These release notes support Cumulus RMP 3.2.0 and describe currently available features and known issues.
Stay up to Date
- Please sign in and click Follow above so you can receive a notification when we update these release notes.
- Subscribe to our product bulletin mailing list to receive important announcements and updates about issues that arise in our products.
- Subscribe to our security announcement mailing list to receive alerts whenever we update our software for security issues.
What's New in Cumulus RMP 3.2.0
Cumulus RMP 3.2.0 includes the following features and a number of improvements:
- Full support for previously early access features:
Installing Version 3.2.0
If you are upgrading from version 3.0.0 or later, use
apt-get to update the software.
- Reboot the switch.
New Install or Upgrading from Versions Older than 3.0.0
If you are upgrading from a version older than 3.0.0, or installing Cumulus RMP for the first time, download the Cumulus RMP 3.2.0 installer for Broadcom switches from the Cumulus Networks website, then use ONIE to perform a complete install, following the instructions in the user guide.
Note: This method is destructive; any configuration files on the switch will not be saved, so please copy them to a different server before upgrading via ONIE.
Important! After you install, run
apt-get update, then
apt-get upgrade on your switch to make sure you update Cumulus RMP to include any important or other package updates.
You can read the technical documentation here.
Issues Fixed in Cumulus RMP 3.2.0
The following is a list of issues fixed in Cumulus RMP 3.2.0 from earlier versions of Cumulus RMP.
|Release Note ID||Summary||Description|
|"portwd: invalid SFF identifier: 0x0c" messages appear continuously in syslog||
The following SFF message appears every 5 seconds in syslog:
[email protected]:~$ tail -f /var/log/syslog 2016-08-06T12:18:56.095606-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:01.113397-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:01.121068-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:01.121698-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:06.139373-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:06.147045-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:06.147677-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:11.165355-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:11.173134-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:11.173747-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:16.191418-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:16.199154-04:00 cumulus portwd: invalid SFF identifier: 0x0c 2016-08-06T12:19:16.199805-04:00 cumulus portwd: invalid SFF identifier: 0x0c
This is a known issue that should be fixed in a future version of Cumulus RMP.
|In traditional bridge mode, clagd syncs MAC addresses in the wrong VLAN when the peerlink is tagged and the bond is native||
When a traditional mode bridge is configured and the peerlink is tagged but the clagd bonds are native VLANs, clagd appears to try and sync the MAC addresses learned using the VLAN tag from the peerlink.
This causes the MAC address not to be synced correctly on the peer.
This is a known issue that should be fixed in a future release of Cumulus RMP.
|Default routes learned via DHCP are moved to the management VRF even if they are not in the management VRF||
Until this issue is resolved, do not use DHCP with the front panel (switch) ports.
|An interface cannot have both inet and inet6 DHCP configurations||
If you configure an interface so it can to obtain both IPv4 and IPv6 IP addresses via DHCP,
In the following example configuration,
auto swp1 iface swp1 inet dhcp link-speed 10000 link-duplex full link-autoneg off auto swp1 iface swp1 inet6 dhcp
|hsflowd - packet samples missing and default nflog group not set since 3.x||
An issue occurrs where only counter samples are generated when
[email protected]:~$ cat /proc/bcm/knet/sample_groups Sample NFLOG group (unit 0): rx=1 tx=0
|CVE-2016-7042: /proc/keys stack corruption kernel security bug||
A Linux kernel vulnerability was found that when the GNU Compiler Collection (gcc) stack protector is enabled, it uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the
This issue is fixed in Cumulus RMP 3.2.0.
|TACACS+ client users can't login with eth0 in management VRF||An issue occurred when process context was not causing the socket to the server to be bound to the management VRF. This resulted in the TACACS+ client user failing to login with eth0. The issue has now been resolved.|
|Memory leak caused by duplicate MAC address entries||A memory leak was seen when users manually configured a VLAN-aware bridge along with a controller/vtepd provisioned traditional bridge. This was caused by the same MAC address on different VLANs being seen as duplicates in the bridge MAC entries list. This memory leak has now been corrected.|
Known Issues in Cumulus RMP 3.2.0
Issues are categorized for easy review. Some issues are fixed but will be available in a later release.
|Release Note ID||Summary||Description|
|IPv4/IPv6 forwarding disabled mode not recognized||
If either of the following is configured:
net.ipv4.ip_forward == 0
net.ipv6.conf.all.forwarding == 0
The hardware still forwards packets if there is a neighbor table entry pointing to the destination.
|ethtool LED blinking does not work with switch ports||Linux uses
This feature does not apply to switch ports (swpX) in Cumulus RMP.
|ptmd: When a physical interface is in a PTM FAIL state, its subinterface still exchanges information||Issue:
When ptmd is incorrectly in a failure state and the Zebra interface is enabled, PIF BGP sessions are not establishing the route, but the subinterface on top of it does establish routes.
