - Exception during Customer Traffic Volume (CE---CE) report.
CSCdp63601 - ProtocolData should be mandatory while Creating SLA.
CSCdp65132 - Modify Service Request from unnumbered to numbered has wrong mask in GUI.
CSCdp70766 - Select VPN panel during Modify does not go to Advance panel.
CSCdp73571 - Wrong display of the window title.
CSCdp74426 - Wrong title displayed in CAR MIB hourly report window.
CSCdp76841 - VPN Console crashes when trying to create customer with no data.
CSCdp77224 - IP unnumbered manual entry - Allow only /32 for PE/CE mask.
CSCdp78962 - Smart collection results in exception; status remains Running.
CSCdp79416 - Wrong date in State Change report.
CSCdp80771 - Default window size too short in SLA annual report, default window size too short.
CSCdp97035 - Incorrect Customer name in SLA Definition window.
CSCdm89451 - Repository needs to handle Daylight Savings Time.
CSCdm92975 -The file poller.log needs to be managed.
CSCdp04933 - Error produced when scheduling task and network includes a period character.
CSCdp10277 - MIB Interface Map recording wrong masks on interfaces.
CSCdp11009 - Poller fails to attempt collection of rest of thread if one collection fails.
CSCdp11493 - Scanning problem when targets are created from files with domain names.
CSCdp12044 - Poller and scheduler restarting after configuration file collection.
CSCdp12045 - Collect configuration files does not mask passwords.
CSCdp12608 - CollectDeviceType task does not clean up temp files.
CSCdp13185 - Incorrect RTR probe added into SLA definition.
CSCdp13338 - Fail to create remaining RTR probes after an incorrect probe.
CSCdp14451 - SLA delay reports have inaccurate values for Jitter.
CSCdp14917 - Populate interface task should detect if SNMP is not configured.
CSCdp16921 - DataSetServer does not give exception details when manager fails.
CSCdp16937 - DataSetServer heartbeat improvement.
CSCdp17623 - Cannot create RTR probe.
CSCdp18885 - The Collect VPN Accounting logs need improvement.
CSCdp19448 - Improvements need to be made to the Populate Interface task log.
CSCdp20095 - Rainbow RTR traffic dropped from vtm merge logic in Accounting.
CSCdp29184 - Unable to open CE---CE or PE---PE SLA reports when using domain name.
CSCdp38741 - Need to define limits for Repository data sets and performance data.
CSCdp38785 - The startwd command can truncate the csm.properties file.
CSCdp39118 - Corrupted Task Log output on VPN Routing Information Collection.
CSCdp41323 - Permissions error for mediatorPerfLogs when wrong user logs in.
CSCdp45283 - dbBackup -p option only accepts a single argument.
CSCdp45337 - No dataset limit for CAR MIB.
CSCdp45340 - CAR MIB datasets are unsearchable, undeletable.
CSCdp46354 - Not all RTR probes get collected during SLA collection.
CSCdp51991 - Need a link to <host>:8080 in Repository Management menu frame.
CSCdp52624 - Expect script datacollect.exp dumps the whole directory repository for password.
CSCdp54564 - Task needs more reporting in task logs: Deploy Service Requests.
CSCdp54572 - Task needs more reporting in task logs: Deregister for Traps.
CSCdp54598 - Task needs more reporting in task logs: Populate MIB interface.
CSCdp54600 - Task needs more reporting in task logs: Register for Traps.
CSCdp56361 - Problems with vtm merge logic collecting from provisioning laboratory.
CSCdp60491 - Update time/date format in Repository Management tools - Time Zone.
CSCdp62007 - Update dbBackup usage line.
CSCdp62922 - Update configuration collection task wizard wording.
CSCdp62930 - Remove obsolete dataset search parameters from Repository Management tool.
CSCdp63097 - Trap Catcher server needs to be restarted to read hash table.
CSCdp63606 - Incorrect netmasks are populated by Populate Interface task.
CSCdp66724 - Self-monitoring tool Dataset.Server causing Java memory leak.
CSCdp70331 - Unable to create SA Agent probes without correct DNS entry.
CSCdp74997 - When the -p option is used with dbBackup, a log file is not kept.
