These notes summarizes PICOS 2.11 new features, new hardware, known bugs, and bug fixes. Best practices recommend that you read all the content before upgrading to this release. For more detailed feature information, refer to the configuration guides.
New Software Features
Layer 2 and Layer 3
Disable/Enable IP Routing
Limit Maximum Number of VRRP Interfaces
Tagged/Untagged with Voice-VLAN
TACACS+ Failover Enhancement
MSH8920 - BPDU & LACP Tunneling on Static LAG
Enhancement for PVST/MSTP information in tech_support
Refreshing MAC Learning on MLAG Pair Switches
Remove SSH/Telnet Connection Number Limiting
PoE - Power Negotiation
Show Entire Spanning-tree PVST Infomation
DHCP Snooping over MLAG
Kontron - CDP and LLDP Tunneling
Boeing - Add new OIDs to UCB MIB
OEM - Display timestamp in syslog Message in Millisecond
OEM - Show System Date in Milliseconds
Remark DSCP with ACL Rule
Configure rate-limit on Egress Queues
GE Interfaces on AG5628 and AS7312
Send Traps if CPU Utilization Thredhold is Exceeded
Issue a SNMP Trap if L2 Table Threshold is Exceeded
Allow Hyphen "-" in VLAN Name
Add entPhysicalTable per RFC 6933
Support UPoE on N3048EP-ON and AS4610-54P and AS4610-30P.
Configure Rate Limit by Reference of Percentage
Add auto Mode to Voice VLAN
Disable SNMP Traps Related to LLDP
Enhancement on Displaying PoE Information
IGMP Snooping over MLAG
TACACS+ - Add New Command local-auth-fallback
Press "Enter" key to stop the process of upgrade2
The process of upgrade2 can be aborted before reboot into the update version of PicOS with the prompt message "PRESS ANY KEY TO STOP REBOOT".
Configure the rate-limit of filter rules by reference of kbps
Allow to configure rate-limit of ACL filter rules by reference of kbps in addition to pps.
Set Auto Negociation Speeds
Allow user to configure the speeds which can be advertised to the connected device under auto-negotiation mode.
Performance Refinement - ARP Handling
Reduce the time to handle the packet-in ARPs. Allow larger number of protocol packets destined to CPU.
Performance Refinement - Sync up ARP on Active-Active VRRP Devices
The time used to syn up ARP on active-active VRRP devices is reduced drastically.
PicOS supports both VRRPv2 and VRRPv3. The advantage of VRRPv3 is that it supports both IPv4 and IPv6 address families.
MLAG - Sync up MAC Addresses Learned on Orphan Ports the Peer Switch
MAC addresses which are learned on the single-homed ports of one spine switch of MLAG should be synchronized to the peer-link port of the other spine switch.
Add a Description Field after the Command "run request system reboot"
Add a description field after the command "run request system reboot" and add this text to the log message. This help Operations track the reason for the reboot through log messages.
MSH8920 - Extend L2-transparency to cover LLDP and CDP
L2-transparency is enabled for LLDP and CDP. Namely, If "set protocols lldp||cdp message-in disable true", the frames of LLDP and CDP will be flooded out of the switch instead of being trapped to CPU.
MSH8920 - xe-1/1/2.1 does not work after installing PICOS at its very first time; it needs an extra reboot to starts it
This problem has been fixed in 18.104.22.168.
MSH8920 - upgrade2 creates ext3 filesystem for new partition
This problem has been fixed in 22.214.171.124.
802.1X - Support MAB Authentication, Dynamic VLAN and CoA Function
Extend the 802.1X feature to support MAB authentication, dynamic VLAN and CoA function.
Support 1G speed with DELTA 10G RJ45 Module
Parameters of this module is as following:
Leo Vendor Name : DELTA
Vendor PartNr : LCP-10GRJ3SRT
Serial Number : 183209100001
Cable Length : 300m
Configure Rate-limit and Burst on Port
Add commands to configure rate-limit and burst to the port on ingress side and egress side. Both L2/L3 and OVS support this new feature.
