diff --git a/content/cumulus-linux-510/Whats-New/rn.md b/content/cumulus-linux-510/Whats-New/rn.md
index 73e9d583c6..391e4be35f 100644
--- a/content/cumulus-linux-510/Whats-New/rn.md
+++ b/content/cumulus-linux-510/Whats-New/rn.md
@@ -15,12 +15,17 @@ pdfhidden: True
| Issue ID | Description | Affects | Fixed |
|--- |--- |--- |--- |
| [4037224](#4037224)
| ASIC monitoring histogram collection might not work because of a crash in the asic-monitor service. To work around this issue, see the Release Considerations section of the What’s New. | 5.10.0 | |
-| [4007329](#4007329)
None | Cumulus Linux incorrectly handles unnumbered neighbor types, which causes discrepancies in the running configuration and session flaps during FRR reload. | 5.9.0-5.10.0 | |
+| [4035681](#4035681)
| The nv show interface commands show RX and TX Power values from the wrong lanes on breakout ports. | 5.8.0-5.10.0 | |
+| [4023318](#4023318)
| If you run nv set commands after you perform an upgrade but before a reboot, NVUE creates a revision based off the pre-upgrade version. After reboot, the revision contains pre-upgrade data that might cause it to fail during config apply. To work around this issue, detach the stale revision after upgrade with the nv config detach command. | 5.10.0 | |
+| [4016216](#4016216)
| If a ZTP script includes a directive to reboot, the reboot might stop the running ZTP process before it is able to disable itself from running again. As a result, the ZTP process starts again when the system comes back up. To work around this issue, run shutdown -r +1 to schedule a reboot after one minute so that the ZTP process can successfully complete disabling the ztp.service systemd service. | 5.10.0 | |
+| [4007613](#4007613)
| If there are multiple relay switches in the path reaching the DHCP server, DHCP packets are duplicated at each transit relay switch and the server receives duplicate packets. | 5.9.1-5.10.0 | |
| [4005422](#4005422)
| When you upgrade Cumulus Linux 5.9.1 to Cumulus Linux 5.10 with package upgrade, the NTP service stops. To restart the NTP service, enable, then restart the service in the VRF in which it was running with the systemctl enable ntpsec@ and systemctl restart ntpsec@ commands. | 5.10.0 | |
+| [4005261](#4005261)
| On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. | 5.9.0-5.10.0 | |
| [4004898](#4004898)
| When you configure the SNMP server listening address to a VRF that has no interfaces, snmp.service fails.
To recover from the failure, set the SNMP server listening address back to the VRF that has interfaces. If you really want to move the SNMP server to the VRF with no interfaces, assign an interface to the VRF and move the SNMP server to the VRF. | 5.10.0 | |
| [3879717](#3879717)
| Running snmpwalk on the switch with the management IP address does not work. To work around this issue, use the localhost option (snmpwalk -v 2c -c public28 localhost 1.3.6.1.2.1.14) or create a control plane ACL whitelist rule. | 5.10.0 | |
| [3878394](#3878394)
| When ZTP runs a script that contains wget, ZTP fails and you see a message similar to the following:
ZTP: ZTP DHCP: Unexpected error: 'ascii' codec can't decode byte 0xe2 in position 181: ordinal not in range(128)ZTP: Script returned failure
To work around this issue, use the -q option with wget. | 5.9.0-5.10.0 | |
| [3875696](#3875696)
| The default TX State for 1G Base-X optical modules that are unconfigured or admin down in Cumulus Linux 5.7.0 and later is OFF. However, on the first boot after upgrade from an earlier release, a module TX power might be ON or OFF depending on the TX State it was before the upgrade. The TX_Disable line is not properly set on first boot. To work around this issue, reboot the switch again, or ifup or ifdown the 1G Base-X interface to disable TX Power. | 5.7.0-5.10.0 | |
+| [3861745](#3861745)
| On UEFI hardware (where the /sys/firmware/efi directory exists), using the update-grub program might generate a /boot/grub/grub.cfg that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run mount LABEL="EFI System" /boot/efi before using update-grub. | 5.9.0-5.10.0 | |
| [3844670](#3844670)
| When you configure TACACS with NVUE or merge in an NVUE configuration file including TACACS configuration with the nv config patch command, you see an unrecoverable error when running additional NVUE commands. To work around this issue, restart the NVUE service with the systemctl restart nvued.service command. | 5.9.0-5.10.0 | |
| [3773177](#3773177)
| When you try to upgrade a switch from Cumulus Linux 5.5 or earlier to 5.8.0 or later with package upgrade, you see errors for expired GPG keys that prevent you from upgrading. To work around this issue, install the new keys with the following commands, then upgrade the switch.
