Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-10426-01

221

222

223

224

225

226

227

228

229

230

1259

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Resolved Caveats—Cisco IOS Release 12.0(27)S5

(Cause of the failure: PVC removal during recreation failed)

Conditions: This symptom is observed when you change the parameters of a VC class while the PVC

is active and while you view the PVC status in the output of the show atm vc interface

interface-number command.

The symptom occurs when you change the PVC speed in a VC class via one Telnet (or console)

session and you enter the show atm vc interface interface-number command via another Telnet (or

console) session.

Workaround: To remotely resolve the symptoms, remotely initiate an HA failover or remotely reload

the affected router.

• CSCef26053

Symptoms: Load-balancing does not work over a BGP multipath. Some of the traffic may be

forwarded correctly while other traffic may be forwarded unlabeled into the MPLS core.

Conditions: This symptom is observed on a Cisco router that functions as a PE router when the

following conditions are present:

- The affected route is in a VRF.

- One of the paths is learned from a CE router via an eBGP multihop session.

- The eBGP multihop peer (that is, the CE router) is reachable through the MPLS core and the BGP

session does not involve a label exchange.

Workaround: Avoid a multihop eBGP session in which the CE router is reachable through the MPLS

core. For example, instead of a configuration in which the CE router connects to the PE router across

the MPLS core, configure the CE peer to connect to a local PE router that redistributes the routes it

has learned from the CE peer to other PE routers. (The local PE router may need to be configured

for eiBGP multipath.)

• CSCef43691

A document that describes how the Internet Control Message Protocol (ICMP) could be used to

perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol

(TCP) has been made publicly available. This document has been published through the Internet

Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP"

(draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of

three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don’t Fragment (DF) bit set" messages, also

known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections,

depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are

workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security

Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple

vendors whose products are potentially affected.