TNSR 21.07 Release Notes

About This Release

This is a regularly scheduled TNSR release including new features and bug fixes.

General

• The default behavior of VMware VMXNET3 interfaces has changed from previous releases. These interfaces are no longer automatically whitelisted, and must be manually setup in the dataplane as described in Setup NICs in Dataplane.

  For a smoother upgrade experience, configure the interfaces in the dataplane before starting the upgrade process.

  If the interfaces have already been configured in the dataplane, no action is necessary.

Changes

CLI

• Fixed: Terminal page length not respected in cligen output routines which handle paging [3397]

• Fixed: Wrong CLI commands generated for ACL MACIP config [5815]

• Fixed: CLI auto-completion prints extremely long lines on serial console session [5816]

• Fixed: Wrong CLI commands generated for FRR features [5840]

• Fixed: Wrong CLI commands generated for NAT static mapping to interface [5842]

• Fixed: Wrong CLI commands generated for IP virtual reassembly [5866]

• Fixed: Wrong CLI commands generated for host interface [5867]

• Fixed: Wrong CLI commands generated for DSlite [5868]

• Fixed: Wrong CLI commands generated for BGP [5869]

• Fixed: CLI may generate configuration for VRRP that cannot be applied [5870]

• Fixed: CLI commands are not generated for DNS server [5878]

• Fixed: Wrong CLI commands generated for GRE [5880]

• Fixed: Wrong CLI commands generated for VXLAN [5881]

• Fixed: Wrong CLI commands generated for host ACL [5884]

• Fixed: Wrong CLI commands generated for MAP [5885]

• Fixed: Wrong CLI commands generated for static routing next hop [5886]

• Fixed: Wrong CLI commands generated for NAT translation outer port [5911]

• Fixed: Wrong CLI commands generated for IPv6 static routing [5912]

• Fixed: CLI commands are not generated for RESTCONF configuration [5953]

• Fixed: IPv6 prefix-lists cannot be configured in the CLI [6080]

• Fixed: Cannot remove snmp group/model via CLI [6122]

• Fixed: Command description for route-map outbound direction is the same as for inbound [6376]

• Fixed: Missing CLI commands for cfgfile dataplane configuration [6453]

DHCP Server

• Fixed: Default DHCP server settings allow lease file to grow without bounds [5414]

• Fixed: DHCP server stops issuing leases after dataplane restart [5426]

Dataplane

• Fixed: VPP crashes in AWS if main heap size is set in VPP config [5754]

• Added: igc 2.5G Ethernet interface support [6524]

• Fixed: Netlink message processing stops after socket overflow [6552]

General

• Added: Maintain configuration database change history in a local git repo [485]

Interfaces

• Added: TCP MSS Clamping [3920]

• Added: Allow configuration of maximum fragments to be reassembled per packet [5141]

• Fixed: Cannot set bridge BVI option on an interface after initial setup [5628]

• Fixed: Commit failed error when setting values for IP reassembly options [5683]

• Fixed: IP reassembly full ipv4 max-reassembly-length value cannot be removed [5967]

NAT

• Fixed: NAT forwarding does not work in deterministic and simple modes [4604]

• Fixed: NAT forwarding option does not work with multiple worker threads [5327]

• Changed: Deprecate support for DS-Lite [5959]

• Fixed: Endpoint-dependent NAT mode remains enabled after clean candidate configuration database is committed [5972]

Packaging

• Changed: Update VPP from upstream [5829]

• Changed: Update strongSwan to 5.9.2 [5830]

• Changed: Update FRR to 7.5.1 [5831]

Routing

• Added: Omit broadcast and other special automatic route table entries from default show route output [4339]

• Fixed: Orphaned VRF entries are not removed when loading and committing candidate configuration [5507]

• Fixed: Route-map rules cannot match ipv6 access lists [6428]

SNMP / IPFIX / Prometheus

• Fixed: SNMP daemon does not return Counter64 64-bit octet values [5272]