Hashing with Sorted LAG Member
In generic, specific traffic will be forwarded out of a LAG member port depending on hashing algorithm with the key configuration. Certain behavior is defined between 2 LAGs with same number of member ports. Assuming ae1 has 4 member ports (1, 2, 3, 4) and ae2 also has 4 member ports (5, 6, 7, 8), with lag_members_sorted enabled, if a traffic is hashed out of port 2 for ae1, the traffic will be hashed out of port 6 for ae2.
Cable Diagnostics using TDR on RJ45 Interface
Support cable diagnostic function using TDR on RJ45 ports.
Add a New Command to Configure NAS-IP
Add a CLI command to let the user configure the NAS-IP address:
Update "run show bgp routes"
Keep the existing “peer” column, but change the heading to “Router ID”. Add a column before the “Router ID” column above, with the heading “Peer”, listing the configured peer IP address of the received routes.
|10549||2.11.21||Display all settings in the result of "show all" and "show all|display set" |
Display all settings including default settings in the result config tree of "show all" or result set commands of "show all|display set" respectively.
New Additions to NAC
NAC can operates under multi-domain mode or single-host mode with new features including dynamic/downloadable filter and central web authentication.
|11322||2.11.23||[NAC] Server Fail VLAN and 802.1x fallback |
If RADIUS server is not reachable, the client will fall back to the server fail VLAN. If reject by 802.1x authentication, the client will try web authentication.
|11146||2.11.24||Source Interface to TACACS+/RADIUS Server |
Allow user to configure an interface with IP address which is used to talk with TACACS+/RADIUS server.
|11395||2.11.24|| Present the Reason if Port Get Down by CoA |
Present the reason (CoA-Disable-Port) if a Port is Down caused by CoA when execute "run show interface gigabit-ethernet xxxx".
|11394||2.11.25|| Secure Keys in Configuration|
Present encripted code of share-key of RADIUS/TACAS+ and authentication-key and privacy-key of SNMP.
|11144||2.11.24||VRRPv2 Authentication |
Secure VRRP session with MD5 authentication. That is only enabled for VRRPv2.
Add New Columns to "run show lldp neighbor"
NAC - Invalid Downloadable ACL
Restore License and User Password Automatically
|11798||126.96.36.199||Dynamical VLAN Overrides Voice VLAN |
If the returned RADIUS access accept message includes an extra Pica8 vendor-specific-attribute (VSA)“pica8-traffic-class=voice”, the dynamic VLAN will take precedence over the locally configured voice VLAN.
|10437||188.8.131.52||RADIUS Accounting for 802.1x and MAB|
PICOS switch sends start/stop accounting message to RADIUS server for supplicant's 802.1x/MAB authenticaiton session.
|12132||184.108.40.206||Response to session-timeout Attribute|
If the returned access-accept RADIUS message has attribute session-timeout after MAB/802.1x authentication, the authenticated session will be expired after a period of session-timeout and start a new authentication process.
|11976||220.127.116.11||Show DACL Counters|
Allow user to show the counter of downloadable/dynamic NAC ACLs.
OVS and OpenFlow
OVS 2.6 Upgrade
Enable/Disable CoS with VLAN PCP
Add New Match Modes
Configure Polling Interval on Interface/Flow Counter
Set Rate-limit on Port under OVS Mode
Limit maxmum rate on specific port under OVS mode.
Command "switch-to-ovs-2.6" Fails
PicOS 2.11.x has 2 versions of OVS - 2.3 and 2.6. Command "switch-to-ovs-2.6" is used to switch to OVS 2.6 from OVS 2.3.
Support L2GRE on AS4610
Enable L2GRE under OVS/OpenFLow mode on AS4610.
|11265||2.11.23||Optimize Bootup Process of OVS |
By changing the way of initialization of ports added to the bridge, it only takes half long to boot up OVS.
|11438||2.11.24||Maximum Number of Groups |
Allow to configure maximum 2k groups under OVS mode.
upgrade2 - New Way of Upgrade
Kontron - Upgrade Linux Kernel to LTS Version
Kontron - Dump Binary Data of FPGA
Add New Option to upgrade2
Display Content of System EEPROM
Enable OverlayFS on N3048EP-ON
OverlayFS is a memory based file system, which can cache any write operation without write the data onto the underlying physical storage. OverlayFS is a different way to load PicOS on the switches which do not come with USB based NAND such as N3048EP-ON.
