...
These notes summarizes PICOS 4.4.0 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.
| Table of Contents |
|---|
New Features
Layer 2 and Layer 3
...
MVRP Support
Multiple VLAN Registration Protocol (MVRP) is a Layer 2 messaging protocol that is used to create and manage VLANs automatically and dynamically in order to reduce the complication and errors of manual management of VLANs. With MVRP enabled, the configured VLANs on one switch can be distributed through all active switches within the network domain. Please have the details by reference of document MVRP.
...
L2 Traceroute
The Layer 2 traceroute help to find out the Layer 2 path from a source device to a destination device within a specific VLAN by giving the unicast MAC address of the destination device. When run this Layer 2 traceroute tool, will display the system MAC address and ingress & egress ports of each device on the path. Please have the details by reference of document MAC Trace.
...
Check PoE Status on AS4630_54NPE and AS4630_54PE
PoE status is covered in system diagnosis report when the switch boots up on AS4630_54NPE and AS4630_54PE.
...
License Update
New items, "Feature Speed" and "Subscription Type", are added on license portal. The 40G and 25G switches are separated from 10G switches with respect to licensing. PICOS 4.3.3 supports these new items as well as be back compatible with old license keys.
...
Time Based ACL
Configured firewall ACL rules can only come into effective based on the periodic or absolute time ranges as specified. Please have the details by reference of document Configuring Time Range.
...
MAC-Based VLAN
A received untagged packet can be assigned a VLAN based on its source MAC address. The VLAN with respect to a MAC address can be configured. Please have the details by reference of document Configuring MAC-based VLAN.
...
ERSPAN Based ACL
ERSPAN is supported based on the ingress or egress on a specific port in 4.3.1. In 4.3.2, the ACL matched traffic can be encapsulated in GRE packets and then sent to remote destinations across Layer 3 networks. Please have the details by reference of document Mirror Configuration.
...
DACL Enhancement
DACL rules will not applied to the ASIC based on the source MAC addresses of the authenticated clients. If the same DACL rules with the same DACL name are shared by multiple clients, only one set of DACL rules are installed to the ASIC. That will reduce the number of DACL rules in the ASIC dramatically. Additionally, a single-width DACL group is generated to contains greater number of DACL rules. Please have the details by reference of document NAC Configuration Guide.
...
Maximum Metric of OSPF
If max-metric comes into effective, OSPF process describes its transit links in its router-LSA as having infinite distance. Other routers can still reach networks through this router. But other routers will re-calculate routing paths bypassing this router. This mechanism can allow OSPF to converge fully first without affecting any existing routes. The max-metric feature can be effective for a period before OSPF shut-down or after OSPF startup. Additionally, it can also be enabled administratively. Please have the details by reference of document OSPFv2 Commands.
...
Maximum Number of Multicast Groups per Port
When enable IGMP snooping, the maximum number of multicast groups per port can be configured. Please note, in current implementation of IGMP snooping, the global maximum number of multicast groups is 256. Please have the details by reference of document set protocols igmp-snooping interface max-groups.
...
Disable ZTP
Add a new CLI command "set system ztp enable" to enable or disable ZTP functionality. Please have the details by reference of document Enabling or Disabling Zero Touch Provisioning.
...
Multicast Traceroute
Display the traceroute of a specific multicast group towards source. Please have the details by reference of document run mtrace.
...
Refine CoPP
The inband management traffic including SNMP, SSH, NNTP, RADIUS, TACACS are put into a separate CoPP queue. That can ensure the minimum bandwidth for the inband management traffic.
...
VLAN Created Potentially
When PICOS starts up, all VLANs (1 - 4094) are created. Don't need to create new VLANs by CLI command "set vlans vlan-id ...".
...
Show Detailed Information of All LLDP Neighbors
Add a command "run show lldp neighbor all detail" to show the detailed information of LLDP neighbors on all interfaces.
...
