Support FS models N5850-48S6Q,N8550-48B8C and N8550-32C

From 4.4.2.2 PICOS support FS switches N5850-48S6Q, N8550-48B8C and N8550-32C.
N5850-48S6Q has 48x10G SFP+ ports, 6x40G QSFP ports.
N8550-48B8C has 48x25G SFP28 ports, 8x100G QSFP28 ports and 2x10G SFP+ ports.
N8550-32C has 32x100G QSFP28 ports, 2x10G SFP+ ports.

Support AS4625-54P and AS4625-54T

AS4625-54P and AS4625-54T are Gigabit platforms of AS4625-N series. Each of these 2 platforms has 48x1000BASE-T ports, and 6x10G SFP+ ports and 2x1G me ports path to CPU. AS4625-54P is a PoE capable platform of which the ports from ge-1/1/41 to ge-1/1/48 support IEEE802.3bt standard with up to 90W power delivery, and the rest 1000BASE-T ports from ge-1/1/1 to ge-1/1/40 supports IEEE802.3at and IEEE802.3af with up to 30W delivery.

Support ERPS

ERPS (Ethernet Ring Protection Switching) is a L2 protocol used to provide fast and reliable protection against link and switch node failures in an Ethernet network ring topology. It ensures fast failover and minimal traffic disruption in case of a node or link failure. In 4.4.2, sub-ring, FS (Force Switch) and MS (manual switch) are not supported.

Support MVR

MVR (Multicast VLAN Registration) allows the multicast traffic to be forwarded across VLANs based on IGMP multicast group membership. Commonly MVR is enabled on the access switches in order to reduce unnecessary bandwidth consumption in case of forwarding multicast traffic to multiple receiver VLANs. Please have the details by reference document /wiki/spaces/PicOS44sp/pages/4293162.

Support GVRP

GVRP (GARP VLAN Registration Protocol) is used for automatic VLAN configuration. With GVRP enabled, the connected switches can dynamically exchange VLAN information and automatically configure VLAN on the relevant ports. GVRP reduces the administrative overhead of VLAN management and ensure consistent VLAN configuration throughout the network. Please have the details by reference document /wiki/spaces/PicOS44sp/pages/4296843.

Support RMON

Based on SNMP, RMON (Remote Network Monitoring) monitors network status and behavior remotely, and gives historical data for performance and traffic analysis and optimization. In 4.4.2, we support 4 RMON groups, namely, Statistics (group 1), History (group 2), Alarm (group 3) and Event (group 9). Please have the details by reference document /wiki/spaces/PicOS44sp/pages/4293576.

Support RIP and RIPng

As a distance-vector routing protocol, RIP (Routing Information Protocol) facilitates routing information exchange between routers in IP networks. The routing tables are exchanged periodically between routers, and the information about network destinations and associated metrics (such as hop count) is used to determine the best paths. RIPng (RIP Next Generation) is an extension of RIP that supports IPv6. Please have the details by reference document /wiki/spaces/PicOS44sp/pages/4296903.

Query the Information of NAC Sessions from SNMP

The information of a NAC (Network Access Control) session can be queried from SNMP agent on Pica8 switch. There is no standard SNMP MIB addressing NAC data. Therefore, a new table, dot1xAuthSessionTable, is added to Pica8 private SNMP MIB to support this feature.

Multicast RPF Check

Multicast RPF (Reverse Path Forwarding) check is a mechanism to prevent multicast traffic loop. The multicast traffic not received on the its RPF interface should be discarded. The RPF interface can be identified by looking up the unicast routing table.

Enable EVPN Mutihoming Horizon Split Filtering non-TD3 Platforms

In an EVPN Mutihoming site, the bridged traffic received from an ES (Ethernet Segment) peer and destined to a downstream multihomed device should be discarded by means of the HSF (Horizon Split Filtering) which doesn't work on non-TD3 platforms in previous versions. In 4.4.2, EVPN Mutihoming HSF is enabled on TD2, Tomahawk, and Maverick platforms.

Enhancement on CLI Command "run show dot1x..."

Don't display the duplicate downloadable or dynamic ACL rules of each authorized NAC clients when execute "“run show dot1x interface gigabit-ethernet xxxx". Instead, it can have the detailed downloadable or dynamic ACL rules by executing the separate operational CLI commands “run show dot1x downloadable filter XXXX“ or "run show dot1x dynamic filter XXXX” respectively.

