TNSR 21.07.1 Release Notes

About This Release

This is a maintenance release for TNSR software version 21.07 with bug fixes.

Changes

Dataplane

  • Fixed: Multiple worker threads may result in dataplane SIGSEGV crash and backtrace when processing ICMP errors [6587]

Packaging

  • Changed: Build DPDK with optimization enabled for improved PMD performance [6781]

Routing

  • Fixed: Static route commands in output of show configuration running cli are ordered incorrectly [6733]

VRRP

  • Fixed: CLI crashes during some VRRP track interface changes [6715]

  • Fixed: Interface configuration is missing from show configuration running cli when an interface is configured for VRRP [6727]

  • Fixed: Unable to remove interface from IPv6 VRRP tracking [6764]

Known Issues

ACLs

  • DHCP responses blocked by TNSR input ACLs since reflect on output ACLs does not work for DHCP requests [3570]

  • ACLs applied to a bridged loopback interface do not block traffic [6248]

BFD

  • Unable to setup delayed option for an existing BFD session via REST [2709]

  • IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]

  • Bidirectional Forwarding Detection sessions spontaneously vanish [5313]

Bridge

  • Bridge domain ARP entries cannot be displayed via CLI [2378]

  • Bridge domain ARP entries cannot be removed via CLI [2380]

  • Bridge domain mac-age value cannot be removed via CLI [2381]

  • Bridge domains and split-horizon groups are not functioning properly [5500]

CLI

  • CLI does not always return from a shell prompt [2651]

  • Deleting the startup configuration database does not fully remove the active configuration [3723]

  • Specifying interface to traceroute requires root privileges [5376]

  • Input validation of unbound message cache slabs value does not work as expected [5472]

  • CLI and RESTCONF behavior are different for no bgp default ipv4-unicast [6303]

  • Bridge domain configuration rewrite parameter does not work [6613]

DHCP Server

  • CLI offers to delete mandatory variable in DHCP server subnet configuration [5240]

  • DHCP4 kea config-file output shows “vpp” TAP interface names in its configuration instead of TNSR interface names [5264]

  • Unable to setup a custom DHCP option with certain data types in the record [5299]

  • DHCP daemon does not generate coredumps [5583]

DNS

  • show system output does not contain DNS resolver parameters [5397]

Dataplane

  • RESTCONF query fails to TNSR interface with >1 worker thread when NAT is active [2031]

  • Binary API times out in some dual NUMA environments [2383]

  • Link state is always up when using e1000 network drivers [2831]

  • VPP service does not start if an interface name uses a reserved keyword [3234]

  • Cannot create rx-queues for interfaces on KVM and VirtualBox [3674]

  • DPDK does not work with Mellanox ConnectX-3 drivers [3781]

  • Using interface routes appears to break dataplane ARP [5259]

  • VPP crashes with SIGSEGV at faulting address 0x0 or 0x1c [5695]

  • VPP crashes on Azure when configured with option default-data-size 1024 [6007]

  • Periodic dataplane SIGSEGV crash and backtrace [6574]

  • Dataplane SIGABRT crash and backtrace [6580]

General

  • Non-root users cannot access the FRR log file [4826]

  • Unable to specify TNSR interface as a source in ping and traceroute commands via REST [5605]

Host

  • Cannot remove an IP address assigned to a host interface during the installation process via TNSR CLI [3013]

  • Cannot configure the default gateway for host namespace via TNSR CLI [3702]

  • VRF interface for a custom route table persists in the operating system after restarting services [4866]

  • Improve setting host interface address in TNSR CLI [6728]

IPsec

  • IPsec tunnels take much longer than expected to be marked down when connectivity to the peer is interrupted [3533]

  • Packets exceeding 2020 bytes cannot be received on IPsec interface [5224]

  • Buffer exhaustion with TCP when using c62x QAT device [6711]

Installation

  • When installing TNSR via iDRAC virtual media redirector the text installer screensaver starts in before the installation can complete [3182]

  • Software selection in the installer changes after network configuration [3834]

Interfaces

  • Packets do not pass through VLAN subinterface after subinterface configuration has been modified [1612]

  • VLAN subinterfaces do not work with virtio network drivers on KVM [2189]

