Known Issues and Restrictions

This chapter details the known issues and restrictions found in this release. Where appropriate, use the workarounds provided.

General Issues and Restrictions

Issue number

Description

Workaround

VOSS-4712

When there are broadcast packets in the VLAN, these packets are sent to all ports in the VLAN. The packets get dropped because the port is operationally down. However, outPkts stats increment and the unicast packets are not sent to that port because the port is down.

Ignore the stats counter when port is down.

VOSS-5191

The OSPF MD5 related functionality cannot be enabled from EDM.

Use CLI to configure OSPF MD5 related functionality.

VOSS-5702

Multicast traffic will not have DSCP marked (when enabled on incoming port), when IGMP snooping is enabled on the VLAN.

No workaround.

VOSS-5990

Path MTU discovery feature is not supported for IPv6. Due to this, packets larger than IPv6 interface MTU size are dropped but no ICMP error message is sent to the source host indicating the reason for this drop.

No workaround.

VOSS-6102

sys action reset counters command  does not reset ISIS control packets.

Use clear isis command to reset stats.

VOSS-6103

sys action reset counters command does not reset ISIS int-counters.

Use clear isis command to reset stats.

VOSS-6104

sys action reset counters command does not reset any ISIS system stats.

Use clear isis command to reset stats.

VOSS-7148

EDM: In the Virtual IF tab, the options SHA-1 and SHA-2 are not available to configure virtual link authorization. 

Use CLI to configure virtual link authorization. 

VOSS-7500

COM+ does not display correct number of IP OSPF ECMP routes.

No workaround. COM+ is no longer supported.

VOSS-7709

On the 8608CQ IOC module, the output of the show interface gigabitEthernet statistics command does not display a value in IN PACKET for packets that have ethertype/length field of 0.

No workaround.

VOSS-7941

When there is a mismatch between the software running on the switch and the software on the IOC module, the switch updates the IOC module to the version of software running on the switch. During this process you see errors that are similar to the following:

IO1 [12/06/17 11:50:43.513:UTC] 0x0024854b 00000000 GlobalRouter SF-APP WARNING FabDrv_lc::mapLocalPortsToSysports dnxBcm_assignSysPortToModPort failed: unit=0 sysport=0 modId=40000 tmPort=1 IO1 [12/06/17 11:50:43.526:UTC] 0x0024854b 00000000 GlobalRouter SF-APP WARNING FabDrv_lc::configIngressSideVOQs: UNKNOWN PORT TYPE OF 773 localPort = 1 modId = 6 IO7 [12/06/17 11:50:45.673:UTC] 0x0024854b 00000000 GlobalRouter SF-APP WARNING FabDrv_lc::createVoqsForPort:dnxBcm_setPacketLengthAdjustForVoq failed: unit=0 voqBaseId=80000512 cos=4 PACKET_LENGTH_ADJUST=0 IO7 [12/06/17 11:50:45.688:UTC] 0x0024854b 00000000 GlobalRouter SF-APP WARNING map_local_port_to_connectorPort: INVALID LOCAL PORT OF 10000000

The messages stop when the update of the IOC module software has completed. This has no impact on the switch operation.

Note:

This issue applies only to a switch running a mix of releases. For example, there is a mismatch if the switch is running release 6.1.x or higher and it has an IOC running release 4.5.x.

No workaround, but there is no operational impact.

VOSS-8017

SNMPv3 privacy option supports DES and AES128 only. There is no support for higher AES options like AES192, AES256, and AES512.

No workaround.

VOSS-8278

EDM does not have a field to configure the RSA user key.

Use the CLI to configure the RSA user key.

VOSS-8444

VOSS-8758

Disabling IS-IS incorrectly can cause unforeseen problems including traffic loss.

Use the following procedure to disable IS-IS on a switch:

  1. Shut down NNI ports first.

  2. Disable IS-IS globally.

VOSS-8469

For Windows Server Certificate Authorities, the IPsec tunnel cannot use digital certificates as the authentication method.

Use EJBCA as the CA.

VOSS-8516

Secure Copy (SCP) cannot use 2048-bit public DSA keys from Windows.

Use 1024/2048-bit RSA keys or 1024-bit DSA keys.

VOSS-8549

Configuring inter-VRF redistribution on more than 256 VRFs can deplete virtual memory and cause the following warning:

VmSize of proc cbcp-main.x(4429) is 1867272KB, above 90% of available 1782579KB(index 0).

