TNSR 21.03.1 Release Notes¶
About This Release¶
This is a maintenance release for TNSR software version 21.03 with bug fixes.
Warning
For more information on changes in TNSR 21.03, see TNSR 21.03 Release Notes.
Changes¶
Interfaces¶
Fixed: Running obsolete interface command to delete route table causes CLI to exit [5876]
Fixed: Admin status is not set correctly for disabled VLAN subinterfaces [5956]
NAT¶
Fixed: NAT hairpinning results in VPP crash due to SEGV [5302]
Neighbor / ARP / NDP¶
Fixed: Spurious replies sent to neighbor solicitations for addresses in the neighbor table [5989]
Routing¶
Added: Allow BGP IPv4 unicast route propagation to be disabled by default [4399]
SNMP / IPFIX / Prometheus¶
Fixed: SNMP results are returned at approximately 3 per second [4670]
Known Issues¶
ACLs¶
DHCP responses blocked by TNSR input ACLs since reflect on output ACLs does not work for DHCP requests [3570]
ACLs applied to a bridged loopback interface do not block traffic [6248]
BFD¶
Unable to setup “delayed” option for an existing BFD session via REST [2709]
IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]
Bidirectional Forwarding Detection sessions spontaneously vanish [5313]
Bridge¶
Bridge domain ARP entries not displayed via CLI [2378]
Bridge domain ARP entry cannot be removed via CLI [2380]
Bridge domain mac-age cannot be removed via CLI [2381]
Bridge domains and split-horizon groups not functioning properly [5500]
CLI¶
CLI does not always return from a shell prompt [2651]
Deleting the startup_db does not fully remove the active configuration [3723]
Specifying Interface to traceroute requires root privileges [5376]
Fix unbound ‘message cache slabs’ CLI weirdness [5472]
Wrong CLI command generated for ACL MACIP config [5815]
Wrong CLI commands generated for NAT translation outer port [5911]
IPv6 prefix-lists cannot be configured in the CLI [6080]
BGP peer group
remote-as
configuration value is missing fromshow conf run cli
output [6123]
DHCP Server¶
CLI offers to delete mandatory variable in DHCP server subnet configuration [5240]
DHCP4 kea config-file output shows “vpp” TAP interface names in its configuration instead of TNSR interface names [5264]
Unable to set up a custom DHCP option with certain data types in the record [5299]
Default kea settings allow lease file to grow without bounds [5414]
DHCP/kea stops issuing leases after dataplane restart [5426]
DHCP/kea coredump isn’t generated [5583]
DNS¶
show system
output does not contain DNS resolver parameters [5397]
Dataplane¶
RESTCONF query fails to TNSR interface with >1 worker thread when NAT is active [2031]
Binary API times out in some dual NUMA environments [2383]
Link state is always up when using e1000 network drivers [2831]
VPP service does not start if an interface name uses a reserved keyword [3234]
Cannot create rx-queues for interfaces on KVM and VirtualBox [3674]
DPDK does not work with Mellanox ConnectX-3 drivers [3781]
Using interface routes appears to breaks dataplane ARP [5259]
VPP crashes with SIGSEGV at faulting address 0x0 or 0x1c [5695]
VPP crashes on Azure when configured with option
default-data-size 1024
[6007]
General¶
Non-root users cannot access the FRR log file [4826]
Unable to configure packet trace [5261]
Unable to specify TNSR interface as a source in ping and traceroute commands via REST [5605]
Host¶
Cannot remove an IP address assigned to a host interface during the installation process via TNSR CLI [3013]
Cannot configure the default gateway for host namespace via TNSR CLI [3702]
VRF interface for a custom route table persists in the operating system after restarting services [4866]
IPsec¶
IPsec tunnels take much longer than expected to be marked down when connectivity to the peer is interrupted [3533]
Packets exceeding 2020 bytes cannot be received on IPsec interface [5224]
Installation¶
When installing TNSR via iDRAC virtual media redirector the text installer screensaver starts in before the installation can complete [3182]
Software selection in the installer changes after network configuration [3834]
Installer python exception [5556]
Interfaces¶
Packets do not pass through VLAN subinterface after subinterface configuration has been modified [1612]
VLAN subinterfaces do not work with virtio network drivers on KVM [2189]
Unable to set IPv6 link-local address on an interface [2394]
Configuration of host OS interface clears TNSR TAP interface configuration [2640]
Unable to create subinterface with dot1q “any” tag [2652]
Subinterface settings aren’t applied on change without restarting dataplane [2696]
Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]
TX queues utilized based off RX queue count [3624]
Unable to set a TAP object as part of a host bridge [4427]
Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]
RESTCONF interfaces-state response contains “host-namespace”: “(nil)” value in tap-table, when the namespace is specified as “host” [4867]
Interface subnet routes are left within VRF route table after detaching interface from that VRF [4949]
Interface subnet IPv6 route is left within default route table after attaching interface to a custom VRF [4950]
Restoring a configuration database with named interfaces requires loading, restarting the dataplane, then loading again [5144]
XG-1541 link speed auto-negotiation incorrect with direct connected interfaces [5323]
Cannot set bridge BVI option on an interface after initial setup [5628]
Memif¶
Unable to connect to memif interface using default socket [4448]
NAT¶
Twice-NAT does not work [1023]
1:1 NAT drops packets with ttl=2 from inbound interface [2849]
VPP fails on DS-Lite AFTR router when packets from B4 are being received before pool is configured [3024]
Clixon service fails when deleting dslite-ce role [3030]
Reassembly timeout isn’t working when full IP reassembly is configured [3269]
Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]
Second fragment of a packet is not virtually reassembled when max-reassemblies is set to 1 [3384]
Full IP reassembly does not work with MAP [3386]
MAP-T: bogus zeroes when translating short IPv4 to IPv6 [3460]
NAT pool route table option only available when specifying a range [3628]