  • Unable to set IPv6 link-local address on an interface [2394]

  • Configuration of host OS interface clears TNSR TAP interface configuration [2640]

  • Unable to create subinterface with dot1q “any” tag [2652]

  • Subinterface settings aren’t applied on change without restarting dataplane [2696]

  • Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]

  • Reassembly timeout is not working when full IP reassembly is configured [3269]

  • Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]

  • Second fragment of a packet is not virtually reassembled when max-reassemblies is set to 1 [3384]

  • TX queues utilized based off RX queue count [3624]

  • Unable to set a TAP object as part of a host bridge [4427]

  • Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]

  • RESTCONF interfaces-state response contains "host-namespace": "(nil)" value in tap-table, when the namespace is specified as host [4867]

  • Interface subnet routes are left within VRF route table after detaching interface from that VRF [4949]

  • Interface subnet IPv6 route is left within default route table after attaching interface to a custom VRF [4950]

  • Restoring a configuration database with named interfaces requires loading, restarting the dataplane, then loading again [5144]

  • XG-1541 link speed auto-negotiation incorrect with direct connected interfaces [5323]

  • Errors indicate TNSR is attempting to assign a MAC address to IPsec ipipX interfaces [6285]

  • VLAN interfaces do not show VLAN ID in output of show interface [6326]

Memif

  • Unable to connect to memif interface using default socket [4448]

NAT

  • Twice-NAT does not work [1023]

  • 1:1 NAT drops packets with ttl=2 from inbound interface [2849]

  • Full IP reassembly does not work with MAP [3386]

  • MAP-T adds bogus zeroes when translating short IPv4 to IPv6 [3460]

  • NAT pool route table option only available when specifying a range [3628]

  • Packets larger than 2034 bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]

  • MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]

  • TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]

  • MAP does not relay IPv6 ICMP error messages to IPv4 [3809]

  • NAT static mappings for ICMP do not work [4373]

  • NAT static mappings for TCP/UDP protocol on “any” port result in translation for port 0 instead [4384]

  • NAT static mappings assume external port 0 when port is omitted [4432]

  • Default NAT session timeouts do not work in endpoint-dependent mode [4600]

  • Packets that aren’t destined to NAT pool are dropped when NAT simple mode with out2in-dpo option is configured [4927]

  • Default NAT translation limits may be undersized [5464]

  • Full IPv4 reassembly doesn’t work with NAT endpoint-independent mode [5476]

  • Cannot increase NAT Sessions per thread past ~1e6 [6550]

  • Dataplane SIGSEGV crash and backtrace when exceeding NAT session limit [6551]

  • Cannot disable NAT if an inside/outside NAT role was removed from an interface [6553]

  • Clixon backend crash if VRF is removed and re-added for NAT static translation [6554]

  • Cannot apply VRF to interface if it was removed by applying clean candidate DB [6561]

NTP

  • NTP does not properly handle IPv6 restrictions [4626]

Neighbor / ARP / NDP

  • Packet loss during ARP transactions [2868]

  • The MAC address of a static IPv6 neighbor cannot be changed [4454]

RESTCONF

  • Adding a user via RESTCONF requires a password even when providing an ssh key [2875]

  • RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]

  • OSPF interfaces are not validated when configured via RESTCONF [3528]

  • Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]

  • Response of /restconf/data/ and /restconf/data/netgate-interface:interfaces-state/ does not include any of *-table [5399]

  • RESTCONF allows configuring dataplane options for non-existent devices [5748]

Routing

  • Changing default metric for OSPF server does not result in update on other routers [2586]

  • OSPF RIB is not updated when the ABR type is changed between standard and shortcut [2699]

  • BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]

  • RIP “timeout” timer does not work [2796]

  • ttl-security hops value can be set when ebgp-multihop is already configured [2832]

  • BGP session soft reset option does not work for IPv6 peers [2833]

  • extended-nexthop capability isn’t being negotiated between IPv6 BGP peers [2850]

  • Unable to verify received prefix-list entries via CLI when using ORF capability [2864]

  • BGP network backdoor feature isn’t working without service restart [2873]

  • BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]

