These release notes support Cumulus Linux 2.0.2 and describe currently available features and known issues.
Cumulus Linux is licensed on a per-instance basis. Each network system is fully operational, enabling any capability to be utilized on the switch with the exception of forwarding on switch panel ports. Only eth0 and console ports are activated on an un-licensed instance of Cumulus Linux. Enabling front panel ports requires a license.
You should have received a license key from Cumulus Networks or an authorized reseller. To install the license, read the Cumulus Linux quick start guide.
Installing Version 2.0.2
To install the software, choose one of the following methods. They are ordered from the most recommended method to least recommended.
Download Cumulus Linux 2.0.2 - Final Latest Version from the Downloads page of the Cumulus Networks website, then use
cl-img-installto install the software.
Warning: This method overwrites the target image slot, so if you want to preserve your configuration, you should create a persistent configuration on
apt-getto update the software:
apt-get install python-pysensors. This installs a required package for a new diagnostics module.
- Reboot the switch.
Caution: While this method doesn't overwrite the target image slot, the disk image does occupy a lot of disk space used by both Cumulus Linux image slots.
Download Cumulus Linux 2.0.2 - Final Latest Version from the Downloads page of the Cumulus Networks website, then use ONIE to perform a complete install, following the instructions in the quick start guide.
Warning: This method is destructive; any configuration files on the switch will not be saved, so please copy them to a different server before upgrading via ONIE.
There is no SNMP support for Quagga in this release (see RN 88 below). Due to this circumstance, you must remove all references to
smux in each of the following configuration files. You must also remove these references before upgrading Cumulus Linux using
apt-get. If the
smux entries are present in the configuration files, the daemons in the 2.0.2 packaged version of Quagga will not start.
grep smux *
- Delete all lines in the config files containing the smux keyword.
The references to
smux that must be removed are:
bgpd.conf, remove this line:
smux peer 184.108.40.206.4.1.33220.127.116.11 quagga_bgpd
ospf6d.conf, remove this line:
smux peer 18.104.22.168.4.1.3322.214.171.124 quagga_ospf6d
ospfd.conf, remove this line:
smux peer 126.96.36.199.4.1.33188.8.131.52 quagga_ospfd
zebra.conf, remove this line:
smux peer 184.108.40.206.4.1.33220.127.116.11 quagga_zebra
What's New in 2.0.2
You can find a list of all features supported by Cumulus Linux here.
New Platform on the HCL
- Dell S4810-ON, 48x10G-SFP+ and 4x40G-QSFP+ ports
You can read the technical documentation here.
Issues Fixed in Cumulus Linux 2.0.2
The following is a list of issues fixed in Cumulus Linux 2.0.2 from earlier versions of Cumulus Linux.
|Release Note ID||Summary||Description|
|RN-123||cl-ecmpcalc returns an exception or returns incorrect output||When invoking the cl-ecmpcalc utility, it can fail with an exception or returns incorrect output.|
|RN-130||Error when using "--out-interface" and the "-p" option in "ebtables" ACL||
Consider the following "ebtables" ACL:
[ebtables] -A FORWARD -p IPv4 —out-interface swp17s0.100 -j DROP
This ACL gets rejected with the following error:
hal_acl_bcm.c:1081 ERR bcm_field_qualify_IpType failed Entry not found
|RN-136||Cumulus Linux contains default cumulus user; root user disabled||
The default user for Cumulus Linux 2.0.2 is cumulus, with the password CumulusLinux!.
The root user account is configured with a null password. To set the password for the root user account, run:
|RN-137||IP packets with IP options aren't routed on Trident 2 platforms||
On a Trident 2 platform, if we send IP packets that need to be routed that have IP options in them, the packets are not forwarded. The counters for ethtool show that the packets are being received. But, the packets aren't getting forwarded or discarded. On a regular Trident platform, this works with the same 2.0 build.
