TNSR 24.06 Release Notes¶
About the TNSR 24.06 Release¶
This is a regularly scheduled TNSR software release including new features and bug fixes.
Warning
Users who upgrade using the TNSR CLI package upgrade
method must read
the Updates via the TNSR CLI section thoroughly before performing this upgrade.
There are potential issues that may arise when upgrading via that method and Updates via the TNSR CLI contains information on how to complete the upgrade process in those cases.
General¶
The default route table for IPv4 and IPv6 is now named
default
and routes for both address families are managed in that one single route table.In prior releases the default IPv4 and IPv6 route tables were separated and named
ipv4-VRF:0
andipv6-VRF:0
and administrators had to manage them independently.This change simplifies management and use of the default route table while also aligning default route table behavior with the behavior of additional route tables (VRFs).
Existing configurations are automatically adjusted on upgrade, no manual action is necessary.
System logs can now be viewed in the TNSR CLI using the
show logging
command. They can also be retrieved via RESTCONF.TNSR can now configure forwarding of log messages to remote log servers using
logging remote-server
which is handled viarsyslogd
.Interface counters can now be viewed in a continual “rolling” fashion by using the
show interface <name> counters rolling
command.Remote access IPsec clients authenticated using EAP-RADIUS can now be assigned static IPv4 and IPv6 addresses via the RADIUS reply attributes
framed-ip-address
andframed-ipv6-address
respectively.If there is no address assigned via RADIUS, the client will obtain an address from a configured pool.
A single user can now optionally be allowed to connect to remote access IPsec multiple times with the same credentials (
unique-id-policy
).Multiple remote access IPsec
Brief summarized output of IPsec tunnels can be printed using the new
show ipsec tunnel [id] brief
command. This prints actual and virtual (for remote access) addresses for connected tunnels and clients, along with a client identifier.Dynamic routing now resolves routes to peers using the default route instead of only using static routes.
This behavior is configurable and enabled by default in this release. Previous versions of TNSR software behaved in the opposite way, requiring static routes to peers. To disable this feature and return to the previous behavior, see Dynamic Routing Manager Options.
Changes¶
Changes in TNSR software version 24.06
ACLs¶
Fixed: MACIP ACL can be removed even if it is attached to an interface [15999]
Fixed: ACL MACIP cannot be detached from an interface if its name is specified in the
no access-list macip
command [16040]Fixed:
show host acl
output is incomplete [16228]Fixed:
show acl
output column headers are not aligned properly [16287]
Authentication¶
Fixed: Changes to existing SSH keys for user authentication are not applied correctly [12544]
CLI¶
Added:
show logging
command to view system logs [3468]Added: Command to continually monitor interface statistics [11764]
Fixed: Network or broadcast address can be configured as interface IPv4 address [15887]
Dataplane¶
Changed: Limit plugins loaded by VPP to only those required by TNSR [13486]
Fixed: Packet trace does not return results with multiple workers under certain conditions [16734]
General¶
Fixed: High memory usage on Azure [12036]
Changed: Include FRR logs in
tnsr-diag
archive [12291]Changed: Print arguments to command in
syscmd()
when a child process is killed or exits with an error [16350]
Host¶
Changed: Shorten default login banner output [13211]
Fixed: SLAAC configuration of Azure accelerated VF interfaces can interfere with host IPv6 routing [15749]
Changed: Expose VPP internal log data to
syslog
by default [15997]Added: Support forwarding log data to remote log hosts [16027]
Fixed: Backend will not start if no network configuration was selected during install [16850]
IPsec¶
Added: Brief IPsec tunnel status output via
show ipsec tunnel [id] brief
command [12541]Added: Static IPv4/IPv6 address assignment for remote access IPsec EAP-RADIUS clients via RADIUS reply attributes [15960]
Added: Multiple remote access IPsec tunnels for a single EAP/user login [16072]
Fixed: Remote access IPsec stops passing traffic [16294]
Fixed: Excessive API activity with large number of IPsec remote access clients [16370]
Changed: Skip rekeying attempts if IPsec SA has already been deleted [16408]
Fixed: Remote access IPsec tunnel drops on rekey collision [16526]
Added: Support multiple remote access IPsec VPN configurations [16694]
Interfaces¶
Fixed: Link state of a bond interface does not follow the link state of the underlying interfaces [10093]
