Patch release notes 2105a
Vyatta NOS patch release notes 2105a.
Released August 11, 2021
Issues resolved
Issues resolved in 2105a.
Issue number | Priority | Summary |
---|---|---|
VRVDR-55424 | Blocker | PTP: APTS profile is broken |
VRVDR-55318 | Blocker | FAL_BCM: fal_plugin_qos_new_sched_group: mandatory sched-group create attribute missing: max-children |
VRVDR-54591 | Blocker | TACACS authentications fails when TACACS accounting has a large backlog |
VRVDR-55136 | Blocker | Ingress timestamped packets have wrong correctionFields inserted on egress ports that do not have TIMESYNC configured |
VRVDR-55160 | Blocker | dataplane: srvAdaptiveFrequencyReferenceTracker.c:91: getStraightenedLocalTimestampsAdaptiveFrequency: Assertion `((direction == E_srvUpLinkDirection) || (direction == E_srvDownLinkDirection))' failed |
VRVDR-55890 | Critical | System hangs on shutdown of Flexware Small/Medium |
VRVDR-55714 | Critical | QoS VCI sends dataplane config commands twice without intervening |
VRVDR=55605 | Critical | npf-rte-acl: invalid rte-acl hash-compare might result might result in failing policy installation (EEXIST) |
VRVDR-55589 | Critical | system-timing: DPLL2 reports locked to GPS even when GPS is disabled |
VRVDR-55566 | Critical | Fail/reject configuration commits if /config is read-only |
VRVDR-53532 | Critical | Flexware Small unit sometimes hanging after grub menu |
VRVDR-53410 | Critical | ECMP member selection mismatch between hardware and software |
VRVDR-50810 | Critical | wred-map commands not being sent to the dataplane |
VRVDR-55364 | Critical | rte-acl: segfault in rte_acl_create |
VRVDR-55286 | Critical | Multicast configuration and OSPFv3 IPv4 process |
VRVDR-55002 | Critical | IPsec throughput decreased where multiple crypto-cores in use |
VRVDR-54989 | Critical | Comment text in op mode command list |
VRVDR-55126 | Critical | Observed dataplane crash after creating the VM in Azure Cloud |
VRVDR-55753 | Major | Multicast: eliminate or hide FAL counter logs |
VRVDR-55721 | Major | Dataplane crash segfault in npf_session_tcp_state_change up on upgrade from 1912 |
VRVDR-55569 | Major | MRIBv6 FIB: Peek error Resource temporarily unavailable |
VRVDR-55531 | Major | Allow sandboxed users to login even if the home directory doesn't exist in the system |
VRVDR-55463 | Major | Mtrace not working |
VRVDR-55251 | Major | rldb: rte_jhash unreliable for uint32_t rule numbers |
VRVDR-55238 | Major | rte_acl_reset: pre-mature referencing of ctx |
VRVDR-55163 | Major | Flow-Monitoring - FlowSet Records not always Exported to Collector |
VRVDR-55153 | Major | Flow-Monitoring - exported egressInterface is incorrect when ingress monitoring on a vif interface |
VRVDR-55053 | Major | Tx Power Level wrong when 10G interface is disabled |
VRVDR-55011 | Major | Can't log into a SIAD with read-only SSD |
VRVDR-53779 | Major | Packet modification seen in Pcap taken on Vyatta dataplane interface |
VRVDR-50590 | Major | QoS Shaper for TCP traffic with flags results in traffic being queued into default traffic-class 0 |
VRVDR-55804 | Minor | PTP: Intermittently |
VRVDR-55547 | Minor | PTP: re-send the GNSS failures periodically |
VRVDR-53937 | Minor | Ethernet Bonding is not working in UCPE box |
VRVDR-55197 | Minor | PTP: Logging messages with [APTS] even when apts is not configured |
Security vulnerabilities resolved
Issue number | CVSS score | Advisory | Summary |
---|---|---|---|
VRVDR-55800 | 7.5 | CVE-2021-36222: Debian DSA-4944-1 : krb5 - security update | |
VRVDR-55761 | 7.8 | CVE-2020-36311, CVE-2021-3609, CVE-2021-33909, CVE-2021-34693: Debian DSA-4941-1: linux security update | |
VRVDR-55759 | 5.5 | CVE-2021-33910: Debian DSA-4942-1 : systemd - security update | |
VRVDR-55538 | 7.8 | CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2020-29374, CVE-2021-0129, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-23133, CVE-2021-23134, CVE-2021-28688, CVE-2021-28964, CVE-2021-28971, CVE-2021-29154, CVE-2021-29155, CVE-2021-29264, CVE-2021-29647, CVE-2021-29650, CVE-2021-31829, CVE-2021-31916, CVE-2021-32399, CVE-2021-33034: Debian DLA-2690-1: linux LTS security update | |
VRVDR-55435 | 8.1 | CVE-2021-20305, CVE-2021-3580: Debian DSA-4933-1 : nettle - security update | |
VRVDR-55399 | 7.1 | CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692: Debian DSA-4931-1 : xen - security update | |
VRVDR-55352 | 9.8 | CVE: CVE-2018-25009, CVE-2018-25010, CVE-2018-25011, CVE-2018-25013, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331, CVE-2020-36332:Debian DSA-4930-1 : libwebp - security update | |