Clean up PIM/IGMP

Add CLI commands under operational mode to clean up multicast routes and statistic counters of PIM and IGMP.

PIM over GRE

PIM can be configured on GRE tunnel interfaces. Multicast traffic can go through GRE tunnels and reach to the receivers. PIM over GRE is used in scenarios where multicast traffic needs to be extended across unicast networks or when multicast traffic needs to be isolated from certain parts of the network. This feature is not supported on N22XX platforms.

Support BGP dot & dot+ AS-notation

When configure the BGP AS number, an AS2B and AS4B value can be presented by using two numbers separated by a period.
XorPlus/New Feature

DHCP Relay over GRE

With DHCP relay enabled, to have the IP address, the DHCP DISCOVERY and REQUEST packets from a host can go through a GRE tunnel to reach the remote DHCP server. And on the other hand, the DHCP OFFER and ACKNOWLEDGE packets from the DHCP server can return back to the host through the GRE tunnel. Both IPv4 and IPv6 are supported in case of DHCP relay over GRE.

Support EVPN MAC Mobility

When a host moves from one Ethernet segment to another segment in the EVPN network, Provider Edge (PE) switches will identify the host MAC address from its local interfaces or from remote PE devices. By means of MAC mobility extended community, the PE switches can determine the correct location of the MAC address location. With EVPN MAC mobility, the MAC address will not be learned on multiple interfaces on a specific PE switch. That could prevent traffic loop in case such as VRRP over EVPN network.

Overlay Host Routes over VPLAG

The outgoing ports of EVPN overlay host routes can be VPLAG ports when execute "run show route forward-host ipv4 all". Therefore, in case of EVPN multi-homing deployment, the L3 traffic from a host can be routed out VPLAG port and reach to the remote host via VXLAN tunnel.

[7326]: Failed to Install PICOS Version using ONIE

In previous versions, PICOS supports AS7326_56X hardware label_revision from R01F to later. From PICOS 4.4.2.2, PICOS also supports AS7326_56X old label_revision R01A - R01E.

Mroute Counters are Incorrect

The numbers of statistic counters are not correct when execute “run show mroute count”. For example, the number of "Packets" for a specific multicast group is still grow up even though stop sending multicast traffic. This issue is fixed in 4.4.2.

EVPN BUM Doesn't Work if Configure Same Multicast Group on Different VXLAN VNI

When enable EVPN BUM (Broadcast, Unknown-unicast and Multicast) flooding, if configure multicast group on different VXLAN VNIs (Virtual Network ID), MC VXLAN network interfaces cannot be created and the BUM traffic cannot go through the VXLAN tunnels for specific VXLAN VNIs. This issue is fixed in 4.4.2.

RMAC is Incorrect

In an EVPN multihoming site, if some Provider Edge (PE) switches shut down, on the remote site, the RMAC of the EVPN routes may be the system MAC of the down PE switches. This issue is fixed in 4.4.2.

802.1x authentication-open Doesn't Work

DHCP packets cannot pass an unauthorized NAC (Network Access Control) port even though authentication-open is enabled on this port. This issue is fixed in 4.4.2.

CLI "run show bfd xxxx" Does Not Work

Under default VRF, if enable BFD for a BGP neighbor such as 192.168.1.1, cannot display the BFD information when execute "run show bfd 192.168.1.1". Additionally, CLI command "run show bfd multihop peer" doesn't work. This issue is fixed in 4.4.2.

MTU on L3 Interface

By default, on the side of ASIC pipeline, MTU is not limited on the L3 interface; on the software side, MTU is not limited on the L2 interfaces of the virtual bridge in the kernel. The jumbo packets with size over 1500 can be routed out of the switch if the MTU on the associated physical ports is reset to a number big enough. When path-mtu-discovery is enabled on a specific L3 interface, the MTU configured on this L3 interface will be applied to the ASIC pipeline.

BFD Echo Packets

Under BFD echo mode, the BFD echo packets are trapped to CPU via the default (default-class) CoPP queue instead of BFD (bfd-class) queue. This issue is fixed in 4.4.0.

Delete LAG Port with EVPN Enabled

When delete a LAG port with EVPN multihoming ESI configured, the EVPN multihoming ESI configuration is still there in FRR. This issue is fixed in 4.4.0.

