TNSR 20.08 Release Notes

About This Release

This is a regularly scheduled TNSR release including new features and bug fixes.

For update instructions, see Updating to TNSR 20.08 from Previous Versions.

Warning

While Netgate has tested common update scenarios, updating in-place from previous versions of TNSR may not work in all installations.

Installing TNSR 20.08 directly and then restoring the TNSR configuration data is a safer approach. However, that method requires physical access or equivalent out-of-band access and is potentially more time consuming. See Upgrading by Redeploying TNSR for details.

Significant Architectural Changes

Network Namespaces

TNSR version 20.08 introduces network namespaces which provide isolation between host OS and dataplane networking environments. The dataplane namespace is for the networking environment managed by TNSR, and the host namespace is for the networking environment managed by the host operating system. This is a significant shift in behavior for various areas of TNSR. [3744]

See also

See Networking Namespaces for more information on namespaces and how they operate. See Default Namespaces for information on how various areas of TNSR behave with namespaces by default.

Dataplane/Router Integration

TNSR version 20.08 also shifts from the VPP dataplane router plugin to the new linux-cp plugin. These plugins enable daemons such as FRR and strongSwan to work together with the dataplane to manage routing and perform necessary tasks. [3617]

The combination of linux-cp and isolated namespaces provides increased security and numerous user experience improvements.

Virtual Routing and Forwarding

TNSR 20.08 also adds Virtual Routing and Forwarding (VRF) support. Previous versions of TNSR supported multiple routing tables which could be used to direct traffic on various interfaces, but that function has been replaced with a VRF implementation which provides more features, such as integration with dynamic routing. Existing non-default routing tables are automatically converted to VRF entries on upgrade.

Warning

Implementing this feature has resulted in significant CLI syntax changes for static and dynamic routing functions. Consult the documentation for any routing features currently in use for more details, along with the CLI Command Reference

See also

See Virtual Routing and Forwarding for more details.

General

  • Updated CentOS to 8.2 [4499]

  • Updated VPP to 20.01-1621 [3649]

  • Updated FRR 7.3.1 [2953]

  • Updated strongSwan to 5.8.4 [3935]

  • Updated clixon to 4.5.0

  • Updated Kea to 1.7.7 [3934]

  • Package management changed from yum to dnf [4637]

  • Fixed VMXNET3 interface initialization with a single RX queue for TNSR instances on VMware configured for VM Hardware Compatibility with ESX 6.7 (VM Version 14 or later) [2576]

  • Added dmidecode and lshw as dependencies of tnsr-diag [3613]

  • Added tnsrctl utility to control TNSR services from the shell [4654]

Configuration Changes

  • Static routes no longer require an interface name. TNSR can now resolve the next hop properly by IP address alone.

  • Static route next-hop interfaces, if present, must be correct in TNSR 20.08 configurations.

    Warning

    Previous versions of TNSR may have allowed a route to be defined for an interface and next hop gateway which did not match (e.g. The interface does not share a subnet with the gateway). These invalid route combinations are now rejected, which may result in an error loading the configuration after the upgrade. Ensure static route next-hop interfaces are correct, or removed, before upgrading to TNSR 20.08.

  • Dynamic routing configuration changed in various ways when Virtual Routing and Forwarding support was added.

  • Configurations with multiple routing tables are automatically migrated to VRFs when the configuration is upgraded. This may result in name changes to route tables as the names for VRF entries have tighter restrictions. For example, names longer than 15 characters will be shortened and invalid characters will be replaced [4793]

  • If the configuration database fails to load, a failsafe database is loaded instead of exiting with an error [3833]

  • The default names for interfaces using the ixgbe PMD may change on upgrade. Previous versions of the ixgbe PMD in DPDK erroneously indicated 10 Gbit/s capabilities in all devices, even if the devices were not capable of that speed. TNSR 20.08 includes a new version of DPDK with a corrected driver which now properly reflects the speed capability of the port in the interface name.