CSCdp77465 - Incorrect Accounting for month Class of Service.
CSCdp77990 - Need a central control flag for self-monitoring tool.
CSCdp80037 - CAR MIB report displaying negative numbers for values.
CSCdp80142 - Need to add correct patch version to install script.
CSCdp82295 - SmartCollector is always turned on.
CSCdp86258 - Unable to create Dynamic Host Configuration Protocol (DHCP) probe.
CSCdp92479 - Singapore Time (SGT) improperly displayed as Greenwich Mean Time (GMT) in
wdgui.
CSCdm76553 - SlaBrowser.findAllSla() finds SLAs not defined on RTR routers.
CSCdm93885 - CVPIMServer core dumps.
CSCdp01451 - VsmCoSProfileCreator: CoS Profile names need to be unique.
CSCdp02133 - VsmRegion:freeIPAddress30 should not free unassigned addresses.
CSCdp07971 - VpnServiceModel:addIPAddressPool30 allows illegal address pools.
CSCdp08403 - VsmSRCreator:setPEInterfaceAddress allows invalid address.
CSCdp08788 - VsmRegionCreator should not allow duplicate region names.
CSCdp09103 - VsmPECreator,VsmCECreator:target cannot be both PE and CE.
CSCdp11371 - VsmCustomerSiteCreator should not allow duplicate site names.
CSCdp12349 - VsmSRCreator:modifyPECERoutingProtocol needs routes ToAllSites.
CSCdp17966 - Unable to use collection objects with C++ client programs.
CSCdp18873 - Release call needed for PRGCreator and CERCCreator.
CSCdp25747 - APIs: findSlaByCustomer, Protocol, and VPN do not work properly.
CSCdp33844 - CORBA API does not accept subinterface if only VCD provided.
CSCdp43393 - Unable to change CE advertised routes in VsmVPNServiceModifier.
CSCdp65277 - Task engine API: runtime actions verify flag is not consistent.
CSCdp68512 - VsmFWModifier/Creator:set*() functions allow zero length strings.
CSCdp69463 - CreateCollectVPNAccountingDataTask() should check targetList.
CSCdp70913 - VsmVPNConnectivityCreator:setVPN() should be removed.
CSCdp71279 - Task API should check if PT is NULL when a PT is scheduled.
CSCdp71300 - The NULL task name should not be allowed when creating a task.
CSCdp71328 - Change createGetRTRDataTask() to createGetSAADataTask().
CSCdp71895 - VsmCosProfileCreator needs error checking for CoS Profile/CoS Class.
CSCdp72270 - TaskRuntimeTask.getStatus() should be disabled.
CSCdp74275 - getAcctStatForCustomerSiteToSite() diff between GUI and API output.
CSCdp77119 - VPN Provisioning and Inventory Manager (VPIM) server crashes with
downloadList() operation.
CSCdp78613 - Problems with scheduling task using API.
CSCdp78637 - VsmFWCreator:VsmCoSClass gives wrong error message for peCe/cePe range.
CSCdp78660 - Inaccurate status for task in tasklog.
CSCdp86550 - Got java.lang.NullPointerException when print SAAEntryCollection.
CSCdp87609 - VsmVPNServiceModifier:SRState should default to Requested.
CSCdp89852 - VsmSRCreator:setMemberGreyManagementVPN always sets a FALSE Boolean.
CSCdp99649 - VsmVPNConnectivityCreator:setPEInterfaceAddress - need to allow /32.
CSCdm68120 - Named Extended access list is displayed as standard access list.
CSCdp12837 - Syntax error for no bgp default ipv4-unicast.
CSCdp20162 - CiscoAcctMonitor IDL document needs to be cleaned up.
CSCdp26712 - DirRepExport/Import do not preserve Collection Target IDs.
CSCdp38614 - DataBase response times too slow to be scalable.
CSCdp63062 - Can not print Data Summary report using PS option.
CSCdp71845 - Document all error codes in exceptions
The known problems are presented numerically in the following categories:
CSCdp95960 - vpninstall must check top binary permissions and untar demo repository
The top binary that is installed in the unsupported directory must be owned by the group "sys" and setgid. This ownership must be checked or set by vpninstall.