Configure inter-VRF redistribution on a maximum of 256 VRFs.

VOSS-8831

When ingress mirroring is configured on an NNI port, two mirrored copies will be made for an incoming mac-in-mac packet that contains a multicast BMAC DA, and also if the ISID carried in the packet is terminated on that fabric connect node.

No workaround.

VOSS-9977

Filter statistics do not increment if the incoming packet is marked for drop AND the filter has an action of mirror.

For example:

Packets might be marked for drop because the port is not a member of the VLAN specified in the packet. The mirror action does take place (along with other actions, if any, such as internalQos).

Filter statistics increment normally if the packet is not marked for drop or if the packet does not contain a mirroring action (even if the packet is marked for drop).

If traffic is getting dropped because the port is not a member of the VLAN then make sure the port is part of the VLAN present in the packet.

VOSS-9985

If an IGMPv3 interface has both static and dynamic receivers on the same port, the switch clears the static port from the outgoing port list when the dynamic receiver disappears.

To avoid this potential traffic loss, avoid having both static and dynamic receivers on an IGMPv3 interface.

No workaround.

VOSS-10091

After deleting an IPVPN, you might see the following error message: ercdDeleteIpmcRecord:1734 ercdIpmcLookupAvlTree() failed SrcIp: 0x1b000093, DstIp: 0xe6290000 vlan_id 0xfff

This issue has no impact on the switch operation.

No workaround.

VOSS-10362

There is no consistency check to prevent a user from assigning a new I-SID value to a VLAN that already has an I-SID assigned to it. This is currently the existing behavior for I-SID Assignment and users should be aware of this to prevent unintended consequences.

No workaround.

VOSS-10557

SNMP Get tools do not translate the port number to a name.

To get the port name, use the CLI or EDM.

VOSS-10681

After deleting an L3VSN VLAN running IPMC traffic and then recreating it in the GRT (VRF 0), you might see OSAL backtrace messages such as the following:

1 2018-06-26T06:33:45.090-05:00 VSP8608-1(120.169) CP1 - 0x0022c590 - 00000000 GlobalRouter OSAL INFO [bt] Execution path:

1 2018-06-26T06:33:45.090-05:00 VSP8608-1(120.169) CP1 - 0x0022c590 - 00000000 GlobalRouter OSAL INFO [bt] /opt/appfs/lib/cp/libndutl.so.1(nd_utl_backtrace+0x4c) [0xfc8ff20]

1 2018-06-26T06:33:45.090-05:00 VSP8608-1(120.169) CP1 - 0x0022c590 - 00000000 GlobalRouter OSAL INFO [bt] cbcp-main.x(show_stackframe+0x1c) [0x1141c4f0]

This issue has no impact on the switch operation.

No workaround.

VOSS-10839

The no mvpn enable and no ipvpn commands could cause IS-IS adjacency flapping in setups with a large number of multicast streams and receivers. SPBM traffic cannot pass through the switch until the adjacencies are up again.

Use one of the following workarounds:

  • Increase the IS-IS hold down timer.

  • Remove the multicast streams or the multicast receivers in that VRF and then execute no mvpn enable or no ipvpn.

VOSS-10852

In an IP Multicast over Fabric Connect scenario with a local SMLT sender and A and B vIST peers, the multicast traffic is hashed to A on VLAN xxx. VLAN xxx is not yet configured on A and B.

  1. Configure VLAN xxx with ip spbmulticast enable on A. The sender is created on A and tries to sync to B. However, B ignores the message since VLAN xxx is not yet configured on B.

  2. Configure VLAN xxx with ip spbmulticast enable on B. The local senders on A are not sent to B until the periodic resync that occurs every 15 minutes. During this 15 minutes if an SMLT outage occurs and traffic is hashed to B, there will be minimal traffic outage until B creates the distribution tree on the SPBM core.

Important:

Configure VLAN xxx with ip spbmulticast enable on B. The local senders on A are not sent to B until the periodic resync that occurs every 15 minutes. During this 15 minutes if an SMLT outage occurs and traffic is hashed to B, there will be minimal traffic outage until B creates the distribution tree on the SPBM core.

Use one of the following workarounds:

  • Bounce IP Multicast over Fabric Connect on A‘s VLAN xxx.

  • Create VLAN xxx on A and B with no traffic running.

VOSS-11063

VOSS-10628

After deleting and re-creating (or swapping) primary and secondary B-VLANs in a scaled SPBM fabric network with a large number of flows, there might be some unicast and multicast traffic loss on some of the flows.