    Warning

    Affected hardware which has ports without 10Gbit/s capability, such as the Netgate SG-5100, will change interface names when upgrading to TNSR 20.08. For example, names will change from TenGigabitEthernetX/Y/Z to their true speed, GigabitEthernetX/Y/Z. The configuration database will need manual adjustments to use the correct names. This does not affect configurations using custom interface names. For assistance, please contact Netgate TAC.

ACLs

  • Added ACL sequence numbers to show interface access-lists output [4355]

  • Fixed incomplete output when viewing IPv6 ACLs [4791]

Bridge

  • Fixed spurious error messages when deleting a bridge domain with ARP entries [3559]

CLI

  • Fixed issues which caused excessive delays when displaying the contents of large route tables [3899]

  • Fixed issues which caused excessive memory consumption when displaying the contents of large route tables [3889]

  • Improved handling of configuration changes so they are only applied when necessary [3832]

  • Fixed issues displaying command output containing non-XML-safe data [3785]

  • Added CLI commands to initiate a reboot of the TNSR device [3396]

  • Improved handling of unknown elements in the configuration database, so that errors may be corrected in the CLI rather than by editing the configuration [4638]

  • Fixed an issue where the CLI could crash when typing ? in a description field [4734]

Dataplane

  • Fixed handling of UIO driver changes such that they are now reflected properly on interfaces which are already in use [3209]

  • Added configuration option to set a default Ethernet MTU in the dataplane [4397]

  • Fixed a problem where removing all CPU settings left an empty <cpu/> tag in the configuration [3936]

  • Added validation to prevent configuring workers and corelist or coremask at the same time [3849]

  • Fixed explicit assignment of core 0 [3630]

    Warning

    Read CPU Workers and Affinity for important information on core 0 behavior and usage.

  • Removed dependency relationship between the vpp and clixon-backend services in systemd to prevent a dataplane issue from making the CLI unusable, so that the CLI may be used to correct the problem. [3828, 3040]

    Note

    When starting services manually, the vpp service must now be manually started before clixon-backend. This change has been reflected throughout the documentation. If any scripts or shell aliases on a TNSR install manage services directly, they should be updated accordingly.

  • Initialization of dataplane DPDK cryptographic devices changed so that placement of devices on queue pairs is optimized for better performance [4788, 2267]

  • Added commands to configure dataplane logging behavior [4640]

  • Added commands to configure DPDK Logging level [4680]

  • Added commands to configure DPDK transmit checksum offloading of TCP/UDP for network devices [4680]

  • Added commands to configure DPDK decimal interface name behavior [4680]

  • Added commands to configure DPDK default interface parameters [4680]

DHCP

  • Changed DHCP lease database output to use human-readable dates [4394]

  • Added RESTCONF query to retrieve DHCP leases [4375]

  • Improved DHCP option removal validation to prevent invalid commands [2667]

  • Changed how the DHCP server daemon is launched so that it will recover after a clixon-backend failure [4489]

Diagnostics

  • Changed ping and traceroute so they can run in either the host or dataplane namespace [3747]

DNS

GRE

  • Fixed validation failure at startup when using a non-default routing table on a GRE interface [4732]

Host

  • Fixed issues which prevented displaying complete information for host interfaces [4351]

  • Removed unnecessary host ACLs (nftables) for dataplane services [3753]

  • Added commands to display host ACLs (show host acl) [1565]

  • Fixed incorrect validation error when matching via port range in host ACLs [4746]

  • Fixed DHCP client on host interface giving up if a response is not received in a timely manner (Service = Failed) [3015]

Interfaces

  • Changed Interface DHCP clients to use Linux dhclient instead of the native dataplane (VPP) DHCP client [4464]

  • Allowed unattached or preconfigured interfaces to remain in the configuration database, to prevent the configuration from failing to load in situations where interfaces may have changed. [3829]

    This way administrations can utilize the CLI to correct these situations, rather than requiring them to edit the configuration database directly.

