Cumulus Linux 2.1.1 Release Notes

Follow

Overview

These release notes support Cumulus Linux 2.1.1 and describe currently available features and known issues.

Licensing

Cumulus Linux is licensed on a per-instance basis. Each network system is fully operational, enabling any capability to be utilized on the switch with the exception of forwarding on switch panel ports. Only eth0 and console ports are activated on an un-licensed instance of Cumulus Linux. Enabling front panel ports requires a license.

You should have received a license key from Cumulus Networks or an authorized reseller. To install the license, read the Cumulus Linux quick start guide.

Package Updates for Cumulus Linux 2.1.1

Three new packages have been uploaded to the Cumulus Linux 2.1.1 repository. Cumulus Networks strongly encourages you to update them.

Package Version x86 Platform Package Name PowerPC Platform Package Name Notes
ptmd 1.0-cl2.1+1 ptmd_1.0-cl2.1+1_amd64.deb ptmd_1.0-cl2.1+1_powerpc.deb Prescriptive Topology Manager (PTM) daemon
lldpd 0.7.2-0+cl2.1+1 lldpd_0.7.2-0+cl2.1+1_amd64.deb
lldpd-dbg_0.7.2-0+cl2.1+1_amd64.deb
lldpd_0.7.2-0+cl2.1+1_powerpc.deb
lldpd-dbg_0.7.2-0+cl2.1+1_powerpc.deb
Implementation of IEEE 802.1ab (LLDP)
cl-utilities 1.0-cl2.1+3 cl-utilities_1.0-cl2.1+3_amd64.deb cl-utilities_1.0-cl2.1+3_powerpc.deb Collection of Cumulus Linux cl-* commands

Use apt-get to update the software:

  1. Run apt-get update.
  2. Run apt-get upgrade.

A reboot is not necessary, as the ptmd and lldpd processes restart automatically.

Enabling Quagga

There is no SNMP support for Quagga in this release (see RN 88 below). Due to this circumstance, you must remove all references to smux in each of the following configuration files. You must also remove these references before upgrading Cumulus Linux using apt-get. If the smux entries are present in the configuration files, the daemons in the 2.1.1 packaged version of Quagga will not start.

  1. cd /etc/quagga
  2. grep smux *
  3. Delete all lines in the config files containing the smux keyword.

The references to smux that must be removed are:

  • In bgpd.conf, remove this line:
    smux peer 1.3.6.1.4.1.3317.1.2.2 quagga_bgpd
  • In ospf6d.conf, remove this line:
    smux peer 1.3.6.1.4.1.3317.1.2.6 quagga_ospf6d
  • In ospfd.conf, remove this line:
    smux peer 1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
  • In zebra.conf, remove this line:
    smux peer 1.3.6.1.4.1.3317.1.2.1 quagga_zebra

What's New in Cumulus Linux 2.1.1

Cumulus Linux 2.1.1 supports these new hardware platforms and features:

  • sFlow support package (hsflowd) was moved from the testing repo to addons.

For a presentation highlighting the major changes, see Cumulus Linux 2:1 What's New and Different.

Experimental Features

The following experimental features are included in Cumulus Linux 2.1.1:

Documentation

You can read the technical documentation here.

Issues Fixed in Cumulus Linux 2.1.1

The following is a list of issues fixed in Cumulus Linux 2.1.1 from earlier versions of Cumulus Linux.

Release Note ID Summary

RN-167

Enabling Puppet Labs components

RN-168

On Dell S6000 switches, cl-sfputil works but returns: "Error reading eeprom <type 'exceptions.IndexError'>"

RN-169

On an Arctica 3200XL switch with IPv6 ACLs, switchd restarts multiple times, then dumps core

RN-170

Kernel panic: Oops: Kernel access of bad area, sig: 11 [#1] - NULL pointer dereference in br_deliver

RN-171

MAC learning is stopped on bridges

RN-172

When x86 platform experiences a kernel panic, the switch must be power cycled

RN-173

On Arctica 4804X, the sensors tool reports incorrect max temperature

RN-174

Bond peer missing

RN-175

ifupdown2 fails to remove last slave after reconfiguring bond
RN-232 The lldpd process may crash due to a checksum error and generate a core file
RN-233 A code error may crash the lldpd process and generate a core file
RN-234 lldpcli reflects incorrect hostname for downstream server host
RN-235 ptmd returns "No Hostname/MgmtIP" error
RN-236 ptmd may crash and generate a core file when no peer link information is provided
RN-237 PTM doesn't handle multiple LLDP neighbors on a single interface
RN-238 Running service ptmd reconfig may cause the ptmd process to crash and generate a core file
RN-239 ptmd may cause lldpctl to crash and generate a core file
RN-240 ptmctl hangs with this error: "ERR Older data to be sent (Resource temporarily unavailable)"
RN-241 When multiple BFD sessions on a port are reported to ptmctl, it may crash and generate a core file

Known Issues in Cumulus Linux 2.1.1

Issues are categorized for easy review. Some issues are fixed but will be available in a later release.