Here are the steps to reproduce:
|RN-138||VXLAN: dynamic learning of remote MAC addresses not working||Dynamic learning of a remote MAC address from either a known or unknown VXLAN tunnel end point (VTEP) does not work.|
Arctica 4804i 10G switch ports are mapped inconsistently
The four 10G ports on the switch have a reverse mapping to SWP ports.
The switch ports are currently mapped as follows:
1(1G) … 45(1G) - 47(1G) - 50(10G) - 52(10G)
The ports should be mapped like this:
1(1G) … 45(1G) - 47(1G) - 49(10G) - 51(10G)
|RN-145||Cumulus Networks security advisory||
Cumulus Networks is writing to inform you of a security issue with certain Cumulus Linux packages.
The following packages have been uploaded to repo.cumulusnetworks.com:
The upgrade is available for Cumulus Linux 2.0.x.
For instructions to apply latest security upgrades, please refer to this Help Center.
Regarding previous Debian security upgrades for Cumulus Linux:
Known Issues in Cumulus Linux 2.0.2
Issues are categorized for easy review. Some issues are fixed but will be available in a later release.
|Release Note ID||Summary||Description|
|RN-1||Restarting switchd flaps all switch ports||switchd is a user-level process created by Cumulus Networks to provide an abstraction of the physical ports and the functionality provided by the switching ASIC SDK. switchd maps physical ports on the switching ASIC to logical ports (tap ports) in the kernel and ensures that CPU-bound packets are properly exposed on the proper logical objects to user level processes.
These exposed tap ports in the kernel are considered "running" if their file descriptors are open. If switchd exists, it closes the tap FDS, hence resulting in all links going down.
|RN-4||ifup/ifdown must be used for interfaces with IPv6 addresses defined in /etc/network/interfaces, otherwise the IPv6 interface will go down||Two scenarios are shown below; one with ifup/ifdown, the other with ifconfig down.
swp1 Link encap:Ethernet HWaddr 44:38:39:00:01:81 inet addr:18.104.22.168 Bcast:22.214.171.124 Mask:255.255.255.0 inet6 addr: fe80::4638:39ff:fe00:181/64 Scope:Link inet6 addr: fec0:1000:1000:1000::2/10 Scope:Site UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4231 errors:0 dropped:0 overruns:0 frame:0 TX packets:4342 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:412115 (402.4 KiB) TX bytes:425688 (415.7 KiB)
With ifconfig down:
sudo ifconfig swp1 swp1 Link encap:Ethernet HWaddr 44:38:39:00:01:81 inet addr:126.96.36.199 Bcast:188.8.131.52 Mask:255.255.255.0 inet6 addr: fe80::4638:39ff:fe00:181/64 Scope:Link inet6 addr: fec0:1000:1000:1000::2/10 Scope:Site UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:98 errors:0 dropped:0 overruns:0 frame:0 TX packets:111 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:13310 (12.9 KiB) TX bytes:12786 (12.4 KiB)
|RN-10||cl-phy-update doesn't support aggregated ports||Ports can be aggregated into a larger interface in Cumulus Linux. Unfortunately support for aggregated ports is not yet supported when running cl-phy-update.
If there are any ganged ports during a SW upgrade it is recommended to ungang these ports
|RN-32||Adding bridges increases bootup time||If the "bridge_maxwait" parameter is not set, the system will take approximately twice as long to bring the system up.
You should set the "bridge_maxwait" to 1.
auto br1004 iface br1004 inet static address 184.108.40.206 netmask 255.255.0.0 bridge_ports regex (swp[1|6|7|8].1004) bridge_stp on bridge_bridgeprio 32768 bridge_maxwait 1 bridge_ageing 200 bridge_fd 30 down ip addr flush dev br1004
|RN-48||Agema 48x10GE switch eth0 driver reports eth0 as running even when PHY link is down||The Agema 48x10GE eth0 driver reports eth0 as running even when the PHY link is down.
This can be really misleading in trying to diagnose a link-down situation on eth0. ethtool eth0 shows the correct PHY link status, but ifconfig shows eth0 as running, regardless of the PHY link status.
