TNSR 25.02 Release Notes

About the TNSR 25.02 Release

This is a regularly scheduled TNSR software release including new features and bug fixes.

General

• Kea DHCP now contains a standard option definition for DHCP option 121 (classless-static-route). Configurations which had this option defined as a custom option will be automatically upgraded to the new format.

• The format of the v4-dnr Kea DHCP standard option definition (162) has changed. Update definitions to the new format as needed.

Changes

Changes in TNSR software version 25.02

ACLs

• Fixed: Attempting to remove an in-use ACL produces an ambiguous error message [11066]

Bridge

• Fixed: clixon-backend fails to restart while TNSR is running when bridge domains are enabled [18027]

CLI

• Fixed: CLI expansion does not include existing peer-group values when adding a peer-group to a BGP neighbor [17671]

• Fixed: CLI configuration command output prints wrong syntax for OSPF dead-interval minimal hello-multiplier [18401]

Clixon

• Added: TNSR SSH support for NETCONF [17155]

DHCP Server

• Fixed: Cannot configure DHCP server option 124 vivco-suboptions [12805]

• Fixed: Full DHCP relay state cannot be directly queried via RESTCONF [17905]

• Fixed: Cannot filter show dhcp-relay output by VRF [17907]

• Fixed: Cannot configure DHCP Server option rdnss-selection [18182]

• Fixed: Cannot configure DHCP Server option option-6rd [18213]

• Fixed: Cannot configure DHCP Server option v4-sztp-redirect [18214]

• Fixed: CLI expansion and entered values work incorrectly for array option in DHCP option-def mode [18593]

Dataplane

• Added: Update VPP to stable/2410 (DPDK 24.07) [17931]

General

• Fixed: Incorrect error message when removing ABF policy attached to an interface [9530]

• Changed: Include full syslog file contents in tnsr-diag archive [18024]

Host

• Added: SSH Subsystem NETCONF for use with Clixon Controller [17154]

• Changed: Option to configure VFIO noiommu behavior [17886]

• Added: Include ipmitool package in TNSR installation [17919]

IPsec

• Added: Description for IPIP and IPsec configuration entries [11265]

Interfaces

• Fixed: Invalid error counter content for 10Gbit/s interfaces on Netgate 6100 [15747]

• Fixed: Clearing IPv4 configuration from interface does not allow addition as a bond member [17433]

• Fixed: IPv6 Router Solicitations do not function on VLAN subinterfaces [18042]

• Fixed: show interface attempts to dump RX queue placement information for VLAN and tun interfaces [18155]

• Added: Interface name expansion for ping and traceroute commands [18299]

Routing

• Added: Unicast Reverse Path Forwarding (uRPF) [17955]

• Added: BGP roles (RFC 9243) [17971]

Security - IDS/IPS

• Added: VPP Snort DAQ Integration [17163]

Tunnel Protocols

• Fixed: WireGuard tunnel interfaces still function with a tunnel next-hops entry having an incorrect next-hop-address [8256]

VPF Filter/NAT

• Added: Optional description for VPF table prefixes [17363]

• Fixed: TNSR responds with incorrect source and destination IP addresses when return-rst or return-icmp options are configured in outgoing VPF filter rules [17904]

• Fixed: VPF outbound source NAT does not work on WireGuard tunnel interfaces [17982]

• Fixed: VPF filters IPv6 traffic with IPv6 allow all rule [18006]

• Fixed: Interfaces are not listed in show vpf options output after restarting the dataplane [18035]

• Fixed: VPF drops reply traffic over WireGuard interfaces when the source of the outbound traffic is not local to the dataplane [18082]

• Fixed: VPF exhausts session count limits [18292]

• Added: VRF-bound VPF filter and NAT rules [18409]

• Fixed: Cannot enable VPF while VRRP transitions are in progress [18461]

• Fixed: VPF does not respect startup port-mappings configuration [18653]

Known Issues

Known Issues in TNSR software version 25.02

ACLs

• ACL with deny rule partially drops fragmented packets [12664]

• MACIP ACL requires ip-version when not specifying an IP address on the ACL [16764]

Authentication

• Timeout option in LDAP configuration does not work as expected [13420]

• Specifying a source IPv6 address in RADIUS configuration does not work correctly [15900]

• Unable to retrieve LDAP configuration via RESTCONF [16018]

• Cannot delete LDAP transport options using RESTCONF [16244]

