Symptom
A Cisco IOS-XE device may experience a cpp-ucode crash while handling oracle-sql TCP flows through the NBAR engine. This will result in a system-report being written along on the device along the following syslog (for cpp-based platforms):
%CPPHA-3-FAULT: F0/0: cpp_ha_top_level_server: CPP:0.0 desc:DPE2_CPE_CSR32_DPE_CPE_ERR_LEAF_INT__INT_CPE_APT_WP_ERR det:DRVR(interrupt) class:OTHER sev:FATAL id:3067 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x0
Conditions
This is a platform independent issue that can potentially be seen in XE routing/switching platforms. The conditions for this issue entail having a configured feature that leverages the NBAR framework (i.e. AVC, FNF, etc.) and having a NBAR protocol pack lower then version 66. The NBAR protocol pack can be checked with the following:
------------------ show ip nbar version ------------------
NBAR software version: 46
NBAR minimum backward compatible version: 46
NBAR change ID: BLD_NBAR_XE179_20230201_235301
Loaded Protocol Pack(s):
Name: Advanced Protocol Pack
Version: 61.0 <--------
Publisher: Cisco Systems Inc.
NBAR Engine Version: 46
State: Active
Workaround
The remediation for this issue is to update the NBAR protocol pack to version 66 or higher.
Alternatively, later IOS-XE versions such as 17.12 and higher may already have protocol pack version 66 already built-in and thus XE 17.12 would not be susceptible to this issue: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/config_library/nbar-prot-pack-library.html
Further Problem Description
