.svg?sv=2022-11-02&spr=https&st=2024-12-04T08%3A44%3A59Z&se=2024-12-04T08%3A54%3A59Z&sr=c&sp=r&sig=eUYdwXBtYwDaMAPdQmSI4WxCQxu0liGq8uXqFep5tvE%3D){kind=logo}
Assurance Sensor Control Release Notes 24.11
- 02 Dec 2024
- 8 Minutes to read
- Contributors
- Print
- PDF
Assurance Sensor Control Release Notes 24.11
- Updated on 02 Dec 2024
- 8 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
These release notes cover the requirements, new features, changes, and corrected issues for the Assurance Sensor Control version 24.11. Read all release notes before installing this firmware version.
Requirements
This firmware version applies to Assurance Sensor Control.
Product Name | Software Version | Build Number | Software Files |
Assurance Sensor Control | 24.11 | VCX_24.11.0_26148 FWSUITE_VCX_24.11_15982.afl | FWSUITE_VCX_24.11_15982.afl Accedian_MIBS_26148 AMD_24.11.0_26148.afl VCX_24.11.0_26148.afl VCX_24.11.0_26148_KVM.tar.bz2 VCX_24.11.0_26148_VMWare.ova VCX_24.11.0_26148_SingleDiskKVM.tar.bz2 VCX_24.11.0_26148_SingleDiskVMWare.ova |
Note: This firmware release includes the images needed to deploy the Assurance Sensor Control using a KVM or VMware Hypervisor, as well as the .afl upgrade file that is typically part of an Assurance Sensor Control release.
Assurance Sensor Control 24.11 requires Skylight orchestrator 23.12 or newer.
Important: In Sensor Control 24.11, remote device upgrades from firmware versions before the VCX 2.2 FWSuite (FWSUITE_VCX_2.2_10190) have been blocked to protect against a potential complete loss of connectivity/functionality that cannot be recovered. To upgrade a remote device from an older FWSuite version, an older version of Sensor Control must be used to first upgrade the remote device to FWSUITE_VCX_2.2_10190.
Upgrade Considerations
Upgrading the Sensor Control firmware version does not automatically upgrade the remote device firmware suite.
As of Sensor Control 22.12, you can use remote devices that have older firmware suite versions with the current release. For this release, the supported remote device firmware suite starts with version 22.06.
Caution: The upgrade process was hardened in VCX 2.7. Under specific circumstances, the remote device upgrade can still fail. This happens if the remote device management is lost, and the remote device performs an automatic rollback. The remote device can brick if the power is lost in a critical short period. This was seen in a lab environment only and never reported by a customer.
Before doing the upgrade, it is recommended to enable Extra Reconnection Delay with the previous release (refer to the Assurance Sensor Control user manual section “Adding Remote Devices” for more details on how to enable Extra Reconnection Delay).
The downgrade is still executed using the previous software that still has the update process deficiencies. The downgrade can still cause remote devices to fail and should be avoided at the exception of VCX 2.5.0.2 and VCX 2.6.0.1 for which the downgrade is supported without issue.
It is not recommended to change any other remote device configuration when operating with a different firmware version. Changing the configuration can result in unknown behavior. A factory reset using the Module Dock may be required in some cases. In a future release, Sensor Control software will prevent changing configuration for remote devices running a different firmware version.
For cases where all remote devices cannot be upgraded at the same time, it is recommended to run different Sensor Control instances with different software versions. Remote devices to be upgraded should be moved between Sensor Controls. When downgrading Sensor Control software, the remote devices firmware version shall also be downgraded. The downgrade process shall follow these steps to successfully downgrade Sensor Control software and remote devices firmware. Note that downgrades are not recommended (see Caution above).
Downgrade is not permitted for identical firmware suites. For example, the Sensor Control prevents downgrading the remote device firmware suite from version 24.11 to 24.09, as these versions are identical.