• RADIUS does not support servers located in custom VRFs [16642]

• Incorrect ownership on user SSH keys prevents successful authentication [16722]

• TNSR cannot fully manage the default tnsr user [18654]

BFD

• IPv6 session is not restored when virtual direct link gets disabled/enabled [4916]

• TNSR cannot commit configuration candidate database loaded from a file if it contains a BFD session for an interface that does not exist [7150]

• BFD configuration inconsistently displayed [9425]

• No ping response from peer when BFD session is down [9447]

• IPv6 BFD sessions are intolerant of dataplane restart [9475]

Bridge

• Bridging fails with virtual interfaces as members [7762]

• TNSR does not retransmit ARP replies if arp entry option is enabled in a bridge domain [10880]

• Bridge domain shg and bvi options cannot be removed alone without bridge domain in interface configuration [10926]

• Options flood and uu-flood in config-bridge mode look the same in VPP DPDK trace [11113]

CLI

• Deleting the startup configuration database does not fully remove the active configuration [3723]

• Specifying interface to traceroute requires root privileges [5376]

• Input validation of unbound message cache slabs value does not work as expected [5472]

• CLI and RESTCONF behavior are different for no bgp default ipv4-unicast [6303]

• RIP information does not contain a legend for kernel routes [7230]

• CLI shows incorrect routing table attached to an interface in cloud environments [10589]

• VRRP prints empty interface definitions in show config running cli output [11072]

• Update “reflect” action description under ACL config [11093]

• CLI expansion works incorrectly for OSPF/OSPF6 area configuration [11152]

• Incorrect CLI expansion for VLAN tags configured on a sub-interface [11508]

• CLI commands are not generated for RESTCONF coredump configuration [11650]

• It is impossible to remove RESTCONF certificates and key via CLI [11685]

• RESTCONF status does not show information about multiple sockets [11691]

• CLI commands containing RX queue configuration fail to apply on a clean TNSR instance [11737]

• Excess newlines are added to user-key content when adding an SSH key from the CLI [12369]

• Unable to delete password from authentication user entry via CLI [12482]

• CLI expansion and verification do not work for next-hop-table field when creating a static route [12494]

• Attempting to set a description on a BGP prefix-list fails [13073]

• show ipsec tunnel exits with an error when TNSR has no IPsec configuration [13463]

• Attempting to remove a single NAT pool address results in “Unspecified Error” message [16150]

• CLI expansion help text is unclear when entering match as-path in route map configuration [16242]

• TNSR does not validate network address location within BGP address-family configuration [16407]

• Values for after-time and before-time options for show logging command are not validated [16578]

• CLI freezes when trying to run show route | match <text> command with a large routing table [16625]

• “| count” and “| tail” options in CLI works very slow for big number of lines [17145]

• Configuring host interface static address does not persist, reverts to DHCP [17922]

Clixon

• clixon_backend exhausts memory while displaying a large volume of routes [5226]

• Configuration upgrade does not run when loading configuration via history [6968]

• Unable to set up a password that starts and finishes with a double quotation mark [7571]

• Unable to set up a password that contains a backslash symbol [7572]

• clixon_backend fails when configured interfaces are not present in hardware [11518]

• clixon_backend fails if any PKI entries referenced in the RESTCONF configuration are missing [11988]

• RIP interface key-chain value is not validated when configured via RESTCONF [17396]

Counters

• Contradictory output of detailed counters on bond interface in ‘broadcast’ mode [8351]

DHCP Client

• Host OS systemd-networkd service defaults to DHCPv4/RoutesToDNS=true even when the DNS server is non-adjacent [11444]

• DHCP client sends an incorrect packet when releasing an IP address [17855]

DHCP Server

• CLI offers to delete mandatory variable in DHCP server subnet configuration [5240]

• DHCP4 Kea config-file output shows VPP TAP interface names in its configuration instead of TNSR interface names [5264]

• Unable to setup a custom DHCP option with certain data types in the record [5299]

• The command no authoritative in global DHCP server configuration does not work as expected [12388]

• TNSR incorrectly allows configuring a DHCP pool outside the subnet on an interface, which prevents the DHCP daemon from starting [12470]

• service dhcp4 reload command is restarting the service instead of reloading the configuration [15976]

• DHCP relay proxies DHCPv6 packets other than SOLICIT to first server only [17815]

DNS

• show system output does not contain DNS resolver parameters [5397]

• Unbound fails to start with one or more values set to zero [11773]