Added: Display continually calculated data rate counters under
show interface
[11296]Fixed: Tap interfaces can be removed while in use by host tap interfaces [16325]
LACP¶
Added: Print reference legend in
show interface bond
andshow interface lacp
command output [12371]
NAT¶
Fixed: Buffer leak with virtual reassembly [16853]
Operating System¶
Fixed: TNSR VM on Proxmox 8 powers off when changing dataplane interface IPv4 configuration [11204]
Changed: Update base images to Ubuntu LTS 22.04.4 [13441]
Changed: Update debian base images to 12.5.0 [13442]
PKI¶
Fixed: Use certificate purpose from signing request if a purpose is not specified when signing [16206]
Routing¶
Fixed: No log entries during dynamic routing reload due to
frr-reload.py
disabling logging while it is applying configuration changes [13090]Fixed: BGP
as-path
access-list
definitions incorrectly allow duplicate entries [13108]Fixed: FRR
prefix-list
definitions incorrectly allow duplicate entries [13110]Added: Configuration of next hop tracking via default route under dynamic routing manager [13248]
Changed: Use a single route table named
default
as the default VRF [13311]Fixed: CLI expansion does not work for
local-as
option in BGP neighbor configuration [13415]Changed: Optimize generation of neighbors in
bgpd.conf
to reduce unnecessary processing while reloading [15894]Fixed: Delay in TNSR responses to ICMP echo requests while executing
show route
command with large route tables and multiple workers [16777]
SNMP / IPFIX / Prometheus¶
Fixed: IPFIX flowprobe data callbacks only flush buffers stored for the main thread, not workers [12719]
SPAN¶
Fixed: Span configuration disappears/reappears when repeatedly restarting dataplane [6526]
Fixed: SPAN mirroring cannot be disabled [7560]
Updates¶
Fixed: Kernel version is incorrect after upgrade [15990]
VRRP¶
Added: Include both IPv4 and IPv6 status in
show interface vrrp
output [15938]
Known Issues¶
Known Issues in TNSR software version 24.06
ACLs¶
Attempting to remove an in-use ACL produces an ambiguous error message [11066]
ACL with deny rule partially drops fragmented packets [12664]
Host ACLs created in TNSR are not removed when restarting with a clean startup configuration database [16400]
MACIP ACL requires
ip-version
when not specifying an IP address on the ACL [16764]
Authentication¶
Timeout option in LDAP configuration does not work as expected [13420]
Specifying a source IPv6 address in RADIUS configuration does not work correctly [15900]
Unable to retrieve LDAP configuration via RESTCONF [16018]
Cannot delete LDAP transport options using RESTCONF [16244]
RADIUS does not support servers located in custom VRFs [16642]
Incorrect ownership on user SSH keys prevents successful authentication [16722]
BFD¶
IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]
TNSR cannot commit configuration candidate database loaded from a file if it contains a BFD session for an interface that does not exist [7150]
BFD configuration inconsistently displayed [9425]
No ping response from peer when BFD session is down [9447]
IPv6 BFD sessions are intolerant of dataplane restart [9475]
Bridge¶
Bridging fails with virtual interfaces as members [7762]
TNSR does not retransmit ARP replies if
arp entry
option is enabled in a bridge domain [10880]Bridge domain
shg
andbvi
options cannot be removed alone without bridge domain in interface configuration [10926]Options
flood
anduu-flood
inconfig-bridge
mode look the same in VPP DPDK trace [11113]
CLI¶
Deleting the startup configuration database does not fully remove the active configuration [3723]
Specifying interface to traceroute requires root privileges [5376]
Input validation of unbound
message cache slabs
value does not work as expected [5472]CLI and RESTCONF behavior are different for
no bgp default ipv4-unicast
[6303]RIP information does not contain a legend for kernel routes [7230]
CLI shows incorrect routing table attached to an interface in cloud environments [10589]
VRRP prints empty interface definitions in
show config running cli
output [11072]Update “reflect” action description under ACL config [11093]
CLI expansion works incorrectly for OSPF/OSPF6 area configuration [11152]
Incorrect CLI expansion for VLAN tags configured on a sub-interface [11508]
CLI commands are not generated for RESTCONF coredump configuration [11650]
It is impossible to remove RESTCONF certificates and key via CLI [11685]
RESTCONF status does not show information about multiple sockets [11691]
CLI commands containing RX queue configuration fail to apply on a clean TNSR instance [11737]
Excess newlines are added to
user-key
content when adding an SSH key from the CLI [12369]Unable to delete password from authentication user entry via CLI [12482]