A fix will be released after Cumulus Linux 1.5.
|RN-52||Parameters like the router ID and DR priority cannot be changed while OSPFv2/v3 is running||Router ID and DR priority can only be changed by shutting down OSPFv2/v3, changing the ID, and restarting the OSPF process.
A change to the DR priority may not properly be reflected in the LSAs that are still aging out.
|RN-56||ipv4/ipv6 forwarding disabled mode not recognized||
If either of the following is configured:
net.ipv4.ip_forward == 0
net.ipv6.conf.all.forwarding == 0
The hardware still forwards packets if there is a neighbor table entry pointing to the destination.
|RN-58||IPv6 route is installed and active in the routing table when the associated interface is down||If an IPv6 address is assigned to a "down" interface, the associated route is still installed into the route table.
Also, the type of IPv6 address doesn't matter. Link local, site local, and global all exhibit the same problem.
If the interface is bounced up and down, then the routes are no longer in the route table.
|RN-61||BGP4 notifications missing for several conditions||In certain conditions, Quagga bgpd silently closes the peering without sending a notification. For example, if BGP receives a message with an invalid message type or invalid message length.
Ideally on any one of these cases, bgpd should send out a notification message to the peer.
General functionality of BGP4 is not affected.
|RN-62||Attributes of a BGP aggregate route may not be RFC-compliant||When BGP is configured with an aggregate route and there are more specific routes of that aggregate, the BGP speaker needs to analyze the attributes of those specific routes while forming the attributes of the aggregate route. The corresponding rules are defined in RFC 4271, Sect. 220.127.116.11.
In certain cases, the user may observe non-compliant attribute formation for the aggregate route: for example, incorrect MED and ORIGIN attributes.
|RN-63||BGP4 recursive route not supported||
Quagga's bgpd does not support recursive routing when it's resolving BGP routes. It does work with respect to IGP routes.
For example, a BGP route of the form:
R1 -> N1
where the best match for N1 is also a BGP route:
(and N2 gets resolved through IGP or directly connected) -
will not get resolved.
Quagga's Zebra specifically does not allow for such types of routes. The Zebra route path resolution algorithm needs to be fixed.
Although, Cumulus Linux's version of Quagga -- 0.99.21 -- has errors in recursive routing, the community is actively trying to fix it and patches are being tested in 0.99.22.
|RN-64||Configuring route-reflector-client requires specific order||In configuring a route to be a route reflector client, the Quagga configuration must be specified in a specific order; otherwise, the router will not be a route reflector client.
The "neighbor <IPv4/IPV6> route-reflector-client" command must be done after the "neighbor <IPV4/IPV6> Activate" command; otherwise, the route-reflector-client command is ignored.
router bgp 65000 bgp router-id 0.0.0.4 bgp log-neighbor-changes no bgp default ipv4-unicast bgp cluster-id 0.0.0.4 bgp bestpath as-path multipath-relax redistribute connected neighbor 18.104.22.168 remote-as 65000 neighbor 22.214.171.124 route-reflector-client neighbor 126.96.36.199 activate neighbor 188.8.131.52 next-hop-self neighbor 184.108.40.206 remote-as 65000 neighbor 220.127.116.11 activate neighbor 18.104.22.168 next-hop-self neighbor 2001:ded:beef::1 remote-as 65000 neighbor 2001:ded:beef:2::1 remote-as 65000 maximum-paths 4 maximum-paths ibgp 4 ! address-family ipv6 redistribute connected neighbor 2001:ded:beef::1 activate neighbor 2001:ded:beef::1 next-hop-self neighbor 2001:ded:beef:2::1 route-reflector-client neighbor 2001:ded:beef:2::1 activate neighbor 2001:ded:beef:2::1 next-hop-self maximum-paths 4 maximum-paths ibgp 4 exit-address-family
