Major Hardware Clocking Issue on Cisco Infrastructure

[LynK]

http://www.cisco.com/c/en/us/support/web/clock-signal.html

https://www.reddit.com/r/networking/comments/5rmsw0/major_cisco_hardware_clock_issue_affecting/?st=iyoq6af1&sh=fe68de1e

The following products are affected:
NCS1K-CNTLR
NCS5500 Line Cards
IR809/IR829
ISR4331, ISR4321, ISR4351
UCS-E120
ASA 5506, 5506W, 5506H, 5508, and 5516
Cisco ISA3000
N9K-C9504-FM-E/N9K-C9508-FM-E/N9K-X9732C-EX
MX 84
MS350 Series

[wintermute000]

I don't get the wording. Will devices keel over when running or only fail to come up after reboot?

[mlan]

@wintermute - It's unclear to me as well.  Based on the type of failure, I would guess some type of live crash/fault?

I have a few of the V02 ISR's that are affected by this.

[LynK]

I spoke with my REP. He says after 18 or so months, they will become bricks. I do not think it is caused by a reboot.

[Otanx]

Based on the below quote I take that as meaning as soon as the component fails that you are bricked. No reboot required.

Q: Is this a hazardous issue?
No, there is no risk of fire or other hazards. The only symptoms are that once the component fails the system will stop functioning, will not reboot, and is not recoverable.

-Otanx

[deanwebb]

That is a mess and a half, I'd say worse than the Samsung battery fiasco.

[icecream-guy]

who's running 100G cards in their 9K's?
All I got are possible 9K's affected but no 100G cards
<insert thumbs up smiley here>

[mlan]

Looks like the Intel Atom C2000 could be the root cause:

https://www.reddit.com/r/networking/comments/5sbh7u/cisco_clock_issues_caused_by_faulty_intel_atom/ddejo1e/

page 34 here:
http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf

[mmcgurty]

We were a gnat's hair away from replacing about 1100 Cisco 2921's with Cisco 4321's.  Had it not been for the 4321's not supporting CBAC we would have pulled the trigger.  We got (3) 4321's when we were considering this move and all (3) were affected by this issue as they are all V02.  We would have been screwed had we done 1100 in the field.

[SofaKing]

We were a gnat's hair away from replacing about 1100 Cisco 2921's with Cisco 4321's.  Had it not been for the 4321's not supporting CBAC we would have pulled the trigger.  We got (3) 4321's when we were considering this move and all (3) were affected by this issue as they are all V02.  We would have been screwed had we done 1100 in the field.

Can't imagine 1100.  We have 5 to replace and I'm pissed about that small number.

[wintermute000]

What? 4300s don't do zbfw??? Are you sure?



Or are you referring to CBAC as in the old style IOS firewall - mate that syntax was deprecated years ago, get with the times and migrate to ZBFW :p
same same anyway just syntax change

[NetworkGroover]

What? 4300s don't do zbfw??? Are you sure?



Or are you referring to CBAC as in the old style IOS firewall - mate that syntax was deprecated years ago, get with the times and migrate to ZBFW :p
same same anyway just syntax change

Either way... doesn't look like he would have wanted to make the move even if it did.

[burnyd]

RIP

[mmcgurty]

What? 4300s don't do zbfw??? Are you sure?



Or are you referring to CBAC as in the old style IOS firewall - mate that syntax was deprecated years ago, get with the times and migrate to ZBFW :p
same same anyway just syntax change

4300's do Zone Based Firewall, I am talking CBAC (Context-Based Access Control).  I realize it was deprecated but old habits are hard to break.  We are working on converting the rule base from CBAC to ZBFW this year so we can migrate to different hardware once the ISR 2900's are replaced in our environment (next year? maybe?).