Uplink Failure Detection

If uplink failure detection is enabled, the switch monitors the uplink ports. When all the uplink ports go down, the switch will disable all the associated downlink ports.

Disable me-1/1/1 Ports on AS7326_56X and AS7726_32X

Add a new option "No me Port(s)" to command "picos_boot management-port-mapping" on AS7326_56X and AS7726_32X as following:

admin@PICOS:~$ sudo picos_boot management-port-mapping

    [1]  To Host CPU    * default

    [2]  To Front Panel    

    [3]  No me Port(s)

If choose option #3, under this mode, me-1/1/x ports are disabled. all xe-1/1/x ports can be split into 4x.

Refine ZTP Installation

With the update ZTP provision script, PICOS can load the customization configuration automatically after ONIE installation.

Anycast Gateway over MLAG

A pair of virtual IP/MAC address can be configured on the 2 MLAG spines. This virtual IP address can be used as the anycast gateway for the downstream hosts. With anycast gateway, MLAG spines can be deployed as VTEP switches under EVPN distributed environment.

ERSPAN on Port

Encapsulated Remote SPAN (ERSPAN) encapsulated the captured traffic, based on the ingress or egress on a specific port, in GRE packets which can be sent to remote destinations across Layer 3 networks.

VLAN Member Ranges on Port

Only one "vlan members" configuration node is kept on a specific port. To change the configured VLAN member range, it doesn't require to remove the configured VLAN range and add new one. Therefore, the traffic in the data plane will not be interrupted.

Support 1000 L3 Interfaces on Trident3 Platforms

Maximum 1000 L3 interfaces can be configured on Trident3 platforms. On other platforms, maximum 510 L3 interfaces can be configured.

Multihoming EVPN Based on VPLAG

By adding multiple VXLAN network ports to a VPLAG (Virtual Port Link Aggregation Group), the VXLAN traffic can be hashed out to the multiple associated remote VTEPs. The implementation of L2 hashing based on VPLAG provide redundancy and load balance in EVPN multihoming deployment.

Add L3 Interfaces to Linux Kernel

The L2 interfaces which are mapped to physical ports on front panel and the LAG ports are added to Linux Kernel. MAC learning is enabled in the Kernel bridge connecting to these L2 interfaces. Therefore, the traffic generated from Linux Kernel will not be flooded out of these physical ports on front panel. This enhancement fixed the MLAG disfunction in 4.3.0.

Show Session Timeout

Display session timeout in the output of "run show dot1x interface".

EVPN Multihoming

EVPN multihoming is a replacement mechanism for MLAG in EVPN deployment based on standard protocol (BGP-EVPN). In one customer site, a server can connect to two or more VTEP switches in order for redundancy. Additionally, the peer-link between MLAG spines is not needed in EVPN multihoming site. Please have the details by reference of document EVPN Multihoming Configuration Guide.

New BGP Commands

Add new BGP commands to configure confederation, dampening, local-preference, fast-external-failover, and prefix limits. Please have the details by reference of document BGP Commands.

Unnumbered BGP

With unnumbered BGP, it's not necessary to configure IP address of the BGP neighbor. The IPv6 link local is used to build BGP session from one hop to the next hop. The link local address of the BGP neighbor can be discovered by IPv6 ND (Neighbor Discovery) automatically.

Telemetry Based on gRPC/gNMI

The controller or network management system such as AmpCon can access to telemetry data on the switch remotely via gRPC/gNMI in order for monitoring the performance and status of the switch. The gRPC operations including CapabilityRequest, GetRequest, SetRequest, and SubscribeRequest are supported. The telemetry data including interfaces and LLDP is covered in PICOS 4.3.0 so far.

LACP Fast Mode

Support LACP fast mode. Under LACP fast mode, LACP control packets are sent to an LACP-enbled port per 1 second instead of 30 seconds under slow LACP mode.

SNMPv3 Trap

If SNMPv3 is enabled, SNMP trap messages will be sent out in SNMPv3 format under OVS mode.

Update Session Token

Once you are on the NPB web page, the current session token can be updated automatically during GUI activity when the timeout of the old token expires after 30 minutes without the need to re-login.

PICOS Crashes When Assigning a VLAN by Name Instead of ID

VLAN names are not allowed to be added to "vlan members" on trunk ports. Will give a prompt error message if configure the VLAN names or arbitrary strings to "vlan members" on a trunk port.

SIF Crash

The process pica_sif crashes occasionally on an EVPN switch in either of the following two cases:

• Get all VXLAN network interfaces down.
• l3-interface over a L2 VNI is not configured when arp-nd-suppress is enabled.