CSCdp97748 - Mismatch of free space requirement value while installing
The disk space requirement message shows mismatching values when there is insufficient space to install the MPLS VPN Solution software. Initially the free disk space requirement is shown as 500 MB and later it is shown as 650 MB.
Workaround: More than 650 MB should be available to install MPLS VPN Solution successfully.
CSCdp99604 - Install script should allow user to continue if network is down
Installer appears to be in a loop when trying to ping a host.
Workaround: You can either wait for the network to come on line again or press Cntrl + C to restart the install from the beginning.
CSCdm26888 - Better IP address validation required - for example, in static route dialogs
Checking of some specific illegal values is not available in many areas where you are required to enter IP addresses. Basic validation (making sure it is a decimal between 0-255 inclusive) is done, but there are more sophisticated errors that are not trapped. For example, you can enter 255.255.255.255/32 as a static route for a VPN routing/forwarding instant (VRF).
Workaround: Be sure the IP address/mask information is valid.
CSCdm33817 - Incompatible PE/CE AS numbers can be entered during provisioning
It is possible to specify the same AS number for the CE as is used for the PE. This can result in an invalid Border Gateway Protocol (BGP) configuration.
Workaround: Manually ensure that the AS numbers entered for PE and CE are not the same.
CSCdm58306 - SelectIPAddress step in Add VPN service wizard needs more checks
During the Add VPN Service to CE wizard, the user may enter specific IP address information. While basic validation is done on the IP address, more sophisticated checks of the address are not done. For example, 0.0.0.0/0, 127.0.0.0/0, and 255.255.255.255/32 are all allowed.
Workaround: The user should manually check that the addresses being entered are correct.
CSCdm84614 - Missing detail on Duplicate/Overlapping IP address pools
When duplicate or overlapping IP networks are entered in the VPN Console for a provider region, the error message displayed does not specify the reason for the error.
CSCdp14582 - It is difficult to purge a Service Request against an invalid device
If you define, for example, a PE that is inaccessible and make a Service Request that refers to it, provisioning keeps the Service Request in Requested state, because upload will fail. However, if you try to get rid of the Service Request by performing a deletion, it also fails, staying in the Requested state, for the same reason.
As a result, the Service Request cannot go to closed, and hence cannot be purged. Accumulating these bogs down the system, as each download attempt will have to time out on access to the bad devices. It will also not be possible to delete the invalid device, because there are Service Requests outstanding against it.
Workaround: Any technique that arranges (temporary) access to a device can be used to clear up this corner case. For instance, temporarily pointing the PE Target parameters to some other device will allow upload to proceed. If this is not possible, another workaround is to switch the system to ECHO mode, clear the bad request in that mode, and reset to regular (CIPM) mode.
CSCdp20904 - Change address pools before pool ends
There are two new APIs in VpnInvMgr to remove an address pool from a region:
removeIPAddressPool32
removeIPAddressPool30
If you are currently using an address pool X and want to switch to use another pool Y, you can remove X using the API mentioned above, and add Y to the region.
IMPORTANT: It is your responsibility to make sure that the new address pool added (for example: Y) does not overlap with the address pool removed (for example: X). If these address pools overlap, when you provision new service requests using Y, you may get duplicate addresses that are in conflict with old service requests provisioned with X.
CSCdp77431 - OSPF cost command in configlet
The ip ospf cost command is generated in the configlet when ip address is provisioned and OSPF is running on that interface.
CSCdp78396 - Able to create Service Request using major interface when Service Request exists with sub-I/F
It is possible to create and deploy a Service Request using HDLC or PPP encapsulation on a major interface that is already in use by another Service Request that has Frame Relay encapsulation and subinterface(s) defined for those same major interfaces. Deploying this Service Request results in reconfiguration of the major interface and subsequent elimination of all existing subinterfaces associated with those major interfaces specified in the Service Request.
Workaround: If the Service Request has been created and deployed, with the Service Request State being either Pending or Deployed, there is no workaround. However, if a Service Request happens to be created and is in Requested state, you can safely remove the Service Request by issuing a Remove VPN Service and deploying the newly created Remove VPN Service Service Request. Since configlets are not generated for a Service Request in Requested state, no configlets will be generated when deploying this Remove VPN Service Service Request.