• Unbound cannot be configured to bind on IPv6 address [11854]

• RESTCONF allows configuring a port for the system DNS resolver but it is not used or supported by the host OS [12307]

Dataplane

• Cannot create rx-queues for interfaces on KVM and VirtualBox [3674]

• TNSR on AWS does not pass traffic when using the igb_uio or uio_pci_generic driver [7015]

• SEGV in VPP [9312]

• Dataplane fails to start up after system reboot if it is configured to use number of huge pages that exceeds the default number [10848]

• Interrupt mode does not work on Mellanox NICs [11222]

• VPP fails to start after configuring DPDK driver default in TNSR [11949]

• Inconsistent behavior of CLI and RESTCONF when dataplane dpdk outer-checksum-offload is enabled [12585]

• Dataplane does not prevent adding the same interface to whitelist and blacklist on Azure [12595]

• Cannot set RX mode on members of a bond interface [12627]

• Cannot configure RX queue placement on members of bond interface [13034]

• VPP debug console show errors output includes info/error counts for graph nodes which are not in use [13035]

• vHost User interfaces cannot be placed in adaptive mode when not linked to virtual machine [13233]

• Configuring a vHost User interface with Interrupt or adaptive mode causes loss of connectivity [13237]

• Interrupt rx-mode fails with Ethernet Controller I226-V (rev 04) [15756]

• 2MB hugepages improperly allocated on multi-NUMA systems [15987]

• Adaptive mode on virtio interfaces caues loss of connectivity [17098]

General

• Non-root users cannot access the FRR log file [4826]

• Unable to specify TNSR interface as a source in ping and traceroute commands via REST [5605]

• Startup entry is not created in configuration history log [7400]

• Cannot commit a candidate configuration database if a tap interface is present [7458]

• system-ping call via REST does not return any data if it is called with timeout flag and no response from the server [10608]

• tnsr-backup utility does not backup or restore file ownership data [11270]

• Service control operations for a specific FRR service affect all FRR services [11592]

• Remote logging filters do not work [16638]

• Remote logging does not support servers located in custom VRFs [16650]

• TNSR does not update the address of a remote logging server configured with an FQDN if the server IP address changes [16654]

Host

• Cannot configure the default gateway for host namespace via TNSR CLI [3702]

• VRF interface for a custom route table persists in the operating system after restarting services [4866]

• dns-resolver configured for host namespace remains in system after removing from TNSR [7830]

• dns-resolver configuration values for host namespace remain in resolv.conf after restarting TNSR [7975]

• Some host route options configured in TNSR are not applied correctly by the Linux network subsystem [10827]

• Some types of host static routes are not displayed by show host route command [10905]

• Option scope for IPv6 host static routes does not apply in the Linux network subsystem [11011]

• DNS issues can occur with netplan configurations containing static interface addresses [11017]

• TNSR shows incorrect Link MTU for host OS loopback (lo) interface [11596]

• show host route output does not contain protocol value for routes obtained from DHCP [12095]

• Host ACLs created in TNSR are not removed when restarting with a clean startup configuration database [16400]

• Host ACL descriptions are not displayed anywhere [16453]

• Host ACL rule pointing to a missing host interface gets applied anyway [16612]

Host Netfilter

• TNSR incorrectly creates host ACL rules with only IP version configured [16208]

IPsec

• IPsec daemon does not support using non-default VRF entries [7266]

• Cannot disable IPsec dpd-interval option [8012]

• Cannot configure IPsec with manual key type [8396]

• Error when creating IPsec tunnel via RESTCONF with tunnel-enable set [8432]

• IPsec tunnel without a child SA does not appear in IPsec state data [8433]

• IPsec tunnel with initially unresolvable FQDN destination does not pass traffic after remote address gets resolved if there is another IPsec tunnel using the same source [10798]

• IPsec site-to-site tunnel fails after connecting remote access IPsec client from the same endpoint address [16506]

Installation

• TNSR installer fails if interfaces are configured with IP addresses but have no Internet connectivity [7807]

• 24.06 ISO installation updates to kernel 5.15.0-116-generic which breaks the igb_uio module [16986]

• Clean installation doesn’t have input validation for multiple gateways [17133]

• TNSR install without network connectivity fails. [18424]

Interfaces

• Invalid routes remain in table when next-hop IP address is no longer directly connected [3161]

• Reassembly timeout is not working when full IP reassembly is configured [3269]