System Capabilities
The Sensor Control offers the following system capabilities:
Feature | Maximum | Changes in Sensor Control 24.11 |
Remote Device | ||
Remote devices configured and supported | 1500 | |
Remote device ports | 6000 | |
Interfaces, remote devices | 3000 | |
Discovery | ||
Discovery instances | 500 | |
Discovered remote devices | 2000 | |
Sensor Control Local Port & Interface | ||
Local ports (typically referred to as LOCAL-xyz) | 10 (including the Management port) | |
Sensor Control local route | 4092 | |
Interfaces, local ports | 100 | |
CFM | ||
Number of modules supporting CFM MEP session | 500 | |
CFM MEP session per second generation module | 8 | |
CFM Maximum number of Remote MEP | 99 | |
CFM MEP smallest interval | 1 second | |
Number of CFM MEP per Sensor Control | 4000 | |
Number of Packet loss per Sensor Control | 4000 | |
Number of Packet loss per second generation module | 8 | |
Number of DMM session per Sensor Control | 4000 | |
Number of DMM session per second generation module | 8 | |
DMM smallest interval | 1 second | |
Number of SLM session per Sensor Control | 4000 | |
Number of SLM session per Sensor Control | 4000 | |
Number of SLM session per second generation module | 8 | |
SLM smallest interval | 100 ms | |
SAT | ||
SAT Traffic Generation configuration (up to four flows) | 1000 | |
SAT Traffic Generation execution (up to four flows) | 500 | |
SAT Test Suites in the system (one test suite per device) | 500 | |
Y.1564 (8 flows) | 500 (tested 4) | |
SAT reports | 500 | |
TWAMP reflection instances (module) | 1500 | |
TWAMP reflection, stateful per module | 16 | |
DMM reflection instances (module) | 1500 | |
Loopback reflection per remote device | 2 | |
Flowmeter | ||
Flowmeter flows supported per remote port | 28 per device | |
Flowmeter flows supported per Sensor Control instance | 4000 | |
Flow broker | ||
Flow broker Analyzers | 100 | |
Flow broker Analyzers in an Analyzer set | 4 | |
Flow broker rules per Sensor Control | 1000 | |
Flow broker capture bandwidth per 1G module | 300 Mbps with 1 ms RTT 50 Mbps with 20 ms RTT | |
Flow broker capture bandwidth per Sensor SFP 1G | 300 Mbps with 1 ms RTT 50 Mbps with 20 ms RTT | |
Flow broker capture bandwidth per 10G module | 700 Mbps with 1 ms RTT 100 Mbps with 8 ms RTT | |
Flow broker capture bandwidth per Sensor SFP 10G | Not supported | |
Flow broker capture bandwidth per Skylight element: FSX | 100 Mbps with 1 ms RTT | |
Flow broker ERSPAN streaming bandwidth | 200 Mbps | |
Flow broker PCAP streaming bandwidth | 150 Mbps using SCP 500 Mbps using FTP | |
Flow broker Port Streaming bandwidth | 150 Mbps | |
Flow Probes | ||
PM Accuracy direct actuation (i350) | 50 us | |
NFV PM Accuracy | 15 us | |
PM Accuracy with SR-IOV | 500 µs for P99 | |
Sensor Control Actuator maximum number of probes | 4000 | |
Sensor Control Actuator maximum number of packets per second (receive and transmit) | 80 K in TX and 80 K in RX | |
Maximum number of probe reflection | 4000 | |
Maximum number of probes per module | 2000 | |
Maximum number of packets per second (receive and transmit) per module | 40 K in TX and 40 K in RX for 128-byte frames | |
PPS accuracy | ± 1.0 % | |
NFV TWAMP support | Yes | |
NFV ETH-DM support | Yes | |
NFV UDP Echo support | Yes | |
NFV ICMP Echo support | Yes | |
NFV ETH-VSP support | Yes | |
NFV ETH-LB support | Yes | |
NFV CFM maximum number of PPS | E-Line 500 remote device per Sensor Control. E-LAN 100 remote device per Sensor Control. CFM instances: E-LAN: 1 MEP (each 99 RMEP) per RD 1 SLM per MEP per RD 1 DMM per MEP per RD. Tx: 11 pps, RX: 111 pps per RD CFM instances: E-LINE: 8 MEP per Module 6 SLM@10pps for 1 MEP per Module 8 DMM@1pps for 1 MEP per Module Tx: 76 pps, Rx: 76 pps per Module | |
NFV Tunnel | ||
Packet loss requirement | 10^-6 | |
RTT requirement | Validated with RTT between 5 ms and 50 ms | |
NFV Tunnel bandwidth | 42 Mbps for NFV TWAMP deployment 84 Mbps for Reduced NFV PM footprint deployment | |
Virtual-Connection | ||
VCE with IP domain enabled | 500 | |
VCE without IP domain | 50000 | |
Number of VCEs route | 2500 | |
VCA | 30000 | |
Synchronization | ||
ARTS | 500 | |
PTP TC layer-2 | Yes (Sensor Module 1G, Sensor Module 10G, Sensor SFP Copper and Sensor SFP Optical) | |
SyncE | Yes (Sensor Module 1G, Sensor SFP Copper and Sensor SFP Optical) No (Sensor Module 10G) | |
PTP OC for module | NA | |
Service Creation | ||
Policies and traffic filters per remote device | 10 for second generation 2 for Sensor SFP 10G | |
Bandwidth Regulator per second generation module | 16 | |
Bandwidth Regulator per Sensor Control | 24000 | |
PCP CoS mapping per port | 1 | |
CoS mapping per Sensor Control | 50 | |
DSCP CoS mapping per port | 1 | |
Alarms | ||
Number of trap alarm per second | 1000 | |
Users | ||
Local users | 15 | |
User groups | 8 | |
Sessions | ||
CLI sessions | 5 | |
WEB UI sessions | 15 | |
Total maximum sessions | 20 | |
Supported Filters | ||
Layer-2 filter | 6500 | |
Ipv4 filter | 6500 | |
Ipv6 filter | 6500 | |
Total maximum sessions | 19500 |
New Features
This Assurance Sensor Control release introduces the following new features and enhancements.