VRVDR-55273 | 6.5 | CVE-2021-3541: Debian DLA-2669-1 : libxml2 security update | |
VRVDR-54850 | 7.8 | CVE-2020-27170, CVE-2020-27171, CVE-2021-3348, CVE-2021-3428, CVE-2021-26930, CVE-2021-26931, CVE-2021-26932, CVE-2021-2736, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-28660: Debian DLA-2610-1 : linux security update |
GNSS support
- VRVDR-54884: Implement PDV accuracy improvement that will be provided by Broadcom's part of eRAN sync 8275.2
- VRVDR-54883: Ability to get the status of the GPS antenna connection thru CLI command as part of eRAN sync 8275.2
- VRVDR-54882: Ability to remotely disable and enable GPS antenna connection to SIAD using a CLI modelled command as part of eRAN sync 8275.2
- VRVDR-54881: LED support for GPS connectivity as part of eRAN sync 8275.2
Global Navigation Satellite System (GNSS) refers to a group of satellites that are used to provide navigation signals to end-users. A number of such systems exist: Europe's Galileo, the USA's NAVSTAR Global Positioning System (GPS), Russia's Global'naya Navigatsionnaya Sputnikovaya Sistema (GLONASS), and China's BeiDou Navigation Satellite System. In general, the signals available from these systems are time, position, and an accurate pulse-per-second clock.
Some platforms may have GNSS hardware that is potentially used in conjunction with PTP, SyncE, and other timing services.
Since these systems involve some physical configuration and are subject to weather-related outages, it is necessary for the end-user to be able to perform some basic diagnostics on the existing GNSS hardware.
If the platform supports a GNSS, it should be continually monitored. Where possible, the antenna and signal status should be communicated on front panel LEDs. The LED capabilities of each platform are different and the exact behavior of the LEDs needs to be documented for each platform. The end-user should have the ability to query the GNSS from the CLI. The information returned will vary based on the specific capabilities of the hardware, but should include some basics such as antenna status, current time, satellites in view.
In order to debug potential problems with GNSS, the end-user may want to disable or enable the GNSS hardware. If the GNSS is disabled, it should not be used as the source of timing for any of the local services.
New operational commands
show gnss
This command is used to show the status of the GNSS hardware, which may include the following output:
antenna-status can be:
- OK: The GNSS receiver is not reporting an antenna problem.
- short: The GNSS receiver is reporting a short-circuited antenna.
- open: The GNSS receiver is reporting a disconnected or passive antenna.
- unknown: The GNSS receiver's antenna connection is in an unknown state.
gnss-status can be:
- acquiring: The GNSS receiver is attempting to acquire a valid signal.
- tracking: The GNSS receiver has valid time and/or position fix.
- unknown: The GNSS receiver is in an unknown state.
stop gnss
This command is used to stop the GNSS hardware. Once completed, the GNSS hardware will not be used a source of timing information.
start gnss
This command is used to start the GNSS hardware. Once completed, the GNSS hardware will potentially be used as a source of timing information.
Hardware limitations
Not all platforms have GNSS hardware. If a platform does have GNSS hardware, then the GNSS commands are available.
For example, on the UfiSpace S9500-30XS, the GPS LED shows the following behavior:
GPS LED |
Status |
---|---|
Off |
No GNSS antenna is connected, the GNSS is not initialized, or a passive antenna is connected. |
Blinking green |
GNSS antenna is connected, GNSS signal is present, GNSS attempting to acquire a position fix. |
Solid green |
GNSS antenna is connected, GNSS has a valid position fix and is ready. |
Blinking yellow |
There is a problem with the GNSS hardware; Check for antenna shorts, opens, or poor signal. |
Solid yellow |
GNSS antenna is connected, GNSS signal is not present (no visible satellites yet). |
SYNC LED |
Status |
---|---|
Off |
The system timing core has not been configured. |
Blinking green |
The system timing core is frequency-locked. |
Solid green |
The system timing core is frequency-locked and phase-locked. |
Blinking yellow |
The maximum holdover time (7200 seconds) has been exceeded. The phase and frequency are likely out of specification. |
Solid yellow |
Both the phase clock and the frequency clock are in holdover. |