TNSR 19.02 Release Notes¶
About This Release¶
Warning
A number of commands were reorganized with this release, more information will be noted below in individual sections. If a command that worked in a previous release is no longer present, it has most likely been changed to a more logical and consistent location.
Warning
RESTCONF queries now require a namespace in the format of module:name
where only the name
was required in previous versions. To locate the
correct module:name
combination, see API Endpoints.
General¶
The data models have been updated with more consistent naming and locations
Introduced a YANG
id
type forname
fields [1318]Miscellaneous code cleanup and refactoring for stability and performance improvements [1516] [1571]
Updated to CentOS 7.6 [1335]
Updated build to use gcc 7 [1147]
Fixed a potential crash when listing packages [1312]
Improved handling of package versions to better handle situations where a dependency update requires reinstalling related packages [950]
BGP¶
BGP commands reorganized under
route dynamic
for configuration andshow route dynamic
for status. See Commands and Border Gateway Protocol. [1369]FRR updated to 6.0.x
CLI¶
The configuration database commands have been reorganized under
configuration
for making changes, such ascopy
, and undershow configuration
for viewing the contents of a configuration. See Commands and Configuration Database. [1347]Fixed
system location
text handling when the value contains whitespace [1584]
Dataplane¶
Updated DPDK igb_uio module to v19.02 [842]
DHCP Server¶
Updated Kea to 1.4.0-P1 [1239]
DNS¶
Fixed removal of
access-control
entries in the CLI [1417]
Host¶
Fixed inconsistent behavior of
host interface
commands [1611]Added a default set of nftables rules to limit inbound traffic to the host [476]
Interfaces¶
Several interface-related configuration commands have been moved under the
interface
command for better consistency. These include:bridge
,loopback
,memif
,subif
, andtap
. See Commands and Types of Interfaces [1336]Added support for Bonding Interfaces for link aggregation and redundancy, including support for LACP [1025]
Fixed display of a single TAP interface [1554]
Fixed state data returned from a GET request for
/netgate-interface:interfaces-state/interface
[1553]Corrected validation of memif socket ID to exclude
0
which is reserved, and enforce a maximum of4294967294
[1527]Corrected validation of bridge domain ID to exclude
0
which is reserved, and enforce a maximum of16777215
[1526]Fixed handling of non-default routing tables assigned to interfaces at startup [1518]
Removed unused container
/interfaces-config/interface/tunnel
from data model [1427]Fixed
subif
commandsouter-dot1q any
andouter-dot1ad any
[1552] [1352]Fixed subinterfaces failing after changing configuration [1346]
Removed the
untagged
command fromsubif
as it was non-functional and unnecessary (use the parent interface for untagged traffic) [1345]
NAT¶
Added support for MAP-T and MAP-E BR [1399]
RESTCONF¶
Warning
RESTCONF queries now require a namespace in the format of module:name
where only the name
was required in previous versions. To locate the
correct module:name
combination, see API Endpoints.
Fixed RESTCONF calls for RPCs returning error 400 despite succeeding [1511]
Routing¶
Fixed removing a route table reporting failure when the operation succeeded [1515]
Known Limitations¶
ACL¶
Attempting to create an ACL containing only a description fails [1558]
Workaround: Define one or more rules on the ACL.
BFD¶
Attempting to change a BFD local/peer address fails [1549]
BGP¶
TNSR does not send BGP updates without restarting service with
redistribute from connected
option [746]Route with
aggregate-address
via next-hop0.0.0.0
does not appear in TNSR route table [832]BGP sessions may fail to establish or rapidly reconnect when receiving more prefixes than defined by
maximum-prefix limit
[858]The
maximum-prefix restart
command does not work [859]TNSR installs multiple paths for received routes even though support for multiple paths is not enabled [885]
Workaround: Run
systemctl reset-failed frr
from the shell to clear the error which will allow the BGP service to start again.Changing
update-source
from an IP address toloop1
allows a session to establish but remote prefixes do not appear in the FIB until reboot [1104]IPv6 BGP neighbors get entered as
peer-groups
only inbgpd.conf
[1190]BGP
import-check
feature does not work [781]
CLI¶
show route table
causes the backend to die with large numbers of routes in the table [506]For example, this crash happens with a full BGP feed.