Application and Interface Security
Cisco application and interface security requirements, including:
Control debuggers (CT1127: SEC-CSP-NOCDBG-2)
Use HTTP Strict Transport Security (CT1652: SEC-HTP-HSTS-2)
Validate all input before processing it (CT1735: SEC-VAL-CLNIN)
Protect command processors from injection vulnerabilities by preventing the execution of arbitrary commands or code (CT1750: SEC-VAL-INEVAL-2)
Prevent CSRF Vulnerabilities (CT1742: SEC-WEB-CSRF-3)
Disable Unused HTTP Methods (CT1553: SEC-WEB-HTTPMETH-2)
Avoid Open Redirects (CT522: SEC-WEB-NOREDIR)
Specify type and encoding in HTTP responses; disable type sniffing (CT1665: SEC-WEB-RESP-3)
Pass sensitive information only in request body or headers (CT1710: SEC-WEB-URLPARM-2)
Prevent cross-site scripting vulnerabilities (CT2120: SEC-WEB-XSS-4)
Prevent Click-Jacking (CT1711: SEC-WEB-CLCKJACK-2)
Use secure Session Tokens (session IDs/state tokens) (CT1935: SEC-WEB-ID-4)
Do not permit undocumented ways of gaining access to the offering (CT1901: SEC-CRE-NOBACK-2 (Disable backdoors/debug shell)
Remote Device Port Index in CFM Down Trap for VCA VLAN
The Connectivity Fault Management (CFM) down trap for the VCA VLAN method now includes the remote device port index. This enhancement aids in identifying the specific port that experienced a connectivity issue.
Stream Reflector Show Config CLI
The stream reflector show config CLI command displays reflector configuration without any other session information.
Corrected Issues
This Assurance Sensor Control release corrects the following issues:
Unable to Change SFP Port Speed to 100Mbps
In releases prior to 24.09, there is a misleading option to set the SFP port speed to 100Mbps for the Sensor Module. Despite this setting, the port continued to operate at 1G.
The Sensor Module does not support 100Mbps on the SFP port. Attempting to set this speed via CLI now results in an error message indicating that the operation is not supported.
VCE Error Due to Remote Device Name Length
The Module Dock permits the configuration of a remote device name exceeding 25 characters. This results in the Sensor Control being unable to create a VCE with the specified remote device.
CLI Not Prompting for Change Password in Factory Default State
When logging in initially via CLI while the unit is in factory default state, the user is not prompted to change the default admin password.
Missing User Permission Checkbox on the Users page
When adding or editing a user in the Users page of the Management Web Interface, the checkbox for user permission does not display.
About Page Removed
The About page, when accessed via the Web Management Interface, shows outdated versions for OpenSSL and Dropbear. The About page has now been removed
VCE Gateway Not Displayed in Web Management Interface
When creating a VCE with an IPv6 address and default gateway, the Web Management Interface fails to display the gateway address.
Release 24.11 Lifecycle
This section lists the planned lifecycle dates for this release.
Milestone | Description | Date |
General Availability | Date where the product is available for general field deployment for both new installations and upgrades. | 2024-12-02 |
End of Security Support | Date where security patches will no longer be delivered for this release. Any correctives for security defects required after this date will be delivered using the next major release of the software. | Next Major Release |
Last Time Buy / Last Time Ship | Date where this release can no longer be purchased. | 2026-12-02 |
End of Product Support | Date where functional patches will no longer be delivered for this release. Any correctives for functional defects required after this date will be delivered using the next major release of the software. | 2026-12-02 |
End of Technical Support | Date where technical assistance is no longer available from the Technical Assistance Center for this release. | 2029-12-02 |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?