Uplink Failure Detection
Uplink failure detection is a mechanism of network redundancy for the server going with network adapter teaming. If uplink failure detection is enabled, the switch monitors the uplink ports. When all the uplink ports go down, the switch will disable all the associated downlink ports. Please have the details by reference of document Uplink Failure Detection. This feature is copied from version 4.3.1.1 to 4.3.2.
...
Add a New Option to "picos_boot management-port-mapping" on AS7326_56X and AS7726_32X
Add a new option "No me Port(s)" to command "picos_boot management-port-mapping" on AS7326_56X and AS7726_32X as following:
admin@PICOS:~$ sudo picos_boot management-port-mapping
[1] To Host CPU * default
[2] To Front Panel
[3] No me Port(s)
If choose option #3, under this mode, me-1/1/x ports are disabled. all xe-1/1/x ports can be split into 4x. Please have the details by reference of document 10G-Base-KR Interface Configuration. This feature is copied from version 4.3.1.4 to 4.3.2.
...
Uplink Failure Detection
If uplink failure detection is enabled, the switch monitors the uplink ports. When all the uplink ports go down, the switch will disable all the associated downlink ports.
...
Disable me-1/1/1 Ports on AS7326_56X and AS7726_32X
Add a new option "No me Port(s)" to command "picos_boot management-port-mapping" on AS7326_56X and AS7726_32X as following:
admin@PICOS:~$ sudo picos_boot management-port-mapping
[1] To Host CPU * default
[2] To Front Panel
[3] No me Port(s)
If choose option #3, under this mode, me-1/1/x ports are disabled. all xe-1/1/x ports can be split into 4x.
...
Refine ZTP Installation
With the update ZTP provision script, PICOS can load the customization configuration automatically after ONIE installation.
...
Anycast Gateway over MLAG
A pair of virtual IP/MAC address can be configured on the 2 MLAG spines. This virtual IP address can be used as the anycast gateway for the downstream hosts. With anycast gateway, MLAG spines can be deployed as VTEP switches under EVPN distributed environment.
...
ERSPAN on Port
Encapsulated Remote SPAN (ERSPAN) encapsulated the captured traffic, based on the ingress or egress on a specific port, in GRE packets which can be sent to remote destinations across Layer 3 networks.
...
VLAN Member Ranges on Port
Only one "vlan members" configuration node is kept on a specific port. To change the configured VLAN member range, it doesn't require to remove the configured VLAN range and add new one. Therefore, the traffic in the data plane will not be interrupted.
...
Support 1000 L3 Interfaces on Trident3 Platforms
Maximum 1000 L3 interfaces can be configured on Trident3 platforms. On other platforms, maximum 510 L3 interfaces can be configured.
...
Multihoming EVPN Based on VPLAG
By adding multiple VXLAN network ports to a VPLAG (Virtual Port Link Aggregation Group), the VXLAN traffic can be hashed out to the multiple associated remote VTEPs. The implementation of L2 hashing based on VPLAG provide redundancy and load balance in EVPN multihoming deployment.
...
Add L3 Interfaces to Linux Kernel
The L2 interfaces which are mapped to physical ports on front panel and the LAG ports are added to Linux Kernel. MAC learning is enabled in the Kernel bridge connecting to these L2 interfaces. Therefore, the traffic generated from Linux Kernel will not be flooded out of these physical ports on front panel. This enhancement fixed the MLAG disfunction in 4.3.0.
...
Show Session Timeout
Display session timeout in the output of "run show dot1x interface".
...
EVPN Multihoming
EVPN multihoming is a replacement mechanism for MLAG in EVPN deployment based on standard protocol (BGP-EVPN). In one customer site, a server can connect to two or more VTEP switches in order for redundancy. Additionally, the peer-link between MLAG spines is not needed in EVPN multihoming site. Please have the details by reference of document EVPN Multihoming Configuration Guide.
...
New BGP Commands
Add new BGP commands to configure confederation, dampening, local-preference, fast-external-failover, and prefix limits. Please have the details by reference of document BGP Commands.
...