After deleting and re-creating the B-VLANs, if some of the traffic flows don‘t recover, then reboot the switch for all the traffic to resume.

VOSS-11414

When IS-IS routes are removed because the next hop is no longer present, you might see COP error messages like the following: COP-SW ERROR ercdProcIpRecMsg: Failed to Delete IP Record. IpAddr:3.0.34.160 IpMask: 255.255.255.224 vrfID:9 retStatus: -4

This issue has no impact on the switch operation and occurs only when an IS-IS accept policy has been applied.

No workaround, but there is no operational impact.

VOSS-12399

The system displays continuous LACP/SMLT aggregation transition messages when you configure SMLT on the MLT interface, in a triangular SMLT setup that does not have vIST configured.

In a triangular SMLT setup, if the participant switches are edge switches, do not configure SMLT on the MLT interfaces.

VOSS-12520

An error is displayed on the output console when multicast traffic with source IP address 0.0.0.0 is sent.

Configure an explicit filter rule to drop the packets with source IP address 0.0.0.0.

VOSS-13265

When multiple slots on the switch chassis are powered on at the same time, it causes the cards to power on multiple times.

When using the CLI, power on one card at a time.

VOSS-14044

When you upload the license file on the switch, the filename length must not exceed 42 characters, including the .xml extension. Otherwise, the file does not load successfully upon system reboot.

Ensure that the length of the license filename is less than or equal to 42 characters, including the .xml extension.

VOSS-15017

When you reset the switch chassis, the IO card can sometimes crash and reboot with "out of memory" errors. However, after the reboot, the card operates normally.

No workaround, but there is no operational impact to the card.

VOSS-16056

On DvR Controllers, the output of the command show dvr members can show an incorrect SPB L1 cost.

However, there is no functional impact since this value is not used on DvR Controllers. It is used only on DvR Leaf nodes.

On DvR Contollers, use the command show isis spbm unicast-fib to show the correct SPB L1 cost value.

VOSS-18510

Privileged EXEC Authentication does not function on secondary CP in HA warm-standby mode on VSP 8600 Series.

Privileged EXEC password authentication feature is only supported in HA hot-standby mode on VSP 8600 Series.

VOSS-18703

Some DvR host routes might be missed by the clear dvr host-entries command, in a scaled up network with traffic running from all the hosts.

You can bounce IS-IS or the DvR controllers to clear the missed DvR host routes.

VOSS-18881

Flushing MAC address tables multiple times in a very short period of time can cause undefined BCM internal errors on VSP 8600 Series.

Wait at least 10 seconds between MAC flushes on VSP 8600 Series.

VOSS-22520

MACsec MKA sessions intermittently bounce on all ports when an IOC module is reset, even if MACsec MKA is disabled on the module being reset.

No workaround.

VOSS-22593

When a packet bigger than MTU size is received on MACsec enabled ports, both the TooLong and the TooShort counters are incremented.

No workaround.

VOSS-22643

When an IOC module has all 6 software versions occupied and joins a chassis with a Primary CP that has 6 different software versions, the system displays an error message and does not boot.

Insert the IOC module as a Primary CP, remove at least one version from the module.

VOSS-22668

When a 1000Base-T GBIC module is inserted into a 8624XS IOC module, the port LED blinks without a cable plugged in.

No workaround. No functional impact.

VOSS-22924

Temporary traffic loss when bouncing IS-IS on BN pair with multicast traffic on channelized ports between VSP 8600 Series switches.

No workaround. Traffic recovers within four minutes.

VOSS-22995

After an IOC module slot reset, a COP-SW ERROR can appear for the local ARP of a VLAN with Fabric Connect multicast enabled. The ARP is programmed correctly, the error can be disregarded.

No workaround. No functional impact.

VOSS-22971

PIM traffic loss can occur in sVIST scenario after HA switchover in hot standby mode. Affects traffic from one peer for single home receivers connected to the other vIST peer. Ports from other slots are not affected.

You can bounce the connection of the affected port.

VOSS-23110

During a DVR controller reboot, some of the advertised hosts can disappear from other controllers in other DVR domains. The hosts are restored when the DVR controller is online.

No workaround.

VOSS-26505

The SPBM network does not support multiple multicast streams with the same source address and group address (S,G) learned on a VSP 8600 Series source BEB on multiple VLANs in the same VRF.

No workaround.