Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 1908b

Release notes for Vyatta NOS 1908b, released November 4, 2019.

Issues resolved

Issues resolved in release 1908b.

Issue number Priority Summary
VRVDR-48567 Blocker DPLL3 is not in free-run by default
VRVDR-48553 Blocker SIAD not updating L3 neighbour entry on MAC change
VRVDR-48527 Blocker SIAD: 1G dataplane interfaces fail to start
VRVDR-48522 Blocker MACVLAN interface not receiving packets with programmed MAC address (VRRP with RFC-compatibility)
VRVDR-48484 Blocker QOS policy dropping all traffic by policer intermittently
VRVDR-48327 Blocker HW forwarding failure due to incorrect L2 Rewrite info
VRVDR-48243 Blocker SIAD Boundary Clock not staying locked to GM when using ECMP paths
VRVDR-48201 Blocker Mellanox 100G: Needs improvement for performance of 128, 256 Byte pkts; 64Byte pkt has better performance
VRVDR-48093 Blocker Missing SFP 'Measured values' on FTLF1518P1BTL optics
VRVDR-47747 Blocker Dataplane killed by OOM during CGNAT scale test
VRVDR-47397 Blocker PTP logging "STATE: Overall for path '[service ptp instance]'" every 75 seconds
VRVDR-46868 Blocker Log the port block allocation logs, subscriber logs and resource constraint logs to a different log other than syslog
VRVDR-48623 Critical Assert in IDTStackAdaptor_AddDownlinkTimeStampDifferences
VRVDR-48600 Critical Upgrade to 3.0.8 version of UfiSpace's BSP utils
VRVDR-48588 Critical PTP fails to create ports when config is removed and reapplied
VRVDR-48542 Critical "ipsec sad" was not containing "virtual-feature-point"
VRVDR-48430 Critical Issue trap/notification when servo failure is resolved
VRVDR-48338 Critical IDT servo fails to reliably negotiate an higher packets rates with GM
VRVDR-48169 Critical Mellanox 100G: improve traffic throughput performance
VRVDR-48167 Criticalshow tech-support hangs the CLI and outputs the following message: WARNING: terminal is not fully functional
VRVDR-48157 Critical Center LED status for S/M/L is not working as expected
VRVDR-48124 Critical Azure: System does not provision ssh key pair
VRVDR-48102 Critical Fails to operate when the number of interfaces with PTP enabled is scaled up
VRVDR-48098 Critical BroadPTP fails to re-mark SIGNALING messages with appropriate DSCP
VRVDR-48077 Critical Update BIOS strings for the Flexware XSmall platform
VRVDR-47990 Critical Vyatta vRouter for vNAT usecase(s) in Azure external cloud
VRVDR-47975 Critical TACACS: wall: /dev/pts/2: No such file or directory observed on system reboot
VRVDR-47863 Critical VRRPv3 VRF IPv6 IPAO: Reconfig of LL vip results in MASTER/MASTER scenario
VRVDR-47828 Critical Crash of keepalived when reloading the daemon (accessing invalid memory)
VRVDR-47472 Critical Mellanox-100G: Observing the traffic forwards even after disabling the dataplane interface
VRVDR-48560 Major Kernel neighbour updates may cause dataplane neighbour to transiently become invalid
VRVDR-48559 Major Static ARP entry not always noted in dataplane ARP table
VRVDR-48519 Major Operator in secrets group cannot view redacted secret in show config but can in show config command
VRVDR-48415 Major OSPF flap to INIT state when changing (add or delete) network statements in OSPF
VRVDR-48408 Major Upgrade Insyde phy_alloc module to version 6
VRVDR-48384 Major Change CGNAT to stop using the NPF interface structure
VRVDR-48372 Major Source NAT is using PPPoE Server (default GW) IP and not local PPPoE interface IP
VRVDR-48366 Major Some RFC 7951 data test are wrong causing build breakage 1% of the time
VRVDR-48332 Major TACACS+ AAA plugin should restart on DBus failures
VRVDR-48273 Major Show sfp info in show interface dataplane <intf> physical on Flexware
VRVDR-48224 Major show cgnat session with complex filter missing entry
VRVDR-48222 Major Isolate configd and opd from plugin panics
VRVDR-48113 Major OSPF not on vtun interface
VRVDR-47986 Major Change CGNAT policy match from a prefix to an address-group
VRVDR-47927 Major DPDK - enable selected test apps
VRVDR-47882 Major CGNAT logs inconsistent with NAT
VRVDR-47816 Major NAT statistics not displaying in show tech-support save output
VRVDR-47792 Major clear cgnat session sometimes errors out after scale test
VRVDR-47710 Major NHRP overloads IPsec daemon communication
VRVDR-47701 Major CGNAT: Calculate and store RTT times in microseconds
VRVDR-47675 Major Sessions are not deleted after deleting CGNAT configurations - stays until original timeout expires in particular scenario
VRVDR-47611 Major CGNAT: RPC keyerror if non-existing interface name is used in get-session-information
VRVDR-47601 Major VRRP retains MASTER when device is disabled due to license invalid/expired
VRVDR-47130 Major Send gratuitous ARP on MAC address change
VRVDR-47006 Major PTP show ptp <command> intermittent fails to return any output
VRVDR-45781 Major reset dns forwarding cache routing-instance red not finding VRF instance
VRVDR-48774 Minor PTP: When changing port states the old and new states are backward
VRVDR-48644 Minor Add logging for PTP slaves similar to PTP master
VRVDR-48390 Minor Enable some IDT log messages
VRVDR-48108 Minor Debug level messages for VRRP seen in journal
VRVDR-48033 Minor Keepalived: Packet filter picked up an IPv4 advertisement from the local box - dropping it before processing
VRVDR-47842 Minor mGRE tunnel is not coming up after making address change at the spoke
VRVDR-46829 Minor The reported timestamps in packet traces are not consistent with the actual time and system clock
VRVDR-42161 Minor tech-support should contain "CLI: coredumpctl info" prefix for COREDUMPS header

