Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Show Page Sections

Patch release notes 2009a

Release notes for Vyatta NOS 2009a, released October 26, 2020.

Issues resolved

Issues resolved in release 2009a.

Issue numberPrioritySummary
VRVDR-53138 BlockerIPsec RA-VPN Client and Server regression broken on latest Halifax regression builds
VRVDR-52918 Blocker1912f - Hardware CPP not conforming to limiter rates
VRVDR-52906 BlockerQoS - Bandwidth Must match <<number><suffix>>
VRVDR-47760 BlockerJ2: QoS - Increase configuration limits for 100G for hardware platforms
VRVDR-53342 CriticaluSDE-->Node showing error while checking show interfaces dataplane dp0s9 affinity Attach
VRVDR-53302 CriticalBoundary Clock lost sync and is unable to re-acquire lock
VRVDR-53278 CriticalDesired speed in VOQ setup can overflow int param
VRVDR-53102 CriticalOSPFv2: prefer loopback address for use as forwarding address in NSSA LSAs
VRVDR-53065 CriticalYANG tweaks to allow NCS to compile Vyatta YANG files
VRVDR-53014 Criticalcommit-confirm not working via vcli scripts
VRVDR-52995 CriticalGrub update during image upgrade is broken
VRVDR-52994 CriticalBFD: Show bfd session details shows incorrect stats
VRVDR-52993 CriticalLicense enforcement for hardware other than UFI-SPACE is bringing down the dataports
VRVDR-52912 Criticalservice-user creation fails due to moved SSSD databases
VRVDR-52885 CriticalThe dataplane interfaces are down when configuring the cpu-affinity
VRVDR-52855 CriticalCreating service users fails
VRVDR-52850 CriticalEgress ACL in s/w path will not match router originated traffic
VRVDR-52841 CriticalS9500-30XS: Receiving only 10Gig traffic going over 25Gig links
VRVDR-52740 Criticalshow interfaces affinity and show interfaces identify returns error Error: Unknown RPC
VRVDR-52451 Criticalbgpd process crashed when performing snmpwalk with BGP configuration
VRVDR-52401 CriticalDegradation of throughput by 10%-40% on v150 with 100M physical interface and QOS
VRVDR-52383 CriticalPTP: Internal errors causing PTP stack not to be created
VRVDR-51749 CriticalDHCPv6 address not getting renewed automatically on client node after DHCP server rebooted and only works when deleted/reconfigured DHCPv6 config was added on the client node. It works fine for DHCPv4.
VRVDR-51678 CriticalPTP: Slave clock sees significant time-error when GPS signal fails on SIAD, when it switches to PTP
VRVDR-51256 CriticalACM VCI component does not seem to work correctly with only default values
VRVDR-43307 Criticalvyatta-ike-sa-daemon: TypeError: 'IKEConfig' object does not support indexing
VRVDR-53314 Majordhcp-client overlap-subnet script fails on DANOS due to missing vrfmanager Python module
VRVDR-53275 MajorFlexware: Update platform detection for new large boxes based on latest production boxes
VRVDR-53244 MajorBarcelona board should be made generic
VRVDR-53199 MajorConfiguring unreachable static route causes a zebra and dataplane restart
VRVDR-53191 MajorIPsec commands do not work unless acm rules for rpc-default and notification-default are configured
VRVDR-53062 MajorMissing logs for enforcement action taken for licensing
VRVDR-53061 MajorAllow ACL rulesets to set an address-family flag in the group structure
VRVDR-53022 Major[ext]community-list and access-list translation issues in DANOS
VRVDR-52997 Majortacplusd get_tty_login_addr() may overflow buffer
VRVDR-52910 Majorservice-users LDAP password and local encrypted-password values not redacted in audit logs or TACACS+ authorization requests
VRVDR-52909 MajorRIP MD5 passwords not redacted in audit logs or TACACS+ authorization requests
VRVDR-52851 MajorFAL Broadcom plugin needs to be tuned to optimize to 100G QoS performance
VRVDR-52843 MajorOutput of static entries in ARP table has changed
VRVDR-52739 MajorPort value in tunnel policy without specifying protocol causes error protocol must be formatted as well-known string. for the IPsec show commands
VRVDR-52677 MajorWhen multiple peers use the same local-address, no authentication ids, and unique pre-shared-keys IKEv2 based IPsec stuck in 'init' for all but one peer
VRVDR-52611 Majori40e driver silently drops multicast packets causing VRRP dual master
VRVDR-52468 MajorNeg Rx value not updated if requested value cannot be used
VRVDR-52404 MajorICMP error returned with corrupted inner header causes seg-fault when passed through a FW/NAT44/PBR rule with logging enabled
VRVDR-52188 Majorstart virt guest XYZ does not report errors
VRVDR-51332 MajorPTP: Unable to cope with config change where master and slave swap ds-ports (slave does not come up)
VRVDR-52825 MinorConfiguring three sub-levels of time-zone is not possible, causing upgrade from earlier version to fail
VRVDR-52546 MinorGUI hangs/loading and finally timeout with an error message on browser

Security vulnerabilities resolved

Security vulnerabilities resolved in release 2009a.

Issue numberCVSSAdvisorySummary
VRVDR-52921 7.9DSA-4760-1 CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092: Debian DSA-4760-1: qemu security update
VRVDR-53283 7.8DSA-4769-1 CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604: Debian DSA-4769-1: xen security update
VRVDR-53273 7.8DLA-2385-1 CVE-2019-3874, CVE-2019-19448, CVE-2019-19813, CVE-2019-19816, CVE-2020-10781, CVE-2020-12888, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14385, CVE-2020-14386, CVE-2020-14390, CVE-2020-16166, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-26088: Debian DLA-2385-1: linux-4.19 LTS security update