Uplink Failure Detection

If uplink failure detection is enabled, the switch monitors the uplink ports. When all the uplink ports go down, the switch will disable all the associated downlink ports.

Disable me-1/1/1 Ports on AS7326_56X and AS7726_32X

Add a new option "No me Port(s)" to command "picos_boot management-port-mapping" on AS7326_56X and AS7726_32X as following:

admin@PICOS:~$ sudo picos_boot management-port-mapping

    [1]  To Host CPU    * default

    [2]  To Front Panel    

    [3]  No me Port(s)

If choose option #3, under this mode, me-1/1/x ports are disabled. all xe-1/1/x ports can be split into 4x.

Refine ZTP Installation

With the update ZTP provision script, PICOS can load the customization configuration automatically after ONIE installation.

Anycast Gateway over MLAG

A pair of virtual IP/MAC address can be configured on the 2 MLAG spines. This virtual IP address can be used as the anycast gateway for the downstream hosts. With anycast gateway, MLAG spines can be deployed as VTEP switches under EVPN distributed environment.

ERSPAN on Port

Encapsulated Remote SPAN (ERSPAN) encapsulated the captured traffic, based on the ingress or egress on a specific port, in GRE packets which can be sent to remote destinations across Layer 3 networks.

VLAN Member Ranges on Port

Only one "vlan members" configuration node is kept on a specific port. To change the configured VLAN member range, it doesn't require to remove the configured VLAN range and add new one. Therefore, the traffic in the data plane will not be interrupted.

Support 1000 L3 Interfaces on Trident3 Platforms

Maximum 1000 L3 interfaces can be configured on Trident3 platforms. On other platforms, maximum 510 L3 interfaces can be configured.

Multihoming EVPN Based on VPLAG

By adding multiple VXLAN network ports to a VPLAG (Virtual Port Link Aggregation Group), the VXLAN traffic can be hashed out to the multiple associated remote VTEPs. The implementation of L2 hashing based on VPLAG provide redundancy and load balance in EVPN multihoming deployment.

Add L3 Interfaces to Linux Kernel

The L2 interfaces which are mapped to physical ports on front panel and the LAG ports are added to Linux Kernel. MAC learning is enabled in the Kernel bridge connecting to these L2 interfaces. Therefore, the traffic generated from Linux Kernel will not be flooded out of these physical ports on front panel. This enhancement fixed the MLAG disfunction in 4.3.0.

Show Session Timeout

Display session timeout in the output of "run show dot1x interface".

EVPN Multihoming

EVPN multihoming is a replacement mechanism for MLAG in EVPN deployment based on standard protocol (BGP-EVPN). In one customer site, a server can connect to two or more VTEP switches in order for redundancy. Additionally, the peer-link between MLAG spines is not needed in EVPN multihoming site. Please have the details by reference of document EVPN Multihoming Configuration Guide.

New BGP Commands

Add new BGP commands to configure confederation, dampening, local-preference, fast-external-failover, and prefix limits. Please have the details by reference of document BGP Commands.

Unnumbered BGP

With unnumbered BGP, it's not necessary to configure IP address of the BGP neighbor. The IPv6 link local is used to build BGP session from one hop to the next hop. The link local address of the BGP neighbor can be discovered by IPv6 ND (Neighbor Discovery) automatically.

Telemetry Based on gRPC/gNMI

The controller or network management system such as AmpCon can access to telemetry data on the switch remotely via gRPC/gNMI in order for monitoring the performance and status of the switch. The gRPC operations including CapabilityRequest, GetRequest, SetRequest, and SubscribeRequest are supported. The telemetry data including interfaces and LLDP is covered in PICOS 4.3.0 so far.

LACP Fast Mode

Support LACP fast mode. Under LACP fast mode, LACP control packets are sent to an LACP-enbled port per 1 second instead of 30 seconds under slow LACP mode.

MVRP Support

Multiple VLAN Registration Protocol (MVRP) is a Layer 2 messaging protocol that is used to create and manage VLANs automatically and dynamically in order to reduce the complication and errors of manual management of VLANs. With MVRP enabled, the configured VLANs on one switch can be distributed through all active switches within the network domain. Please have the details by reference of document MVRP.

L2 Traceroute

The Layer 2 traceroute help to find out the Layer 2 path from a source device to a destination device within a specific VLAN by giving the unicast MAC address of the destination device. When run this Layer 2 traceroute tool, will display the system MAC address and ingress & egress ports of each device on the path. Please have the details by reference of document MAC Trace.

Check PoE Status on AS4630_54NPE and AS4630_54PE

PoE status is covered in system diagnosis report when the switch boots up on AS4630_54NPE and AS4630_54PE.

License Update

New items, "Feature Speed" and "Subscription Type", are added on license portal. The 40G and 25G switches are separated from 10G switches with respect to licensing. PICOS 4.3.3 supports these new items as well as be back compatible with old license keys.