• Shallow virtual reassembly cannot be disabled when it is implicitly enabled by other features [3361]

• Second fragment of a packet is not virtually reassembled when max-reassemblies is set to 1 [3384]

• Unable to delete a MAC address explicitly set for the TNSR side of a TAP interface [4433]

• Netgate 1541 link speed auto-negotiation incorrect with direct connected interfaces [5323]

• Errors indicate TNSR is attempting to assign a MAC address to IPsec ipipX interfaces [6285]

• L3 packets can be sent from bridged interfaces [6975]

• Unable to setup DPDK uio_pci_generic driver on Netgate 1541 [6981]

• TAP instance tcpdump method only captures received packets [7137]

• Pings between IPIP interfaces become intermittent when BGP is applied to them [7392]

• Interface IP address is shown in IPv4 route table instead of associated subnet [7511]

• Setting a new MTU value does not affect the MRU for IPv6 packets [8245]

• Unable to delete link MTU from an interface when default MTU is set less than 1280 [8837]

• Evaluate presence of interface configuration items for loopback interfaces [9380]

• Reinstantiation of an interface does not automatically re-create subinterfaces [10725]

• show interface tap does not print IPv4 and IPv6 gateway information [10849]

• show interface <name> subif command does not produce any output [10879]

• Unable to configure interrupt mode with driver set to uio_pci_generic [11279]

• It is possible to configure a multicast or broadcast MAC address on an interface [11454]

• VPP can push unlimited number of VLAN tags to a packet [11509]

• IPv6 ping from TNSR through a vhost-user interface stops working after down/up of eth0 interface in guest VM [11847]

• Unable to create a guest VM when a vhost-user interface configured as server-mode [11864]

• Restarting the dataplane service when a vhost-user interface is in server-mode causes the VirtualEthernet interface to shut down [11885]

• no enable event-index command disables a vhost-user interface [11890]

• Removing vhost-user options disable merge-rx-buffers or disable indirect-descriptors does not affect the vhost-user interface state [11896]

• Removing vhost-user options disable merge-rx-buffers, disable indirect-descriptors disables a vhost-user interface in server-mode [11929]

• Values that TNSR configure due to executing dataplane vhost-user coalesce-time don’t displayed correctly by vppctl show vhost-user [12066]

• Configuring MAC address on bond interface causes its subinterface to disappear [12139]

• Unable to add interface to bond with previously configured and then deleted IPv4 or IPv6 address [12368]

• Configuring the same VLAN tag on multiple subinterfaces causes an existing subinterface to disappear [12394]

• Bond interfaces take longer than expected to pass traffic on hardware installations [12615]

• Adaptive mode on vhost-user interfaces does not place the interface in adaptive mode [13232]

• Users are unable to authenticate against any LDAP server after a failed member of a server group recovers [15781]

• The show ldap command does not provide correct information which LDAP server is used for authentication [15787]

• The show radius servers command does not provide correct information about which RADIUS server is used for authentication [15788]

• IPsec ignores RADIUS source-address configuration [15810]

• Error applying one configuration over another when loading candidate configuration databases from files [15816]

• TNSR does not display the value of vhost-user interface packed-ring option [15879]

• A disabled bond LACP interface continues to send LACPDUs [16857]

• Cannot change existing interface inside/outside NAT value [16892]

• Interfaces with enabled MAP don’t accept Neighbor Advertisement packets [17087]

• Bond interface MTU is not configured on slave interfaces [18616]

• Interface with MTU configured cannot be added to a bond [18617]

LLDP

• no lldp enable command shows CLI error [10925]

• LLDP interface configuration parameters cannot be removed via CLI [10982]

• TNSR sends incorrect LLDP management address if only lldp port-name is configured on an interface [11047]

• TNSR continues sending LLDP frames after lldp port-name is removed from an interface using RESTCONF [11048]

• LLDP router configuration cannot be removed [11049]

Memif

• Unable to connect to memif interface using default socket [4448]

• It is possible to have a memif interface pointing to a nonexistent socket [11201]

• Incorrect state data is shown for memif interfaces [11202]

• Impossible to set both rx-queues and tx-queues for a memif interface via CLI [11218]

• Dataplane restart is required to change the MAC address of a memif interface [11220]

• Cannot enter a secret phrase with spaces for a memif interface via CLI [11228]

• Multiple memif interfaces can be configured using the same role and sockets [11230]

• Memif interface configuration disappears after dataplane restart [11280]