Unnumbered BGP
With unnumbered BGP, it's not necessary to configure IP address of the BGP neighbor. The IPv6 link local is used to build BGP session from one hop to the next hop. The link local address of the BGP neighbor can be discovered by IPv6 ND (Neighbor Discovery) automatically.
...
Telemetry Based on gRPC/gNMI
The controller or network management system such as AmpCon can access to telemetry data on the switch remotely via gRPC/gNMI in order for monitoring the performance and status of the switch. The gRPC operations including CapabilityRequest, GetRequest, SetRequest, and SubscribeRequest are supported. The telemetry data including interfaces and LLDP is covered in PICOS 4.3.0 so far.
...
LACP Fast Mode
Support LACP fast mode. Under LACP fast mode, LACP control packets are sent to an LACP-enbled port per 1 second instead of 30 seconds under slow LACP mode.
OVS and OpenFlow
...
SNMPv3 Trap
If SNMPv3 is enabled, SNMP trap messages will be sent out in SNMPv3 format under OVS mode.
NPB
...
Update Session Token
Once you are on the NPB web page, the current session token can be updated automatically during GUI activity when the timeout of the old token expires after 30 minutes without the need to re-login.
Fixed Issues
Layer 2 and Layer 3
...
Delete remote-as BGP Neighbor
If delete remote-as of a BGP neighbor, other sub-nodes under this BGP neighbor must be deleted firstly. Otherwise, it will be failed with prompt error message if execute "commit" or "commit check".
...
OSPF max-metric cannot be Enabled Administratively
When commit "set protocols ospf max-metric router-lsa administrative", it will fail. This issue is fixed in 4.3.3.
...
4K Built-in Entries in L2 Table
When PICOS boots up, there are 4K built-in entries in L2 table corresponding to each VLAN. In 4.3.3, if only a VLAN is configured on a specific port, will create a L2 entry pointing to the CPU port, matching system MAC address and this VLAN, in L2 table.
...
Enable Tagged/Untagged for Private VLAN
When add a private VLAN to a trunk port, this VLAN can be specified as tagged or untagged as a common VLAN.
...
BPDU Guard Enabled Ports Get Blocked(4.3.2.2)
When LLDP frames are received with destination MAC address 01:80:C2:00:00:00 on the ports with BPDU guard enabled, the ports will be blocked because the frames are identified as BPDU mistakenly based on the destination MAC address. This issue is fixed in 4.3.2.2. If the ethertype is 0X88CC, the frames with destination MAC address 01:80:C2:00:00:00 should be recognized as LLDP other than BPDU.
...
Firewall Filter Can be Applied to Only Maximum 64 Output Interfaces (2.11.11.2-s1)
A firewall filter can only be applied to maximum 64 output interfaces. This restriction is unnecessary and removed in this version.
...
PICOS Crashes When Assigning a VLAN by Name Instead of ID (4.3.2.2)
VLAN names are not allowed to be added to "vlan members" on trunk ports. Will give prompt error message if commit that kind of configuration.
...
SIF Crash (4.3.2.2)
The process pica_sif crashes occasionally on an EVPN switch in either of the following two cases:
- Get all VXLAN network interfaces down.
- l3-interface over a L2 VNI is not configured when arp-nd-suppress is enabled.
...
Fail to Include Information from BCM Tool in tech_support (4.3.2.2)
When execute "run show tech_support", cannot generate the hardware information from BCM tool with error message ".Bsh open log file failed".
...
Maximum number of dynamic-author Clients (4.2.3.7)
Lift the maximum number of RADIUS dynamic-author clients from which the switch accepts Change of Authorization (CoA). Allow to configure maximum 20 dynamic-author clients.
...
Cannot Configure 5G/10G to auto-speeds 4630-54NPE (4.2.3.7)
If the speed of ports, from ge-1/1/37 to ge-1/1/48, is under auto mode, the speed cannot be negotiated into 5G/10G with the peer device. Additionally, 5G/10G cannot be configured to auto-speeds on these ports. This issue is fixed in 4.3.3.