CSCdp82709 - wdperf stops and restarts while creating Service Requests through APIs
When a large number of Service Requests (for example: 20,000 Service Requests) are created through APIs, the server wdperf stops abruptly and restarts. Although the creation of Service Requests succeeds, the servers are not expected to stop in between.
CSCdp82730 - Time not displayed for the first 3001 Service Requests on the Service Request list
When 20,000 Service Requests were created through the API, for the first 3001 Service Requests, the 'Created At' and the 'Last State Change' columns do not show the time when that event took place. Instead, the message 'Not Available' is seen on these two columns. The remainder of the Service Requests are fine.
CSCdp86726 - Audit fails after modifying Service Request to remove extra CE loopback
When modifying a numbered Service Request with extra CE loopback, to remove the extra CE looopback option, the PE fails the Deployed auditor test with the following error: VRF forwarding audit on PE : static pointing to extra CE loopback not found
Workaround: To get the Service Request into a Deployed state, you must first remove the original request and reprovision without the options that were removed during the modify.
CSCdp94405 - VPNSC: template and neighbor x.x.x.x update-source <int>
Neighbor x.x.x.x is not correctly treated if we have to redeploy a service where a template was used. The problem only occurs for neighbor x.x.x.x update-source under the address-family.
CSCdr01859 - Could not delete Numbered address pool from region
Unable to delete the address pool even after purging all the Service Requests.
Workaround: None.
CSCdr06645 - Audit not catching multiple access-list number in route-map
Service Request may stay in the Deployed or Functional state when route-map statements with match ip address have additional Access-list besides what MPLS VPN Solution provisioned.
CSCdr07338 - Audit should fail for extra set extcommunity values in route-map
Service Request may stay in the Deployed or Functional state when route-map statement with set extcommunity rt <value> has more than what MPLS VPN Solution provisioned.
CSCdr07633 - Missing IP Route error while auditing Numbered to Unnumbered
While auditing the Modify of an IP Numbered Service Request with extra CE loopback from Numbered to Unnumbered, the auditor looks for static routes. However, there are no static routes.
Workaround: None.
CSCdr09514 - Service Request stays in Deployed state while missing extra CE loopback address
In a Service Request with LAN, IP Numbered, manual IP addressing with extra CE loopback stays in the Deployed state even when the loopback interface IP address is missing. The Service Request remains in the Deployed state even after repeated auditing
Workaround: None.
CSCdm13419 - Routers with same name can be assigned to same region, site
To set up VPN customers and their sites or providers and their regions, you must assign routers to the sites or regions. The site and region panels then list the host names of the routers that have been assigned as CEs or PEs, respectively.
Currently, the user interface allows you to assign routers with the same hostname (but different networks) to the same site or region. This can lead to confusion when viewing the list of CEs in a site or PEs in a region.
For example, suppose there is a router called firewall in Network1 and a router called firewall in Network2. The product treats these as distinct and separate routers, because of the different network name, allowing you to add both of them as a CE to the same site, or as a PE to the same region. When you view the list of CEs, firewall appears twice.
Workaround: Either have unique host names for the routers, even across Networks, or do not assign routers with the same hostname to the same region or site.
CSCdm19511 - VPN Console hangs with fast <return> keystrokes
In some cases in the VPN Console, if you type in quick successive Returns into text fields, you will cause the VPN Console to hang.
Workaround: Restart vpnconsole.
CSCdm52106 - Schedule window too small in wizard
The schedule step that appears in certain wizards may not show all the possible scheduling options because the window is too small.
Workaround: Make the window larger.
CSCdm59399 - VPN Console windows have bad sizing behavior under X emulators
The VPN Console has shown bad sizing behavior when used with X emulators, such as XVision on Windows, NCD Xterminals, and Reflection X.
Workaround: Resize the windows manually, if possible, or display to a Solaris workstation's display.
CSCdm59856 - Icons may not be displayed in topology
When using the topology, the icons may not display immediately.
Workaround: Close the topology and re-open it.