• Fixed: SNMP subagent startup takes a long time [5696]

VRRP

• Fixed: VRRP VR on interface in non-default VRF does not transition to backup state [6562]

clixon

• Fixed: CLI exits when expand_dbvar() is passed an invalid path [6025]

Known Issues

ACLs

• DHCP responses blocked by TNSR input ACLs since reflect on output ACLs does not work for DHCP requests [3570]

• ACLs applied to a bridged loopback interface do not block traffic [6248]

BFD

• Unable to setup delayed option for an existing BFD session via REST [2709]

• IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]

• Bidirectional Forwarding Detection sessions spontaneously vanish [5313]

Bridge

• Bridge domain ARP entries cannot be displayed via CLI [2378]

• Bridge domain ARP entries cannot be removed via CLI [2380]

• Bridge domain mac-age value cannot be removed via CLI [2381]

• Bridge domains and split-horizon groups are not functioning properly [5500]

CLI

• CLI does not always return from a shell prompt [2651]

• Deleting the startup configuration database does not fully remove the active configuration [3723]

• Specifying interface to traceroute requires root privileges [5376]

• Input validation of unbound message cache slabs value does not work as expected [5472]

• CLI and RESTCONF behavior are different for no bgp default ipv4-unicast [6303]

• Bridge domain configuration rewrite parameter does not work [6613]

DHCP Server

• CLI offers to delete mandatory variable in DHCP server subnet configuration [5240]

• DHCP4 kea config-file output shows “vpp” TAP interface names in its configuration instead of TNSR interface names [5264]

• Unable to setup a custom DHCP option with certain data types in the record [5299]

• DHCP daemon does not generate coredumps [5583]

DNS

• show system output does not contain DNS resolver parameters [5397]

Dataplane

• RESTCONF query fails to TNSR interface with >1 worker thread when NAT is active [2031]

• Binary API times out in some dual NUMA environments [2383]

• Link state is always up when using e1000 network drivers [2831]

• VPP service does not start if an interface name uses a reserved keyword [3234]

• Cannot create rx-queues for interfaces on KVM and VirtualBox [3674]

• DPDK does not work with Mellanox ConnectX-3 drivers [3781]

• Using interface routes appears to break dataplane ARP [5259]

• VPP crashes with SIGSEGV at faulting address 0x0 or 0x1c [5695]

• VPP crashes on Azure when configured with option default-data-size 1024 [6007]

• Periodic dataplane SIGSEGV crash and backtrace [6574]

• Dataplane SIGABRT crash and backtrace [6580]

• Multiple worker threads may result in dataplane SIGSEGV crash and backtrace [6587]

General

• Non-root users cannot access the FRR log file [4826]

• Unable to specify TNSR interface as a source in ping and traceroute commands via REST [5605]

Host

• Cannot remove an IP address assigned to a host interface during the installation process via TNSR CLI [3013]

• Cannot configure the default gateway for host namespace via TNSR CLI [3702]

• VRF interface for a custom route table persists in the operating system after restarting services [4866]

IPsec

• IPsec tunnels take much longer than expected to be marked down when connectivity to the peer is interrupted [3533]

• Packets exceeding 2020 bytes cannot be received on IPsec interface [5224]

Installation

• When installing TNSR via iDRAC virtual media redirector the text installer screensaver starts in before the installation can complete [3182]

• Software selection in the installer changes after network configuration [3834]

Interfaces

• Packets do not pass through VLAN subinterface after subinterface configuration has been modified [1612]

• VLAN subinterfaces do not work with virtio network drivers on KVM [2189]

• Unable to set IPv6 link-local address on an interface [2394]

• Configuration of host OS interface clears TNSR TAP interface configuration [2640]

• Unable to create subinterface with dot1q “any” tag [2652]

• Subinterface settings aren’t applied on change without restarting dataplane [2696]

• Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]