CLI expansion and verification do not work for
next-hop-table
field when creating a static route [12494]Attempting to set a description on a BGP
prefix-list
fails [13073]show ipsec tunnel
exits with an error when TNSR has no IPsec configuration [13463]Attempting to remove a single NAT pool address results in “Unspecified Error” message [16150]
CLI expansion help text is unclear when entering
match
as-path
in route map configuration [16242]TNSR does not validate
network
address location within BGPaddress-family
configuration [16407]Values for
after-time
andbefore-time
options forshow logging
command are not validated [16578]CLI freezes when trying to run
show route | match <text>
command with a large routing table [16625]
Counters¶
Contradictory output of detailed counters on bond interface in ‘broadcast’ mode [8351]
DHCP Client¶
Host OS
systemd-networkd
service defaults toDHCPv4/RoutesToDNS=true
even when the DNS server is non-adjacent [11444]
DHCP Server¶
CLI offers to delete mandatory variable in DHCP server subnet configuration [5240]
DHCP4 Kea
config-file
output shows VPP TAP interface names in its configuration instead of TNSR interface names [5264]Unable to setup a custom DHCP option with certain data types in the record [5299]
The command
no authoritative
in global DHCP server configuration does not work as expected [12388]TNSR incorrectly allows configuring a DHCP pool outside the subnet on an interface, which prevents the DHCP daemon from starting [12470]
Attempting to configure DHCP option 124
vivco-suboptions
fails [12805]Attempting to save DHCP pool configuration using
end
fails [13077]service dhcp4 reload
command is restarting the service instead of reloading the configuration [15976]
DNS¶
show system
output does not contain DNS resolver parameters [5397]Unbound fails to start with one or more values set to zero [11773]
Unbound cannot be configured to bind on IPv6 address [11854]
RESTCONF allows configuring a port for the system DNS resolver but it is not used or supported by the host OS [12307]
Dataplane¶
Cannot create
rx-queues
for interfaces on KVM and VirtualBox [3674]TNSR on AWS does not pass traffic when using the
igb_uio
oruio_pci_generic
driver [7015]SEGV in VPP [9312]
Dataplane fails to start up after system reboot if it is configured to use number of huge pages that exceeds the default number [10848]
Interrupt mode does not work on Mellanox NICs [11222]
VPP fails to start after configuring DPDK driver
default
in TNSR [11949]TNSR can ping its own administratively down interfaces [12559]
Inconsistent behavior of CLI and RESTCONF when
dataplane dpdk outer-checksum-offload
is enabled [12585]Dataplane does not prevent adding the same interface to whitelist and blacklist on Azure [12595]
Setting adaptive mode on
BondEthernet<X>
interfaces does not place parent interfaces in adaptive mode [12627]Cannot configure
rx-queue
on parents of bond interface [13034]VPP debug console
show errors
output includes info/error counts for graph nodes which are not in use [13035]vHost User interfaces cannot be placed in adaptive mode when not linked to virtual machine [13233]
Configuring a vHost User interface with Interrupt or adaptive mode causes loss of connectivity [13237]
Interrupt
rx-mode
fails with Ethernet Controller I226-V (rev 04) [15756]2MB hugepages improperly allocated on multi-NUMA systems [15987]
VPP tap interfaces are always bound to NUMA node 0 [16862]
General¶
Non-root users cannot access the FRR log file [4826]
Unable to specify TNSR interface as a source in
ping
andtraceroute
commands via REST [5605]Startup entry is not created in configuration history log [7400]
Cannot commit a candidate configuration database if a
tap
interface is present [7458]Incorrect error message is shown when removing ABF policy attached to an interface [9530]
system-ping
call via REST does not return any data if it is called withtimeout
flag and no response from the server [10608]tnsr-backup
utility does not backup or restore file ownership data [11270]Service control operations for a specific FRR service affect all FRR services [11592]
Remote logging filters do not work [16638]
Remote logging does not support servers located in custom VRFs [16650]
TNSR does not update the address of a remote logging server configured with an FQDN if the server IP address changes [16654]
Host¶
Cannot configure the default gateway for host namespace via TNSR CLI [3702]
VRF interface for a custom route table persists in the operating system after restarting services [4866]
dns-resolver
configured for host namespace remains in system after removing from TNSR [7830]dns-resolver
configuration values forhost
namespace remain inresolv.conf