• VPP crashes when sending some commands to its memif socket [11293]

• Non-default memif interface parameters can be applied only after dataplane restart [11294]

• Its possible to create memif socket with incorrect filename [11295]

• Memif socket file still exists in Host OS filesystem after being deleted from TNSR [11365]

• Memif options rx-queues and tx-queues are not shown when executing show configuration running cli command [11453]

• Memif instance configuration disappears when one of its options is changed [11473]

• Link status of the memif interface can be up even if admin status is down [11474]

• Default memif interface parameter role server is not present in configuration [11478]

NACM

• It is possible to remove an NACM group used in a rule list [10115]

NAT

• Full IP reassembly does not work with MAP [3386]

• MAP-T adds bogus zeroes when translating short IPv4 to IPv6 [3460]

• NAT pool route table option only available when specifying a range [3628]

• Packets larger than 2034 bytes are dropped when performing IPv4 to IPv6 MAP translation [3742]

• MAP-T domain usage causes IPv6 traffic class value to always be copied from IPv4 ToS value [3774]

• TCP MSS value is not applied to IPv4 packets when IPv6 to IPv4 decapsulation is performed on MAP-E BR [3783]

• MAP does not relay IPv6 ICMP error messages to IPv4 [3809]

• NAT static mappings for ICMP do not work [4373]

• NAT static mappings for TCP/UDP protocol on any port result in translation for port 0 instead [4384]

• NAT static mappings assume external port 0 when port is omitted [4432]

• Packets not destined to a NAT pool are dropped when NAT simple mode is configured with out2in-dpo option [4927]

• Full IPv4 reassembly doesn’t work with NAT endpoint-independent mode [5476]

• Dataplane SIGSEGV crash and backtrace when exceeding NAT session limit [6551]

• Expired NAT sessions become active again when increasing the timeout value [7090]

• NAT sessions do not expire in endpoint-independent mode [7098]

• Cannot commit a clean candidate configuration database if NAT static mapping is configured [7286]

• Unable to establish NAT hairpin connection [8014]

• Routing through NAT in EI mode does not work if NAT outside interface is IPIP or GRE [8333]

• Traffic from TNSR itself sourced from inside NAT interface does not get NAT applied when egressing via NAT outside interface [9706]

• NAT side of an interface can be incorrect in state data after removing and reapplying NAT settings [12426]

• Cannot change NAT pool address values [16891]

• Interface missing from NAT pool configuration after removing twice NAT property [16905]

• Cannot change out-to-in-only and twice-nat options on NAT mapping entries [16912]

• GRE tunnel terminated on loopback interface is being NAT-translated without NAT-Inside definition [17591]

• VPP outside NAT adds NAT pool addresses to unspecified VRFs [17844]

• clixon-backend fails to start due to leftover Dataplane NAT configuration [18670]

NTP

• NTP does not properly handle IPv6 restrictions [4626]

• Delay in CLI display of NTP configuration when NTP has noquery set [6818]

• Interfaces in the TNSR NTP configuration are not validated when generating the NTP daemon configuration [7153]

• NTP daemon does not collect statistics [13483]

• NTP does not switch to orphan mode even if all UTC reference peers below this stratum are unreachable [13511]

• NTP does not take tinker panic value into account when synchronizing the clock with a remote peer [15741]

Neighbor / ARP / NDP

• Packet loss during ARP transactions [2868]

• The MAC address of a static IPv6 neighbor cannot be changed [4454]

• Neighbor cache value for max-number is not honored if current neighbor count is larger than the configured value [12389]

• Neighbor option no-adj-route-table-entry does not function as expected [12614]

Operating System

• Errors at boot from enabled but unpopulated Universal Flash Storage Host Controller Driver (ufshcd) storage [11633]

• Poor read/write performance when installed to eMMC (15GB Ultra HS-COMBO) [11688]

• systemd timer update-notifier-download.service runs every 24 hours but does not appear to do anything [15950]

• systemd timer motd-news.timer runs twice a day and logs a failure message [16026]

PKI

• PKCS#12 archives are not generated correctly when the ca-name is not specified [10320]

• PKI private key algorithm ec-p256 does not work properly when configured via RESTCONF/GUI [16130]

RESTCONF

• Adding a user via RESTCONF requires a password even when providing an ssh key [2875]

• RESTCONF “pretty-printed” JSON contains incorrect indentation [3521]

