Limitations and restrictions
Security improvements have been made in this release, however some limitations still exist.
IPv6 is not supported on the 40G Fortville NIC.
Xlan tunnels do not currently work with a multicast transport, that is the command
set interfaces vxlan xxx transport multicast-group does not work.
vxlan-gpe tunnel cannot be added to a bridge-group due to an underlying kernel issue.
While the OS does support IKEv1, Vyatta strongly recommends that IKEv2 is used to avoid security vulnerabilities associated with IKEv1, such as reflector and Amplifier DoS attacks.
VRRP in RFC Compatibility mode does not work fully on VRFs. Without RFC compatibility mode, VRRP will work fine with VRFs and this should be used as the solution.
The application of the fixes for DSA-4078-1 [Meltdown] affect the performance of the Linux kernel. This affect is well publicized and should diminish in effect as the Linux community works on better fixes and subsequent releases are made.