Update Authentication Behavior of TACACS+/RADIUS
Disable upgrade1 on MSH8920
convert the 18.104.22.168 pica_startup.boot to 2.7.2S1F
Add a tool - convert-conf - which is used to remove the configuration items in 22.214.171.124 pica_startup.boot which are unknown for 2.7.2S1F. Add an option to upgrade2 to allow user to specify the startup configuration file which will be brought back to 2.7.2s1f.
Add PoE checking to system-diag
PoE checking is added system-diag which is executed before starting PicOS.
Keep Specified Backup Files when Upgrade to New Version
Add an option to upgrade/upgrade2 to allow user to specify a file list which will be kept when upgrade to new version.After add and delete multicast route
MSH8920 - Upgrade2 is Broken by Watch Dog Resetting
The watch dog is started in uboot on MSH8920. It takes so long to prepare the backup partition due to upgrade2 that watch dog resets the CPU and then reboots the system. So a watch dog refreshing demon is added to send keeping alive messages to the watch dog immediately after Linux platform boots up.
MSH8920 - Add Wtmp Rotation to Crontab
By default, CRON will check the size of /tmp/log/wtmp every 5 minutes. If its size is larger than 5M, rotation will be executed. User can adjust the interval and the size for /tmp/log/wtmp by modifying /etc/crontab and /etc/logrotate2.conf.
Secure the password by importing tally2 and cracklib into rootfs.
|12129||126.96.36.199||Use Space Key to Terminate Countdown|
Due to upgrade2 process, will enter 10 seconds countdown before rebooting the system. User can only press space key instead of any key to end the countdown and abort the upgrade process.
Port to Dell N3048EP-ON
Please refer to the document N3048EP-ON Switch Port Name Description.
Support DELL S4148F-ON
The S4148F-ON supports 48 x 10G SFP+, and 4 x 100G / 6 x 40G QSFP physical layer interfaces with PICOS.
Port PICOS to N3048ET-ON
N3048ET-ON is one model of LEEDS N30xx platforms of Dell. It has 48 1Gbps ports for copper with 2 comb Cu ports, one 20Gbps expansion slots for SFP+, 2 10G Base-T modules, and 2 mini-SAS type stacking ports.
|10905||2.11.21||Support N3024ET-ON |
Powered by BCM56342, N3024ET-ON can have 24x1G Cu ports and and 4x10G ports.
Licensing Policy is Updated
Reboot Fails to Bring up PICOS L2/L3 Processes
It only happens on S4048-ON and S4148F-ON. After reboot, the console keeps displaying the following messages:
User operator is not Allowed to Login by Default
User operator is not allowed to login with default password "pica8". That would be a security concern. User operator can be given a password explicitly by admin.
Disable TCP SACK
Several TCP networking vulnerabilities associated with TCP SACK are identified (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md). As a work around, TCP SACK is disabled in rootfs of PICOS.
Raise kernel:__div64_32 Exception Under OVS Mode on PPC Platforms
This issue is raised by overflow of tick based cputime. As a work around, it can be mitigated if enable kernal CONFIG_HZ_250 and set CONFIG_HZ to 250 instead to 1000. With this fix, in theory, the issue will not happen within 6 years.
Host Name is Truncated in rsyslog Messages
Full host name is not included in the rsyslog messages.
|11426||2.11.24||Fan Speed Changes too Fastly on Certain Unit of N3132 |
It's possible that the fan speed changes too fastly on some units of N3132. From our test, it doesn't heppen on all units of N3132.