• OSPF interfaces are not validated when configured via RESTCONF [3528]

• Cannot change GRE tunnel type to or from ERSPAN via RESTCONF [4353]

• Response of /restconf/data/ and /restconf/data/netgate-interface:interfaces-state/ does not include any of *-table [5399]

• RESTCONF allows configuring dataplane options for non-existent devices [5748]

• RESTCONF route-state response does not contain actual state data [7115]

• RESTCONF dataplane service does not work on interfaces in a non-default VRF [7265]

• History version count does not match the count of REST configuration requests if they are sent without a delay [7440]

• Unable to clear trace filters over RESTCONF [9476]

• RESTCONF does not validate payload body to prevent invalid arguments in certain cases [10413]

• RESTCONF does not work with IPv6 sockets after TNSR reboot [10729]

• Non-working RPC left in TNSR after removal of NGINX [11603]

• Incorrect status can be shown for RESTCONF service [11657]

• RESTCONF returns incorrect response code when Accept header contains an unsupported type [17346]

• service restconf coredump parameters inconsistent with all other service <name> coredump commands [18277]

Routing

• BGP updates for new prefixes ignore the advertisement-interval value and are sent every 60 seconds [2757]

• BGP network backdoor feature isn’t working without service restart [2873]

• BGP next-hop attribute aren’t being sent unmodified to the eBGP peer when route-server-client option is configured [2940]

• Unable to verify dynamic BGP peer information from TNSR CLI [3044]

• Unable to delete OSPF3 config for an interface [3481]

• TNSR does not prevent creating static routes for directly connected networks [3813]

• OSPF conditional default route injection does not work [3846]

• Unable to verify received routes when high number of routes received via BGP [3918]

• TNSR allows OSPF network type for a loopback interface, which is rejected by FRR [4800]

• Reverting to the startup configuration doesn’t restore packet forwarding for BGP over IPsec prefixes [5321]

• RIP route-map-filter option does not filter routes [5910]

• Unable to disable IPv4 AF without BGP service restart [6393]

• BGP failover logs “Failed to delete neighbor” error from linux-cp [6400]

• Unable to remove OSPF virtual-link configuration [6962]

• Cannot add a static recursive route [7010]

• VPP crashes on applying custom VRF to loopback interface used in OSPF [7056]

• Creating route-map, prefix-list, or access-list entries takes longer than expected [7068]

• Cannot disable logging of adjacency changes for OSPF6 if detail option is set [7097]

• Routes that exactly overlap an interface link route are accepted by CLI but are problematic [7101]

• OSPF neighbor adjacency is established in wrong VRF in VirtualBox [7144]

• Interfaces in the TNSR RIP configuration are not validated when generating the FRR RIP daemon configuration [7155]

• Interfaces in TNSR route-map entries are not validated when generating the FRR daemon configurations [7156]

• Interfaces in the TNSR OSPF configuration are not validated when generating the FRR OSPF daemon configuration [7177]

• Interfaces in the TNSR BGP configuration are not validated when generating the FRR BGP daemon configuration [7218]

• OSPF logging for some options does not work if logging level is set explicitly [7411]

• BGP debug option updates in <peer> does not filter messages for selected peer [7476]

• BGP address family neighbor option maximum-prefix restart does not work correctly [7709]

• Malfunction of BGP process after entering maximum-prefix restart without the basic maximum-prefix limit command [7748]

• OSPF6 does not advertise loopback address to another area if the loopback is configured first [7757]

• Routes remain in table after interface with VRRP configured is marked down until dataplane is restarted [7790]

• OSPF stops working after configuring mtu-ignore option on an interface [8085]

• Routes do not match by route-map if match criteria is set to ip next-hop ... [8148]

• Output of show conf differs for route-map [8375]

• Route map source-protocol match condition matches routes from any source [8381]

• Cannot change distance for one BGP prefix [8690]

• Forwarding address from OSPF6 LSA5 is not installed as the next hop for the route [8732]

• BGP bestpath med missing-as-worst command does not function correctly [8805]

• OSPFv3 repeatedly drops connection on AWS when redistribution is configured [8822]

• Route Map with IPv6 Access List does not filter redistributed OSPF6 routes [8857]

• Route-Map set src option does not function correctly [9045]

• show route displays no routes for a VRF until it is placed on an interface [9073]

• FRR cannot connect to RPKI cache server if a route to it does not exist in default VRF [9146]

