home

Release notes

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

Show Page Sections

thumbnailRelease notes

VNOS release notes 2105

Patch release notes 2105a

Vyatta NOS patch release notes 2105a.

Released August 11, 2021

Issues resolved

Issues resolved in 2105a.

Issue number

Priority

Summary

VRVDR-55424

Blocker

PTP: APTS profile is broken

VRVDR-55318

Blocker

FAL_BCM: fal_plugin_qos_new_sched_group: mandatory sched-group create attribute missing: max-children

VRVDR-54591

Blocker

TACACS authentications fails when TACACS accounting has a large backlog

VRVDR-55136

Blocker

Ingress timestamped packets have wrong correctionFields inserted on egress ports that do not have TIMESYNC configured

VRVDR-55160

Blocker

dataplane: srvAdaptiveFrequencyReferenceTracker.c:91: getStraightenedLocalTimestampsAdaptiveFrequency: Assertion `((direction == E_srvUpLinkDirection) || (direction == E_srvDownLinkDirection))' failed

VRVDR-55890

Critical

System hangs on shutdown of Flexware Small/Medium

VRVDR-55714

Critical

QoS VCI sends dataplane config commands twice without intervening qos <if-name> disable command

VRVDR=55605

Critical

npf-rte-acl: invalid rte-acl hash-compare might result might result in failing policy installation (EEXIST)

VRVDR-55589

Critical

system-timing: DPLL2 reports locked to GPS even when GPS is disabled

VRVDR-55566

Critical

Fail/reject configuration commits if /config is read-only

VRVDR-53532

Critical

Flexware Small unit sometimes hanging after grub menu

VRVDR-53410

Critical

ECMP member selection mismatch between hardware and software

VRVDR-50810

Critical

wred-map commands not being sent to the dataplane

VRVDR-55364

Critical

rte-acl: segfault in rte_acl_create

VRVDR-55286

Critical

Multicast configuration and OSPFv3 IPv4 process

VRVDR-55002

Critical

IPsec throughput decreased where multiple crypto-cores in use

VRVDR-54989

Critical

Comment text in op mode command list

VRVDR-55126

Critical

Observed dataplane crash after creating the VM in Azure Cloud

VRVDR-55753

Major

Multicast: eliminate or hide FAL counter logs

VRVDR-55721

Major

Dataplane crash segfault in npf_session_tcp_state_change up on upgrade from 1912

VRVDR-55569

Major

MRIBv6 FIB: Peek error Resource temporarily unavailable

VRVDR-55531

Major

Allow sandboxed users to login even if the home directory doesn't exist in the system

VRVDR-55463

Major

Mtrace not working

VRVDR-55251

Major

rldb: rte_jhash unreliable for uint32_t rule numbers

VRVDR-55238

Major

rte_acl_reset: pre-mature referencing of ctx

VRVDR-55163

Major

Flow-Monitoring - FlowSet Records not always Exported to Collector

VRVDR-55153

Major

Flow-Monitoring - exported egressInterface is incorrect when ingress monitoring on a vif interface

VRVDR-55053

Major

Tx Power Level wrong when 10G interface is disabled

VRVDR-55011

Major

Can't log into a SIAD with read-only SSD

VRVDR-53779

Major

Packet modification seen in Pcap taken on Vyatta dataplane interface

VRVDR-50590

Major

QoS Shaper for TCP traffic with flags results in traffic being queued into default traffic-class 0

VRVDR-55804

Minor

PTP: Intermittently show gnss does not return satellite or time or location info

VRVDR-55547

Minor

PTP: re-send the GNSS failures periodically

VRVDR-53937

Minor

Ethernet Bonding is not working in UCPE box

VRVDR-55197

Minor

PTP: Logging messages with [APTS] even when apts is not configured

Security vulnerabilities resolved

Issue number

CVSS score

Advisory

Summary

VRVDR-55800

7.5

DSA-4944-1

CVE-2021-36222: Debian DSA-4944-1 : krb5 - security update

VRVDR-55761

7.8

DSA-4941-1

CVE-2020-36311, CVE-2021-3609, CVE-2021-33909, CVE-2021-34693: Debian DSA-4941-1: linux security update

VRVDR-55759

5.5

DSA-4942-1

CVE-2021-33910: Debian DSA-4942-1 : systemd - security update

VRVDR-55538

7.8

DLA-2690-1

CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2020-29374, CVE-2021-0129, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587, CVE-2021-23133, CVE-2021-23134, CVE-2021-28688, CVE-2021-28964, CVE-2021-28971, CVE-2021-29154, CVE-2021-29155, CVE-2021-29264, CVE-2021-29647, CVE-2021-29650, CVE-2021-31829, CVE-2021-31916, CVE-2021-32399, CVE-2021-33034: Debian DLA-2690-1: linux LTS security update