MSTP Process Crash

The process of MSTP may crash in the environment of running MSTP over MLAG. This issue is fixed in 4.3.3.3.

MTU on L3 Interface

The jumbo packets with size over 1500 cannot be routed out of the switch by default even though the MTU on the associated physical ports is reset to a number big enough. If reset the MTU of the L3 interface, the jumbo packets generated by CPU will be dropped by the virtual bridge in the Kernel. Additionally, when upgrade to 4.3.3 or 4.3.3.1 from 4.3.2, the configuration will be dropped if the L3 MTU is reset a number over 1500. This issue is fixed in 4.3.3.3. The MTU of L3 interface is not needed to be configured for routing jumbo packets in data plane.

Failed to Be Authenticated by Going with ClearPass TACACS+

If connect to a ClearPass TACACS+ server, a user is failed to be authenticated with prompt message "authentication error , wrong password". This issue is fixed in 4.3.3.3.

Duplicate Traffic in Multihoming EVPN

It is possible that VPLAG of a specific remote ES (Ethernet Segment) cannot succeed to be created on a VTEP. That will lead to duplicate traffic between 2 connected hosts in multihoming EVPN environment. This issue is fixed in 4.3.3.1.

VXLAN Tunnel is Down in Multihoming EVPN

A VXLAN tunnel connecting to a VTEP of a specific ES (Ethernet Segment) in remote multihoming EVPN site may be down when the link to the client host within this ES is down or a VTEP in this ES is rebooted. This issue is fixed in 4.3.3.1.

Delete remote-as BGP Neighbor

If delete remote-as of a BGP neighbor, other sub-nodes under this BGP neighbor must be deleted firstly. Otherwise, it will be failed with prompt error message if execute "commit" or "commit check".

OSPF max-metric cannot be Enabled Administratively

When commit "set protocols ospf max-metric router-lsa administrative", it will fail. This issue is fixed in 4.3.3.

4K Built-in Entries in L2 Table

When PICOS boots up, there are 4K built-in entries in L2 table corresponding to each VLAN. In 4.3.3, if only a VLAN is configured on a specific port, will create a L2 entry pointing to the CPU port, matching system MAC address and this VLAN, in L2 table.

Enable Tagged/Untagged for Private VLAN

When add a private VLAN to a trunk port, this VLAN can be specified as tagged or untagged as a common VLAN.

BPDU Guard Enabled Ports Get Blocked(4.3.2.2)

When LLDP frames are received with destination MAC address 01:80:C2:00:00:00 on the ports with BPDU guard enabled, the ports will be blocked because the frames are identified as BPDU mistakenly based on the destination MAC address. This issue is fixed in 4.3.2.

2. If the ethertype is 0X88CC, the frames with destination MAC address 01:80:C2:00:00:00 should be recognized as LLDP other than BPDU.

Firewall Filter Can be Applied to Only Maximum 64 Output Interfaces (2.11.11.2-s1)

A firewall filter can only be applied to maximum 64 output interfaces. This restriction is unnecessary and removed in this version.

PICOS Crashes When Assigning a VLAN by Name Instead of ID (4.3.2.2)

VLAN names are not allowed to be added to "vlan members" on trunk ports. Will give prompt error message if commit that kind of configuration.

SIF Crash (4.3.2.2)

The process pica_sif crashes occasionally on an EVPN switch in either of the following two cases:

• Get all VXLAN network interfaces down.
• l3-interface over a L2 VNI is not configured when arp-nd-suppress is enabled.

Fail to Include Information from BCM Tool in tech_support (4.3.2.2)

When execute "run show tech_support", cannot generate the hardware information from BCM tool with error message ".Bsh open log file failed".

Maximum number of dynamic-author Clients (4.2.3.7)

Lift the maximum number of RADIUS dynamic-author clients from which the switch accepts Change of Authorization (CoA). Allow to configure maximum 20 dynamic-author clients.

Cannot Configure 5G/10G to auto-speeds 4630-54NPE (4.2.3.7)

If the speed of ports, from ge-1/1/37 to ge-1/1/48, is under auto mode, the speed cannot be negotiated into 5G/10G with the peer device. Additionally, 5G/10G cannot be configured to auto-speeds on these ports. This issue is fixed in 4.3.

3.

Routing Doesn't Work on L3 Interface over VLAN 1

Directly connected routes cannot be generated on L3 interface over VLAN 1. For example, cannot ping the IP address configured on L3 interface over VLAN 1.

OVS Command "set-port-name" Cannot Work on Unbreakable xe Ports Ports (4.3.2.2)

In PICOS 4.3.2, the OVS command "set-port-name" cannot rename unbreakable ports, for example, xe-1/1/2 on AS5835. This issue is fixed in 4.3.2.1. All ports can be renamed by set-port-name.

Failed to Add pop_vxlan Flow

Only a few vxlan_pop flow entries can be added. This issue is fixed in 4.3.0.