Cumulus RMP 3.2.0 Release Notes

Follow

Overview

These release notes support Cumulus RMP 3.2.0 and describe currently available features and known issues.

Cumulus RMP 3.2.0 supports these features and is available on the Penguin Computing Arctica 4804IP-RMP out-of-band switch.

Stay up to Date 

  • Please sign in and click Follow above so you can receive a notification when we update these release notes.
  • Subscribe to our product bulletin mailing list to receive important announcements and updates about issues that arise in our products.
  • Subscribe to our security announcement mailing list to receive alerts whenever we update our software for security issues.

{{table_of_contents}}

What's New in Cumulus RMP 3.2.0

Cumulus RMP 3.2.0 includes the following features and a number of improvements:

Installing Version 3.2.0

If you are upgrading from version 3.0.0 or later, use apt-get to update the software.

  1. Run apt-get update.
  2. Run apt-get upgrade.
  3. Reboot the switch.

New Install or Upgrading from Versions Older than 3.0.0

If you are upgrading from a version older than 3.0.0, or installing Cumulus RMP for the first time, download the Cumulus RMP 3.2.0 installer for Broadcom switches from the Cumulus Networks website, then use ONIE to perform a complete install, following the instructions in the user guide.

Note: This method is destructive; any configuration files on the switch will not be saved, so please copy them to a different server before upgrading via ONIE.

Important! After you install, run apt-get update, then apt-get upgrade on your switch to make sure you update Cumulus RMP to include any important or other package updates.

Documentation

You can read the technical documentation here.

Issues Fixed in Cumulus RMP 3.2.0

The following is a list of issues fixed in Cumulus RMP 3.2.0 from earlier versions of Cumulus RMP.

Release Note ID Summary Description

RN-447 (CM-11280)
"portwd: invalid SFF identifier: 0x0c" messages appear continuously in syslog

The following SFF message appears every 5 seconds in syslog:

cumulus@switch:~$ tail -f /var/log/syslog 
2016-08-06T12:18:56.095606-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:01.113397-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:01.121068-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:01.121698-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:06.139373-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:06.147045-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:06.147677-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:11.165355-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:11.173134-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:11.173747-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:16.191418-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:16.199154-04:00 cumulus portwd: invalid SFF identifier: 0x0c
2016-08-06T12:19:16.199805-04:00 cumulus portwd: invalid SFF identifier: 0x0c

This is a known issue that should be fixed in a future version of Cumulus RMP.


RN-449 (CM-11584)
In traditional bridge mode, clagd syncs MAC addresses in the wrong VLAN when the peerlink is tagged and the bond is native

When a traditional mode bridge is configured and the peerlink is tagged but the clagd bonds are native VLANs, clagd appears to try and sync the MAC addresses learned using the VLAN tag from the peerlink.

This causes the MAC address not to be synced correctly on the peer.

This is a known issue that should be fixed in a future release of Cumulus RMP.


RN-453 (CM-12564)
Default routes learned via DHCP are moved to the management VRF even if they are not in the management VRF

The mgmt-vrf package has a dhclient exit hook that incorrectly assumes that DHCP is used only with the management interface. If management VRF is enabled, it inserts default routes from the DHCP server into the management table.

Until this issue is resolved, do not use DHCP with the front panel (switch) ports.


RN-454 (CM-12370)
An interface cannot have both inet and inet6 DHCP configurations

If you configure an interface so it can to obtain both IPv4 and IPv6 IP addresses via DHCP, ifupdown2 will honor only the first configuration and ignore the second.

In the following example configuration, ifupdown2 will only issue an IPv4 DHCP address for swp1, but not the IPv6 address.

auto swp1
iface swp1 inet dhcp
    link-speed 10000
    link-duplex full
    link-autoneg off

auto swp1
iface swp1 inet6 dhcp

RN-509 (CM-12654)
hsflowd - packet samples missing and default nflog group not set since 3.x

An issue occurrs where only counter samples are generated when hsflowd is configured correctly, but no sFlow sampled packets left the switch.

Manually calling portsamp and specifying an NFLOG group causes the ingress samples to leave the switch. You do this in /proc/bcm/knet/sample_groups:

cumulus@switch:~$ cat /proc/bcm/knet/sample_groups 
Sample NFLOG group (unit 0): 
rx=1
tx=0

RN-524 (CM-13244)
CVE-2016-7042: /proc/keys stack corruption kernel security bug

A Linux kernel vulnerability was found that when the GNU Compiler Collection (gcc) stack protector is enabled, it uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.

This issue is fixed in Cumulus RMP 3.2.0.


RN-533 (CM-13348)
TACACS+ client users can't login with eth0 in management VRF An issue occurred when process context was not causing the socket to the server to be bound to the management VRF. This resulted in the TACACS+ client user failing to login with eth0. The issue has now been resolved.

RN-534 (CM-13806)
Memory leak caused by duplicate MAC address entries A memory leak was seen when users manually configured a VLAN-aware bridge along with a controller/vtepd provisioned traditional bridge. This was caused by the same MAC address on different VLANs being seen as duplicates in the bridge MAC entries list. This memory leak has now been corrected.

Known Issues in Cumulus RMP 3.2.0

Issues are categorized for easy review. Some issues are fixed but will be available in a later release.

