Professional Documents
Culture Documents
TS-5G-SW-0031
Issue 1.0 APPROVED
Approved on 2023-02-08
© 2023 Nokia. Nokia Condential Information. Use subject to agreed restrictions on disclosure and use.
No further reproduction or networking is permitted. Distributed by Nokia.
Copyrighted material licensed to muhammad-adil.murad@450connect.de on 17-10-2023.
Nokia is committed to diversity and inclusion. We are continuously reviewing our customer
documentation and consulting with standards bodies to ensure that terminology is inclusive
and aligned with the industry. Our future customer documentation will be updated
accordingly.
This document includes Nokia proprietary and condential information, which may not be
distributed or disclosed to any third parties without the prior written consent of Nokia. This
document is intended for use by Nokia’s customers (“You”/”Your”) in connection with a
product purchased or licensed from any company within Nokia Group of Companies. Use this
document as agreed. You agree to notify Nokia of any errors you may nd in this document;
however, should you elect to use this document for any purpose(s) for which it is not
intended, You understand and warrant that any determinations You may make or actions
You may take will be based upon Your independent judgment and analysis of the content of
this document.
Nokia reserves the right to make changes to this document without notice. At all times, the
controlling version is the one available on Nokia’s site.
NO WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO
ANY WARRANTY OF AVAILABILITY, ACCURACY, RELIABILITY, TITLE, NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, IS MADE IN RELATION TO THE
CONTENT OF THIS DOCUMENT. IN NO EVENT WILL NOKIA BE LIABLE FOR ANY DAMAGES,
INCLUDING BUT NOT LIMITED TO SPECIAL, DIRECT, INDIRECT, INCIDENTAL OR
CONSEQUENTIAL OR ANY LOSSES, SUCH AS BUT NOT LIMITED TO LOSS OF PROFIT,
REVENUE, BUSINESS INTERRUPTION, BUSINESS OPPORTUNITY OR DATA THAT MAY ARISE
FROM THE USE OF THIS DOCUMENT OR THE INFORMATION IN IT, EVEN IN THE CASE OF
ERRORS IN OR OMISSIONS FROM THIS DOCUMENT OR ITS CONTENT.
© 2023 Nokia.
Contact ........................................................................................................................................... 7
2 Purpose .......................................................................................................................................... 8
3 Validity ............................................................................................................................................ 9
3.1 Impacted technology ........................................................................................................ 9
3.2 Impacted system and SW releases ................................................................................. 9
3.3 Impacted products ......................................................................................................... 10
3.4 Impacted HW Unit/Version ............................................................................................ 10
3.5 Related features ............................................................................................................. 10
3.6 Related Alarms ................................................................................................................ 11
4 Keywords ..................................................................................................................................... 12
8 References .................................................................................................................................. 18
8.1 Related Case ID ............................................................................................................... 18
TS-5G-SW-0031
Radio Network
Informative
Preventive X
Corrective
Additional categorization
Urgent
Security
Release Upgrade
SW Update
Parametrization X
Information is classified as
Internal
5
X
Customer Specific
All Customers
Copyrighted material licensed to muhammad-adil.murad@450connect.de on 17-10-2023.
No further reproduction or networking is permitted. Distributed by Nokia.
Approved version
Change
1.0
Summary of changes
2023-02-08
Date
6
Copyrighted material licensed to muhammad-adil.murad@450connect.de on 17-10-2023.
No further reproduction or networking is permitted. Distributed by Nokia.
7
© 2023 Nokia. Nokia confidential
Contact your local Nokia support.
Contact
No further reproduction or networking is permitted. Distributed by Nokia.
Copyrighted material licensed to muhammad-adil.murad@450connect.de on 17-10-2023.
2. Purpose
This document contains generic information about products. These can be instructions that
explain problem situations in the field, instructions on how to prevent or how to recover from
problem situations, announcements about changes or preliminary information as requirements
for new features or releases.
Technology Impact
GSM/EDGE
WCDMA
Small Cells
Single RAN X
Nokia Core
5G
Wi-Fi
Factory Delivery SW
Tip:
The presented validity information includes the currently active software. The section is re-
assessed prior to every new System Release availability.
Product
12
No further reproduction or networking is permitted. Distributed by Nokia.
Copyrighted material licensed to muhammad-adil.murad@450connect.de on 17-10-2023.
5. Executive summary
It may happen that on sites with installed SW 22R3-SR or later, with IPsec on ASIK, NetAct
reports alarm 9047: NE3SWS AGENT NOT RESPONDING TO REQUESTS and connectivity is lost. To
restore the KPI, site reset is needed.
This Technical Support Note provides information about affected HW and SW as well as the
procedure which can be executed in order to minimize the service impact of this problem.
In case of IPsec created for 5G SA, a crypto session is required. It contains immutable data for the
particular 5G SA. The Security association maximum lifetime (saMaxLifeTime)
parameter defines the rekey value that is configured in the system. During rekey, new 5G SA is
created, and a new crypto session is required with updated immutable data. In ASIK, DPDK uses
cryptodev which creates the session on demand once traffic flows on the particular 5G SA.
In the connectivity lost issue scenario, after rekey, the crypto session linked to the old 5G SA is not
cleaned up. It causes exhaustion the limit of crypto session (20000 sessions/context). As a result,
once this exhaustion happens, the crypto session could not be created for newly created 5G SA. It
results with traffic drop, and in case MPlane is protected via IPsec, NetAct can by unreachable.
The saMaxLifeTime parameter default value is "86400", which is the maximum of its range. It
should be configured to be lower than the Phase-2/CHILD_SA rekey configured on the peer node.
As a preventive action for the issue we can increase the saMaxLifeTime parameter value, still
keeping it lower than for the peer node. As a result, the number of rekey per day is less and so
less number of available session would be utilized.
The connectivity lost issue is observed only on 5G sites with IPsec activated for ASIK.
The issue can be checked in runtime by logging in BTS and executing the following CLI commands:
Note:
To execute the CLI command, the Secure Shell (SSH) access is needed. For more
information, see the Enabling/disabling the SSH access section.
session_h_pool_numa0
In the output message for the crypto session, if “available” is zero or reducing over a period of
time more than one day (depend on rekey time and traffic on newly created SA), then it can be
assumed that issue exists and connectivity to core would be impacted. For more information, see
the Examples of number of days to exhaust the value in "available" section. If it is identified that
"available" for the crypto session is about to become zero, remote reset can be done to avoid the
connectivity lost issue.
The correction is planned to be delivered from 22R3-SR onwards, as described in the Correction
availability section.
If the number of SA is less than 16 then the calculation will result in higher number of days to
exhaust the value in "available".
If it is identified that crypto session is about to become zero, an remote reset can be done to
avoid connectivity lost issue.
Reset can be done during the maintenance window, depending on Security Associations (SAs) as
follows:
For 100 SAs, reset in the maintenance window can be done if the "available" value is equal to
200.
For 1000 SAs, "available" equal to 2000 is enough to have the issue.
For smaller numbers, reset should be done immediately not to lose the connection.
02855443 9047 on multiple sites and resolved only after power cycle
[SWM][01/2023]