CSCdm78883 - Tools > Task Logs does not launch browser if not in $PATH
The VPN Console attempts to launch a web browser for accessing certain functionality, for example, Task Logs and Audit Reports. If the web browser is not in the current PATH, it will not be launched. This is in spite of the fact that the web browser may have been specified with a full, complete path during installation.
Workaround: Edit the PATH to include the directory of the web browser.
CSCdm80371 - Cursor does not appear in editable fields when using OpenLook Window Manager (olwm)
When using the OLWM, the cursor does not appear in text fields in the VPN Console.
Workaround: Change the window manager to Common Desktop Environment (CDE).
CSCdm85670 - Target retries and timeout entry confusing
The timeout value has an upper limit of 60 seconds. This is the timeout value used for each retry attempt to communicate to the router.
CSCdm87862 - Editing a region may remove it from the region listing
In some cases, when editing a region, the region may disappear from the Provider Administrative Domain's region list. The same thing may happen with the sites and customers.
Workaround: Click Cancel on the region window and the provider window and re-open the provider and region windows.
CSCdm91769 - Click in Traffic Summary Graph displays wrong tag/numbers
The pie charts for the Accounting reports allow clicking on one of the wedges to see more information. In some cases, the numbers in the pie chart correspond to the wrong row in the tabular report.
CSCdm91773 - Axis values in accounting charts incorrect
The axis values in some of the accounting charts may be incorrect.
CSCdp04969 - Default route disappears when modifying a Service Request
A problem occurs when modifying a Service Request that is using Static routing between the PE and CE. The "default route" specified in the original Service Request is no longer displayed.
Workaround: Re-add the "default route" (0.0.0.0).
CSCdp07284 - VPN Console does not refresh network list after using CIPMObjSync
After running CIPMObjSync to populate the tool with CIPM-created network elements, there is no way to view networks that were created without shutting down and restarting vpnconsole. This is not the case if the sync process populates an existing network with additional devices. Simply closing and re-opening the window for the network refreshes properly in that case.
This also occurs when a user running one instance of vpnconsole adds a new network. Another user running another instance of vpnconsole will not see the new network or any of its elements until the vpnconsole is shut down and restarted.
CSCdp13406 - Audit and Provisioning wizards get confused if run simultaneously
Running the Add VPN to CE wizard and the Generate Audit Report wizard at the same time can get the two wizards into a confused state when the Back button is used. Using Back can return you to the previous screen in the other wizard.
Workaround: Use only one wizard at a time.
CSCdp14446 - Remove requests (re)scheduled by the task manager receive fatal error
A Remove VPN Service Request that is re-deployed through the Task Manager, fails with a Task Log error message of FATAL ERROR. There are no Service Requests of type \VIRepGenericSrvcReq::SRObjTypeSRVC\.
Workaround: Use the Provisioning > Deploy Service Request function to redeploy requests instead of rescheduling an existing task from the Task Manager.
CSCdp19379 - VPN Console hangs during refresh of Task Manager window
The VPN Console can hang when using the Task Manager window. If this happens, you can start a new VPN Console process.
Workaround: Use the drop-down menus from the main VPN Console window to start tasks instead of using the Task Manager.
CSCdp25127 - Xclipboard functionality non-existent
There is currently no way to copy text out of an MPLS VPN Solution window and paste it into another Xclient window.
CSCdp36737 - User confirmation must be mandatory for deletion of IP address
Deletion of IP addresses from the pool does not ask for user confirmation.
Workaround: Make sure an address is not deleted accidentally.
CSCdp50127 - VPN Console window should close when the watchdog goes down
VPN Console returns an error stating that an object could not be found in the database.
Workaround: Close the VPN Console and re-open it.
CSCdp54462 - GUI Refresh of VPN Inventory does not reread the Repository
If the Raima utility initdb is used to clear out a database, then the Refresh functions in the VPN inventory of the vpnconsole will not work.
Workaround: Restart vpnconsole.
CSCdp54481 - Refresh of Task Manager window does not reread the repository
Tasks remain in the task manager GUI after the task database has been initialized and the GUI is refreshed.
Workaround: Restart vpnconsole.