  • Added support for configuring L3 interface MTU values (IPv4, IPv6) [3426]

  • Fixed assignment of RX queues to specific workers [3025]

  • Fixed issues with deleting memif sockets after they have been removed from memif entries [3661]

  • Improved error messages generated when attempting to create a memif with a socket which is already in use [3637]

  • Fixed incorrect memif role in state data [4453]

  • Added TNSR interface names to Linux kernel interfaces as aliases [4425]

  • Improved validation of loopback interface names [3615]

  • Fixed adding a DHCP client hostname to an existing DHCP client [2557]

  • Fixed re-enabling loopback interfaces breaking packet forwarding until the dataplane was restarted [2828]

  • Fixed IPv6 addresses on IPsec or GRE interfaces not displaying in show command output [2425]

IPsec

  • Fixed session establishment behavior of IPsec tunnels which were removed and then added back [1313]

  • Fixed issues with SA ordering preventing IPsec traffic from passing if both endpoints attempted to establish a tunnel at the same time [2391]

  • Fixed validation when deleting configuration for IPsec tunnels [3456]

  • Added support for using an FQDN as the remote address for an IPsec tunnel [4401]

  • Eliminated excess logging when DPDK decrypts ESP [4366]

  • Improved error messages presented to the user when attempting to create invalid IKE authentication or identity configurations [3885]

  • Added IPsec SA statistics counters [3883]

  • Added support for IPsec NAT-T (UDP Encapsulation) [3496]

  • Fixed issues with IPsec tunnels being initiated from host interfaces in certain circumstances [3451]

  • Fixed improper IPsec tunnel initialization when using a hostname for the remote address of the tunnel [4726]

  • Changed how IPsec ipip interfaces are initialized so they are no longer automatically enabled when an IPsec tunnel is established [4481]

    As a consequence, ipip interfaces for IPsec tunnels must now be manually enabled when created.

    Installations of TNSR upgraded from previous versions will have the ipip interfaces enabled automatically during the configuration upgrade process.

  • Fixed IPsec packet padding. In previous versions, IPsec packets could contain an invalid 15th byte of padding, which led to such packets being dropped by peers. Only affected packets which contained 15 bytes of padding [4796]

LACP

  • Fixed synchronization of MAC addresses between the dataplane and host tap interfaces when a bond interface does not have a MAC address explicitly configured [2126]

LLDP

  • Fixed validation of LLDP parameter values [3459]

MAP

  • Fixed generation of ICMPv6 unreachable messages when a packet fails to match a MAP domain on a MAP BR [1869]

  • Fixed pre-resolve with MAP-T mode [1871]

  • Fixed handling of initial fragment of UDP and ICMP6 packets on MAP-T border routers when it receives fragments from an IPv6 network [3412]

  • Fixed a spurious console error when querying MAP data via RESTCONF [4524]

  • Improved handling of “Packet Too Big” ICMP replies when packets exceed the MTU inside MAP [2987]

  • Improved handling of “Hop Limit Expires” ICMP replies when packets expire outside of the MAP-T domain [2986]

  • Improved handling of “Hop Limit Expires” ICMP replies when packets expire at the MAP BR [2984]

  • Improved handling of “TTL Expires” ICMP replies when packets expire in MAP domain [2985]

  • Improved handling of “TCP or UDP Packet Outside Allowed Port Range” which now sends ICMP Type 1, Code 5 replies when the source port on a packet is outside of the allowed range [2985]

NACM

  • Fixed default parameters rule for NACM node access-operation and module which now work without explicit settings [2514]

  • Added NACM support for access restrictions based on path [3523]

NAT

  • Added validation to prevent the use of deterministic nat with incompatible options, such as a pool of IP addresses for NAT [3257]

  • Fixed dataplane usage of NAT timeouts per protocol [4598]

  • Fixed handling of icmp protocol in NAT rules [3924]

    Warning

    Static NAT rules which had local and remote port incorrectly set to 0 would NAT any protocol rather than only being restricted to the protocol on the rule. On upgrade, that behavior will be retained for Non-ICMP rules but the rule will be altered to correctly reflect the protocol of the rule as any. Inspect all static NAT rules after upgrade and correct any rules which do not match their intended configuration.