Release Note ID Summary Description
RN-52 Parameters like the router ID and DR priority cannot be changed while OSPFv2/v3 is running Router ID and DR priority can only be changed by shutting down OSPFv2/v3, changing the ID, and restarting the OSPF process.

A change to the DR priority may not properly be reflected in the LSAs that are still aging out.
RN-88 SNMP support for Quagga is NOT provided in Cumulus Linux Cumulus Linux 2.1.1 does not provide SNMP support for Quagga.
RN-112 Enabling LACP support for non-L3/L4 modes Issue:
The current LACP implementation only supports srcdestip (0x6) mode.

Resolution:
In order to use srcdestmac mode, use the following commands:

First, find the bond name to hardware ID mapping:
cumulus@switch:/var/log# sudo kill -SIGRTMIN+5 `pidof switchd` 
cumulus@switch:/var/log# grep -A 1000 'Bond Info Dump Start' /
/var/log/switchd.log | grep -B 1000 'Bond Info Dump End'
1386720020.205690 2013-12-11 00:00:20 sync.c:740 Bond Info Dump Start
1386720020.205953 2013-12-11 00:00:20 sync.c:736 Kernel: bond0 HAL: 0>>>Mapping
1386720020.205981 2013-12-11 00:00:20 sync.c:743
1386720020.206005 2013-12-11 00:00:20 hal_bcm.c:4110 HAL unit: 0
1386720020.206042 2013-12-11 00:00:20 hal_bcm.c:4106 HAL: 0 ext_vlan 0
int_vlan 2000 egr_pg 1
1386720020.206225 2013-12-11 00:00:20 sync.c:745 Bond Info Dump End

Based on the mapping, run the following command, where psc id is the HAL:x:
cumulus@switch:$ sudo /usr/lib/cumulus/bcmcmd trunk psc id=1 rtag=0x3 

Notes:
1. The HAL ID is a non-persistent ID.
2. If the bond interface goes down or up, you need to do this again.

Verify the commands:
srcdestmac mode 0x3== platform dni-7448-05 
XOR DST+SRC MAC = PASS
FLOOD = PASS
RN-116 Bridge driver issues affecting IGMP snooping behavior on STP topology change Issue:
The Cumulus Linux bridge driver does not adhere to the IETF standard for IGMP snooping during an STP topology change.

Resolution:
On an STP topology change, RFC 4541, section 2.1.1, point 4 (https://tools.ietf.org/html/rfc4541, copied below) suggests what an IGMP snooping switch should do to reduce network convergence; this is not present in the bridge driver.

In addition, the bridge driver does not send a general query on receiving a global leave.

4) An IGMP snooping switch should be aware of link layer topology changes
caused by Spanning Tree operation. When a port is enabled or disabled by
Spanning Tree, a General Query may be sent on all active non-router ports
in order to reduce network convergence time. Non-Querier switches should be
aware of whether the Querier is in IGMPv3 mode. If so, the switch should not
spoof any General Queries unless it is able to send an IGMPv3 Query that
adheres to the most recent information sent by the true Querier. In no case
should a switch introduce a spoofed IGMPv2 Query into an IGMPv3 network, as
this may create excessive network disruption.

If the switch is not the Querier, it should use the 'all-zeros' IP Source Address
in these proxy queries (even though some hosts may elect to not process queries
with a 0.0.0.0 IP Source Address). When such proxy queries are received, they must
not be included in the Querier election process.
RN-120 ethtool LED blinking does not work with switch ports Linux uses ethtool -p to identify the physical port backing an interface, or to identify the switch itself. Usually this identification is by blinking the port LED until ethtool -p is stopped.

This feature does not apply to switch ports (swpX) in Cumulus Linux.
RN-121 PTMD: When a physical interface is in a PTM FAIL state, its subinterface still exchanges information Issue:
When PTMD is incorrectly in a failure state and the Zebra interface is enabled, PIF BGP sessions are not establishing the route, but the subinterface on top of it does establish routes.

If the subinterface is configured on the physical interface and the physical interface is incorrectly marked as being in a PTM FAIL state, routes on the physical interface are not processed in Quagga, but the subinterface is working.