CSCdp62988 - GUI hangs when modifying the repository during backup
When a Repository backup is running, the database is write locked until the backup task completes. If you try to insert a new task into the repository while the backup is running, it fails. The VPN Console hung until the backup completed. Since a repository backup may take time, the VPN Console should not hang, but rather inform you that the database is currently write-locked.
Workaround: Do not attempt to modify the repository while running a backup.
CSCdp67116 - Tasks do not always start at scheduled time
If numerous tasks are scheduled to run at 12 hour intervals, some tasks will run at the correct time while others will run one or two hours later.
CSCdp79910 - SA Agent Report gives no date selection
The Monthly Report drop-down menu displays Connectivity, Max. Delay, and Threshold Violation as selectable items instead of a list of months or weeks, disallowing drilling down further by date.
CSCdp85830 - Topology no longer appears in applet
The topology views that were accessible in version 1.0 from the web browser as part of the Audit reports are no longer accessible from the web browser.
Topology views are still accessible from the VPN Console.
CSCdp86529 - GUI lists objects twice if refreshed during initial load
Selecting Refresh on the VPN Inventory section in the GUI while it is still getting the object list results in the object tree being listed multiple times.
Workaround: Be careful not to select Refresh at this time.
CSCdp86843 - All VPN topology view is not scalable
When you open the topology's All VPN view for a database that contains a large number of VPNs, the window that appears is not intuitive.
Workaround: Select the VPN in question from the list in the hierarchy tree of the VPN Console window. Right mouse click and open the topology view on a smaller scale.
CSCdp86884 - Adding a VPN through the topology and exiting before finishing causes errors
If a Service Request is created from topology and is canceled before completion, it shows up in the left pane of the topology.
Workaround: Do not use the topology to create Service Requests, use the wizard located in the VPN Console at Provisioning > Add VPN Service to CE.
CSCdp86936 - The symmetric view of the topology needs to display names better
Site names are difficult to read when viewing a repository that contains about 190 VPNs, when viewed in Symmetric Layout.
Workaround: Select and open only individual VPNs or customers from the hierarchy tree of the VPN Console.
CSCdp87839 - Only VPNs of first provider can be listed in GUI
Only VPNs of first provider object can be listed in the GUI.
CSCdp91271 - Java Exception during Edit Target
When the user clicks on the Edit Target option without selecting a target, the tool generates a Java exception.
CSCdp97877 - Java Exception during Delete SLA
While deleting an SLA, if you select a customer that does not have any CEs listed and then you click the Next button, a Java exception results.
CSCdr00497 - Passwords should not be displayed by default in the network window
Passwords are displayed in the network window when the targets are viewed by filtering according to role.
Workaround: Implement the following steps:
1. Comment the following lines in the csm.properties file: netsys.ciscorouter.unix=loginuser|loginpw|enableuser|enablepw netsys.netflowhost.unix=loginuser|loginpw|enableuser
2. Stop and restart the watchdog.
3. Restart vpnconsole.
CSCdr03480 - Deleting a region with ip pool assigned create Java Exception
Java exception appears in stdout, when trying to delete a region that has an IP address pool assigned.
Workaround: None.
CSCdr03591 - Java exception occurs when deleting Region
When a PE or Region is being deleted by another user, it is difficult to read the error message, when moving through the Add VPN Service wizard.
Workaround: None. The impact to the user is usability.
CSCdr07871 - In the SLA Annual Summary Report, the Min delay is always 0
In the SLA Annual Summary Report, the yearly summary report displays a Min. Delay of 0, even if there are no Monthly, Weekly, or Daily Min. Delay figures to match.
CSCdr11982 - BGP AS# editing should be allowed while creating a new Provider Administrative Domain
While defining a new Provider Administrative Domain, if the BGP AS number is already in use, an error window appears.
Workaround: Discard the current Provider Administrative Domain creation and restart the Provider Administrative Domain creation.
CSCdm89943 - Need to handle Gigabit Switch Router (GSR) V5 NetFlow output format
Accounting uses the NetFlow V5 exported data for traffic analysis.
However, the NetFlow V5 data export did not support GSR as the PE router. Therefore, for the current FCS release, accounting will not support GSR as the PE router.