cumulus@switch:$ show ip bgp neighbor 22.214.171.124 BGP neighbor is 126.96.36.199, remote AS 65000, local AS 65000, internal link BGP version 4, remote router ID 0.0.0.6 BGP state = Established, up for 00:23:49 Last read 23:31:36, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 0 Notifications: 0 0 Updates: 1 1 Keepalives: 25 24 Route Refresh: 0 0 Capability: 0 0 Total: 28 25 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast >>>>>>>>>>>>>>>>>>>>>> ROUTE REFLECTOR CLIENT NOT DISPLAYED NEXT_HOP is always this router Community attribute sent to this neighbor(both) 6 accepted prefixes Connections established 1; dropped 0 Last reset never Local host: 188.8.131.52, Local port: 179 Foreign host: 184.108.40.206, Foreign port: 40290 Nexthop: 220.127.116.11 Nexthop global: 2001:ded:beef::2 Nexthop local: fe80::202:ff:fe00:4 BGP connection: non shared network Read thread: on Write thread: off cumulus@switch:$
Define in following order address-family ipv4 unicast neighbor 18.104.22.168 activate neighbor 22.214.171.124 next-hop-self neighbor 126.96.36.199 route-reflector-client >>> Must be after Activate exit-address-family neighbor 2001:ded:beef:2::1 remote-as 65000 address-family ipv6 unicast redistribute connected maximum-paths 4 maximum-paths ibgp 4 neighbor 2001:ded:beef:2::1 activate neighbor 2001:ded:beef:2::1 next-hop-self neighbor 2001:ded:beef:2::1 route-reflector-client >>> Must be after activate exit-address-family Runtime status after change:
|RN-65||Virtual links in Quagga's OSPFv2 are non-operational||Cumulus Networks testing has identified too many issues with virtual link support in Quagga's OSPFv2. The feature is unsupported.|
|RN-68||Blackhole/Unreachable/Prohibit route addition in IPv6 returns corresponding error codes||IPv6 route operations indicate the destination action via returned error codes. In the example shown below where an unreachable route is being added, the return code is:
#define ENETUNREACH 101 /* Network is unreachable */
|RN-70||ACL: Bridge traffic that matches a LOG ACTION rule is not logged in syslog||For example, a bridge with switch ports swp1, swp2, swp3 as bridge members is configured. ACL rules to LOG and DROP for icmp traffic are configured.
Ping requests are sent from host1 on swp1 to host3 on swp3, and the following was observed:
* Counters for both LOG and DROP ACL rules are incrementing properly, but the packets are not showing up on /var/log/syslog.
* Packets that are copied to the CPU from hardware for the LOG rule are dropped due to the check in kernel to disable software bridging for hardware bridged packets.
|RN-77||New routes/ECMPs can evict existing/installed||Cumulus Linux syncs routes between the kernel and the switching silicon. If the required resource pools in hardware fill up, new kernel routes can cause existing routes to move from being fully allocated to being partially allocated.
In order to avoid this, routes in the hardware should be monitored and kept below the ASIC limits.
For example, on systems with Trident+ chips, the limits are as follows:
routes: 16384 <<<< if all routes are ipv4 long mask routes 256 <<<< i.e., routes with a mask longer than the route mask limit route mask limit 64 host_routes: 8192 ecmp_nhs: 4044 ecmp_nhs_per_route: 52That translates to about 77 routes with ECMP NHs, if every route has the maximum ECMP NHs.
Monitoring this in Cumulus Linux is performed via the cl-resource-query command:
cumulus@switch:~# sudo cl-resource-query hosts : 3 all routes : 29 IP4 routes : 17 IP6 routes : 12 nexthops : 3 ecmp_groups : 0 ecmp_nexthops : 0 mac entries : 0 / 131072 bpdu entries : 500 / 512The resource to monitor is the ecmp_nexthops. If this count is close to 4044, new ECMPs may evict existing routes.
|RN-88||SNMP support for Quagga is NOT provided in Cumulus Linux||Cumulus Linux 2.0 does not provide SNMP support for Quagga.|
|RN-99||cl-img-clear-overlay is disabled if kernel is upgraded using apt-get||If you have upgraded the kernel to version 1.5.2 using apt-get update, then cl-img-clear-overlay will be disabled. To ensure Cumulus Linux and all its contained packages are in sync, and to be able to use cl-img-clear-overlay, perform a full install of Cumulus Linux using cl-img-install.|
|RN-102||VXLAN: Error when configuring VXLAN network ID 0 or 16777215||VNI ID 0 and 16777215 are reserved values under Cumulus Linux and should not be used in a VXLAN configuration.