Clean up the Data when Remove an User
MSH8920 - Configure FEC on 10G Febric
Indicate That the Interface is Down Due to BPDU Guard
Kontron - Present portmap Running Configuration
Kontron - keep executing the rest of the commands in the execution file even if encounter the "same value"
Power Outages Cause Corruption of pica_start.conf
Clean up Associated ACL Rules When Delete MLAG
DHCP Request are Send When ZTP is Disabled and IP is Configured Statically
Boot Failure Caused by Configuration File Corrupted
More Than 2 wtmp Files
Do not Remark Voice Traffic DSCP by Default
Management Interface eth0 is Up even if No cable Plugged in
Voice VLAN - Remove Default OUIs
Kernel Log-Level is Decoupled from the XorPlus Log-Leve
PoE - threshold-mode Setting Does not Work
Corruption of Startup Configuration File
Remove Date Checking of the License if Downgrade to Previous Version
It does not make sense to check the date of end support of license when downgrade to previous version.
upgrade2 is Broken if There is a Large File in /home/admin
If there is a large file in /home/admin, upgrade2 might be broken by an error of out of memory when tar and compress the file and copy to the second partition. To fix this issue, on the one hand, copy the backup files to the target partition directly instead of tar & gzip & untar; on the other hand, clean up cache memory with /proc/sys/vm/drop_caches.
[N3132] Management Interface is Changed to eth0
The management interface on N3132 is changed to eth0 from eth1. The startup configuration will be lost if upgrade to 2.11.19. To restore the startup configuration, customer should replace "eth1" with "eth0" in a seperate copy of pica_startup.boot and then put it to /pica/config after upgrade.
AS5600/2.11.16 ONIE Installation Failure
AS5600/2.11.16 PICOS ONIE Installer fails. Fixed in 2.11.19.
Upgrade to 3.1.0+ on EFI Platform
We have one version of S4148 which boots into EFI (Extensible Firmware Interface) mode. Upgrade to 3.1.0 from 2.11.19 will work on EFI platforms or non-EFI platforms.
Disable Weak Ciphers for SSHD
Enterprise customers prefer to have the weak ciphers disabled by default for ssh server. So, disable the following ciphers in PICOS: arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, aes256-cbc,arcfour.
CPU Utilization is Reported to Reach 100%
It indicates that CPU utilization reaches 100% by checking "/tmp/system/cpuusage". In fact, it's a false alarm from pica_monitor.
Layer 2 and Layer 3 Features
Mac Leaning Command Does Not Work at Once
MSH8920 - Add option to allow BPDU & LACP to Bypass CPU
PICOS stops host load balance if VRRP is configured PICOS used to trap all of the VRRP packets to CPU even if they are the host VRRP Keepalive packets for load balance. The fix is to add source MAC address matching field to the VRRP filter.
IGMP Snooping Does NOT Work
Duplicate SNMP Traps of LLDP Update
Dropping LLDP frames with unknown TLVs
Status of Voice VLAN is Not Correct
Ignore VRRP Authentication Packets
LLDP Frames Dropped by LLDP Module
IGMP Snooping - Source MAC Address of IGMP Leave Message
PIM neighbor can not be Established Between two PIM Router
Configure IP address to management interface before starting PicOS
If the static IP address is confiured to management interface, the static IP address will be activated on eth0 before starting PicOS. Ensure that user can access the hardware model even if PicOS is failed to boot up.
Migrate UDLD fix of 2.7.2S1G to 188.8.131.52
This version (184.108.40.206) of PICOS release will always send out UDLD PDU with Pica8 OUI (0x486E73). But it needs to use the OUI in the UDLD PDU to figure out if the peer device is PICOS 2.7.2S1F (OUI=0x486E73) or Cisco (OUI=0x00000C), and use the corresponding method to calculate the checksum. Anyway, 220.127.116.11 can talk to both 2.7.2S1F (backward compatible) and the future release (forward compatible) via UDLD.
Enable and disable a port when STP is turned on interrupts the traffic
When disable the port with traffic, it switches to the other port after ~550-600ms. But when enable it again, it interrupts the whole traffic.The mac entries are messed up.
Buffer Management - Refine Headroom and Flow Control
The maximum size of headroom is increased. If enable flow control and configure speed of the port, the size of headroom is 0.