...
Routing Doesn't Work on L3 Interface over VLAN 1
Directly connected routes cannot be generated on L3 interface over VLAN 1. For example, cannot ping the IP address configured on L3 interface over VLAN 1.
...
Ports Are UP During PICOS Bootup
The ports on platforms with external PHY such as AS5835_54T or AS5812_54T may be up even though PICOS is not ready due to bootup. The traffic received on these ports will be dropped because these ports cannot transmit traffic under this circumstance. In case of MLAG configured on these ports, may lead to long time (2 to 3 minutes) traffic loss during bootup of one MLAG spine switch.
...
PICOS Crashes When Assigning a VLAN by Name Instead of ID
VLAN names are not allowed to be added to "vlan members" on trunk ports. Will give a prompt error message if configure the VLAN names or arbitrary strings to "vlan members" on a trunk port.
...
SIF Crash
The process pica_sif crashes occasionally on an EVPN switch in either of the following two cases:
- Get all VXLAN network interfaces down.
- l3-interface over a L2 VNI is not configured when arp-nd-suppress is enabled.
...
BPDU Guard Enabled Ports Get Blocked
When LLDP frames are received with destination MAC address 01:80:C2:00:00:00 on the ports with BPDU guard enabled, the ports will be blocked because the frames are identified as BPDU mistakenly based on the destination MAC address. This issue is fixed in 4.3.2.1. If the ethertype is 0X88CC, the frames with destination MAC address 01:80:C2:00:00:00 should be recognized as LLDP other than BPDU.
...
LACP Doesn't Work with Native VLAN over EVPN Multihoming
If the server multihomed to the VTEPs in the ESI is configured in the native VLAN, LACP negotiation will not succeed because the LACP frames go into VXLAN tunnel instead of being trapped to CPU. This issue is fixed in 4.3.2.
...
VXLAN Doesn't Work over Routed Interface
With routed interface as the VXLAN network interface, in certain circumstances, for example, get the routed interface down and then up, VXLAN traffic cannot pass through the VXLAN tunnel.
...
Management IP Address is Lost
If static IP address is configured to management interface, when upgrade to a new version, this management IP address may be lost. This issue is fixed in 4.3.2.
...
OSPF Link Cost
By default, OSPF link cost should not be an arbitrary value. In 4.3.2, if link cost is not set on a specific interface with OSPF enabled, the link cost is 100.
...
IP Conflict Between Management VRF and Default VRF
When configuring an IP address on the management interface, if it has duplicate prefix with a VLAN interface, the commit will be failed even if management-vrf is enabled. This issue is fixed in 4.3.2.
...
MSTP Path Cost is Always 10000 on MLAG Port
The value of MSTP path cost is always 10, 000 on MLAG port. It doesn't change based on the speed of the MLAG port. This issue is fixed in 4.3.2.
...
The Name of Routed-Interface Sub-Interface
To prevent using the preserved interface names, enforce the names of routed-interfaces or sub-interfaces to be started with "rif-". Otherwise, commit will be failed with prompt error message. This bug fix is copied from version 4.3.1.2 to 4.3.2.
...
Refine ZTP Installation
With the update ZTP provision script, PICOS can load the customization configuration automatically after ONIE installation. This bug fix is copied from version 4.3.1.1 to 4.3.2.
...
TACACS+ Authentication Failure
If TACACS+ accounts are stored in a separate server from TACACS+ server, TACACS+ authentication may be failed. This bug fix is copied from version 4.3.1.2 to 4.3.2.
...
Set PoE Max Power to 90w on as4630
Fail to set max-power to >30w on "all" ports with command "set poe interface all max-power xxxx" on AS4630 PoE platforms. In fact, all PoE ports support maxmum 90w with 802.3bt capability on AS4630 PoE platforms. This bug fix is copied from version 4.3.1.1 to 4.3.2.
...