Steps to reproduce:
1. In your configuration script, set the VNI ID to 0 for a VXLAN netdev device.
41: vxLan_1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
2. Form the bridge.
3. Try to add a MAC address.
4. You will see following error:
In : pp.pprint(list_me) ['1381369733.607298 2013-10-10 01:48:53 hal_bcm.c:1130 CRIT Ticket:
Do not use VNI ID 0 or 16777215 for VXLANs.
|RN-103||In a VRR environment, the server that is bonded to the VRR switches could lose packets destined to the VRR's IP addresses for up to 15 seconds.||
In the following configuration:
. r1 . / \ . vrr1------vrr2 . \ / . host1
The hosts have bond interfaces where one sub-interface goes to switch, vrr1, and the other goes to the other switch, vrr2.
If the link between the host and one of the VRR switches goes down, it can take up to 15 seconds of the VRR switches to send out an ARP to clear the ARP cache on the host for the IP address on the bridge interface. This is because the host might not clear the ARP cache since the bond doesn't go down. Only a sub-interface in the bond goes down.
Steps to reproduce:
1. One of the the hosts connected to the VRR switches, ping the real IP addresses of the bridge.
2. On the same host, bring the active interface down with "ip link set down" and let the backup take over.
3. Ping the real IP addresses of the VRR switch that is connected to the active interface.
|RN-111||Default arp_filter is set to 0, which causes the wrong interfaces to be associated||From Linux documentation:
arp_filter - 0 (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behavior cause problems.
To work around this issue, set the arp_filter to 1:
sysctl -w net.ipv4.conf.default.arp_filter=1
|RN-112||Enabling LACP support for non-L3/L4 modes||Issue:
The current LACP implementation only supports srcdestip (0x6) mode.
In order to use srcdestmac mode, use the following commands:
First, find the bond name to hardware ID mapping:
cumulus@switch:/var/log# sudo kill -SIGRTMIN+5 `pidof switchd`
Based on the mapping, run the following command, where psc id is the HAL:x:
cumulus@switch:$ sudo /usr/lib/cumulus/bcmcmd trunk psc id=1 rtag=0x3
1. The HAL ID is a non-persistent ID.
2. If the bond interface goes down or up, you need to do this again.
Verify the commands:
srcdestmac mode 0x3== platform dni-7448-05
|RN-113||High memory utilization on switches when large number of MAC addresses have ageing time set to 20000||Issue:
For example, on a system when 115,000 MAC addresses are added with ageing time set to 20,000 seconds, the memory usage climbs to more than 90% and a cl-support incident is created.
Cumulus Networks has tested and verified 32,000 MAC addresses for every supported platform. In addition, each manufacturer provides their own limits in the hardware.
You can determine your switch's MAC address hardware limit using cl-resource-query:
cumulus@switch:~$ sudo cl-resource-query
|RN-114||First 4 packets hitting the ACL FORWARD chain for setting DSCP values don't have the DSCP values set correctly||Issue:
The first 4 packets hitting the ACL for setting the DSCP values aren't getting their DSCP values set. After that, the reset of the packets have the DSCP values set correctly.
For example, assume you installed the following ACLs:
Try sending 10 packets from host11 using the following command:
mz swp1 -A 188.8.131.52 -B 184.108.40.206 -b 00:02:00:00:00:1a -t tcp
The first few packets received by the destination show that the DSCP values aren't set:
[cumulus@switch] out:18:19:10.703214 44:38:39:00:5d:0e > 00:02:00:00:00:07,
"fp show" displays the following:
EID 0x0000005d: gid=0x1,
"fp stat get" reveals:
sudo /usr/lib/cumulus/bcmcmd fp stat get StatID=93 type=Packets
|RN-116||Bridge driver issues affecting IGMP snooping behavior on STP topology change||Issue:
The Cumulus Linux bridge driver does not adhere to the IETF standard for IGMP snooping during an STP topology change.