• The redistribute kernel and import vrf BGP options do not work at the same time if the static route is redistributed with an output interface in a third-party VRF [9147]

• Applying a subsequent route map with import vrf cancels a previous applied route map [9156]

• A route map applied to the import vrf option using a prefix list does not work correctly [9235]

• Changing BGP as-number in default VRF leads to the termination of the import of routes to another VRF [9244]

• Cannot change an interface to a new VRF when BGP is configured to import the current VRF [9259]

• Changing an interface VRF does not stop importing routes from the previous VRF [9298]

• Route maps with match rpki * conditions do not get re-applied when RPKI status of routes changes [9439]

• set community command disappears from FRR configuration without warning after setting an invalid community [9508]

• Suppression of specific routes when applied to an aggregated route of a route map containing set aggregator as <asn> ip address <ipv4-address> command [9547]

• BGP soft-reconfiguration inbound option does not work for IPv6 peers [10086]

• BGP selects incorrect path to a network when changing bestpath rules [10210]

• zebra causes out-of-memory error on AWS when restarting TNSR after receiving 1.5-2 million prefixes via BGP [10273]

• FRR fails to reload configuration if set as-path prepend values are incorrectly enclosed in quotes [10309]

• OSPF6 conditional default route injection does not work correctly [10311]

• BGP route-reflector-client option does not work on neighbor configurations using IP addresses instead of peer groups [10356]

• Cannot remove BGP unsuppress-map option by route-map name for IPv6 neighbor [10409]

• OSPFv3 default-information originate options do not stack when configured separately [10478]

• OSPFv2 metric-type 2 option explicitly set for default-information originate does not get placed into the FRR configuration [10479]

• Unexpected delay in distribution of route information between OSPF database and RIB during propagation of OSPF default route [10721]

• Static route with next-hop IP address located on a DHCP client interface causes clixon_backend to fail [11765]

• Routes with a via local destination are not available to FRR as kernel routes [11887]

• CLI expansion does not work for prefix-list configuration in BGP address-family/neighbor section [11888]

• A prefix-list can be configured with an invalid sequence number (0) [11889]

• TNSR fails to show routes if there are IPv4 routes with IPv6 next-hops [12060]

• TNSR cannot commit configuration candidate database loaded from a file if it contains changed ABF policy attached to interface [12248]

• BFD in a non-default VRF takes longer than expected to act on peer state changes [12500]

• RIP offset-list configuration without a specific interface name causes an FRR configuration error [12716]

• RIP outgoing offset-list does not function when configured together with incoming offset-list on the same interface [12718]

• Cannot configure an administrative distance for a static route which is respected by dynamic routing [12761]

• RIP distribution-list entries do not work correctly [12762]

• BGP graceful-restart option select-defer-time does not function as expected [12946]

• BGP graceful-restart status includes duplicate IPv6 neighbor information [12979]

• BGP peer with graceful-restart enabled does not retain routes while BGP service is stopped [13039]

• BGP peer-group can be removed even if it is in use by peer [13205]

• BGP peer does not change ORF received prefix-list when BGP speaker replaces prefix-list by another [13213]

• CLI does not expand VRF names for dynamic routing protocols BGP/OSPF/RIP [15828]

• Dynamic routing protocols BGP/OSPF/RIP allow configuring non-existent VRF with server vrf <name> [15829]

• Connected interface routes not withdrawn from routing table when link is down [15832]

• Adding or removing route-map with atomic-aggregate attribute set requires BGP restart [16039]

• Unable to specify more than one community without quoting when configuring set in route-map section [16102]

• Route map set community command allows community values which are not well-known communities, but those values are not used in FRR [16165]

• BGP extended community is removed when routes are handled by import vrf option [16176]

• Adding the force parameter to the next-hop-self option creates two separate lines in BGP configuration [16369]

• Prefix list le and ge parameters are always present in the show running-configuration output, even if they have not been configured [16425]

• Route map parameter on-match goto value is not validated and can point to itself [16576]

• Route map parameter call <rt-map-name> is not validated and can point to its own route map [16577]

• FRR failing with has not made any SendQ progress error message in logs [16592]

• Zebra continues advertising kernel routes resolved via interface with link down state [16684]

• Some routes are not installed from FRR RIB to VPP FIB [16686]

• VPP logs warning messages when running the show route command with large route tables [16793]

• OSPF pce parameters are not displayed in vtysh config [16985]

• OSPF ‘refresh timer <time>’ parameter can be removed only with ‘no refresh’ command [17064]