Using
service dataplane restart
can cause clixon_backend to lose its configuration [1383]
DHCP¶
DHCP server uses default VPP interface IP address (169.254.0.x) as a source address for DHCP packets and as a DHCP Server Identifier [1222]
Adding a DHCP reservation without a MAC address causes Kea to fail and the entry cannot be removed [1530]
Workaround: A MAC address is required for DHCP reservations, so always enter a MAC address when creating an entry.
Configuring Kea to log all names with
*
does not work [1307]Workaround: Configure each name separately instead of using a wildcard.
DNS¶
Local zone FQDN handling for forward (A) and reverse (PTR) data is inconsistent, only allowing one or the other to work as expected for a given FQDN [1384]
HTTP Server / RESTCONF¶
nginx
does not behave as expected withauthentication type none
and TLS [1086]This mode is primarily for testing and not production use.
Workaround: Use password or certificate-based authentication for RESTCONF.
HTTP server runs even though it’s not configured to run after TNSR services restart [1153]
Workaround: Manually stop the
nginx
service usingsystemctl
.RESTCONF get of
/restconf/data/
does not properly return state data [1534]RESTCONF query replies may contain CDATA tags in JSON [1463]
Adding an ACL rule entry via RESTCONF may appear to add a duplicate ACL [1238]
Interfaces¶
Loopback interface responds to ICMP echo from an outside host even when in a Down state [850]
Unable to delete an interface if has had an ACL or MACIP applied [1177, 1178]
Workaround: Remove the entire ACL or MACIP entry. Then, the interface may be removed.
MACIP ACL remains in the interface configuration after being removed [1179]
Bond interfaces in LACP mode will send LACPDUs even when configured for passive mode [1614]
Non-LACP bond interfaces may experience packet drops when a bond member interface is down [1603]
MAC address change on tap interfaces may not be reflected in the dataplane until the dataplane is restarted [1502]
Workaround: Restart the dataplane after changing an interface MAC address.
MAC address change on bond interfaces may not be reflected in the dataplane until the dataplane is restarted [1502]
Workaround: Set the MAC address when creating the bond interface.
VLAN tag rewrite settings are only available in subinterfaces [1344]
Packets do not pass through a subinterface after the subinterface configuration has been modified [1612]
QinQ VLAN termination is not working [1550]
ARP replies received from another host on a VLAN subinterface are not processed correctly [1326]
IPsec¶
An IPsec tunnel which was removed and then added back in may take longer than expected to establish [1313]
NACM¶
Permitted default read and write operations cannot be executed if default exec policy is set to
deny
[1158]
NAT¶
twice-nat
does not work [1023]NAT mode is not deleted from VPP startup configuration after TNSR services restart [1017]
NAT forwarding is not working for
in2out
direction [1039]NAT static mappings are not added as expected when only the
port-local
value differs [1100]NAT static mapping with defined ports leads to
clixon-backend
crash after restart [1103]DS-Lite is not functional; B4 router sends encapsulated IPv4-in-IPv6 packets, but AFTR replies with an error [1626]
DS-Lite B4 endpoint is not shown by
show dslite
command [1625]Unable to view a list of NAT sessions [975, 1456]
Routing¶
Deleting a non-empty route table fails with an error and the table remains in the configuration, but it cannot be changed afterward [1241]
Workaround: Remove all routes from the table before deleting. Alternately, copy the running configuration to startup and restart TNSR, which will make the route table appear again so the routes and then the table can be removed.
User Management¶
When deleting a user key from the running configuration it is not removed from the user’s
authorized_keys
file [1162]Workaround: Manually edit the
authorized_keys
file for the user and remove the key.
Reporting Issues¶
For issues, please contact the Netgate Support staff.
Send email to support@netgate.com
Phone: 512.646.4100 (Support is Option 2)