If the subinterface is configured on the physical interface and the physical interface is incorrectly marked as being in a PTM FAIL state, routes on the physical interface are not processed in Quagga, but the subinterface is working.
Steps to reproduce:
[email protected]:$ sudo vtysh -c 'show int swp8' Interface swp8 is up, line protocol is up PTM status: fail index 10 metric 1 mtu 1500 flags: <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 44:38:39:00:03:88 inet 188.8.131.52/30 broadcast 184.108.40.206 inet6 2001:cafe:0:38::1/64 inet6 fe80::4638:39ff:fe00:388/64 [email protected]:$ ip addr show | grep swp8 10: swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500 inet 220.127.116.11/30 brd 18.104.22.168 scope global swp8 104: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 22.214.171.124/30 brd 126.96.36.199 scope global swp8.2049 105: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 188.8.131.52/30 brd 184.108.40.206 scope global swp8.2050 106: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 220.127.116.11/30 brd 18.104.22.168 scope global swp8.2051 107: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 22.214.171.124/30 brd 126.96.36.199 scope global swp8.2052 108: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 188.8.131.52/30 brd 184.108.40.206 scope global swp8.2053 109: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 220.127.116.11/30 brd 18.104.22.168 scope global swp8.2054 110: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP inet 22.214.171.124/30 brd 126.96.36.199 scope global swp8.2055 [email protected]:$ bgp sessions: 188.8.131.52 ,4 ,64057 , 958 , 1036 , 0 , 0 , 0 ,15:55:42, 0, 10472 184.108.40.206 ,4 ,64058 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285 220.127.116.11 ,4 ,64059 , 958 , 1049 , 0 , 0 , 0 ,15:55:40, 187, 10285 18.104.22.168 ,4 ,64060 , 958 , 1039 , 0 , 0 , 0 ,15:55:45, 187, 10285 22.214.171.124 ,4 ,64061 , 958 , 1014 , 0 , 0 , 0 ,15:55:46, 187, 10285 126.96.36.199 ,4 ,64062 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285 188.8.131.52 ,4 ,64063 , 958 , 1029 , 0 , 0 , 0 ,15:55:43, 187, 10285 184.108.40.206 ,4 ,64064 , 958 , 1036 , 0 , 0 , 0 ,15:55:44, 187, 10285
|While upgrading Cumulus RMP, a prompt to configure grub-pc appears||
While upgrading to the latest version of Cumulus RMP from version 2.5.5 or earlier, a prompt appears, asking you to choose onto which partitions to install the GRUB boot loader.
... 1. /dev/mmcblk0 (3783 MB; ???) 3. /dev/dm-2 (1610 MB; CUMULUS-SYSROOT1) 2. - /dev/mmcblk0p3 (268 MB; /boot) 4. none of the above (Enter the items you want to select, separated by spaces.) GRUB install devices: ...
This prompt should not appear, and the issue will be fixed in a future release.
In the meantime, to work around this issue, choose option 1, /dev/mmcblk0 and continue the upgrade.
|The ZTP daemon shuts itself down after 5 minutes of inactivity||
The zero touch provisioning (ZTP) daemon
This can affect deployments where a switch might be powered up in a remote data center for weeks without ever being configured. In such a case, there is no way to automatically initiate the ZTP process.
This is a known issue that will be fixed in a future release of Cumulus RMP.
|TACACS sends authentication requests out of the default VRF, not the management VRF||
If a management VRF if configured, TACACS won't send authentication requests out of the management VRF. Instead, it sends these requests out of the default VRF.
To work around this issue, run the following commands, which restrict inbound SSH to only the management VRF interface and disable inbound SSH via the switch ports. Note that using SSH via the front panel ports is not a workaround.
[email protected]:~$ sudo systemctl disable ssh.service [email protected]:~$ sudo systemctl stop ssh.service [email protected]:~$ sudo systemctl enable [email protected] [email protected]:~$ sudo systemctl start [email protected]