Security vulnerabilities resolved

Security vulnerabilities resolved in release 1908b.

Issue number CVSS Advisory Summary
VRVDR-48841 9.8 DSA-4550-1 CVE-2019-18218: Debian DSA-4550-1 : file - security update
VRVDR-48746 9.8 DSA-4547-1 CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467,CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166: Debian DSA-4547-1: tcpdump – security update
VRVDR-48412 9.8 DSA-4531-1 CVE-2019-14821, CVE-2019-14835, CVE-2019-15117, CVE-2019-15118, CVE-2019-15902: Debian DSA-4531-1 : linux - security update
VRVDR-47897 8.1 DSA-4497-1 CVE-2015-8553, CVE-2018-5995, CVE-2018-20836 , CVE-2018-20856, CVE-2019-1125, CVE-2019-3882, CVE-2019-3900, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284: DSA-4497-1: linux – security update
VRVDR-48446 6.7 DSA-4535-1 CVE-2019-5094: Debian DSA-4535-1 : e2fsprogs - security update
VRVDR-48502 5.3 DSA-4539-1 CVE-2019-1547, CVE-2019-1549, CVE-2019-1563: Debian DSA-4539-1 : openssl - security update
VRVDR-48652 N/A DSA-4543-1 CVE-2019-14287: Debian DSA-4543-1 : sudo - security update

Documentation errata

Errors with the NAT Configuration Guide and Basic Routing Configuration Guide have been corrected in this release.

NAT Configuration Guide

In earlier versions of NAT Configuration Guide up to and including Version 17.2.0, the Source address translations section stated that you could set the translation address either to one of the addresses defined on the outbound interface or to masquerade. This is not correct, because now you can set the translation address to any address that you want.

Basic Routing Configuration Guide

In earlier versions of Basic Routing Configuration Guide, Figure 1 in the Configuring static routes section showed an IPv6 diagram whereas it should show an IPv4 diagram. The correct diagram is as follows:

Figure 1. Static routes