Workaround: Do not use GSR as the PE router.
CSCdp07809 - NetFlow can not map to subinterface for FastEthernet and High-Speed Serial Interface (HSSI)
If the connection between the PE and CE is through a subinterface of FastEthernet or HSSI type, Accounting will drop the traffic through this link. The current IOS does not populate the subinterface information to the MIB.
Workaround: None.
CSCdp11889 - Verify collect report for collections should reflect current set
The verify collect report for collections does not reflect the currently possible collections. This report should be ignored.
CSCdp53863 - User must specify no ip domain lookup on the router
When doing collections, MPLS VPN Solution tests a router for enable mode by sending it an address to be resolved. If the router's DNS configuration does not specify a reachable domain name server, the router hangs waiting for the DNS response. When an MPLS VPN Solution telnet connection to the router times out, a simple timeout error message is displayed.
Workaround: Ensure that the router's DNS configuration specifies either a reachable name server or no ip domain lookup.
CSCdp54370 - Bypassing login is invalid if no password is configured
Currently, the collection engine requires the router to be configured with a login password. The collection fails if the router is configured to by-pass the login.
Workaround: Configure the router to require a password to log in.
CSCdp76580 - Empty reports may result from a mismatch of time zones between the Repository and the system
If a repository containing accounting data is moved to another system in a different time zone or the time zone on the system where the data was collected is changed, the reports are empty or incorrect when viewed.
Workaround: Set the time zone of the system on which you wish to view the accounting reports to be the same as the time zone in which they were collected. Also, the time zone of the NetFlow collector system must be the same as the time zone of the system on which accounting collection tasks are run.
CSCdp88029 - Current Burst never changes in CAR MIB reports
The Current Burst rate displayed in the CAR MIB reports does not display the most recent data collected from the MIB. If the user has been collecting hourly for a number of hours, the value of the first collection will be displayed.
Workaround: None.
CSCdp88110 - dbBackup needs to provide separate lock and unlock operations
The current implementation for the command line dbBackup utility does not support the use of external disk management tools like Veritas. When using the -p option, the argument provided to the -p option must be run by the same user that runs the VPN software. Third party tools, which must be used to minimize the database locking time, must be run as root. Therefore, separate lock and unlock operations need to be supported in order for the following sequence of events to take place:
1. Lock the repository as the VPN user
2. Run any third party disk management/backup scheme as ROOT
3. Unlock the repository as the VPN user
Workaround: None
CSCdp95654 - Problem with current CAR aggregation
The aggregation code used to calculate the amount of data that has gone across an interface currently happens at hourly boundaries. If collections are only done hourly, it is possible for CAR counters to wrap. If collections are done more frequently to avoid this, the math does not occur. It is possible to understate the amount of data that has passed through the interface with the current code.
Workaround: None.
CSCdp96874 - Dangerous file permissions in the repository
There are many files and directories in the VPNSC repository that have world-writable permissions. This is a very dangerous condition for a file system based database and could easily lead to a loss of database integrity.
Workaround:
1. To fix the permissions of world-writable files, as the VPN user, run:find <path to repository> -perm -o+w -exec chmod o-w {} \; -print
2. To view a list of world-writable files and directories in your repository, run:find <path to repository> -perm -o+w -ls
CSCdp99246 - After restoration of the Repository, Service Requests can not be modified
Service Requests can not be modified if a repository is restored on top of an existing repository using the Repository utilities. An error is reported.
Workaround: Restore the repository to a new directory/location instead of overwriting it.
CSCdr03834 - Log Server restarting when loading 1.5 MB files
Log Server is restarting when viewing logs through a browser.
Workaround: Verify the size of the files attempting to be opened. These files are probably large. Increase the server heartbeat times in the csm.properties file.
CSCdm80601 - Module CiscoVPNServiceRequest
In the Provisioning CORBA API, the module CiscoVPNServiceRequest is not needed. This module can be safely removed and all references to it.
CSCdp10956 - VsmSRCreator:setPEPortReservationOnly() does not work
The CiscoVsmSRCreator::VsmVPNConnectivityCreator::setPEPortReservationOnly() operation is FOR FUTURE USE.
