Symptom

A Cisco IOS-XE device may experience a cpp-ucode crash while handling oracle-sql TCP flows through the NBAR engine. This will result in a system-report being written along on the device along the following syslog (for cpp-based platforms): %CPPHA-3-FAULT: F0/0: cpp_ha_top_level_server: CPP:0.0 desc:DPE2_CPE_CSR32_DPE_CPE_ERR_LEAF_INT__INT_CPE_APT_WP_ERR det:DRVR(interrupt) class:OTHER sev:FATAL id:3067 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x0

Conditions

This is a platform independent issue that can potentially be seen in XE routing/switching platforms. The conditions for this issue entail having a configured feature that leverages the NBAR framework (i.e. AVC, FNF, etc.) and having a NBAR protocol pack lower then version 66. The NBAR protocol pack can be checked with the following: ------------------ show ip nbar version ------------------ NBAR software version: 46 NBAR minimum backward compatible version: 46 NBAR change ID: BLD_NBAR_XE179_20230201_235301 Loaded Protocol Pack(s): Name: Advanced Protocol Pack Version: 61.0 <-------- Publisher: Cisco Systems Inc. NBAR Engine Version: 46 State: Active

Workaround

The remediation for this issue is to update the NBAR protocol pack to version 66 or higher. Alternatively, later IOS-XE versions such as 17.12 and higher may already have protocol pack version 66 already built-in and thus XE 17.12 would not be susceptible to this issue: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html

Further Problem Description