MLAG - Traffic is Broken when Bring Up One Down MLAG Link
Initially one link of a MLAG is down. And then bring it up, the traffic from upstream device is broken for 5 - 6 seconds.
MLAG - Traffic is Broken when Master Spine Shuts Down
With reload delay configured, the traffic from downstream device is broken for 12 seconds when the master spine shuts down.
If enble root guard on a port, the port will be blocked if received a BPDU with high bridge priority. That can deny devices behind such ports from participation in STP. The blocking is removed as soon as the device ceases to send superior BPDUs.
VLAN Membership Issue with DHCP Discovery Packets
If enable DHCP snooping, DHCP DISCOVERY packets with unexpected VLAN ID can be received on a port and flooded out of the ports configured with different VLAN memberships. For example, an DHCP DISCOVERY packet tagged with VLAN 608 can ingress ge-1/1/2 and then egress on te-1/1/49 even thought the VLAN608 is only configured for te-1/1/49. e expected only tagged packets on VLAN 19 and VLAN 20 to be allowed to ingress on ge-1/1/2.
CLI Session Hangs Due to PoE Display
CLI hangs when execute command "show poe interface all".
STP Process Crashes on 2.11.5.cloudistics.0/as5812_54x
Cloudistics reports problems related to STP process (pica_mstp) crash. User can restart STP feature from CLI, but the CLI show the protocol is MSTP instead of the configured STP. User has to delete the current force-version and set it back. Then, the show and configuration are consistent.
Don't Allow to Configure Different Filters to the Same VLAN Interface
Add the configuraiton checking which does not allow to configure different firewall filters to the same VLAN interface on ingress side or egress side.
"set system hostname" Does not Update /etc/hostname
Boeing reported that the hostname in /etc/hostname file is not updated with “set system hostname” command, this causes DHCP requests sent on eth0 to advertise as “xorplus.chs.sc.boeing.com” since the hostname in /etc/hostname is "xorplus"
RR Scheduler Does not Work
The RR (Round Robin) scheduler configured to the egress queues behaviors as the mode of SP (Strict Priority) scheduler.
MSH8920 - Fail to activate LACP and BPDU L2-transparency
If "set protocols lacp||stp message-in disable true", the frames of BPDU and LACP are not flooded out of the switch instead of being trapped to CPU.
If configure static routes, xorp_policy will crash and generate coredump file when it shuts down.
Maximum Power Setting on UPoE Ports
The Maximum power that can be provided by an UPoE power of AS4610-54P is 51 watts instead of 64 watts. So the range of max-power of a specific port is changed to [1..51].
The Default Value of lldp-negotiation is TRUE
To symplify the PoE configurtion, the default value of lldp-negotiation for the setting of global/all and local/per-port is changed to true.
Phone classified as CDP If LLDP Enabled Capabilities are not Set Correctly
Customer has phones which do not set LLDP Enabled Capabilities:Telephone correctly (Not Enabled), but the LLDPDU includes Network Policy TLV requesting policy for Voice application. PICOS LLDP/CDP would classify these phones as CDP phones and send untagged voice related traffic to these phones, which is not expected by the phones because of the LLDP-MED negotiation. PICOS should classify the device as a LLDP-MED phone, if the switch receives LLDPDUs from the phone with LLDP-MED Network Policy TLVs for Voice, EVEN IF the base LLDP has “Enabled Capabilities::Telephone=NO”. The logic is that if the device is requesting LLDP-MED Network Policy for Voice, then it must be a phone, and this overrides the fact that Enabled-Capability::Telephone=NO.
PoE Power Provision Error If the Phone Has Different Chassis IDs with Different IP Addresses
The attached phone sends LLDPDUs with 2 different Chassis IDs which are the values of the IP addresses. Initially, the Chassis ID/IP address is 0.0.0.0 and then becomes such as 104..255.99.11 when the phone gets an actual IP address from the DHCP sever. The initial LLDPDU with 0.0.0.0 requests 12.1 watt. And the following LLDPDU with 104..255.99.11 requests 15.1 watt. Unfortunately, the LLDPDU with 104..255.99.11 is ignored. PicOS switch should continuously check the the TLV of Power Via MDI and provide the power requested by the TLV from the incoming LLDPDU.
