home

Release notes

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

Show Page Sections

thumbnailRelease notes

VNOS release notes 2012

Patch release notes 2012c

Vyatta NOS patch release notes 2012c.

Released May 7, 2021

Issues resolved

Issues resolved in 2012c.

Issue number

Priority

Summary

VRVDR-54952

Critical

Dataplane crashes when ipsec with vti interface is configured for IPv4/IPv6

VRVDR-54916

Critical

Dataplane crash on rte_cryptodev_sym_session_init

VRVDR-54821

Critical

Removing DSCP egress-map from sub-intf and then parent interface results in a crash in the dataplane

VRVDR-54636

Critical

Missing CLI to configure the Egress-map for dscp marking.

VRVDR-54431

Critical

Dataplane crashes when deleting appFW

VRVDR-54417

Critical

show vpn ipsec sa calls are spuriously empty

VRVDR-54365

Critical

PCP remarking does not work when configuring dscp ->designation value->pcp mark using mark-map cli

VRVDR-53825

Critical

QoS egress DSCP remark map on native router parent dataplane port does not apply to sub-ports with VIF

VRVDR-54900

Major

Constant attempts to revive old duplicate CHILD_SA are causing re-key flood and occasional traffic drop.

VRVDR-54860

Major

IPsec: VPN Tunnel is going down after rebooting the device

VRVDR-54839

Major

DUT doesn't establish BGP Connection until the DUT is rebooted

VRVDR-54765

Major

ALG session may cause dataplane crash when cleared

VRVDR-54710

Major

BMC Timed Out from VNOS

VRVDR-54707

Major

[L3 egress ACL][Q-AX] FAL failure when ACL rules contain complex tree of overlapping IPv6 prefixes

VRVDR-54628

Major

DSCP marking is not working when using the egress map CLI

VRVDR-54586

Major

Dataplane crash in connection sync on closing TCP session

VRVDR-54517

Major

IPsec RA VPN client: don't ignore failing ike-sa-daemon D-Bus calls

VRVDR-54515

Major

Incorrect failure handling of IPsec control-, data- and user-plane interaction / hardening failure resilience

VRVDR-54090

Major

Netconf Copy-Config allows the same source and target datastore to be set

VRVDR-53833

Major

Handle multiple errors in configd: session/load.go merge_tree()

VRVDR-53403

Major

LSR in "ordered" LDP distribution mode continues to advertise FEC with no valid downstream binding

VRVDR-50667

Major

IPv6 PIM RPF fails to resolve PIM neighbour LL address

VRVDR-52831

Minor

IPSec with dead-peer detection no longer shows tunnels on "Down" state

Security vulnerabilities resolved

Security vulnerabilities resolved in 2012c.

Issue number

CVSS score

Advisory

Summary

VRVDR-54877

7.8

DSA-4888-1

CVE-2021-26933, CVE-2021-27379: Debian DSA-4888-1: xen security update

VRVDR-54720

7.8

DSA-4869-1

CVE-2020-35523, CVE-2020-35524: Debian DSA-4869-1 : tiff - security update

VRVDR-54832

7.5

DSA-4881-1

CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890: Debian DSA-4881-1 : curl - security update

VRVDR-54840

6.5

DSA-4884-1

CVE-2020-10730, CVE-2020-27840, CVE-2021-20277: Debian DSA-4884-1 : ldb - security update

VRVDR-54807

6.1

DLA-2606-1

CVE-2021-28957: Debian DLA-2606-1 : lxml security update

DSCP Remarking

Adds support for remarking of DSCP values in the transmitted routed traffic according to an egress mapping.

This mapping is based on the incoming DSCP value carried in a packet. The incoming DSCP is classified into one of the pre-configured DSCP groups, and the egress map allows an outgoing DSCP value to be set in the packet for each of the DSCP groups.

DSCP remarking enables the maintenance of QoS parameters in the network even if they are lost in the interim nodes of the network. In such cases, the QoS parameters can be reintroduced by applying appropriate policies and remarking the transmitted packets with the correct DSCP values.

This feature handles the egress mapping based on the incoming DSCP, and assumes a uniform view of the DSCP on all incoming interfaces.

Updated operational mode commands

show policy qos egress-maps

Shows all egress maps downloaded to the dataplane. No output will be shown when the egress map configuration is not attached to any interface.

show policy qos <interface-name> egress-map

Shows the egress map used in the dataplane.

show policy qos <interface-name> map platform egress

Shows the egress map used in the platform hardware.

Updated configuration mode commands

set policy egress-map <name> dscp-group <group-name> dscp <value>

Provides the supported range of DSCP values that can be associated with the incoming DSCP matching a DSCP group.

  • name is an alpha-numeric string specifying the name of the egress map.

  • dscp-group specifies the existing DSCP group name using which the packets will be classified according to DSCP value. Packets containing DSCP matching this DSCP group are set with the specified outgoing DSCP value.

  • dscp <value> specifies the DSCP value to be remarked in the transmitted packet for the corresponding DSCP group (0..63).

Last updated: November 4, 2022