PoE Available Power on AS4630-54NPE and AS4630-54PE
On AS4630-54NPE and AS4630-54PE, PICOS cannot read out the voltage. Add a CLI command "set poe power voltage [110v|220v]" to specify high-line (220v) or low-line (110v). The PoE available power will be different at high-line or low-line. Please have the details by reference of document set poe power voltage.
...
LOG Rotation Error
In 4.3.2, fixed the log rotation error. The space of ramdisk /tmp is scaled up to 256M on X86 platforms. The compression functionality of log rotation is disabled. The log files of system and frr commands (system_commands.log and frr_commands.log) are removed. This bug fix is copied from version 4.3.1.5 to 4.3.2.
...
Fix Security Vulnerabilities
The PICOS rootfs is updated to Debian 11.5 to fix the security vulnerabilities identified by NESSUS. This bug fix is copied from version 4.3.1.4 to 4.3.2.
...
The Name of Routed-Interface Sub-Interface
To prevent using the preserved interface names, enforce the names of routed-interfaces or sub-interfaces to be started with "rif-". Otherwise, it will be failed with prompt error message.
By the way, please note, if configured routed/sub-interfaces before, please change the configuration to follow "rif-" naming convention before upgrade to this version.
...
TACACS+ Authentication Failure
If TACACS+ accounts are stored in a separate server from TACACS+ server, TACACS+ authentication may be failed. This issue is fixed in 4.3.1.2.
...
LACP Doesn't Work over PVID under Multi-homing EVPN
If enable a VXLAN instance on the native VLAN on a port in a dynamic LAG, the LACP negotiation with the peer LAG port will fail because the LACP PDU cannot be trapped to CPU. This bug is fixed in 4.3.1.1.
...
Set max-power on AS4630 PoE Models
Fail to set the PoE max-power to >30W on "all" interface on AS4630 PoE models with command "set poe interface all max-power xxxx". This issue is fixed in 4.3.1.1.
...
Enable IGMP and IGMP Snooping on the Same Switch
In previous PICOS versions, if enable IGMP snooping, on the same switch, IGMP and PIM will not work. We fixed this issue in 4.3.1. If both IGMP & PIM and IGMP snooping are configured, the multicast traffic of the specific group will be only forwarded out of the ports on which the associated IGMP join message is received.
...
TACACS+ Authentication Service is Set to LOGIN
In case of TACACS+ authentication, the field authen service of authentication START packet is set to LOGIN (1). TACACS+ authentication may fail if PPP is configured on TACACS+ server side.
...
RPSU Display Issue on AS5835
When plug out the power chord of one unit of RPSU on AS5835 switch, this RPSU can still be displayed "power on" in the output of CLI command "run show system rpsu". This issue is fixed in 4.3.1.
...
Fan Dispaly and SysLog Issue on AS5835
If one fan is plugged out, all rear fans are not displayed in the output of CLI command "run show system fan". This issue is fixed in 4.3.1.
...
KOD SysLog Message
When configure a rogue NTP server, will repeatedly print syslog messages "KOD does nothing without LIMITED". This issue is fixed in 4.3.1.
...
Crash if Enable IGMP Snooping on a VLAN Not Configured
In case of an invalid configuration, enable IGMP snooping on a VLAN which is not configured, PICOS will crash. This issue is fixed in 4.3.1
...
Wrong State of NAC RADIUS Server
The configured NAC RADIUS server may be shown as "active" even though it is not reachable.
...
Duplicate Access-Request Messages
The switch may send out duplicate access-request messages even though the RADIUS service for NAC is available and the associated access-accept messages are returned.
...
Don't Backup AmpCon Agent in PICOS Upgrade
When do upgrade, the AmpCon agent code will not be brought into the new PICOS version.
...
Port LED Issue on AS5835
When traffic goes through QSFP port, xe-1/1/1 or xe-1/1/4, the port LED doesn't blink. This issue is fixed in 4.3.0.
...