CSCdp22355 - CiscoAcctMonitor: need to clean up IDL files
References to obsolete APIs getApplicationNameIndexTable(), getVrfNameIndexTable(), getRdNameIndexTable() are found in the IDL.
Also the string "AcctManger" (spelled incorrectly) should be removed from the IDL. Even correctly spelled it would need to be removed. AcctManager is now called AcctMonitor.
CSCdp66898 - /etc/init.d/tagvpn stop does not stop NS process
Running multiple instances of Orbix NS causes corruption in the NS implementation repository. We start orbixd and it in turn starts NS as part of the initialization. Even if the NS already exists, it goes ahead and starts another NS.
Workaround: Make sure you always kill the NS process before orbixd is restarted. In Orbix 3.x, NS is a Java program and shows as a jre process.
CSCdp69441 - Need new API to unset maximum AS occurrence in path
Once you have called VsmVPNConnectivityCreator::setMaxASOccurrenceInPath() on a Service Request, there is currently no mechanism to undo this. That is, you can change the value of max. AS occurrence in the path, but you can not unset it.
Workaround: Remove the Service Request. Create a new Service Request without calling setMaxASOccurrenceInPath() and deploy the new Service Request.
CSCdp70476 - There is no CORBA API to unset import/export map and maximum routes
There is currently no mechanism through the API to do the following:
1. Remove an import map already set in an existing Service Request.
2. Remove an export map already set in an existing Service Request.
3. Undo the setMaxRoutes() API call.
Workaround: Remove the Service Request. Create a new one without the import/export map and without calling setMaxRoutes(). Then redeploy the new Service Request.
CSCdp71973 - Need API to remove CoS profile from an existing SRVC
There is currently no mechanism to remove a CoS profile from an existing Service Request. That is, if you have an existing service request that is associated with a CoS profile, say profileX, you will not be able to remove profileX from the Service Request through the API.
Workaround: Remove the existing Service Request. Create a new one without the CoS profile, and deploy the new request.
CSCdp96836 - CreateGetSlaDataTask() should check if input file is valid
For the API, TaskFactory::createGetSlaDataTask(String taskName, String inputfile), the task server does not complain if the input file is invalid.
Workaround: Client should add the checking code. The checking code can be programmed as follows: File inputfile = new File("<dir path>", "<file name>"); if(!inputfile.exists()) { System.out.println("File <file name> does not exist."); System.exit(1); }
CSCdr06136 - VsmSRCreator should allow /32 only for InterfPECEIPUnnumbered
CiscoVsmSRCreator::VsmVPNConnectivityCreator::setPEInterfaceAddress() and CiscoVsmSRCreator::VsmVPNConnectivityCreator::setCEInterfaceAddress() allow masks other than /32 when the PE/CE interfaces are unnumbered. The corresponding API in the CiscoVsmSRCreator::VsmVPNServiceModifier interface also allows the /32 mask for unnumbered PE/CE interfaces.
Workaround: The users of the API must do their own error checking to allow only the /32 mask when the PE/CE interfaces are unnumbered.
CSCdr09314 - VsmVPNServiceModifier is adding templates-extra cmnd-no ip route-cac
When a Service Request is modified using the CiscoVsmSRCreator::VsmVPNServiceModifier API to add PE/CE global/interface templates, an extra command no ip route-cache is added into the PE configlet.
Workaround: Delete the modified Service Request and use the corresponding CiscoVsmSRCreator::VsmVPNConnectivityCreator PE/CE template API while creating a new Service Request.
CSCdp06576 - Hardwired path in Repository
When changing the location of the Repository, make sure old tasks are deleted. These tasks may still refer to the old repository location.
CSCdp62940 - Printing Data Summary report in PS takes large amount of resources
Printing a report makes the GUI behave sluggishly or hangs it for a period of time.
Workaround: Do not try to print reports containing large data sets using the PS option. Instead, print to a text or HTML file and then open this file in a browser.
CSCdp63081 - Print of Data Summary report using TXT option has poor formatting
Format of printed Data Summary report needs to be enhanced.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Thu Apr 20 18:23:00 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.