cumulus@switch:~$ wget https://download.nvidia.com/cumulus/apt.cumulusnetworks.com/repo/pool/cumulus/c/cumulus-archive-keyring/cumulus-archive-keyring_4-cl5.6.0u5_all.deb
cumulus@switch:~$ sudo apt install ./cumulus-archive-keyring_4-cl5.6.0u5_all.deb
cumulus@switch:~$ sudo apt update
cumulus@switch:~$ sudo apt upgrade
| 4.0.0-4.4.5, 5.0.0-5.10.0 | |
| [3771168](#3771168)
| When you perform an ISSU upgrade on a Spectrum 1 switch, the switchd service might crash. | 5.8.0-5.10.0 | |
@@ -73,6 +78,7 @@ pdfhidden: True
### Fixed Issues in 5.10.0
| Issue ID | Description | Affects |
|--- |--- |--- |
+| [4023637](#4023637)
| When you disable dynamic NAT manually in the /etc/cumulus/switchd.conf file instead of using NVUE commands but the dynamic NAT rules still exist in the /etc/cumulus/acl/policy,d/.rules file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in /etc/cumulus/acl/policy.d before you disable dynamic NAT in the /etc/cumulus/switchd.conf file. | 5.9.0-5.9.1 | |
| [4015327](#4015327)
| If you change the hostname in the /etc/hostname file after the asic_monitor@vrf service starts, the hostname is not reflected in the Open Telemetry exported resource attribute. To work around this issue, restart the asic_monitor@vrf service. | | |
| [4012011](#4012011)
| A memory corruption kernel crash might occur due to a netfilter error. The log message from netfilter might contain a warning similar to the following:
kernel: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_core.c:1210 __nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 5.9.1 | |
| [4004453](#4004453)
None | The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. | 4.3.0-5.9.1 | |
@@ -82,7 +88,7 @@ pdfhidden: True
| [3974890](#3974890)
| The ntpsec@mgmt service does not come up by default when you install an image with ONIE because the trigger to bring up the service is missing. | 5.9.1 | |
| [3972715](#3972715)
| The fans on the NVIDIA SN2410 switch (Part Number SSG7A80800) might spin at high speed. | 5.9.1 | |
| [3970626](#3970626)
| When you configure the bridge.kernel_mac_refresh_interval parameter in the switchd.conf file, a switchd restart fails with core dump. | 5.8.0-5.9.1 | |
-| [3966673](#3966673)
| In an EVPN multihoming configuration, if you enable multihoming without any local ESI configuration, arp-nd-redirect remains disabled unless you restart FRR with the sudo systemctl restart frr.service command. | 5.9.1 | |
+| [3966673](#3966673)
| In an EVPN multihoming deployment, if you enable multihoming without any local ESI configuration, arp-nd-redirect remains disabled unless you restart FRR. | 5.9.1 | |
| [3965021](#3965021)
| The ethtool -m command shows incorrect optical DOM information for SFP modules. To work around this issue, run the l1-show command to show optical power values for SFP optical transceivers.. | 5.9.1 | |
| [3957691](#3957691)
| After a networking restart, ERSPAN mirror sessions might not come up. To work around this issue, run the systemctl reload switchd command to bring up the ERSPAN mirror sessions. | 5.9.0-5.9.1 | |
| [3957620](#3957620)
| On the Spectrum-4 switch, when you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. | 5.9.0-5.9.1 | |
@@ -98,7 +104,7 @@ pdfhidden: True
| [3939667](#3939667)
| The password on NVIDIA Cumulus VX is not getting reset to the default value of cumulus. | 5.9.0-5.9.1 | |
| [3935658](#3935658)
None | SNMP IF-MIB reports all interfaces (including layer 3 and VNIs) as ifType=6 (ethernetCsmacd) instead of IANA MIB-II types. | 5.9.1 | |
| [3929440](#3929440)
| When you enable or disable MLAG configuration on an interface, Cumulus Linux logs LACP partner MAC address and BPDU guard mismatches incorrectly. This issue does not impact functionality. | 5.9.0-5.9.1 | |
-| [3927016](#3927016)
| Following an EVPN extended mobility event, where a host with IP address A and MAC address A moves within the fabric and now resides at IP address A and MAC address B, you might see traffic destined to this host experience drops as the flow is software forwarded on the egress VTEP. | 5.9.1 | |
+| [3927016](#3927016)
| Following an EVPN extended mobility event, where a host with IPA and MACA moves within the fabric and now resides at IPA MACB, you might see traffic destined to this host experience drops as the flow is being software forwarded on the egress VTEP. | 5.9.1 | |
| [3926523](#3926523)
None | When there are multiple interface flaps with sFlow on 100G interfaces, sFlow might use a different value than the one configured. | 5.9.1 | |
| [3925259](#3925259)
None | When you start Cumulus VX in Vagrant with libvirt, VM provisioning might fail with errors that indicate a missing ifup@eth0.service systemd service. | 5.9.0-5.9.1 | |
| [3917601](#3917601)
None | If a packet containing an all zero source MAC address (00:00:00:00:00:00) is learned on the ASIC, switchd sends the learn notification to the kernel but the kernel rejects the MAC address as invalid. The ASIC continuously sends the mac-learn notifications, which wastes CPU resources. To work around this issue, configure ACLs to match on the all-zero source MAC address and drop the invalid packets. | 5.5.0-5.9.1 | |
@@ -111,6 +117,7 @@ pdfhidden: True
| [3890993](#3890993)
| On the NVIDIA spectrum-4 switch, l1-show command output does not show Eye opening information for an interface port. | 5.9.0-5.9.1 | |
| [3881789](#3881789)
| If you configure the anycast IP address with the nv set nve vxlan mlag shared-address command after you configure MLAG, the anycast IP address configuration is not applied and the VXLAN interface is in a protodown state. To work around this issue, run sudo ifreload -a.
