home

Release notes

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

Show Page Sections

thumbnailRelease notes

VNOS release notes 2308

Patch release notes 2308a

Release notes for Vyatta NOS 2308a, released November 30, 2023.

Issues resolved

Issues resolved in 2308a.

Issue number Priority Summary
VRVDR-61939BlockerTelemetry Service rejects valid paths as invalid
VRVDR-62331CriticalInconsistency in successful user authentication logs seen when login via telnet, ssh and TACACS+ user
VRVDR-62257CriticalHTTP(S) traffic not being categorised as "type web"
VRVDR-61372CriticalBGP: atomic agg route-map not applied for existing route
VRVDR-62228MajorFix puncher log message
VRVDR-61856MajorBGP: graceful shutdown timer not inherited

Security vulnerabilities resolved

Security vulnerabilities resolved in 2308a.

Issue numberCVSS Advisory Summary
VRVDR-623169.8DSA-5519-1CVE-2023-4692, CVE-2023-4693: Debian DSA-5519-1 : grub2 - security update
VRVDR-622199.8DSA-5505-1CVE-2023-41910: Debian DSA-5505-1 : lldpd — security update
VRVDR-626719.1DSA-5533-1[DSA 5533-1] gst-plugins-bad1.0 security update
VRVDR-621628.8DSA-5497-2[DSA 5497-2] libwebp security update
VRVDR-621528.8DSA-5497-1[DSA 5497-1] libwebp security update
VRVDR-618667.8DSA-5480-1[DSA-5480-1] : linux — security update
VRVDR-617907.8DSA-5476-1[DSA 5476-1] gst-plugins-ugly1.0 security update
VRVDR-629987.5DSA-5543-1CVE-2023-34058, CVE-2023-34059: Debian DSA-5543-1 : open-vm-tools — security update
VRVDR-622117.5DSA-5504-1CVE-2023-3341, CVE-2023-4236: Debian DSA-5504-1 : bind9 — security update
VRVDR-619357.5DSA-5475-1CVE-2022-40982, CVE-2023-20569: Debian DSA-5475-1 : linux — security update
VRVDR-617277.1DSA-5448-1[DSA 5448-1] linux security update
VRVDR-622736.5DSA-5517-1CVE-2023-4527, CVE-2023-4806, CVE-2023-4911: Debian DSA-5514-1 : glibc — security update
VRVDR-623075.3DSA-5517-1CVE-2023-43785 CVE-2023-43786 CVE-2023-43787: [DSA 5517-1] libx11 security update

Ciena 3840 and Ciena 3841 platform support

The 2308a release adds support for the Ciena 3840 and 3841 platforms, which are Intel Atom C3000 based general purpose uCPE devices.

Hardware specifications

CPU
  • Ciena 3840: Intel® Atom® C3338R, 2-core @ 2.2 GHz w/QAT
  • Ciena 3841: Intel® Atom® C3558, 4-core @ 2.2 GHz w/QAT
Memory4 / 8 GB memory with ECC (3840/3841)
Storage64 GB eMMC SSD
WAN
  • 2 x 1 Gbps auto media
  • 2 x 10 Gbps SFP+ cages (can also be PON) (3841 only)
LAN4 x 2.5 Gbps RJ-45
Internal / External SwitchNone
Local Access
  • Standard Console Rollover and micro-USB console port (auto-detect)
  • 2x USB-A 3.0 host ports
Security
  • TPM 2.0
  • Optional Secure Boot
  • Optional Hardware Root of Trust
Buttons
  • Protruding button, default CPU power button (programmable)
  • Recessed button, default CPU reset button (programmable)
LED3 x front panel 4-color (Red, Green, Blue, Amber)  LED's, user-configurable
BootloaderEmbedded Blinkboot UEFI
Power Input+12 VDC locking barrel jack, external desktop PSU, regional AC cord options
Power Consumption60 W
FANYes, not user configurable

Configuration data model

No new configuration (either common or platform-specific) has been introduced for these platforms.

Operational mode commands

show hardware fru

show hardware sensor

request hardware-diagnostic leds

request hardware-diagnostic buttons

request hardware-diagnostic sensors

request hardware-diagnostic sfps

request hardware-diagnostic sims

Hardened mode

This release introduces support for hardened mode which provides more resiliency against cyber attacks by applying the "Secure by Design" and "Secure by Default" paradigms.

Limitations, restrictions, or behavior changes

The 2308a patch release introduces a number of limitations, restrictions and behavior changes that change the way the system operates.

VRRP

VRVDR-63249: VRRPv3 IPv6 RFC: disabled interface in the FAULT state doesn't recover when re-enabled.

  • Disabling and then re-enabling the data plane interface used by an IPv6 RFC VRRP interface sometimes leaves the VRRP interface in the FAULT state despite the fact that the underlying interface is up.
    • Workaround: Toggling the data plane interface again may rectify the problem, as will making any changes to the VRRP configuration.

VRVDR-61389: VRRPv3 IPv6 VRF: core dump in _ZSt9terminatev.

  • When removing all VRRP configuration, vyatta-vrrp may crash. There is no operational impact.

Cloud Networking overlay

2308a supports a single Geo, multi-hub Cloud Networking Overlay topology

Obsoleted commands

This release contains a range of configuration commands that were marked as deprecated in this release.

  • set system config-management commit-archive location
  • set system login user <name> authentication public-keys <X> options

Last updated: January 5, 2024