Sort Output in Interface Index
In certain CLI outputs, the interfaces are listed by the alphabetical order. Therefore, for example, ge-1/1/2 may follow ge-1/1/11. The interfaces should be sorted by the order of interface indices, i.e., ge-1/1/2 should go before ge-1/1/11.
...
Fix CoPP Statistics Error
When "run show copp statistics", may display arbitrary statistics numbers over CoPP protocol classes. This issue is fixed in 4.3.0.
...
Memory Leak Caused by NETCONF Process
When a NETCONF client accesses to the switch via RADIUS authentication repeatedly, memory leak may occur in process pica_netconf. This issue is fixed in 4.3.0.
...
Keep Sending RADIUS Request Messages
If configure RADIUS authentication and then enable NETCONF, the switch will keep sending RADIUS request Messages out. This issue is fixed in 4.3.0.
...
Drastic Variation over CPU Utilization
The number of CPU utilization may change drastically and fastly on AS4610. This issue is fixed in 4.3.0.
OVS and OpenFlow
...
OVS Command "set-port-name" Cannot Work on Unbreakable xe Ports (4.3.2.2)
In PICOS 4.3.2, the OVS command "set-port-name" cannot rename unbreakable ports, for example, xe-1/1/2 on AS5835. This issue is fixed in 4.3.2.1. All ports can be renamed by set-port-name.
...
OVS Command "set-port-name" Cannot Work on Unbreakable xe Ports
In PICOS 4.3.2, the OVS command "set-port-name" cannot rename unbreakable ports, for example, xe-1/1/2 on AS5835. This issue is fixed in 4.3.2.1. All ports can be renamed by set-port-name.
...
Failed to Add pop_vxlan Flow
...
These notes summarizes PICOS 4.4.0 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.
Table of Contents
New Features
Layer 2 and Layer 3
| Ticket ID | Release | Description |
|---|---|---|
| 15288 | 4.4.0 | Support BGP dot & dot+ AS-notation When configure the BGP AS number, an AS2B and AS4B value can be presented by using two numbers separated by a period. |
| 15279 | 4.4.0 | Multicast over GRE PIM can be configured on GRE interface. Multicasting traffic and PIM protocol packets can go through GRE tunnels. That can provide multicast connectivity across networks without support multicast such as Internet. |
| 15252 | 4.4.0 | DHCP Relay over GRE With DHCP relay enabled, to have the IP address, the DHCP DISCOVERY and REQUEST packets from a host can go through a GRE tunnel to reach the remote DHCP server. And on the other hand, the DHCP OFFER and ACKNOWLEDGE packets from the DHCP server can return back to the host through the GRE tunnel. Both IPv4 and IPv6 are supported in case of DHCP relay over GRE. |
| 15149 | 4.4.0 | Support EVPN MAC Mobility When a host moves from one Ethernet segment to another segment in the EVPN network, Provider Edge (PE) switches will identify the host MAC address from its local interfaces or from remote PE devices. By means of MAC mobility extended community, the PE switches can determine the correct location of the MAC address location. With EVPN MAC mobility, the MAC address will not be learned on multiple interfaces on a specific PE switch. That could prevent traffic loop in case such as VRRP over EVPN network. |
| 15286 | 4.4.0 | Overlay Host Routes over VPLAG The outgoing ports of EVPN overlay host routes can be VPLAG ports when execute "run show route forward-host ipv4 all". Therefore, in case of EVPN multi-homing deployment, the L3 traffic from a host can be routed out VPLAG port and reach to the remote host via VXLAN tunnel. |
Fixed Issues
Layer 2 and Layer 3
| Ticket ID | Release | Description |
|---|---|---|
| 15083 | 4.4.0 | MTU on L3 Interface By default, on the side of ASIC pipeline, MTU is not limited on the L3 interface; on the software side, MTU is not limited on the L2 interfaces of the virtual bridge in the kernel. The jumbo packets with size over 1500 can be routed out of the switch if the MTU on the associated physical ports is reset to a number big enough. When path-mtu-discovery is enabled on a specific L3 interface, the MTU configured on this L3 interface will be applied to the ASIC pipeline. |