Steps to reproduce:
cumulus@switch:$ sudo vtysh -c 'show int swp8' 
Interface swp8 is up, line protocol is up
PTM status: fail
index 10 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 44:38:39:00:03:88
inet 12.0.0.225/30 broadcast 12.0.0.227
inet6 2001:cafe:0:38::1/64
inet6 fe80::4638:39ff:fe00:388/64
cumulus@switch:$ ip addr show | grep swp8
10: swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 500
inet 12.0.0.225/30 brd 12.0.0.227 scope global swp8
104: swp8.2049@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.229/30 brd 12.0.0.231 scope global swp8.2049
105: swp8.2050@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.233/30 brd 12.0.0.235 scope global swp8.2050
106: swp8.2051@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.237/30 brd 12.0.0.239 scope global swp8.2051
107: swp8.2052@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.241/30 brd 12.0.0.243 scope global swp8.2052
108: swp8.2053@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.245/30 brd 12.0.0.247 scope global swp8.2053
109: swp8.2054@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.249/30 brd 12.0.0.251 scope global swp8.2054
110: swp8.2055@swp8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
inet 12.0.0.253/30 brd 12.0.0.255 scope global swp8.2055
cumulus@switch:$
bgp sessions:
12.0.0.226 ,4 ,64057 , 958 , 1036 , 0 , 0 , 0 ,15:55:42, 0, 10472
12.0.0.230 ,4 ,64058 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285
12.0.0.234 ,4 ,64059 , 958 , 1049 , 0 , 0 , 0 ,15:55:40, 187, 10285
12.0.0.238 ,4 ,64060 , 958 , 1039 , 0 , 0 , 0 ,15:55:45, 187, 10285
12.0.0.242 ,4 ,64061 , 958 , 1014 , 0 , 0 , 0 ,15:55:46, 187, 10285
12.0.0.246 ,4 ,64062 , 958 , 1016 , 0 , 0 , 0 ,15:55:46, 187, 10285
12.0.0.250 ,4 ,64063 , 958 , 1029 , 0 , 0 , 0 ,15:55:43, 187, 10285
12.0.0.254 ,4 ,64064 , 958 , 1036 , 0 , 0 , 0 ,15:55:44, 187, 10285


RN-125 Network LSA with an old router ID isn't flushed out by the originator Issue:
When the router ID is changed, the router should remove the previous network LSA (link-state advertisement) that it generated based on the IP address on the interface in the Network LSA.

Resolution:
Cumulus Networks isn't removing this LSA, so it will be naturally aged out.
RN-149 VXLAN:
Creating an OVS bridge with the VXLAN option will cause switchd to crash
 
A core dump can occur if VXLAN is run on a non-supported platform, like a Trident+. VXLAN is supported only on switches using the Trident II chipset.
RN-150 Tagged packets have their 802.1p value set to 0

All the tagged packets get their 802.1p priority value set to 0.

This is a known issue that should be fixed in a future release.

RN-161 Packets on local ports get dropped on admin state change of VXLAN instance attached to bridge

Packets between local ports of a bridge will get dropped momentarily when user changes the admin state of a VXLAN instance attached to the bridge (as in, when running "ip link set up/down"). Bridge attributes in the hardware are modified on the state change, which causes packets between member ports of the bridge to get dropped.

There is no workaround at this time; traffic should be stopped before changing the admin state of an attached VXLAN instance.

RN-162 Priority Flow Control doesn't work on Trident II switches

Priority Flow Control (PFC) configuration is not correct for switches on the Trident II platform. As a result, PFC doesn't work.

There is no workaround at this time.

RN-163 VXLAN: ovsdb-server cannot select loopback interface as source IP address, causing TOR registration to the controller to fail

In a VXLAN using VMware NSX, ovsdb-server cannot select the loopback interface as the source IP address. This causes TOR registration to the controller to fail.

To work around this issue, run:

cl-bgp redistribute add connected
RN-164 IFLA_VXLAN_SERVICE_NODE incompatible with upstream kernel

IFLA_VXLAN_SERVICE_NODE is a Cumulus Linux-specific VXLAN attribute, and the Debian kernel has had more VXLAN attributes added to it since Cumulus Linux 2.0 was released.

This issue will be fixed in a future release of Cumulus Linux.

RN-166 VXLAN error after quickly deleting then creating a bridge with the same ports: "ERR Cannot find vxlan port <> vpn <>"

On back-to-back deletion and creation of a VXLAN, bridge and member ports, the state sync to hardware can happen in reverse order, where the VXLAN ports are created first and deleted second. This results in a missing member port in the hardware and this error message: "ERR Cannot find vxlan port <> vpn <>".

This error occurs when using scripts to configure the VXLAN.

RN-176 ipv6route only shows 2K routes; causes cl-route-check to fail incorrectly

 

RN-195

Security Update for apt and bash packages: Shellshock bug fix

For information on updating Cumulus Linux to address this issue, read this article.

RN-205 Running the cl-support script kills switchd

Cumulus Networks has created a patch for cl-support to correct this issue. To upgrade cl-support, run:

  1. apt-get update
  2. apt-get install cl-support
RN-270 inotify support

inotify is not supported by the overlayfs root filesystem on PowerPC platforms.

RN-313 High memory utilization by snmpd following MIB walks

When performing an MIB walk on Cumulus Linux running the standard NET-SNMP 5.4.3 package, memory is consumed and not returned. Over time, this can lead to sub-optimal performance and ultimately can cause the system to hang and require a reboot.

Monitor snmpd memory utilization using ps aux and system memory utilization with free or cat /proc/meminfo. If required, restart snmpd using service snmpd restart.


RN-372 (CM-9360)
Security Update for CVE-2015-7547: glibc getaddrinfo Stack-based Buffer Overflow Vulnerability For details on this issue and how to upgrade, read this article.
Have more questions? Submit a request

Comments

Powered by Zendesk