• Configuration OSPF ‘distance (external|inter-area|intra-area) <dist>’ causes FRR config error [17086]

• Out-of-memory error from zebra daemon on Azure x64 when advertising 2 million IPv6 prefixes via BGP [17277]

• OSPF6 interface configuration may be missing from FRR state after TNSR reboot [17576]

• Dataplane stops processing static routes when it fails to resolve a route [18005]

• RESTCONF allows assigning a nonexistent peer group to a BGP neighbor [18238]

• Output uRPF in loose mode drops all locally originated traffic [18341]

• Incorrect field is used in CLI expansion when removing MD5 key from OSPF virtual link [18398]

• TNSR allows configuring an OSPF backbone area as a shortcut [18402]

• Attaching a BGP peer-group to another peer-group fails silently in CLI [18433]

• FRR Not Counting Prefixes Learned from Route Server at IX (internet exchange) [18501]

• TNSR allows configuring BGP roles for an iBGP session resulting in an FRR configuration error [18699]

SNMP / IPFIX / Prometheus

• Prometheus filters with non-alphanumeric characters can cause HTTP requests to fail [5467]

• Prometheus filters containing spaces cannot be removed [5470]

• SNMP does not work on interfaces in a non-default VRF [7261]

• SNMP view configured with source address default does not accept queries from IPv6 addresses [12053]

• VPP shows incorrect values for configured IPFIX cache timeout settings if they are greater than 2^31 [12094]

• VPP crash during NAT out2in slowpath [12099]

• Unable to remove SNMP access group entry with specific security-model [12668]

• Prometheus response contains double definitions of some metrics [17173]

SPAN

• Incorrect error message when requesting SPAN info from a missing interface [7209]

• SPAN does not work correctly for outbound packets on VLAN subinterface [7801]

Static Routes

• Static route description is not showing up in show commands or REST state data [5478]

• Static route overwrites kernel route in the operating system routing table [7215]

• Transit traffic goes to an interface with inactive link when there is another (active) path [8041]

• RESTCONF query does not return VRF entry descriptions [13490]

• Static routes configured with next-hop-table option are not removed when they can no longer be resolved [17416]

Tunnel Protocols

• TNSR IPv6 interface address does not appear in traceroute when next-hop is IPsec tunnel interface [5178]

• VxLAN with multicast destination does not pass traffic [6491]

• GRE interface configuration remains in running config after changing GRE tunnel ID [7050]

• Configuring option route-table in a WireGuard peer does not affect next-hop lookup of the endpoint address [8070]

• VPP processes packets received on disabled tunnel interfaces [8111]

• Tunnel next-hop entries do not function in non-default VRFs [8653]

• Incorrect WireGuard tunnel next-hop after roaming [8764]

• IPIP interface loses attached ACLs when DNS resolution of the remote endpoint changes [10171]

• IPIP interface loses TCP MSS setting when DNS resolution of the remote endpoint changes [10312]

• IPv6 VxLAN does not pass traffic if it is configured over IPv6 IPsec [10592]

• Lower than expected throughput over VXLAN interfaces terminated on a loopback BVI [10643]

• It is possible to create a WireGuard instance and peer without a port value [11114]

• It is possible to specify different address families for WireGuard source address and Peer endpoint address [11175]

• Removing WireGuard peer causes an error message [11209]

• WireGuard instance can be deleted even if it contains peers [11217]

• VXLAN configuration commands are not validated while the dataplane is stopped, invalid configurations created in this state cannot be deleted [16812]

• Configurations commands of ‘interface vxlan_tunnel’ mode allow to set unsupported parameters [16926]

Updates

• Router upgraded to 22.10-2 will not start without an IKE prf entry [9368]

VPF Filter/NAT

• VPF does not reject prefixes larger than a single address on NAT rules using modes which do not support multi-address prefixes [17945]

• VPF filter rule TCP flag values and masks do not get added to the dataplane when configuring without stateful option [18066]

• VPF rules with direction both do not function as expected [18105]

• TNSR allows UDP connection that was created by VPF filter stateful rule when rule action changes from pass to block and connection is expired [18129]

• TNSR allows VPF filter rules to have an icmp code without an icmp type [18160]

VRRP

• VRRP stuck in master/master state when using E800 NICs [18506]

Wireguard

• WireGuard tunnel cannot pass traffic with underlying dataplane interface type virtio [17213]