after restarting TNSR [7975]Some host route options configured in TNSR are not applied correctly by the Linux network subsystem [10827]
Some types of host static routes are not displayed by
show host route
command [10905]Option
scope
for IPv6 host static routes does not apply in the Linux network subsystem [11011]DNS issues can occur with netplan configurations containing static interface addresses [11017]
TNSR shows incorrect Link MTU for host OS loopback (
lo
) interface [11596]Configuring a host static route on a host TAP interface results in an incorrect Netplan configuration [12004]
show host route
output does not containprotocol
value for routes obtained from DHCP [12095]Host ACL descriptions are not displayed anywhere [16453]
Host ACL rule pointing to a missing host interface gets applied anyway [16612]
Host Netfilter¶
TNSR incorrectly creates host ACL rules with only IP version configured [16208]
IPsec¶
IPsec daemon does not support using non-default VRF entries [7266]
Cannot disable IPsec
dpd-interval
option [8012]Cannot configure IPsec with
manual
key type [8396]Error when creating IPsec tunnel via RESTCONF with
tunnel-enable
set [8432]IPsec tunnel without a child SA does not appear in IPsec state data [8433]
IPsec tunnel with initially unresolvable FQDN destination does not pass traffic after remote address gets resolved if there is another IPsec tunnel using the same source [10798]
IPsec tunnel with mismatched peer ID types connects but does not pass traffic [15848]
IPsec site-to-site tunnel fails after connecting remote access IPsec client from the same endpoint address [16506]
IPsec tunnel fails to pass tunneled traffic if remote FQDN resolves to a different address or after VRRP preempt event [16884]
Installation¶
TNSR installer fails if interfaces are configured with IP addresses but have no Internet connectivity [7807]
Interfaces¶
Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]
Reassembly timeout is not working when full IP reassembly is configured [3269]
Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]
Second fragment of a packet is not virtually reassembled when
max-reassemblies
is set to1
[3384]Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]
Netgate 1541 link speed auto-negotiation incorrect with direct connected interfaces [5323]
Errors indicate TNSR is attempting to assign a MAC address to IPsec
ipipX
interfaces [6285]L3 packets can be sent from bridged interfaces [6975]
Unable to setup DPDK
uio_pci_generic
driver on Netgate 1541 [6981]TAP instance
tcpdump
method only captures received packets [7137]Pings between IPIP interfaces become intermittent when BGP is applied to them [7392]
Interface IP address is shown in IPv4 route table instead of associated subnet [7511]
Setting a new MTU value does not affect the MRU for IPv6 packets [8245]
Unable to delete link MTU from an interface when default MTU is set less than
1280
[8837]Evaluate presence of interface configuration items for loopback interfaces [9380]
Reinstantiation of an interface does not automatically re-create subinterfaces [10725]
show interface tap
does not print IPv4 and IPv6 gateway information [10849]show interface <name> subif
command does not produce any output [10879]Unable to configure interrupt mode with driver set to
uio_pci_generic
[11279]It is possible to configure a multicast or broadcast MAC address on an interface [11454]
VPP can push unlimited number of VLAN tags to a packet [11509]
IPv6 ping from TNSR through a vhost-user interface stops working after down/up of
eth0
interface in guest VM [11847]Unable to create a guest VM when a vhost-user interface configured as
server-mode
[11864]Restarting the dataplane service when a vhost-user interface is in
server-mode
causes theVirtualEthernet
interface to shut down [11885]no enable event-index
command disables avhost-user
interface [11890]Removing vhost-user options
disable merge-rx-buffers
ordisable indirect-descriptors
does not affect the vhost-user interface state [11896]Removing vhost-user options
disable merge-rx-buffers
,disable indirect-descriptors
disables a vhost-user interface inserver-mode
[11929]Values that TNSR configure due to executing
dataplane vhost-user coalesce-time
don’t displayed correctly byvppctl show vhost-user
[12066]Configuring MAC address on bond interface causes its subinterface to disappear [12139]
Unable to add interface to bond with previously configured and then deleted IPv4 or IPv6 address [12368]
Configuring the same VLAN tag on multiple subinterfaces causes an existing subinterface to disappear [12394]
Bond interfaces take longer than expected to pass traffic on hardware installations [12615]
Adaptive mode on vhost-user interfaces does not place the interface in adaptive mode [13232]