Packets larger than 2034 bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]
MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]
TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]
MAP does not relay IPv6 ICMP error messages to IPv4 [3809]
Deterministic NAT mode prevents local clients from communicating with local services on TNSR [4356]
Deterministic NAT mappings in the configuration database prevent the dataplane from starting when switching to endpoint-dependent mode [4371]
NAT static mappings for ICMP do not work [4373]
NAT static mappings for TCP/UDP protocol on “any” port result in translation for port 0 instead [4384]
NAT static mappings assume external port 0 when port is omitted [4432]
Deterministic NAT users experience sluggish performance and lag on video calls [4492]
Unable to verify NAT sessions in deterministic mode [4562]
Default NAT session timeouts do not work in endpoint-dependent mode [4600]
NAT forwarding does not work in deterministic and simple modes [4604]
Packets that aren’t destined to NAT pool are dropped when NAT simple mode with out2in-dpo option is configured [4927]
NAT forwarding option does not work with multiple worker threads [5327]
Default NAT translation limits may be undersized [5464]
Full IPv4 reassembly doesn’t work with NAT endpoint-independent mode [5476]
Endpoint-dependent NAT mode remains enabled after clean candidate configuration database is committed [5972]
NTP¶
NTP does not properly handle IPv6 restrictions [4626]
Neighbor / ARP / NDP¶
Packet loss during ARP transactions [2868]
The MAC address of a static IPv6 neighbor cannot be changed [4454]
RESTCONF¶
Adding a user via RESTCONF requires a password even when providing an ssh key [2875]
RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]
OSPF interfaces are not validated when configured via RESTCONF [3528]
Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]
Response of
/restconf/data/
and/restconf/data/netgate-interface:interfaces-state/
does not include any of*-table
[5399]RESTCONF allows configuring dataplane options for non-existent devices [5748]
Routing¶
Changing default metric for OSPF server does not result in update on other routers [2586]
CLI shows that only IPv4 prefix is available within prefix-list sequence configuration [2689]
OSPF RIB is not updated when the ABR type is changed between standard and shortcut [2699]
BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]
RIP “timeout” timer does not work [2796]
ttl-security hops value can be set when ebgp-multihop is already configured [2832]
BGP session soft reset option does not work for IPv6 peers [2833]
extended-nexthop capability isn’t being negotiated between IPv6 BGP peers [2850]
Unable to verify received prefix-list entries via CLI when using ORF capability [2864]
BGP network backdoor feature isn’t working without service restart [2873]
BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]
BGP listen range option disappears from active FRR configuration after restarting BGP [3043]
Unable to verify dynamic BGP peer information from TNSR CLI [3044]
Unable to delete OSPF3 config for an interface [3481]
Error occurs when using “match ipv6 address <acl_name>” in route-map configuration [3619]
Change made to a prefix-list used in a OSPF3 route-map doesn’t affect redistributed routes [3644]
TNSR does not prevent creating static routes for directly connected networks [3813]
OSPF conditional default route injection does not work [3846]
Unable to verify received routes when high number of routes received via BGP [3918]
FRR prefix list synchronization lost after dataplane restart [4456]
TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]
Unable to set a custom path for the FRR log file [4825]
Unable to verify BGP session information when BGP is configured for the non-default VRF [4966]
Reevaluate the FRR logging settings [4971]
Static routes in custom VRFs are not available to FRR [4975]
Invalid IPv6 routes are shown when searching by prefix [5033]
CLI description in prefix-list definition misleading [5065]
TNSR responds to IPv6 Router Solicitation messages with default Router Advertisement when not configured to do so [5097]
TNSR resolves output interface via default routing table when VRF static route is configured without interface name [5134]
Reverting to the startup configuration doesn’t restore packet forwarding for BGP over IPsec prefixes [5321]
Neighbors do not exchange routes when using OSPF over VRF-lite [5338]
BGP command to show routes from neighbors returns an error instead of expected data [5835]
RIP
route-map-filter
option does not get added to FRR configuration [5910]
SNMP / IPFIX / Prometheus¶
SNMP does not accept changes made using a write community [2567]
Restarting SNMP daemon causes NMS software to report a device reboot [3901]
Prometheus filters with non-alphanumeric characters can cause HTTP requests to fail [5467]
Prometheus filters containing spaces cannot be removed [5470]
Interface name-to-index mappings not available in prometheus exporter output [5618]
Static Routes¶
Static route next-hop options stack when updated, but only one works [5326]
Static route description is not showing up in show commands or REST state data [5478]
Tunnel Protocols¶
Changes to an existing VXLAN tunnel configuration do not apply until the dataplane is restarted [1778]
Unable to modify GRE tunnel settings [2698]
TNSR IPv6 interface address does not appear in traceroute when next-hop is IPsec tunnel interface [5178]
Updates¶
Update scripts may fail on some systems [5342]
VRRP¶
VRRP cannot change the MAC address on ixgbevf interfaces [4551]
clixon¶
Clixon allows invalid prefix lists [3603]
log_upgrade does not print cxobj paths correctly in tnsr-upgrade.log [4747]
clixon_backend exhausts memory while displaying high amount of routes [5226]
TNSR CLI treats “#” character as comment delimiter, ignores input after [5237]
TNSR does not validate username when creating a user [5238]
CLI closes when performing commands after restarting TNSR [5974]
CLI exits when
expand_dbvar()
is passed an invalid path [6025]
httpd¶
Clients receive an SSL certificate error when querying the HTTPS server if it uses a certificate with an MD5 digest [2403]