  • Improved behavior of NAT session scavenging [3488]

  • Fixed a dataplane crash when NAT forwarding is enabled in combination with multiple worker threads [3860, 3627]

Neighbors

  • Added validation to prevent configuring neighbors on ipip and gre interfaces which are L3 only [4505, 4552]

    Note

    Neighbor entries on these interfaces are removed from the configuration database automatically when upgrading the configuration.

  • Fixed display of IPv6 neighbors [3884]

  • Added age of neighbor entries to state data [3454, 3241]

  • Fixed a problem where replacing a dynamic neighbor entry with a static neighbor entry would not properly reflect the change [3807]

NTP

  • Fixed deletion of NTP server default restriction list entries [3413]

RESTCONF

  • Improved RESTCONF responses for leaf nodes with a value of an empty string ("") which now conform to RFC 7951. [3450]

    • Empty values of yang type empty are encoded as: {"x":[null]}

    • Empty string values are encoded as: {"x":""} (changed from null in clixon 4.0 and [null] in clixon 4.3)

    • Empty containers are encoded as: {"x":{}}

    • Empty elements in unknown/anydata/anyxml encoded as: {"x":{}} (changed from {"x":null})

  • Fixed RESTCONF responses containing IETF error types such as application errors so they no longer contain unexpected additional rpc-error JSON keys [3455]

  • Fixed deleting ACL rule via RESTCONF [2841]

  • Removed unnecessary system state file operations when performing RESTCONF queries [4469]

  • Added RESTCONF query to enumerate network and crypto devices available to the dataplane [3463]

  • Added validation to prevent invalid usage of unspecified list entries [3457]

  • Fixed a memory leak when querying /restconf/data repeatedly [4507]

  • Fixed missing interface data when querying /restconf/data [4507]

  • Fixed adding MACIP rule via RESTCONF [2844]

Services

  • Added commands to separately configure management service instances for host and dataplane namespaces (TNSR Service Namespaces) [3752]

  • Modified services which support the dataplane to run in the dataplane namespace [3746]

SNMP

  • Fixed spurious cache expired errors from SNMP in messages log [4426]

  • Added support for enabling coredumps from the SNMP daemon [3879]

  • Corrected value of sysObjectID to reflect the Netgate OID [3946]

Static Routing

  • Fixed handling of packets when an output interface configured in the routing table is disabled when there are other usable paths to the same destination present [3359]

  • Added validation to prevent specifying an invalid weight of 0 on static route next hops [4595]

  • Moved static route next-hop preference to a per-route priority to align with what is supported by host OS routing tables [4479]

  • Added route lookup function to show route which locates the route TNSR will use to reach a given destination [535]

  • Fixed IPv6 packet loss observed between TNSR instances [2382]

Dynamic Routing

  • Fixed configuration of dynamic routing debug logging via TNSR CLI [3199, 3939]

    Note: Use an absolute path to a log file with the log file command, not a relative path. The file must be writable by the frr user.

BGP

  • Fixed BGP maximum-path option for eBGP and iBGP so they can now be configured simultaneously [2879]

  • Fixed clixon-backend loading a BGP configuration with 150k advertised prefixes [2784]

  • Fixed CLI configuration of BGP IPv4/IPv6 multicast address family [3038]

  • Fixed CLI configuration of BGP dampening values [3057]

  • Fixed CLI configuration of BGP write-quanta values [3087]

  • Fixed CLI configuration of BGP confederation identifiers [3210]

  • Fixed restoration of static routes after failing over to a BGP route [3543]

  • Added method to specify multiple communities in a single route map [3718]

  • Fixed missing routes when running BGP over IPsec [3610]

  • Moved BGP option enforce-first-as from BGP router to BGP neighbor to match the updated location expected by FRR [4520]

  • Fixed an issue with BGP connections not being re-established after a dataplane restart [4406]

  • Fixed incorrectly duplicated next-hop entries for multipath routes received via BGP [2935]

  • Fixed IPv6 BGP session establishing over IPsec or GRE [2429]

OSPF

  • Fixed OSPF default-information originate so that it works with static route 0.0.0.0/0 as default route [2477]

  • Fixed handling of changes in redistributed kernel routes triggering addition/removal of corresponding OSPF Type-5 LSAs [2389]