Invalid error counter content for 10G interfaces on Netgate 6100 [15747]
Users are unable to authenticate against any LDAP server after a failed member of a server group recovers [15781]
The
show ldap
command does not provide correct information which LDAP server is used for authentication [15787]The
show radius servers
command does not provide correct information about which RADIUS server is used for authentication [15788]IPsec ignores RADIUS
source-address
configuration [15810]Error applying one configuration over another when loading candidate configuration databases from files [15816]
TNSR does not display the value of
vhost-user
interfacepacked-ring
option [15879]A disabled bond LACP interface continues to send LACPDUs [16857]
Cannot change existing interface inside/outside NAT value [16892]
LLDP¶
no lldp enable
command shows CLI error [10925]LLDP interface configuration parameters cannot be removed via CLI [10982]
TNSR sends incorrect LLDP management address if only
lldp port-name
is configured on an interface [11047]TNSR continues sending LLDP frames after
lldp port-name
is removed from an interface using RESTCONF [11048]LLDP router configuration cannot be removed [11049]
Memif¶
Unable to connect to
memif
interface using default socket [4448]It is possible to have a memif interface pointing to a nonexistent socket [11201]
Incorrect state data is shown for memif interfaces [11202]
Impossible to set both
rx-queues
andtx-queues
for a memif interface via CLI [11218]Dataplane restart is required to change the MAC address of a memif interface [11220]
Cannot enter a secret phrase with spaces for a memif interface via CLI [11228]
Multiple memif interfaces can be configured using the same role and sockets [11230]
Memif interface configuration disappears after dataplane restart [11280]
VPP crashes when sending some commands to its memif socket [11293]
Non-default memif interface parameters can be applied only after dataplane restart [11294]
Its possible to create memif socket with incorrect filename [11295]
Memif socket file still exists in Host OS filesystem after being deleted from TNSR [11365]
Memif options
rx-queues
andtx-queues
are not shown when executingshow configuration running cli
command [11453]Memif instance configuration disappears when one of its options is changed [11473]
Link status of the memif interface can be
up
even if admin status isdown
[11474]Default memif interface parameter
role server
is not present in configuration [11478]
NACM¶
It is possible to remove an NACM group used in a rule list [10115]
NAT¶
Full IP reassembly does not work with MAP [3386]
MAP-T adds bogus zeroes when translating short IPv4 to IPv6 [3460]
NAT pool route table option only available when specifying a range [3628]
Packets larger than
2034
bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]
TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]
MAP does not relay IPv6 ICMP error messages to IPv4 [3809]
NAT static mappings for ICMP do not work [4373]
NAT static mappings for TCP/UDP protocol on
any
port result in translation for port0
instead [4384]NAT static mappings assume external port
0
when port is omitted [4432]Packets not destined to a NAT pool are dropped when NAT simple mode is configured with
out2in-dpo
option [4927]Full IPv4 reassembly doesn’t work with NAT endpoint-independent mode [5476]
Dataplane SIGSEGV crash and backtrace when exceeding NAT session limit [6551]
Expired NAT sessions become active again when increasing the timeout value [7090]
NAT sessions do not expire in endpoint-independent mode [7098]
Cannot commit a clean candidate configuration database if NAT static mapping is configured [7286]
Unable to establish NAT hairpin connection [8014]
Routing through NAT in EI mode does not work if NAT outside interface is IPIP or GRE [8333]
Traffic from TNSR itself sourced from inside NAT interface does not get NAT applied when egressing via NAT outside interface [9706]
NAT side of an interface can be incorrect in state data after removing and reapplying NAT settings [12426]
Cannot change NAT pool address values [16891]
Interface missing from NAT pool configuration after removing twice NAT property [16905]
Cannot change
out-to-in-only
andtwice-nat
options on NAT mapping entries [16912]
NTP¶
NTP does not properly handle IPv6 restrictions [4626]
Delay in CLI display of NTP configuration when NTP has
noquery
set [6818]Interfaces in the TNSR NTP configuration are not validated when generating the NTP daemon configuration [7153]
NTP daemon does not collect statistics [13483]
NTP does not switch to orphan mode even if all UTC reference peers below this stratum are unreachable [13511]
NTP does not take
tinker panic