On an STP topology change, RFC 4541, section 2.1.1, point 4 (https://tools.ietf.org/html/rfc4541, copied below) suggests what an IGMP snooping switch should do to reduce network convergence; this is not present in the bridge driver.
In addition, the bridge driver does not send a general query on receiving a global leave.
4) An IGMP snooping switch should be aware of link layer topology changes
|RN-117||ACL: Generic error message displayed after ACL rule installation failure||
cumulus@switch:$ sudo cl-acltool -i -p 00control_plane.rules
|RN-119||LLDP frames being reported as software RX drops when received on bridge interfaces||Issue:
RX drops have been reported on interfaces (using cl-netstat) that are not reflected in hardware, when they are actually received LLDP frames.
Steps to reproduce:
|RN-120||ethtool LED blinking does not work with switch ports||Linux uses ethtool -p to identify the physical port backing an interface, or to identify the switch itself. Usually this identification is by blinking the port LED until ethtool -p is stopped.
This feature does not apply to switch ports (swpX) in Cumulus Linux.
|RN-121||PTMD: When a physical interface is in a PTM FAIL state, its subinterface still exchanges information||Issue:
When PTMD is incorrectly in a failure state and the Zebra interface is enabled, PIF BGP sessions are not establishing the route, but the subinterface on top of it does establish routes.
If the subinterface is configured on the physical interface and the physical interface is incorrectly marked as being in a PTM FAIL state, routes on the physical interface are not processed in Quagga, but the subinterface is working.
Steps to reproduce:
cumulus@switch:$ sudo vtysh -c 'show int swp8'
|RN-122||Spanning tree interoperability issue with common spanning tree||Cumulus Linux currently does not operate correctly with bridges that implement a single instance of STP (common spanning tree) and map all VLANs (bridges) to that single instance.|
|RN-125||Network LSA with an old router ID isn't flushed out by the originator||Issue:
When the router ID is changed, the router should remove the previous network LSA (link-state advertisement) that it generated based on the IP address on the interface in the Network LSA.
Cumulus Networks isn't removing this LSA, so it will be naturally aged out.
|RN-127||In an OSPFv2 unnumbered interface, the "ip ospf area " in the interface command section is rejected when a "network" command is present||Issue:
If there is a "network / area " command present in the Quagga configuration, the "ip ospf area " command is rejected with the error "Please remove network command first." This prevents you from configuring other areas on some of the unnumbered interfaces.
Steps to reproduce:
Here is a sample configuration from ospfd.conf that illustrates the problem:
|RN-128||Quagga does not start by default in Cumulus Linux 2.0||To start Quagga, modify /etc/quagga/daemons to enable the corresponding daemons.
zebra=yes (* this one is mandatory to get the others up)
Then, restart Quagga.
cumulus@switch1:~# sudo /etc/init.d/quagga start
|RN-132||You must run "apt-get update" before running any apt-get commands or after changing sources.list||
Before running any apt-get commands or after changing the source.list file in /etc/apt, you need to run apt-get update.
|RN-133||Interface names in Cumulus Linux cannot exceed 15 characters||
Device names, including interface names, in Cumulus Linux cannot exceed 16 characters – including the terminator. Cumulus Linux truncates longer interface names.
To avoid this issue, do not assign long names to your interfaces.
The following example configuration reproduces this issue:
cumulus@switch:/sys/class/net$ grep 'iface br' /etc/network/interfaces iface br2-pubmgmt inet static iface br3-prvmgmt inet manual iface br400-quarantine inet manual iface br401-peering-1k5 inet manual iface br402-peering-9k inet manual iface br500-pi-exa inet manual iface br501-akamai-exa inet manual iface br502-exa-internetfactory inet manual cumulus@switch:/sys/class/net$ brctl show | grep br bridge name bridge id STP enabled interfaces br2-pubmgmt 8000.089e01cebe37 no bond0.2 br3-prvmgmt 8000.089e01cebe3a no bond0.3 br400-quarantin 8000.089e01cebe37 no bond0.400 br401-peering-1 8000.089e01cebe3a no bond0.401 <<<
|RN-134||Installing Chef under Cumulus Linux||
The Cumulus Linux 2.0 repository contains two versions of Chef, the automation tool: 11.6.2 (the current version) and 10.30.4.