  • Fixed OSPF ignoring interface MTU changes [4442]

  • Fixed route map configuration to filter redistributed routes into OSPFv3 [3618]

  • Fixed routing information in the forwarding table not being updated correctly when a static route which overlaps a route received via OSPF was removed [2320]

RIP

  • Fixed CLI tab completion displaying incorrect choices when deleting RIP offset lists [3395]

  • Fixed key-chain string not being applied in the routing daemon if configured after RIP was enabled [2878]

Updates

  • Added a command to clear the package cache [3530]

  • Added a command to reinstall a package [2976]

  • Added parameter expansion to package commands [3529]

VRRP

  • Fixed backup processing of priority 255 advertisements [3782]

VXLAN

  • Fixed VXLAN and OSPF compatibility issues with configuration ordering [2511]

Known Limitations

Configuration

  • Restoring a configuration with named interfaces may fail [3913]

    Workaround: Configure interface names and restart the dataplane, then restore the configuration.

  • Removing the startup configuration may retain some active settings, including custom interface names, users added to the operating system, and PKI files [3723]

  • Configurations from TNSR 19.12 or before with BGP may fail to upgrade properly [3593]

ACLs

  • ACLs used with access-list output do not work on traffic sent to directly connected hosts [2057]

BFD

  • Unable to set delayed option on an existing BFD session [2709]

CLI

  • CLI does not return from shell in certain situations [2651]

Dataplane

  • Systems with multiple CPU sockets using NUMA may experience dataplane issues at startup or when the dataplane is restarted manually [2383]

  • CLI does not prevent the user from configuring a custom interface name which uses reserved keywords which may cause the dataplane to fail (e.g. span) [3234]

  • Dataplane may crash on Azure when IPsec peer restarts while an IPsec tunnel is connected [4790]

  • Dataplane service crashes on attempt to connect to Azure TNSR VM or perform a REST request [3850]

  • CLI does not prevent a dataplane configuration not supported by certain virtual environments [3674]

    Workaround: Enable the desired behavior in the host before attempting to use it in TNSR.

  • DPDK does not function with Mellanox ConnectX-3 drivers [3781]

GRE

  • Unable to modify GRE tunnel settings [2698]

Host ACLs

  • Sequence numbers displayed in host ACL state data do not match configured values [4789]

Host Interfaces

  • Configuration of host OS interface clears TNSR TAP interface configuration [2640]

    Workaround: Remove and reconfigure the TAP interface.

  • Cannot remove an IP address assigned to a host interface during the installation process from within the TNSR CLI [3013]

  • Cannot add default gateway or other routes to host routing table from the TNSR CLI [3702]

HTTP Server

  • HTTP server retains old configuration after TNSR services restart [2453]

  • SSL certificate error when the HTTP server is configured with a certificate that uses md5 digest [2403]

Installer

  • TNSR Install over OOB Management GUI may appear to fail due to the screen saver activating before installation is completed. [3182]

    This affects installation using a console such as iDRAC Virtual Media redirector.

    Workarounds: Press tab when the screensaver activates. Alternately, use vFlash instead of iDRAC for better performance.

Interfaces

  • Packets do not pass through a subinterface after the subinterface configuration has been modified [1612]

  • Chelsio interfaces crash the dataplane [1896]

  • VLAN subinterfaces may not work under KVM using virtio drivers [2189]

  • An IPv6 link-local address cannot manually be configured on an interface [2394]

  • Bridge domain ARP entries are not displayed in the CLI [2378]

  • Bridge domain ARP entries cannot be removed from the CLI [2380]

  • Bridge domain MAC age cannot be removed from the CLI [2381]

  • Link state always reported as “up” when using e1000 network drivers [2831]

  • Subinterface settings are not applied on change without restarting dataplane [2696]

  • Unable to create multiple IP QinQ subinterfaces with the same outer vlan tag [2659]

  • Unable to create a subinterface with dot1q any [2652]

  • Full reassembly may not disable on an interface once enabled when using no ip reassembly enable [3360]