To avoid this issue, either apply the anycast configuration before you apply the MLAG configuration or configure the anycast IP address and MLAG together with a single nv config apply command. | 5.9.0-5.9.1 | |
| [3879635](#3879635)
| ERSPAN port-mirror sessions might not come up after a switchd service restart. To work around this issue and bring up the ERSPAN session, either run switchd reload after a switchd restart or use an ACL-based ERSPAN session. | 5.9.0-5.9.1 | |
+| [3878166](#3878166)
| The NVUE nv show interface eth0 and nv show vrf commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get vlan/link/tunnel bridge information. | 5.9.0-5.9.1 | |
| [3875589](#3875589)
None | MLAG bonds might report an incorrect DOWN reason of lacp partner mac mismatch when the bond is out of service for another reason. | 5.9.0-5.9.1 | |
| [3873219](#3873219)
| When you remove a port from a bond and add it to the bridge in a single set of NVUE commands, then apply the configuration, the port forwarding state is blocked on all the bridge VLANs. To work around this issue, apply the configuration in two steps. First remove the port from the bond and apply the configuration, then add the port to the bridge and apply the configuration. | 5.9.0-5.9.1 | |
| [3854807](#3854807)
| When you enable Optimized Multicast Flooding (OMF) and change VLAN configuration, a few ports might carry multicast traffic even when they are not in the MDB or they are not router ports. | 5.6.0-5.9.1 | |
@@ -119,6 +126,7 @@ pdfhidden: True
| [3821643](#3821643)
| When using SSM and the upstream interface goes away (the source stops sending or the link goes down) the PIMREG interface is added to the outgoing interface list of the S,G and is never removed. As a result, multicast traffic that hits the impacted S,G is forwarded to the CPU and dropped by the switch. | 5.9.0-5.9.1 | |
| [3775686](#3775686)
| The BGP Suppress Route Advertisement feature under scale (more than 30000 routes) advertises partial updates to downstream neighbors. Because FRR does not read kernel route updates fast enough, the netlink socket receive buffer gets full and further update notifications are dropped. | 5.8.0-5.9.1 | |
| [3763543](#3763543)
| The NVIDIA SN4600C switch fails to boot fully after you upgrade from Cumulus Linux 4.2.1 to 5.7 with ONIE install. To work around this issue, perform an intermediate step image upgrade; for example, upgrade the switch from Cumulus Linux 4.2.1 to 5.2.1 to 5.7.0. | 5.7.0-5.9.1 | |
+| [3711913](#3711913)
| When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in syslog.