BPDU Guard Enabled Ports Get Blocked

When LLDP frames are received with destination MAC address 01:80:C2:00:00:00 on the ports with BPDU guard enabled, the ports will be blocked because the frames are identified as BPDU mistakenly based on the destination MAC address. This issue is fixed in 4.3.2.1. If the ethertype is 0X88CC, the frames with destination MAC address 01:80:C2:00:00:00 should be recognized as LLDP other than BPDU. 

The Name of Routed-Interface Sub-Interface

To prevent using the preserved interface names, enforce the names of routed-interfaces or sub-interfaces to be started with "rif-". Otherwise, it will be failed with prompt error message.

By the way, please note, if configured routed/sub-interfaces before, please change the configuration to follow "rif-" naming convention before upgrade to this version. 

TACACS+ Authentication Failure

If TACACS+ accounts are stored in a separate server from TACACS+ server, TACACS+ authentication may be failed. This issue is fixed in 4.3.1.2.

 LACP Doesn't Work over PVID under Multi-homing EVPN

If enable a VXLAN instance on the native VLAN on a port in a dynamic LAG, the LACP negotiation with the peer LAG port will fail because the LACP PDU cannot be trapped to CPU. This bug is fixed in 4.3.1.1.

Set max-power on AS4630 PoE Models

Fail to set the PoE max-power to >30W on "all" interface on AS4630 PoE models with command "set poe interface all max-power xxxx".  This issue is fixed in 4.3.1.1.

Enable IGMP and IGMP Snooping on the Same Switch

In previous PICOS versions, if enable IGMP snooping, on the same switch, IGMP and PIM will not work. We fixed this issue in 4.3.1. If both IGMP & PIM and IGMP snooping are configured, the multicast traffic of the specific group will be only forwarded out of the ports on which the associated IGMP join message is received.

TACACS+ Authentication Service is Set to LOGIN

In case of TACACS+ authentication, the field authen service of authentication START packet is set to LOGIN (1). TACACS+ authentication may fail if PPP is configured on TACACS+ server side.

RPSU Display Issue on AS5835

When plug out the power chord of one unit of RPSU on AS5835 switch, this RPSU can still be displayed "power on" in the output of CLI command "run show system rpsu". This issue is fixed in 4.3.1.

Fan Dispaly and SysLog Issue on AS5835

If one fan is plugged out, all rear fans are not displayed in the output of CLI command "run show system fan". This issue is fixed in 4.3.1.

KOD SysLog Message

When configure a rogue NTP server, will repeatedly print syslog messages "KOD does nothing without LIMITED". This issue is fixed in 4.3.1.

Crash if Enable IGMP Snooping on a VLAN Not Configured

In case of an invalid configuration, enable IGMP snooping on a VLAN which is not configured, PICOS will crash. This issue is fixed in 4.3.1

Wrong State of NAC RADIUS Server

The configured NAC RADIUS server may be shown as "active" even though it is not reachable.

Duplicate Access-Request Messages

The switch may send out duplicate access-request messages even though the RADIUS service for NAC is available and the associated access-accept messages are returned.

Don't Backup AmpCon Agent in PICOS Upgrade

When do upgrade, the AmpCon agent code will not be brought into the new PICOS version.

Port LED Issue on AS5835

When traffic goes through QSFP port, xe-1/1/1 or xe-1/1/4, the port LED doesn't blink. This issue is fixed in 4.3.0.

Sort Output in Interface Index

In certain CLI outputs, the interfaces are listed by the alphabetical order. Therefore, for example, ge-1/1/2 may follow ge-1/1/11. The interfaces should be sorted by the order of interface indices, i.e., ge-1/1/2 should go before ge-1/1/11.

Fix CoPP Statistics Error

When "run show copp statistics", may display arbitrary statistics numbers over CoPP protocol classes. This issue is fixed in 4.3.0.

Memory Leak Caused by NETCONF Process

When a NETCONF client accesses to the switch via RADIUS authentication repeatedly, memory leak may occur in process pica_netconf. This issue is fixed in 4.3.0.

Keep Sending RADIUS Request Messages

If configure RADIUS authentication and then enable NETCONF, the switch will keep sending RADIUS request Messages out. This issue is fixed in 4.3.0.

Drastic Variation over CPU Utilization

The number of CPU utilization may change drastically and fastly on AS4610. This issue is fixed in 4.3.0.

OVS Command "set-port-name" Cannot Work on Unbreakable xe Ports 

In PICOS 4.3.2, the OVS command "set-port-name" cannot rename unbreakable ports, for example, xe-1/1/2 on AS5835. This issue is fixed in 4.3.2.1. All ports can be renamed by set-port-name.

Failed to Add pop_vxlan Flow

Only a few vxlan_pop flow entries can be added. This issue is fixed in 4.3.0.