• Reassembly timeout is not working when full IP reassembly is configured [3269]

• Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]

• Second fragment of a packet is not virtually reassembled when max-reassemblies is set to 1 [3384]

• TX queues utilized based off RX queue count [3624]

• Unable to set a TAP object as part of a host bridge [4427]

• Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]

• RESTCONF interfaces-state response contains "host-namespace": "(nil)" value in tap-table, when the namespace is specified as host [4867]

• Interface subnet routes are left within VRF route table after detaching interface from that VRF [4949]

• Interface subnet IPv6 route is left within default route table after attaching interface to a custom VRF [4950]

• Restoring a configuration database with named interfaces requires loading, restarting the dataplane, then loading again [5144]

• XG-1541 link speed auto-negotiation incorrect with direct connected interfaces [5323]

• Errors indicate TNSR is attempting to assign a MAC address to IPsec ipipX interfaces [6285]

• VLAN interfaces do not show VLAN ID in output of show interface [6326]

Memif

• Unable to connect to memif interface using default socket [4448]

NAT

• Twice-NAT does not work [1023]

• 1:1 NAT drops packets with ttl=2 from inbound interface [2849]

• Full IP reassembly does not work with MAP [3386]

• MAP-T adds bogus zeroes when translating short IPv4 to IPv6 [3460]

• NAT pool route table option only available when specifying a range [3628]

• Packets larger than 2034 bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]

• MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]

• TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]

• MAP does not relay IPv6 ICMP error messages to IPv4 [3809]

• Deterministic NAT mode prevents local clients from communicating with local services on TNSR [4356]

• Deterministic NAT mappings in the configuration database prevent the dataplane from starting when switching to endpoint-dependent mode [4371]

• NAT static mappings for ICMP do not work [4373]

• NAT static mappings for TCP/UDP protocol on “any” port result in translation for port 0 instead [4384]

• NAT static mappings assume external port 0 when port is omitted [4432]

• Default NAT session timeouts do not work in endpoint-dependent mode [4600]

• Packets that aren’t destined to NAT pool are dropped when NAT simple mode with out2in-dpo option is configured [4927]

• Default NAT translation limits may be undersized [5464]

• Full IPv4 reassembly doesn’t work with NAT endpoint-independent mode [5476]

• Packet forwarding over an IPsec tunnel fails after enabling UDP encapsulation in IKEv1 mode [6490]

• Cannot increase NAT Sessions per thread past ~1e6 [6550]

• Dataplane SIGSEGV crash and backtrace when exceeding NAT session limit [6551]

• Clixon backend crash if VRF is removed and re-added for NAT static translation [6554]

• Cannot apply VRF to interface if it was removed by applying clean candidate DB [6561]

NTP

• NTP does not properly handle IPv6 restrictions [4626]

Neighbor / ARP / NDP

• Packet loss during ARP transactions [2868]

• The MAC address of a static IPv6 neighbor cannot be changed [4454]

RESTCONF

• Adding a user via RESTCONF requires a password even when providing an ssh key [2875]

• RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]

• OSPF interfaces are not validated when configured via RESTCONF [3528]

• Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]

• Response of /restconf/data/ and /restconf/data/netgate-interface:interfaces-state/ does not include any of *-table [5399]

• RESTCONF allows configuring dataplane options for non-existent devices [5748]

Routing

• Changing default metric for OSPF server does not result in update on other routers [2586]

• OSPF RIB is not updated when the ABR type is changed between standard and shortcut [2699]

• BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]

• RIP “timeout” timer does not work [2796]

• ttl-security hops value can be set when ebgp-multihop is already configured [2832]

• BGP session soft reset option does not work for IPv6 peers [2833]

• extended-nexthop capability isn’t being negotiated between IPv6 BGP peers [2850]

• Unable to verify received prefix-list entries via CLI when using ORF capability [2864]

• BGP network backdoor feature isn’t working without service restart [2873]

• BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]

• BGP listen range option disappears from active FRR configuration after restarting BGP [3043]

• Unable to verify dynamic BGP peer information from TNSR CLI [3044]

• Unable to delete OSPF3 config for an interface [3481]

• Error occurs when using “match ipv6 address <acl_name>” in route-map configuration [3619]

• Change made to a prefix-list used in a OSPF3 route-map doesn’t affect redistributed routes [3644]

• TNSR does not prevent creating static routes for directly connected networks [3813]

• OSPF conditional default route injection does not work [3846]

• Unable to verify received routes when high number of routes received via BGP [3918]

• FRR prefix list synchronization lost after dataplane restart [4456]

• TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]

• Unable to set a custom path for the FRR log file [4825]

• Unable to verify BGP session information when BGP is configured for the non-default VRF [4966]

• Reevaluate the FRR logging settings [4971]

• Static routes in custom VRFs are not available to FRR [4975]

• Invalid IPv6 routes are shown when searching by prefix [5033]

• TNSR responds to IPv6 Router Solicitation messages with default Router Advertisement when not configured to do so [5097]

• TNSR resolves output interface via default routing table when VRF static route is configured without interface name [5134]

• Reverting to the startup configuration doesn’t restore packet forwarding for BGP over IPsec prefixes [5321]

• Neighbors do not exchange routes when using OSPF over VRF-lite [5338]

• BGP command to show routes from neighbors returns an error instead of expected data [5835]

• RIP route-map-filter option does not get added to FRR configuration [5910]

• BGP shows its capabilities as advertised when configured with the dont-capability-negotiate option [6035]

• Output of show route takes about a minute to begin displaying very large route tables (~1,000,000 routes) [6380]

• Unable to disable IPv4 AF without BGP service restart [6393]

• BGP failover logs “Failed to delete neighbor” error from linux-cp [6400]

• VRF is not removed after loading and committing candidate configuration [6449]

• Setting an OSPF virtual-link parameter removes all other configured parameters [6595]

• OSPF virtual-link authentication does not work [6601]

SNMP / IPFIX / Prometheus

• SNMP does not accept changes made using a write community [2567]

• Restarting SNMP daemon causes NMS software to report a device reboot [3901]

• Prometheus filters with non-alphanumeric characters can cause HTTP requests to fail [5467]

• Prometheus filters containing spaces cannot be removed [5470]

• Interface name-to-index mappings not available in prometheus exporter output [5618]

• SNMP query for ifDescr returns unexpected Hex-STRING type data or incorrect STRING contents [6403]

• SNMP does not work on IPv6 [6589]

SPAN

• Span config disappears/appears when repeatedly restarting dataplane [6526]

Static Routes

• Static route description is not showing up in show commands or REST state data [5478]

Tunnel Protocols

• Changes to an existing VXLAN tunnel configuration do not apply until the dataplane is restarted [1778]

• Unable to modify GRE tunnel settings [2698]

• TNSR IPv6 interface address does not appear in traceroute when next-hop is IPsec tunnel interface [5178]

• VxLAN with multicast destination does not pass traffic [6491]

Updates

• Update scripts may fail on some systems [5342]

VRRP

• VRRP cannot change the MAC address on ixgbevf interfaces [4551]

clixon

• Clixon allows invalid prefix lists [3603]

• log_upgrade does not print cxobj paths correctly in tnsr-upgrade.log [4747]

• clixon_backend exhausts memory while displaying high amount of routes [5226]

• TNSR CLI treats “#” character as comment delimiter, ignores input after [5237]

• TNSR does not validate username when creating a user [5238]

• CLI closes when performing commands after restarting TNSR [5974]

• Duplicate attribute created when upgrading TNSR 20.10 NAT configuration to 21.03.1-1 from CLI [6531]

httpd

• Clients receive an SSL certificate error when querying the HTTPS server if it uses a certificate with an MD5 digest [2403]