value into account when synchronizing the clock with a remote peer [15741]
Neighbor / ARP / NDP¶
Packet loss during ARP transactions [2868]
The MAC address of a static IPv6 neighbor cannot be changed [4454]
Neighbor cache value for
max-number
is not honored if current neighbor count is larger than the configured value [12389]Neighbor option
no-adj-route-table-entry
does not function as expected [12614]
Operating System¶
Errors at boot from enabled but unpopulated Universal Flash Storage Host Controller Driver (ufshcd) storage [11633]
Poor read/write performance when installed to eMMC (15GB Ultra HS-COMBO) [11688]
systemd timer update-notifier-download.service
runs every 24 hours but does not appear to do anything [15950]systemd timer motd-news.timer
runs twice a day and logs a failure message [16026]
PKI¶
PKCS#12 archives are not generated correctly when the
ca-name
is not specified [10320]PKI private key algorithm
ec-p256
does not work properly when configured via RESTCONF/GUI [16130]
RESTCONF¶
Adding a user via RESTCONF requires a password even when providing an ssh key [2875]
RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]
OSPF interfaces are not validated when configured via RESTCONF [3528]
Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]
Response of
/restconf/data/
and/restconf/data/netgate-interface:interfaces-state/
does not include any of*-table
[5399]RESTCONF allows configuring dataplane options for non-existent devices [5748]
RESTCONF
route-state
response does not contain actual state data [7115]RESTCONF dataplane service does not work on interfaces in a non-default VRF [7265]
History version count does not match the count of REST configuration requests if they are sent without a delay [7440]
Unable to clear trace filters over RESTCONF [9476]
RESTCONF does not validate payload body to prevent invalid arguments in certain cases [10413]
RESTCONF does not work with IPv6 sockets after TNSR reboot [10729]
Non-working RPC left in TNSR after removal of NGINX [11603]
Incorrect status can be shown for RESTCONF service [11657]
Routing¶
BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]
BGP network backdoor feature isn’t working without service restart [2873]
BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]
Unable to verify dynamic BGP peer information from TNSR CLI [3044]
Unable to delete OSPF3 config for an interface [3481]
TNSR does not prevent creating static routes for directly connected networks [3813]
OSPF conditional default route injection does not work [3846]
Unable to verify received routes when high number of routes received via BGP [3918]
TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]
Reverting to the startup configuration doesn’t restore packet forwarding for BGP over IPsec prefixes [5321]
RIP
route-map-filter
option does not filter routes [5910]Unable to disable IPv4 AF without BGP service restart [6393]
BGP failover logs “Failed to delete neighbor” error from
linux-cp
[6400]Unable to remove OSPF
virtual-link
configuration [6962]OSPF can announce interfaces from other VRFs on initial configuration [7002]
Cannot add a static recursive route [7010]
VPP crashes on applying custom VRF to loopback interface used in OSPF [7056]
Creating
route-map
,prefix-list
, oraccess-list
entries takes longer than expected [7068]Cannot disable logging of adjacency changes for OSPF6 if
detail
option is set [7097]Routes that exactly overlap an interface link route are accepted by CLI but are problematic [7101]
OSPF neighbor adjacency is established in wrong VRF in VirtualBox [7144]
Interfaces in the TNSR RIP configuration are not validated when generating the FRR RIP daemon configuration [7155]
Interfaces in TNSR
route-map
entries are not validated when generating the FRR daemon configurations [7156]Interfaces in the TNSR OSPF configuration are not validated when generating the FRR OSPF daemon configuration [7177]
Interfaces in the TNSR BGP configuration are not validated when generating the FRR BGP daemon configuration [7218]
OSPF logging for some options does not work if logging level is set explicitly [7411]
BGP debug option
updates in <peer>
does not filter messages for selected peer [7476]BGP address family neighbor option
maximum-prefix restart
does not work correctly [7709]Malfunction of BGP process after entering
maximum-prefix restart
without the basicmaximum-prefix limit
command [7748]OSPF6 does not advertise loopback address to another area if the loopback is configured first [7757]
Routes remain in table after interface with VRRP configured is marked down until dataplane is restarted [7790]
OSPF stops working after configuring
mtu-ignore
option on an interface [8085]Routes do not match by
route-map
if match criteria is set toip next-hop ...