| 15292 | 4.4.0 | BFD Echo Packets Under BFD echo mode, the BFD echo packets are trapped to CPU via the default (default-class) CoPP queue instead of BFD (bfd-class) queue. This issue is fixed in 4.4.0. |
| 14713 | 4.4.0 | Delete LAG Port with EVPN Enabled When delete a LAG port with EVPN multihoming ESI configured, the EVPN multihoming ESI configuration is still there in FRR. This issue is fixed in 4.4.0. |
| 15304 | 4.4.0 | Cannot Display Advertised and Received Routes of Dynamic BGP Neighbor With regard to a dynamic BGP neighbor such as a BGP neighbor from a configured listening range, cannot display either advertised or received routes of this neighbor when execute "run show bgp neighbor XXXX received-routes" or "run show bgp neighbor XXXX advertised-routes". |
| 15341 | 4.4.0 | Link Activity LEDs Don't Work on AS5835_54X and AS5835_54T On AS5835_54X and AS5835_54T, when an 100G port (xe-1/1/1 and xe-1/1/4) is split into 4 x 10G ports, the link activity LED of the breakout ports such as xe-1/1/1.1 cannot work. |
| 14990 | 4.4.0 | Consistency of EVPN MAC and ARP/NDP EVPN MAC addresses and ARP/NDP entries are not consistent in case such as MAC addresses or an ARP/NDP entries are aged out on one EVPN PE switch. EVPN MAC addresses and ARP/NDP entries will be maintained by EVPN module and synced up among PE switches by BGP EVPN messages. They cannot be cleaned up manually. |
| 15128 | 4.4.0 | MAC Update on VPLAG Port In case of EVPN multi-homing deployment, if turn down the uplink VXLAN network ports, the associated VXLAN tunnels will be down and the MAC addresses learned on the affected VPLAG ports will be removed. And then turn up the uplink VXLAN ports, it may take too long, over 150 seconds sometimes, to get back the MAC addresses on the VPLAG ports when execute "run show vxlan address-table" even though the VXLAN tunnels is up. This is fixed in 4.4.0. |
| 15334 | 4.4.0 | Can't Delete BGP Local AS With BGP EVPN configuration in a specific VRF, the local AS numbers configured in default VRF are not allowed to be deleted. Will give understandable prompt message when user tries to do it. If delete all BGP configurations, it can work. |
| 15380 | 4.4.0 | BGP Configuration with Route Leak In previous 4.x.x versions, PICOS allows the BGP configurations as following: |
Known Limitations
| Ticket ID | Release | Description |
|---|---|---|
| 15358 | 4.4.0 | Delete VRF or L3 Interface with PIM Enabled If PIM is configured on a L3 interface added to a VRF, when delete the VRF or the L3 interface after delete PIM, and then roll back to the original configuration, PIM will not work with no multicast routes generated. |
Bug Fixes Introduced from Previous Patches
| Ticket ID | Release | Description |
|---|---|---|
| 15287 | 4.4.0 | Failed to Be Authenticated by Going with ClearPass TACACS+ (4.3.3.3) If connect to a ClearPass TACACS+ sever, a user is failed to be authenticated with prompt message "authentication error , wrong password". This issue is fixed in 4.4.0. |
| 15184 | 4.4.0 | Ports Are UP During PICOS Bootup (4.3.2.3) The ports on platforms with external PHY such as AS5835_54T or AS5812_54T may be up even though PICOS is not ready due to bootup. The traffic received on these ports will be dropped because these ports cannot transmit traffic under this circumstance. In case of MLAG configured on these ports, may lead to long time (2 to 3 minutes) traffic loss during bootup of one MLAG spine switch. |
| 15289 | 4.4.0 | MSTP Process Crash (4.3.3.3) The process of MSTP may crash in the environment of running MSTP over MLAG. This issue is fixed in 4.4.0. |