TNSR 20.10 Release Notes

About This Release

This is a regularly scheduled TNSR release including new features and bug fixes.

For information on updating to TNSR 20.10, see Updates and Packages.

Warning

If updating from a version older than TNSR 20.08, see Updating to TNSR 20.08 from Previous Versions

Warning

TNSR Home+Lab installations cannot be updated. Reinstall with TNSR Business or install a new version of TNSR Home+Lab. See Configuration Backups for information on backing up and restoring configurations.

Note

TNSR Home+Lab users can keep running their existing version and update only the operating system components as needed.

All versions of TNSR, including Home+Lab, can update the operating system even without the TNSR update certificate in place. Only TNSR-related packages require authentication to update.

General

  • The Deterministic NAT feature has been deprecated and will be removed in the next version of TNSR.

  • Mellanox interface names may change when upgrading to TNSR 20.10 due to changes in the driver. The best practice to work around such issues is to migrate to custom interface names before upgrading (Customizing Interface Names).

Changes

CLI

  • Fixed: Typo in BGP server command deprecation message [4812]

  • Fixed: BGP RFC 4893 32-bit ASNs are treated as signed instead of unsigned [4882]

  • Fixed: Incorrect behavior of the timeout option in the ping command [4951]

DHCP Server

  • Added: Input validation/error checking for DHCP Server configuration [1811]

  • Fixed: Need input validation for dhcp [3722]

  • Fixed: Unable to remove DHCP Server valid-lifetime option [4991]

Dataplane

  • Added: Print warning in CLI when changes are made which require a dataplane restart to take effect [4405]

  • Added: Support blacklist of individual PCI devices in startup.conf DPDK settings [4801]

  • Added: Update VPP [4839]

  • Fixed: Mellanox ports are detached from driver when VPP starts up [5071]

Host Netfilter

  • Fixed: Host ACL rule with ICMP type and code configured matches ICMP code only, not ICMP type [4879]

  • Fixed: Incorrect representation of ICMP code in ‘show host ruleset’ command [4880]

  • Fixed: ICMPv6 type and code are not displayed by ‘show host acl’ command [4919]

Interfaces

  • Fixed: Full reassembly cannot be disabled on an interface [3360]

  • Fixed: Cannot restore TNSR configuration database containing named interfaces [3913]

  • Fixed: Unable to use IP addresses from the same subnet on interfaces in different VRFs [4934]

  • Fixed: VRF can be deleted while in use by interfaces [4945]

  • Added: Interval parameter for ping command [4986]

Memif

  • Changed: Use server/client for memif role names [4780]

NACM

  • Fixed: NACM configuations are read-only by default; empty configurations cannot be changed [4767]

  • Fixed: Cannot create NACM rules with XML paths via RESTCONF [4804]

NAT

  • Fixed: ICMP fragments are not reassembled on Inside NAT interfaces [2733]

  • Fixed: VPP service fails if NAT concurrent-reassemblies is set to 1 and several fragments arrive on an outside NAT interface [2739]

  • Fixed: Implicit shallow virtual reassembly on an interface breaks packet flow when reassembly is set to full and IP reassembly is enabled on the interface [3380]

  • Fixed: Maximum amount of per-user NAT sessions is not limited by the max-translations-per-user value [4606]

  • Added: Increase Deterministic NAT Session Limits [4920]

  • Changed: Add deterministic NAT deprecation warnings [4953]

NTP

  • Fixed: Unable to retrieve NTP state via RESTCONF [4370]

RESTCONF

  • Fixed: RESTCONF interface-state response does not contain TAP table [4467]

  • Fixed: libssl 1.1 support on centos 7 [4617]

Routing

  • Fixed: BGP status summary for IPv6 does not generate output if the address family is not specified when configuring BGP for IPv6 [2967]

  • Fixed: Deletion of route-map does not update related BGP routes [3875]

  • Fixed: Value of route-reuse is displayed as XML within BGP configuration output [4486]

  • Fixed: Using interface name as BGP update-source does not work [4896]

  • Fixed: BGP can only be configured for a single VRF [4987]

  • Fixed: Removing a VRF attached to IPFIX causes errors in the latter [4995]

SNMP / IPFIX / Prometheus

  • Added: IPFIX / Netflow [4365]

  • Added: Options for Prometheus Exporter enable/disable state [4627]

  • Changed: Allow Prometheus Exporter to operate in host and dataplane namespaces [4890]

Tunnel Protocols

  • Changed: Add VXLAN multicast/interface validation checks [599]

  • Fixed: IPv6 packets are marked as truncated while forwarding over IPv6 GRE tunnel [4921]

VRRP

  • Fixed: VRRP misbehaves with NAT on the interface [2419]