Cannot Display Advertised and Received Routes of Dynamic BGP Neighbor

With regard to a dynamic BGP neighbor such as a BGP neighbor from a configured listening range, cannot display either advertised or received routes of this neighbor when execute "run show bgp neighbor XXXX received-routes" or "run show bgp neighbor XXXX advertised-routes".

Link Activity LEDs Don't Work on AS5835_54X and AS5835_54T

On AS5835_54X and AS5835_54T, when an 100G port (xe-1/1/1 and xe-1/1/4) is split into 4 x 10G ports, the link activity LED of the breakout ports such as xe-1/1/1.1 cannot work.

Consistency of EVPN MAC and ARP/NDP

EVPN MAC addresses and ARP/NDP entries are not consistent in case such as MAC addresses or an ARP/NDP entries are aged out on one EVPN PE switch. EVPN MAC addresses and ARP/NDP entries will be maintained by EVPN module and synced up among PE switches by BGP EVPN messages. They cannot be cleaned up manually.

MAC Update on VPLAG Port

In case of EVPN multi-homing deployment, if turn down the uplink VXLAN network ports, the associated VXLAN tunnels will be down and the MAC addresses learned on the affected VPLAG ports will be removed. And then turn up the uplink VXLAN ports, it may take too long, over 150 seconds sometimes, to get back the MAC addresses on the VPLAG ports when execute "run show vxlan address-table" even though the VXLAN tunnels is up. This is fixed in 4.4.0.

Can't Delete BGP Local AS

With BGP EVPN configuration in a specific VRF, the local AS numbers configured in default VRF are not allowed to be deleted. Will give understandable prompt message when user tries to do it. If delete all BGP configurations, it can work.

BGP Configuration with Route Leak

In previous 4.x.x versions, PICOS allows the BGP configurations as following:
set protocols bgp vrf vrf1 local-as 1
set protocols bgp vrf vrf1 ipv4-unicast import vrf vrf2
set protocols bgp vrf vrf2 local-as 2
That will cause configuration from PICOS CLI is not consistent with FRR configuration. Specifically, FRR will add "set protocols bgp local-as 1" to its configuration automatically, which is not in PICOS CLI. In 4.4.0, if "set protocols bgp local-as 1" is not configured, the above configurations are not allowed.

Flow Control Issue

On AS4625-54T and AS4625-54P, with flow control enabled on the ingress ports, traffic with 1G line speed can pass the switch with no packet loss. If introduce the burst traffic, a small proportional number of packets will be discarded on the ingress ports from which even though pause frames are sent out.

Don't Support OVS

Imports match is not supported in the ICAP table on this AS4625-54T and AS4625-54P with Broadcom Trident3 X2 embedded. That will have significant impact on OVS functionalities. Therefore, OVS is not supported on AS4625-54T and AS4625-54P. 

Delete VRF or L3 Interface with PIM Enabled

If PIM is configured on a L3 interface added to a VRF, when delete the VRF or the L3 interface after delete PIM, and then roll back to the original configuration, PIM will not work with no multicast routes generated.

Configuration Limitation of PIM over GRE

If configure PIM on a GRE interface, PIM should be configured on the GRE underlay L3 interface too. Otherwise, PIM cannot build the session with the remote neighbor on the other side of GRE tunnel. 

RMAC Update in EVPN Multihoming Deployment

When bounce the up-link of a VTEP switch within an ESI in case of EVPN deployment, the remote RMAC with regard to an L3VPN may not be synced up to this PE VTEP switch. This issue could happen if reboot the PE VTEP switches. 

Failed to Be Authenticated by Going with ClearPass TACACS+ (4.3.3.3)

If connect to a ClearPass TACACS+ sever, a user is failed to be authenticated with prompt message "authentication error , wrong password". This issue is fixed in 4.4.0.

Ports Are UP During PICOS Bootup (4.3.2.3)

The ports on platforms with external PHY such as AS5835_54T or AS5812_54T may be up even though PICOS is not ready due to bootup. The traffic received on these ports will be dropped because these ports cannot transmit traffic under this circumstance. In case of MLAG configured on these ports, may lead to long time (2 to 3 minutes) traffic loss during bootup of one MLAG spine switch.

MSTP Process Crash (4.3.3.3)

The process of MSTP may crash in the environment of running MSTP over MLAG. This issue is fixed in 4.4.0.