Add ifSpeed and ifHighSpeed for Port with 25G and 100G Speed
ifspeed/ifhighspeed MIB value for port with 25G and 100G is not the value as expected, so we add ifSpeed and ifHighSpeed for port with 25G and 100G speed to make the MIB value correct.
Add VLAN Display in Dot1x MAB Table
Present dynamic VLAN of the connected deviced authenticated by MAB.
802.1x Precedes MAB
To follow the behavior of Cisco, 802.1x will precede MAB if both 802.1x and MAB are available.
Add the Service Type Attribute in Access Request Message
Add Service Type attribute in the access request messages sent out to RADIUS to differentiate MAB and 802.1x.
[AS4610-54P]Phone won't power up randomly after disabling & reenabling PoE on UPOE ports.
Cisco 8845 IP Phone was powered up and working properly on a UPoE ports (ports ge-1/1/44, ge-1/1/48). After disabling and reenabling PoE, somehow it's possible the phone will no longer power up.
Don't Allow to Configure 802.1X to LAG Member Port
Add config checking to prevent LAG member port from being enabled 802.1X.
ECMP max Path Should not Be Changed When Disable Symmetric Hashing
After commit "delete interface ecmp hash-mapping symmetric" successfully, CLI will prompt message "ECMP max path has been changed, please reboot the system for changes to take effect!". It should not change the ECMP max path if disable symmetric hashing.
Port is not Deleted when Change the User Status
A port is secured by 802.1X and configured with a dynamic VLAN such as VLAN 8. And then the dynamic VLAN is changed to VLAN 9 on the side of RADIUS server such as PacketFence. The re-authentication doesn't change the dynamic VLAN of the port to VLAN 9 on the side of Pica8 switch.
L2/L3 Protocol Packets cannot Be Trapped to CPU on Delta Models
L2 BPDU and L3 protocol packets cannot be trapped to CPU occasionally on Delta models including AG9032 and AG548.
SNMP Trap is not Send out if RPSU Powered On/Off
SNMP trap - rpsuStatusChangePowerOff or rpsuStatusChangePowerOn - is not sent out if RPSU powed on or off.
Traffic Failed to Be Mapped to Correct Queue
For TD+ models, if set a forwarding-class with local-priority such as 2 and associate the specific traffic with this forwarding-class, by counter of BCM shell, the traffic goes to egress queue 0 instead 2.
[PVST]Wrong Port Role
In a network topology, Pica8 switch is connected to a Cisco switch. PVST is enabled on the both switch. When get a port on the Pica8 switch down and then up, somehow the role of another port of the Pica8 switch is not correct.
Fail to Query ipNetToMediaPhysAddress and atPhysAddress on AG5648
Fail to query out SNMP OID - RFC1213-MIB::atPhysAddress and IP-MIB::ipNetToMediaPhysAddress.
|11281||2.11.23||[Lenovo PVST compatibility] “Organization Code” field in 802.2 LLC packet |
PICOS sets “Organization Code” field in 802.2 LLC packet to 00:00:00. Lenovo only recognize PVST+ packets if the “Organization Code” is 00:00:0C (Cisco systems, inc.).
|11292||2.11.23||The Length of the Dynamic VLAN Name |
The maximum length of the dynamic VLAN name should be 32 as the same maximum length of local VLAN name.
|11349||2.11.23|| DHCP Vendor-Class Option on N3132 |
DHCP Vendor-Class option is corrected as "PICOS n3132".
|11407||2.11.24||NAC Enhancement |
CoA for a specific client will not affect other clients connected to the same port of the switch. If returned CoA has re-authentication action, the switch will start new authentication immediately.
|11427||2.11.24||Print Too Much VRRP Log Messages |
It's not necessary to issue a warning log message if receive an invalid VRRP packet.