[8148]Output of show conf differs for route-map [8375]
Route map
source-protocol
match condition matches routes from any source [8381]Cannot change distance for one BGP prefix [8690]
Forwarding address from OSPF6 LSA5 is not installed as the next hop for the route [8732]
BGP
bestpath med missing-as-worst
command does not function correctly [8805]OSPFv3 repeatedly drops connection on AWS when redistribution is configured [8822]
Route Map with IPv6 Access List does not filter redistributed OSPF6 routes [8857]
Route-Map
set src
option does not function correctly [9045]show route
displays no routes for a VRF until it is placed on an interface [9073]FRR cannot connect to RPKI cache server if a route to it does not exist in default VRF [9146]
The
redistribute kernel
andimport vrf
BGP options do not work at the same time if the static route is redistributed with an output interface in a third-party VRF [9147]Applying a subsequent route map with
import vrf
cancels a previous applied route map [9156]A route map applied to the
import vrf
option using a prefix list does not work correctly [9235]Changing BGP
as-number
in default VRF leads to the termination of the import of routes to another VRF [9244]Cannot change an interface to a new VRF when BGP is configured to import the current VRF [9259]
Changing an interface VRF does not stop importing routes from the previous VRF [9298]
RPKI
expire-interval
option does not get put into the FRR running configuration after restarting BGP/dataplane [9331]Route maps with
match rpki *
conditions do not get re-applied when RPKI status of routes changes [9439]set community
command disappears from FRR configuration without warning after setting an invalid community [9508]Suppression of specific routes when applied to an aggregated route of a route map containing
set aggregator as <asn> ip address <ipv4-address>
command [9547]BGP
soft-reconfiguration inbound
option does not work for IPv6 peers [10086]BGP selects incorrect path to a network when changing
bestpath
rules [10210]zebra
causes out-of-memory error on AWS when restarting TNSR after receiving 1.5-2 million prefixes via BGP [10273]FRR fails to reload configuration if
set as-path prepend
values are incorrectly enclosed in quotes [10309]OSPF6 conditional default route injection does not work correctly [10311]
BGP
route-reflector-client
option does not work on neighbor configurations using IP addresses instead of peer groups [10356]Cannot remove BGP
unsuppress-map
option by route-map name for IPv6 neighbor [10409]OSPFv3
default-information originate
options do not stack when configured separately [10478]OSPFv2
metric-type 2
option explicitly set fordefault-information originate
does not get placed into the FRR configuration [10479]Unexpected delay in distribution of route information between OSPF database and RIB during propagation of OSPF default route [10721]
Static route with next-hop IP address located on a DHCP client interface causes
clixon_backend
to fail [11765]Routes with a
via local
destination are not available to FRR as kernel routes [11887]CLI expansion does not work for
prefix-list
configuration in BGPaddress-family
/neighbor
section [11888]A
prefix-list
can be configured with an invalid sequence number (0
) [11889]TNSR fails to show routes if there are IPv4 routes with IPv6 next-hops [12060]
TNSR cannot commit configuration candidate database loaded from a file if it contains changed ABF policy attached to interface [12248]
BFD in a non-default VRF takes longer than expected to act on peer state changes [12500]
RIP
offset-list
configuration without a specific interface name causes an FRR configuration error [12716]RIP outgoing
offset-list
does not function when configured together with incomingoffset-list
on the same interface [12718]Cannot configure an administrative distance for a static route which is respected by dynamic routing [12761]
RIP
distribution-list
entries do not work correctly [12762]BGP
graceful-restart
optionselect-defer-time
does not function as expected [12946]BGP
graceful-restart
status includes duplicate IPv6 neighbor information [12979]BGP peer with
graceful-restart
enabled does not retain routes while BGP service is stopped [13039]BGP
peer-group
can be removed even if it is in use by peer [13205]BGP peer does not change ORF received
prefix-list
when BGP speaker replacesprefix-list
by another [13213]CLI does not expand VRF names for dynamic routing protocols BGP/OSPF/RIP [15828]
Dynamic routing protocols BGP/OSPF/RIP allow configuring non-existent VRF with
server vrf <name>