  • Fixed: VRRP accept mode does not work fully with host services [4869]

  • Fixed: VRRP virtual routers will only work for one address family [4910]

YANG

clixon

  • Fixed: Ambiguous error message when making an invalid IKEv2 lifetime change [3243]

  • Fixed: clixon_backend fails after tnsr-db-update on config upgrading from 19.12-2 to 20.02-2 [3524]

  • Fixed: Unable to commit changes after backend restart if configuration contains unknown tag [4724]

Known Issues

ACLs

  • Output ACLs do not work with directly connected IP addresses [2057]

  • DHCP responses blocked by TNSR input ACLs since reflect on output ACLs does not work for DHCP requests [3570]

BFD

  • Unable to setup “delayed” option for an existing BFD session via REST [2709]

  • IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]

Bridge

  • Bridge domain ARP entries not displayed via CLI [2378]

  • Bridge domain ARP entry cannot be removed via CLI [2380]

  • Bridge domain mac-age cannot be removed via CLI [2381]

CLI

  • CLI does not always return from a shell prompt [2651]

  • Deleting the startup_db does not fully remove the active configuration [3723]

DHCP Server

  • Unable to set value for a custom DHCP option [4917]

Dataplane

  • RESTCONF query fails to TNSR interface with >1 worker thread when NAT is active [2031]

  • Binary API times out in some dual NUMA environments [2383]

  • Link state is always up when using e1000 network drivers [2831]

  • VPP service does not start if an interface name uses a reserved keyword [3234]

  • Cannot create rx-queues for interfaces on KVM and VirtualBox [3674]

  • DPDK does not work with Mellanox ConnectX-3 drivers [3781]

  • VPP service crashes on attempt to connect to Azure TNSR VM or perform a REST request [3850]

General

  • Non-root users cannot access the FRR log file [4826]

Host

  • Cannot remove an IP address assigned to a host interface during the installation process via TNSR CLI [3013]

  • Cannot configure the default gateway for host namespace via TNSR CLI [3702]

  • VRF interface for a custom route table persists in the operating system after restarting services [4866]

Host Netfilter

  • Sequence numbers displayed in state data for host ACLs do not match the configuration database [4789]

IPsec

  • IPsec tunnels take much longer than expected to be marked down when connectivity to the peer is interrupted [3533]

Installation

  • When installing TNSR via iDRAC Virtual Media redirector the text installer screensaver starts in before the installation can complete [3182]

  • Software selection in the installer changes after network configuration [3834]

Interfaces

  • [VLAN] Packets don’t pass through subinterface after subinterface configuration has been modified [1612]

  • VLAN subinterfaces do not work with virtio network drivers on KVM [2189]

  • Unable to set IPv6 link-local address on an interface [2394]

  • Configuration of host OS interface clears TNSR TAP interface configuration [2640]

  • Unable to create subinterface with dot1q “any” tag [2652]

  • Unable to create multiple QinQ subinterfaces with the same outer VLAN tag [2659]

  • Subinterface settings aren’t applied on change without restarting dataplane [2696]

  • Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]

  • TX queues utilized based off RX queue count [3624]

  • Unable to set a TAP object as part of a host bridge [4427]

  • Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]

  • [TAP] interfaces-state response contains “host-namespace”: “(nil)” value in tap-table, when the namespace is specified as “host” [4867]

  • Jumbo frames do not pass on vmxnet3 adapters [4891]

  • Interface subnet routes are left within VRF route table after detaching interface from that VRF [4949]

  • Interface subnet IPv6 route is left within default route table after attaching interface to a custom VRF [4950]

  • Conflicting IP addresses remain on interfaces after VRF deletion [5035]

  • Restoring a configuration database with named interfaces requires loading, restarting the dataplane, then loading again [5144]

Memif

  • Unable to connect to memif interface using default socket [4448]

NAT

  • Twice-NAT does not work [1023]

  • NAT interfaces drop packets that do not match existing NAT sessions or static NAT mappings [1979]

  • 1:1 NAT drops packets with ttl=2 from inbound interface [2849]

  • VPP fails on DS-Lite AFTR router when packets from B4 are being received before pool is configured [3024]

  • Clixon service fails when deleting dslite-ce role [3030]

  • Reassembly timeout isn’t working when full IP reassembly is configured [3269]

  • Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]

  • Second fragment of a packet is not virtually reassembled when max-reassemblies is set to 1 [3384]

  • Full IP reassembly does not work with MAP [3386]

  • MAP-T: bogus zeroes when translating short IPv4 to IPv6 [3460]

  • NAT pool route table option only available when specifying a range [3628]

  • Packets larger than 2034 bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]

  • MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]

  • TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]