  • BGP listen range option disappears from active FRR configuration after restarting BGP [3043]

  • Unable to verify dynamic BGP peer information from TNSR CLI [3044]

  • Unable to delete OSPF3 config for an interface [3481]

  • CLI allows creation of invalid prefix lists [3603]

  • Error occurs when using “match ipv6 address <acl_name>” in route-map configuration [3619]

  • Change made to a prefix-list used in a OSPF3 route-map doesn’t affect redistributed routes [3644]

  • TNSR does not prevent creating static routes for directly connected networks [3813]

  • OSPF conditional default route injection does not work [3846]

  • Unable to verify received routes when high number of routes received via BGP [3918]

  • FRR prefix list synchronization lost after dataplane restart [4456]

  • TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]

  • Unable to set a custom path for the FRR log file [4825]

  • Unable to verify BGP session information when BGP is configured for the non-default VRF [4966]

  • Reevaluate the FRR logging settings [4971]

  • Static routes in custom VRFs are not available to FRR [4975]

  • Invalid IPv6 routes are shown when searching by prefix [5033]

  • TNSR responds to IPv6 Router Solicitation messages with default Router Advertisement when not configured to do so [5097]

  • TNSR resolves output interface via default routing table when VRF static route is configured without interface name [5134]

  • Reverting to the startup configuration doesn’t restore packet forwarding for BGP over IPsec prefixes [5321]

  • Neighbors do not exchange routes when using OSPF over VRF-lite [5338]

  • BGP command to show routes from neighbors returns an error instead of expected data [5835]

  • RIP route-map-filter option does not get added to FRR configuration [5910]

  • BGP shows its capabilities as advertised when configured with the dont-capability-negotiate option [6035]

  • Output of show route takes about a minute to begin displaying very large route tables (~1,000,000 routes) [6380]

  • Unable to disable IPv4 AF without BGP service restart [6393]

  • BGP failover logs “Failed to delete neighbor” error from linux-cp [6400]

  • VRF is not removed after loading and committing candidate configuration [6449]

  • Setting an OSPF virtual-link parameter removes all other configured parameters [6595]

  • OSPF virtual-link authentication does not work [6601]

SNMP / IPFIX / Prometheus

  • SNMP does not accept changes made using a write community [2567]

  • Restarting SNMP daemon causes NMS software to report a device reboot [3901]

  • Prometheus filters with non-alphanumeric characters can cause HTTP requests to fail [5467]

  • Prometheus filters containing spaces cannot be removed [5470]

  • Interface name-to-index mappings not available in prometheus exporter output [5618]

  • SNMP query for ifDescr returns unexpected Hex-STRING type data or incorrect STRING contents [6403]

  • SNMP does not work on IPv6 [6589]

SPAN

  • Span config disappears/appears when repeatedly restarting dataplane [6526]

Static Routes

  • Static route description is not showing up in show commands or REST state data [5478]

Tunnel Protocols

  • Changes to an existing VXLAN tunnel configuration do not apply until the dataplane is restarted [1778]

  • Unable to modify GRE tunnel settings [2698]

  • TNSR IPv6 interface address does not appear in traceroute when next-hop is IPsec tunnel interface [5178]

  • VxLAN with multicast destination does not pass traffic [6491]

Updates

  • Update scripts may fail on some systems [5342]

VRRP

  • VRRP cannot change the MAC address on ixgbevf interfaces [4551]

  • Cannot configure VRRP tracking for an unconfigured interface [6760]

clixon

  • log_upgrade does not print cxobj paths correctly in tnsr-upgrade.log [4747]

  • clixon_backend exhausts memory while displaying high amount of routes [5226]

  • TNSR CLI treats “#” character as comment delimiter, ignores input after [5237]

  • TNSR does not validate username when creating a user [5238]

  • CLI closes when performing commands after restarting TNSR [5974]

  • Duplicate attribute created when upgrading TNSR 20.10 NAT configuration to 21.03.1-1 from CLI [6531]

  • Crash with SEGFAULT in clixon_backend when it cannot parse XML from config_db [6627]

httpd

  • Clients receive an SSL certificate error when querying the HTTPS server if it uses a certificate with an MD5 digest [2403]