To install the latest version, connect to the switch and use
cumulus@switch:~# sudo apt-get install chef
To install 10.30.4, connect to the switch and use apt-get:
cumulus@switch:~# sudo apt-get install chef=10.30.4-0.debian.7.3
ACL counters incorrect
Although ACL rules work, ACL counters for any ACL rules in ebtables, iptables, i6tables, are all incorrect. This bug is being analyzed and worked on, and a workaround/fix will be provided in a future release.
|RN-143||TERR/RFCS seen when switching direction from 40G ingress to 10G egress port, when same share pool uses different egress CoS queue.||
Under some congestion conditions, packets that should be dropped may be truncated, marked as error packets, and forwarded.
cumulus@switch:~# sudo ethtool -S swp48 | grep Error
This is a known issue that should be fixed in a future release.
|RN-146||Public community disabled by default||
Public community is disabled by default. While it is disabled,
#rocommunity public default -V systemonly
If the comment is removed, an agent can query the switch with this:
rocommunity public default -V systemonly
After you make any change to
To define the desired community configuration, use:
rocommunity default -V systemonly
|RN-147||PSU status is not properly represented by LEDs on Quanta LY2 switches||
On Quanta LY2 switches, a sysled-mgmt unhandled exception error can occur, which will lead to systems LEDs remaining off and improperly reflecting the PSU status. Normally the LEDs flash yellow to indicate when either of the two units are NOT functioning properly.
This is a known issue that will be fixed in a future release.
The following error should be seen in
Apr 14 22:27:11 cumulus : /usr/sbin/smond : : Health of system unit changed to ERROR
Creating an OVS bridge with the VXLAN option will cause switchd to crash
|A core dump can occur if VXLAN is run on a non-supported platform, like a Trident+. VXLAN is supported only on switches using the Trident II chipset.|
|RN-150||Tagged packets have their 802.1p value set to 0||
All the tagged packets get their 802.1p priority value set to 0.
This is a known issue that should be fixed in a future release.
|RN-151||JunOS OSPF compatibility issues||
You may encounter the following issues with OSPF on Juniper Networks routers:
|RN-152||BGP: Neighbors sometimes take excessively long time to come up||
Intermittent test failures can occur in BGP due to neighbors failing to come back up. Logging data from one such test is listed below.
2014/03/14 20:02:38 BGP: %NOTIFICATION: received from neighbor 192.168.102.2 6/7
This is a known issue that will be fixed in a future release.
|RN-153||BGP ECMP x64 topology is missing routes||
Sometimes in an ECMP x64 topology, the nodes learn fewer paths to a route than the expected 64.
The issue arises because Cumulus Linux bring up peers very quickly and sometimes a peer comes up before Zebra has finished providing the OS with all connected routes (Zebra identifies all of the connected routes to BGP; BGP then sanity checks the next hops from the EBGP peers against that list).
This issue will be fixed in a future release of Cumulus Linux.
If you installed Cumulus Linux 2.0.2 using
Both libraries are identical and otherwise work correctly; they are just numbered differently in the package.
Security Update for apt and bash packages: Shellshock bug fix
For information on updating Cumulus Linux to address this issue, read this article.
|RN-313||High memory utilization by
When performing an MIB walk on Cumulus Linux running the standard NET-SNMP 5.4.3 package, memory is consumed and not returned. Over time, this can lead to sub-optimal performance and ultimately can cause the system to hang and require a reboot.
|Security Update for CVE-2015-7547: glibc getaddrinfo Stack-based Buffer Overflow Vulnerability||For details on this issue and how to upgrade, read this article.|