  • MAP does not relay IPv6 ICMP error messages to IPv4 [3809]

  • Deterministic NAT mode prevents local clients from communicating with local services on TNSR [4356]

  • Deterministic NAT mappings in the configuration database prevent the dataplane from starting when switching to endpoint-dependent mode [4371]

  • NAT static mappings for ICMP do not work [4373]

  • NAT static mappings for TCP/UDP protocol on “any” port result in translation for port 0 instead [4384]

  • NAT static mappings assume external port 0 when port is omitted [4432]

  • Deterministic NAT users experience sluggish performance and lag on video calls [4492]

  • Unable to verify NAT sessions in deterministic mode [4562]

  • Default NAT session timeouts do not work in endpoint-dependent mode [4600]

  • NAT forwarding does not work in deterministic and simple modes [4604]

  • VPP service fails on receiving packet when NAT simple mode along with static-mapping-only option is configured [4610]

  • Packets that aren’t destined to NAT pool are dropped when NAT simple mode with out2in-dpo option is configured [4927]

  • Ping to outside NAT interface produces a NAT session when forwarding is disabled [4960]

NTP

  • NTP does not properly handle IPv6 restrictions [4626]

Neighbor / ARP / NDP

  • Packet loss during ARP transactions [2868]

  • The MAC address of a static IPv6 neighbor cannot be changed [4454]

RESTCONF

  • Adding a user via RESTCONF requires a password even when providing an ssh key [2875]

  • RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]

  • OSPF interfaces are not validated when configured via RESTCONF [3528]

  • Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]

Routing

  • Changing default metric for OSPF server does not result in update on other routers [2586]

  • CLI shows that only IPv4 prefix is available within prefix-list sequence configuration [2689]

  • OSPF RIB is not updated when the ABR type is changed between standard and shortcut [2699]

  • BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]

  • RIP “timeout” timer does not work [2796]

  • ttl-security hops value can be set when ebgp-multihop is already configured [2832]

  • BGP session soft reset option does not work for IPv6 peers [2833]

  • extended-nexthop capability isn’t being negotiated between IPv6 BGP peers [2850]

  • Unable to verify received prefix-list entries via CLI when using ORF capability [2864]

  • BGP network backdoor feature isn’t working without service restart [2873]

  • BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]

  • BGP listen range option disappears from active FRR configuration after restarting BGP [3043]

  • Unable to verify dynamic BGP peer information from TNSR CLI [3044]

  • Unable to delete OSPF3 config for an interface [3481]

  • Error occurs when using “match ipv6 address <acl_name>” in route-map configuration [3619]

  • Change made to a prefix-list used in a OSPF3 route-map doesn’t affect redistributed routes [3644]

  • TNSR does not prevent creating static routes for directly connected networks [3813]

  • OSPF conditional default route injection does not work [3846]

  • Unable to verify received routes when high number of routes received via BGP [3918]

  • Cannot disable IPv4 in BGP [4399]

  • FRR prefix list synchronization lost after dataplane restart [4456]

  • TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]

  • Unable to set a custom path for the FRR log file [4825]

  • Unable to verify BGP session information when BGP is configured for the non-default VRF [4966]

  • Static routes in custom VRFs are not available to FRR [4975]

  • Invalid IPv6 routes are shown when searching by prefix [5033]

  • TNSR responds to IPv6 Router Solicitation messages with default Router Advertisement when not configured to do so [5097]

  • TNSR resolves output interface via default routing table when VRF static route is configured without interface name [5134]

SNMP / IPFIX / Prometheus

  • SNMP does not accept changes made using a write community [2567]

  • Restarting SNMP daemon causes NMS software to report a device reboot [3901]

  • SNMP results are returned at approximately 3 per second [4670]

  • RESTCONF returns an incorrect response code when removing IPFIX destinationIPAddress [5045]

  • IPFIX NAT logging reports internal FIB index instead of VRF ID [5067]

  • Configuring IPFIX collector address to directly connected host in Azure causes continuous VPP crash [5117]

  • IPFIX sends an incorrect value in NAT Quota Exceeded event [5135]

Tunnel Protocols

  • Changes to an existing VXLAN tunnel configuration do not apply until the dataplane is restarted [1778]

  • Unable to modify GRE tunnel settings [2698]

VRRP

  • VRRP cannot change the MAC address on ixgbevf interfaces [4551]

clixon

  • Clixon allows invalid prefix lists [3603]

  • log_upgrade does not print cxobj paths correctly in tnsr-upgrade.log [4747]

httpd

  • Clients receive an SSL certificate error when querying the HTTPS server if it uses a certificate with an MD5 digest [2403]

  • HTTP server retains its configuration after restarting TNSR services [2453]