    Workaround: Remove both the reassembly enable and type configuration on the interface:

    tnsr(config-interface)# no ip reassembly enable
    tnsr(config-interface)# no ip reassembly type
    
  • Unable to set tap object as part of host bridge [4427]

  • Unable to delete MAC address explicitly set for the TNSR side of tap interface [4433]

  • Unable to connect to memif interface using default socket [4448]

IPsec

  • Attempting to change IKE lifetime for an existing tunnel to a value lower than the lifetime of a child entry results in an unintuitive error message [3243]

  • IPsec tunnels take longer than expected to go down after a failure [3533]

LACP

  • There may be a 10-15 second delay with ARP resolution after configuring an LACP bond [2867]

LLDP

  • All LLDP interface parameters must be configured at the same time. [3462]

  • When LLDP parameters change, TNSR requires a dataplane restart for the new settings to take effect. [3486]

MAP

  • Full ip reassembly does not work with MAP [3386]

  • Ethernet padding is incorrectly copied from IPv4 to IPv6 frames when translated by MAP [3460]

  • Packets larger than 2034 bytes are dropped when IP4 to IP6 MAP translation is performed [3742]

  • IPv6 traffic class value is always copied from IPv4 ToS value regardless of configuration when MAP-T domain is used [3774]

  • TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]

  • IPv6 ICMP error messages are not relayed to IPv4 through MAP [3809]

NAT

  • twice-nat does not work [1023]

  • NAT forwarding fails with more than one worker thread [2031]

    Note: This also affects connectivity to services on TNSR, such as RESTCONF, when the client is not on a directly connected network.

  • Router with 1:1 NAT will drop packets with ttl=2 from input interface [2849]

  • VPP service fails if NAT concurrent-reassemblies is set to 1 and several fragments arriving to the NAT outside interface [2739]

  • ICMP fragments arriving to NAT Inside interface aren’t being reassembled by NAT reassembly function [2733]

  • Dataplane fails on DS-Lite AFTR router when packets from B4 are received before pool is configured [3024]

    Workaround: Configure the DS-Lite pool` **before** the ``aftr endpoint.

  • DS-Lite CE configuration is not fully removed when deleted via CLI, which may leave TNSR with an invalid configuration database which cannot start [3030]

  • Reassembly timeout does not work when full IP reassembly is configured with NAT [3269]

  • Shallow Virtual Reassembly cannot be disabled when it is enabled implicitly by other features such as NAT and MAP [3361]

  • Shallow Virtual Reassembly may fail when configured explicitly after it is implicitly enabled by other features such as NAT and MAP [3362]

  • Re-enabling full IP reassembly on an interface which has implicit shallow virtual reassembly enabled breaks the packet flow [3379]

  • Setting reassembly type full and then enabling ip reassembly on an interface which has implicit shallow virtual reassembly enabled breaks packet flow [3380]

  • Second fragment of a packet is not being virtually reassembled when max-reassemblies counter for shallow virtual reassembly is set to 1 [3384]

  • Route table option for NAT pools is only available when using an address range [3628]

  • Services on TNSR cannot be reached through the dataplane namespace when Deterministic NAT is active [4356, 4604]

  • CLI produces an error due to incompatible NAT options when switching away from deterministic NAT mode without first removing deterministic NAT options [4371]

  • Deterministic NAT may have performance issues in certain environments [4492]

  • NAT session list is empty when Deterministic NAT is active [4562]

  • Default NAT session timeout values are not respected in Endpoint-dependent NAT mode [4600]

  • Static NAT translations for ICMP do not forward packets [4373]

  • Static NAT translations for TCP or UDP with port any do not forward packets [4373]

  • Static NAT entries which omit the external port show port 0 instead, which is an invalid value [4432]

  • Per-user NAT session limits (max-translations-per-user) are not respected [4606]

  • VPP service fails on receiving packet when NAT simple mode along with static-mapping-only option is configured [4610]

Neighbor / ARP / NDP

  • Packet loss during ARP transaction immediately after Dataplane restart or interface disable/enable [2868]

  • The MAC address of an IPv6 neighbor cannot be changed in-place [4454]

    Workaround: Remove the neighbor and add it with the new MAC address.