VRVDR-55435

8.1

DSA-4933-1

CVE-2021-20305, CVE-2021-3580: Debian DSA-4933-1 : nettle - security update

VRVDR-55399

7.1

DSA-4931-1

CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692: Debian DSA-4931-1 : xen - security update

VRVDR-55352

9.8

DSA-4930-1

CVE: CVE-2018-25009, CVE-2018-25010, CVE-2018-25011, CVE-2018-25013, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331, CVE-2020-36332:Debian DSA-4930-1 : libwebp - security update

VRVDR-55273

6.5

DLA-2669-1

CVE-2021-3541: Debian DLA-2669-1 : libxml2 security update

VRVDR-54850

7.8

DLA-2610-1

CVE-2020-27170, CVE-2020-27171, CVE-2021-3348, CVE-2021-3428, CVE-2021-26930, CVE-2021-26931, CVE-2021-26932, CVE-2021-2736, CVE-2021-27364, CVE-2021-27365, CVE-2021-28038, CVE-2021-28660: Debian DLA-2610-1 : linux security update

GNSS support

  • VRVDR-54884: Implement PDV accuracy improvement that will be provided by Broadcom's part of eRAN sync 8275.2
  • VRVDR-54883: Ability to get the status of the GPS antenna connection thru CLI command as part of eRAN sync 8275.2
  • VRVDR-54882: Ability to remotely disable and enable GPS antenna connection to SIAD using a CLI modelled command as part of eRAN sync 8275.2
  • VRVDR-54881: LED support for GPS connectivity as part of eRAN sync 8275.2

Global Navigation Satellite System (GNSS) refers to a group of satellites that are used to provide navigation signals to end-users. A number of such systems exist: Europe's Galileo, the USA's NAVSTAR Global Positioning System (GPS), Russia's Global'naya Navigatsionnaya Sputnikovaya Sistema (GLONASS), and China's BeiDou Navigation Satellite System. In general, the signals available from these systems are time, position, and an accurate pulse-per-second clock.

Some platforms may have GNSS hardware that is potentially used in conjunction with PTP, SyncE, and other timing services.

Since these systems involve some physical configuration and are subject to weather-related outages, it is necessary for the end-user to be able to perform some basic diagnostics on the existing GNSS hardware.

If the platform supports a GNSS, it should be continually monitored. Where possible, the antenna and signal status should be communicated on front panel LEDs. The LED capabilities of each platform are different and the exact behavior of the LEDs needs to be documented for each platform. The end-user should have the ability to query the GNSS from the CLI. The information returned will vary based on the specific capabilities of the hardware, but should include some basics such as antenna status, current time, satellites in view.

In order to debug potential problems with GNSS, the end-user may want to disable or enable the GNSS hardware. If the GNSS is disabled, it should not be used as the source of timing for any of the local services.

New operational commands

show gnss

This command is used to show the status of the GNSS hardware, which may include the following output:

antenna-status can be:

  • OK: The GNSS receiver is not reporting an antenna problem.
  • short: The GNSS receiver is reporting a short-circuited antenna.
  • open: The GNSS receiver is reporting a disconnected or passive antenna.
  • unknown: The GNSS receiver's antenna connection is in an unknown state.

gnss-status can be:

  • acquiring: The GNSS receiver is attempting to acquire a valid signal.
  • tracking: The GNSS receiver has valid time and/or position fix.
  • unknown: The GNSS receiver is in an unknown state.
stop gnss

This command is used to stop the GNSS hardware. Once completed, the GNSS hardware will not be used a source of timing information.

start gnss

This command is used to start the GNSS hardware. Once completed, the GNSS hardware will potentially be used as a source of timing information.

Hardware limitations

Not all platforms have GNSS hardware. If a platform does have GNSS hardware, then the GNSS commands are available.

For example, on the UfiSpace S9500-30XS, the GPS LED shows the following behavior:

GPS LED

Status

Off

No GNSS antenna is connected, the GNSS is not initialized, or a passive antenna is connected.

Blinking green

GNSS antenna is connected, GNSS signal is present, GNSS attempting to acquire a position fix.

Solid green

GNSS antenna is connected, GNSS has a valid position fix and is ready.

Blinking yellow

There is a problem with the GNSS hardware; Check for antenna shorts, opens, or poor signal.

Solid yellow

GNSS antenna is connected, GNSS signal is not present (no visible satellites yet).

SYNC LED

Status

Off

The system timing core has not been configured.

Blinking green

The system timing core is frequency-locked.

Solid green

The system timing core is frequency-locked and phase-locked.

Blinking yellow

The maximum holdover time (7200 seconds) has been exceeded. The phase and frequency are likely out of specification.

Solid yellow

Both the phase clock and the frequency clock are in holdover.

Last updated: December 6, 2022