[15829]Connected interface routes not withdrawn from routing table when link is down [15832]
Adding or removing
route-map
withatomic-aggregate
attribute set requires BGP restart [16039]Unable to specify more than one community without quoting when configuring
set
in route-map section [16102]Route map
set community
command allows community values which are not well-known communities, but those values are not used in FRR [16165]BGP extended community is removed when routes are handled by
import vrf
option [16176]Adding the
force
parameter to thenext-hop-self
option creates two separate lines in BGP configuration [16369]Prefix list
le
andge
parameters are always present in theshow running-configuration
output, even if they have not been configured [16425]Route map parameter
on-match goto
value is not validated and can point to itself [16576]Route map parameter
call <rt-map-name>
is not validated and can point to its own route map [16577]FRR failing with
has not made any SendQ progress
error message in logs [16592]Zebra continues advertising kernel routes resolved via interface with link down state [16684]
Some routes are not installed from FRR RIB to VPP FIB [16686]
VPP logs warning messages when running the
show route
command with large route tables [16793]
SNMP / IPFIX / Prometheus¶
Prometheus filters with non-alphanumeric characters can cause HTTP requests to fail [5467]
Prometheus filters containing spaces cannot be removed [5470]
SNMP does not work on interfaces in a non-default VRF [7261]
SNMP view configured with source address
default
does not accept queries from IPv6 addresses [12053]VPP shows incorrect values for configured IPFIX cache timeout settings if they are greater than 2^31 [12094]
VPP crash during NAT
out2in slowpath
[12099]Unable to remove remove SNMP access group entry with specific
security-model
[12668]
SPAN¶
Incorrect error message when requesting SPAN info from a missing interface [7209]
SPAN does not work correctly for outbound packets on VLAN subinterface [7801]
Static Routes¶
Static route description is not showing up in show commands or REST state data [5478]
Static route overwrites kernel route in the operating system routing table [7215]
Transit traffic goes to an interface with inactive link when there is another (active) path [8041]
RESTCONF query does not return VRF entry descriptions [13490]
Tunnel Protocols¶
TNSR IPv6 interface address does not appear in traceroute when next-hop is IPsec tunnel interface [5178]
VxLAN with multicast destination does not pass traffic [6491]
GRE interface configuration remains in running config after changing GRE tunnel ID [7050]
Configuring option
route-table
in a WireGuard peer does not affectnext-hop
lookup of the endpoint address [8070]VPP processes packets received on disabled tunnel interfaces [8111]
WireGuard tunnel interfaces still function with a
tunnel next-hops
entry having an incorrectnext-hop-address
[8256]Tunnel next-hop entries do not function in non-default VRFs [8653]
Incorrect WireGuard tunnel next-hop after roaming [8764]
IPIP interface loses attached ACLs when DNS resolution of the remote endpoint changes [10171]
IPIP interface loses TCP MSS setting when DNS resolution of the remote endpoint changes [10312]
IPv6 VxLAN does not pass traffic if it is configured over IPv6 IPsec [10592]
Lower than expected throughput over VXLAN interfaces terminated on a loopback BVI [10643]
It is possible to create a WireGuard instance and peer without a
port
value [11114]It is possible to specify different address families for WireGuard source address and Peer endpoint address [11175]
Removing WireGuard peer causes an error message [11209]
WireGuard instance can be deleted even if it contains peers [11217]
VXLAN configuration commands are not validated while the dataplane is stopped, invalid configurations created in this state cannot be deleted [16812]
Updates¶
Router upgraded to 22.10-2 will not start without an IKE prf entry [9368]
VRRP¶
Network loop caused VRRP traffic flood and VPP core dump [15837]
clixon¶
log_upgrade does not print cxobj paths correctly in tnsr-upgrade.log [4747]
clixon_backend exhausts memory while displaying high amount of routes [5226]
Configuration upgrade does not run when loading configuration via history [6968]
Unable to set up a password that starts and finishes with a double quotation mark [7571]
Unable to set up a password that contains a backslash symbol [7572]
clixon-backend fails when interfaces are removed [11518]
clixon-backend
fails if any PKI entries referenced in the RESTCONF configuration are missing [11988]