NTP

  • NTP state data is not available via RESTCONF [4370]

  • NTP does not properly handle IPv6 restrictions [4626]

RESTCONF

  • Adding a user via RESTCONF requires a password even when key is provided [2875]

  • RESTCONF JSON response first level indent is 4 spaces, should be 2 [3521]

  • RESTCONF does not validate existence of OSPF interfaces [3528]

  • Unable to change GRE tunnel type to or from erspan via RESTCONF [4353]

  • RESTCONF response for interface-state does not contain tap table [4467]

Dynamic Routing

  • CLI shows that only IPv4 prefix is available within prefix-list sequence configuration [2689]

  • CLI crash when using match ipv6 address <acl_name> in route-map configuration [3619]

  • CLI allows creating invalid prefix list entries which are rejected by FRR [3603]

    Workaround: Carefully craft entries with correct lower and upper bounds.

  • Route preferences may not be respected if dynamic and static routes overlap [3811]

  • Prefix list synchronization lost after dataplane restart [4456]

BGP

  • BGP network backdoor feature does not work without service restart [2873]

  • Unable to verify received prefix-list entries via CLI when ORF capability is used [2864]

  • extended-nexthop capability is not being negotiated between IPv6 BGP peers [2850]

  • BGP session soft reset option does not work for IPv6 peers [2833]

    Workaround: Reset the connection without soft option.

  • ttl-security hops value can be set when ebgp-multihop is already configured (the options are mutually exclusive) [2832]

  • BGP updates for new prefixes are sent every 60 seconds despite configured advertisement-interval value [2757]

  • IPv4 BGP summary command returns results for both IPv4 and IPv6 [3270]

  • BGP next-hop attributes are not sent unmodified to an eBGP peer when route-server-client option is configured [2940]

  • show route dynamic bgp ipv6 summary command will not show any information if address family is not specified when configuring BGP for IPv6 [2967]

    Workaround: Set the address family when configuring BGP. Alternately, due to [3270], IPv6 information is current visible in show route dynamic bgp ipv4 summary, so use that command instead.

  • BGP listen range option disappears from the active dynamic routing daemon configuration after restarting BGP service [3043]

  • Unable to verify dynamic BGP peer information from TNSR CLI [3044]

  • Unable to verify received routes when a large number of routes is received via BGP [3918]

  • route-reuse value is displayed as XML config within BGP configuration output [4486]

  • Deletion of route-map does not update related BGP routes without restarting BGP [3875]

  • Cannot Disable IPv4 Protocol in BGP [4399]

OSPF

  • The OSPF RIB is not updated when the ABR type changes from standard to shortcut, and vice versa [2699]

  • Changing the default metric for OSPF server does not result in update on other routers [2586]

  • The CLI does not prevent setting a network type for loopback interfaces in OSPF, which is not a valid action [4800]

  • Change made to a prefix-list used in an OSPF3 route-map does not affect redistributed routes [3644]

  • OSPF conditional default route injection does not work [3846]

OSPF6

  • When deleting an OSPF6 interface via RESTCONF, it may remain active in the OSPF6 daemon despite being removed from the TNSR configuration [3481]

RIP

  • RIP timeout value is not respected [2796]

SNMP

  • There are no changes when using “write” community [2567]

  • SNMP does not return a response for hrSystemUptime.0 which may cause an NMS to report a reboot when the dataplane and/or SNMP service is restarted [3901]

  • Large SNMP results are returned slowly [4670]

VRRP

  • VRRP does not function on an outside NAT interface with a priority of 255 [2419]

    Workaround: Set the priority of the VR address on the primary router to a value less than 255 yet higher than that of other routers. Enable Accept Mode on the VR address if the VR address will be used by services on TNSR.

  • VRRP does not function with ixgbevf PMD (Intel 82599ES in SR-IOV Virtual Function mode) [4551]

VXLAN

  • Changes to a VXLAN interface do not apply until the dataplane is restarted [1778]

Reporting Issues

For issues, please contact the Netgate Support staff.