Include "#" in Shared Key of TACACS+ Session
|11718||18.104.22.168|| Crash Caused by DHCP/ICMP |
Enable DHCP snooping/relay. If received an DHCP OFFER and then immediately an ICMP, it is possible the process pica_sif would crash.
|11738||22.214.171.124|| Port Hangs after dot1x CoA-terminate and CoA bounce-port for MAB Authenticated Phone |
If the configured voice VLAN is equal to the dynamic VLAN for a specific port and connected client device, the port is somehow stuck when receive a CoA terminate message.
|12015||126.96.36.199||DHCP Discovery Packets are Discarded When it Fails to Reach NAC Server|
The client will fall back to server-fail-vlan when the NAC server is not reachable. In this case, it should allow the client to reach the DHCP server even if DHCP snooping is enabled.
Error BGP Statistics
Open vSwitch and OpenFlow
Statistics Error on Tunnel Packets
Command ovs-pica-save/ovs-pica-load does not Work Occasionally
DHCP Cycle in CrossFlow Mode
Install the Flow Entry to ASIC Even If User Try to Set DSCP to 0
Linux is in Panic
ARP Proxy Does not Work on Tunnel Port
If enable ARP proxy enable on tunnel's network port, it will send out arp reply packet which has a tunnel header.
Support 6k Flow Entries for AS5812 and AS6812
Allow to configure maximum 6k flow entries on AS5812_54T and AS5812_54X and AS6812.
AS5812 OVS Sflow Function Fails to Generate Flow Samples
In OVS 2.6, sflow only generates counter samples (CNTR) but not flow samples (FLOW).
Refine the Performance by Adding Large Amount of Flow Entries
In case of same priority, the time to add 4k flow entries is reduced dramatically on AS5812.
It Takes Too Long to Deletes 6k Flows on AS5812 and AS6812
It takes 20 minutes to delete 6k flow entries. It's too long.
Convert OVSDB to Match New Schema in Upgrade2
PicOS OVS uses OVSDB to restore the configurations. It's possible that the schema of the OVSDB would be changed because new cofinguation commands might be added to the new version of PicOS. To bring the OVSDB into the new version of PicOS by upgrade2, the OVSDB should be converted to adapt the the new schema of the new version of PicOS.
Enable In-band under Match Mode
OpenFlow in-band controller connection is enabled under match mode.
Update Action in the Hardware Flows if Delete/Add Port to the Bridge
Delete a port from the bridge, the action of the hardware flows with the specific port as output should be updated as "drop". If the port is added back to the bridge, the hardware flows should come back to the original ones.
Delete L2GRE Ports
If add and then delete a L2GRE port, the configuration associated with this L2GRE port in MPLS_ENTRY is not be removed.
|10701||2.11.21||OVS Web automatically logout after specific time with no activity |
After login the OVS Web UI, if don't access to it, the WebUI should be disconnected automatically after specified timeout (60 seconds).
|11231||2.11.23|| Issue Error Log messages If Insert Too Many 1000BASE-T SFP Modules to AS7312-54X |
If inserted too many (>25) 1000BASE-T SFP modules to AS7312-54X, somehow the OVS threads could be blocked and some actions such as flow modification will take much longer.
|11266||2.11.23||"Permission Error" is Returned by Adding Flow |
When repeat adding/deleting 900 flow entries on AS7312-54X, it's possible to return "permissions error" by adding new flows.
|11382||2.11.24||OVS Crash |
This crash can be reproduced when sflow is enabled meanwhile a flow entry is added as following:
ovs-ofctl add-flow br0 priority=10,actions=drop
Apply Policer to Aggregate Traffic
Issue SNMP Trap if LAG Member Port Links Up/Down
Protocol Packets are Counted to Discarded
SNMP - Value of ifLastChange is Always 0
SNMP - Value of sysUpTime is not in Timetick
[AG9032] PICOS Can't Boot up
PICOS 2.11.16 cannot boot up on AG9032. Certain Delta switches such as AG9032 request to reset MAC via CPLD from software when reboot system by "reboot -f".