Release Note ID Summary Description

RN-56 (CM-343)
IPv4/IPv6 forwarding disabled mode not recognized

If either of the following is configured:

net.ipv4.ip_forward == 0 

or:

net.ipv6.conf.all.forwarding == 0 

The hardware still forwards packets if there is a neighbor table entry pointing to the destination.


RN-120 (CM-477)
ethtool LED blinking does not work with switch ports Linux uses ethtool -p to identify the physical port backing an interface, or to identify the switch itself. Usually this identification is by blinking the port LED until ethtool -p is stopped.

This feature does not apply to switch ports (swpX) in Cumulus RMP.

RN-121 (CM-2123)
ptmd: When a physical interface is in a PTM FAIL state, its subinterface still exchanges information Issue:
When ptmd is incorrectly in a failure state and the Zebra interface is enabled, PIF BGP sessions are not establishing the route, but the subinterface on top of it does establish routes.

If the subinterface is configured on the physical interface and the physical interface is incorrectly marked as being in a PTM FAIL state, routes on the physical interface are not processed in Quagga, but the subinterface is working.

Steps to reproduce:
cumulus@switch:$ sudo vtysh -c 'show int swp8' 
Interface swp8 is up, line protocol is up 
PTM status: fail
index 10 metric 1 mtu 1500 
 flags: <UP,BROADCAST,RUNNING,MULTICAST>
 HWaddr: 44:38:39:00:03:88 
 inet 12.0.0.225/30 broadcast 12.0.0.227 
 inet6 2001:cafe:0:38::1/64 
 inet6 fe80::4638:39ff:fe00:388/64 
cumulus@switch:$ ip addr show | grep swp8 
 10: swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc pfifo_fast state UP qlen 500 
  inet 12.0.0.225/30 brd 12.0.0.227 scope global swp8 
 104: swp8.2049@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.229/30 brd 12.0.0.231 scope global swp8.2049 
 105: swp8.2050@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.233/30 brd 12.0.0.235 scope global swp8.2050 
 106: swp8.2051@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.237/30 brd 12.0.0.239 scope global swp8.2051 
 107: swp8.2052@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.241/30 brd 12.0.0.243 scope global swp8.2052 
 108: swp8.2053@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP>
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.245/30 brd 12.0.0.247 scope global swp8.2053 
 109: swp8.2054@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> 
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.249/30 brd 12.0.0.251 scope global swp8.2054
 110: swp8.2055@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP>
  mtu 1500 qdisc noqueue state UP 
  inet 12.0.0.253/30 brd 12.0.0.255 scope global swp8.2055
cumulus@switch:$ bgp sessions: 
 12.0.0.226 ,4 ,64057 , 958 , 1036 , 0 , 0 , 0 ,15:55:42, 0, 10472 
 12.0.0.230 ,4 ,64058 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285
 12.0.0.234 ,4 ,64059 , 958 , 1049 , 0 , 0 , 0 ,15:55:40, 187, 10285 
 12.0.0.238 ,4 ,64060 , 958 , 1039 , 0 , 0 , 0 ,15:55:45, 187, 10285 
 12.0.0.242 ,4 ,64061 , 958 , 1014 , 0 , 0 , 0 ,15:55:46, 187, 10285 
 12.0.0.246 ,4 ,64062 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285 
 12.0.0.250 ,4 ,64063 , 958 , 1029 , 0 , 0 , 0 ,15:55:43, 187, 10285 
 12.0.0.254 ,4 ,64064 , 958 , 1036 , 0 , 0 , 0 ,15:55:44, 187, 10285 

RN-398 (CM-10379)
While upgrading Cumulus RMP, a prompt to configure grub-pc appears

While upgrading to the latest version of Cumulus RMP from version 2.5.5 or earlier, a prompt appears, asking you to choose onto which partitions to install the GRUB boot loader. 

... 

  1. /dev/mmcblk0 (3783 MB; ???)       3. /dev/dm-2 (1610 MB; CUMULUS-SYSROOT1)
  2. - /dev/mmcblk0p3 (268 MB; /boot)  4. none of the above

(Enter the items you want to select, separated by spaces.)

GRUB install devices:

...

This prompt should not appear, and the issue will be fixed in a future release.

In the meantime, to work around this issue, choose option 1, /dev/mmcblk0 and continue the upgrade.


RN-550 (CM-13674)
The ZTP daemon shuts itself down after 5 minutes of inactivity

The zero touch provisioning (ZTP) daemon ztpd shuts itself down after 5 minutes of inactivity but the service remains enabled for the next reboot.

This can affect deployments where a switch might be powered up in a remote data center for weeks without ever being configured. In such a case, there is no way to automatically initiate the ZTP process.

This is a known issue that will be fixed in a future release of Cumulus RMP.


RN-576 (CM-14908)
TACACS sends authentication requests out of the default VRF, not the management VRF

If a management VRF if configured, TACACS won't send authentication requests out of the management VRF. Instead, it sends these requests out of the default VRF.

To work around this issue, run the following commands, which restrict inbound SSH to only the management VRF interface and disable inbound SSH via the switch ports. Note that using SSH via the front panel ports is not a workaround.

cumulus@switch:~$ sudo systemctl disable ssh.service
cumulus@switch:~$ sudo systemctl stop ssh.service
cumulus@switch:~$ sudo systemctl enable ssh@mgmt.service
cumulus@switch:~$ sudo systemctl start ssh@mgmt.service
Have more questions? Submit a request

Comments

Powered by Zendesk