The following shows an example configuration:
cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIAcumulus@switch:~$ nv set acl one rule 1 match ip protocol udpcumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4cumulus@switch:~$ nv set acl one type mac
| 5.7.0-5.9.1 | |
| [3636266](#3636266)
| When an unresolved next hop is present in a next hop group, especially over an SVI interface, the switch checks if the neighbor MAC address is in the forwarding table. If the neighbor's MAC address is not there, the switch skips this next hop from backend programming and you see the switchd error ERR NH: l3 nhg v6 l3 nhg contains one or more unresolvable nexthops. There is no impact to switch functionality as unresolved neighbors are not programmed in hardware until they are resolved. | 5.7.0-5.9.1 | |
| [3610591](#3610591)
| After configuring the system level pre-login and post-login banner messages, the messages do not return to their default settings when you run the nv unset system command or the nv config apply empty command. | 5.7.0-5.9.1 | |
| [3393966](#3393966)
| When you configure OSPF network statements using NVUE with the nv set vrf router ospf area network command, subsequent configuration changes with NVUE might bring down all OSPF neighbors. To work around this issue, create an NVUE snippet to configure the network statement, or use the nv set interface router ospf area command to enable OSPF on interfaces instead of using a network statement. | 5.5.0-5.9.1 | |
diff --git a/content/cumulus-linux-510/rn.xml b/content/cumulus-linux-510/rn.xml
index aa8f3f191a..a49b1aedf5 100644
--- a/content/cumulus-linux-510/rn.xml
+++ b/content/cumulus-linux-510/rn.xml
@@ -7,12 +7,48 @@
Fixed |
+| 4037224 |
+ASIC monitoring histogram collection might not work because of a crash in the {{asic-monitor}} service. To work around this issue, see the <a href="https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-510/Whats-New/#release-considerations">Release Considerations section of the What’s New</a>. |
+5.10.0 |
+ |
+
+
+| 4035681 |
+The {{nv show interface <interface>}} commands show RX and TX Power values from the wrong lanes on breakout ports. |
+5.8.0-5.10.0 |
+ |
+
+
+| 4023318 |
+If you run {{nv set}} commands after you perform an upgrade but before a reboot, NVUE creates a revision based off the pre-upgrade version. After reboot, the revision contains pre-upgrade data that might cause it to fail during {{config apply}}. To work around this issue, detach the stale revision after upgrade with the {{nv config detach}} command. |
+5.10.0 |
+ |
+
+
+| 4016216 |
+If a ZTP script includes a directive to reboot, the reboot might stop the running ZTP process before it is able to disable itself from running again. As a result, the ZTP process starts again when the system comes back up. To work around this issue, run {{shutdown -r +1}} to schedule a reboot after one minute so that the ZTP process can successfully complete disabling the {{ztp.service}} systemd service. |
+5.10.0 |
+ |
+
+
+| 4007613 |
+If there are multiple relay switches in the path reaching the DHCP server, DHCP packets are duplicated at each transit relay switch and the server receives duplicate packets. |
+5.9.1-5.10.0 |
+ |
+
+
| 4005422 |
When you upgrade Cumulus Linux 5.9.1 to Cumulus Linux 5.10 with package upgrade, the NTP service stops. To restart the NTP service, enable, then restart the service in the VRF in which it was running with the {{systemctl enable ntpsec@<vrf>}} and {{systemctl restart ntpsec@<vrf>}} commands. |
5.10.0 |
|
+| 4005261 |
+ On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. |
+5.9.0-5.10.0 |
+ |
+
+
| 4004898 |
When you configure the SNMP server listening address to a VRF that has no interfaces, {{snmp.service}} fails.
To recover from the failure, set the SNMP server listening address back to the VRF that has interfaces. If you really want to move the SNMP server to the VRF with no interfaces, assign an interface to the VRF and move the SNMP server to the VRF. |
5.10.0 |
@@ -40,6 +76,12 @@ To work around this issue, use the {{-q}} option with {{wget}}.
|
+| 3861745 |
+On UEFI hardware (where the {{/sys/firmware/efi}} directory exists), using the update-grub program might generate a {{/boot/grub/grub.cfg}} that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run {{mount LABEL="EFI System" /boot/efi}} before using update-grub. |
+5.9.0-5.10.0 |
+ |
+
+
| 3844670 |
When you configure TACACS with NVUE or merge in an NVUE configuration file including TACACS configuration with the {{nv config patch}} command, you see an unrecoverable error when running additional NVUE commands. To work around this issue, restart the NVUE service with the {{systemctl restart nvued.service}} command. |
5.9.0-5.10.0 |
@@ -364,6 +406,11 @@ Fixed: 2.6.0+dfsg.1-1+deb10u1
Affects |
+| 4023637 |
+When you disable dynamic NAT manually in the {{/etc/cumulus/switchd.conf}} file instead of using NVUE commands but the dynamic NAT rules still exist in the {{/etc/cumulus/acl/policy,d/.rules}} file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in {{/etc/cumulus/acl/policy.d}} before you disable dynamic NAT in the {{/etc/cumulus/switchd.conf}} file. |
+5.9.0-5.9.1 |
+
+
| 4015327 |
If you change the hostname in the {{/etc/hostname}} file after the {{asic_monitor@vrf}} service starts, the hostname is not reflected in the Open Telemetry exported resource attribute. To work around this issue, restart the {{asic_monitor@vrf}} service. |
|
@@ -411,7 +458,7 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 3966673 |
-In an EVPN multihoming configuration, if you enable multihoming without any local ESI configuration, {{arp-nd-redirect}} remains disabled unless you restart FRR with the {{sudo systemctl restart frr.service}} command. |
+In an EVPN multihoming deployment, if you enable multihoming without any local ESI configuration, {{arp-nd-redirect}} remains disabled unless you restart FRR. |
5.9.1 |
@@ -491,7 +538,7 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 3927016 |
-Following an EVPN extended mobility event, where a host with IP address A and MAC address A moves within the fabric and now resides at IP address A and MAC address B, you might see traffic destined to this host experience drops as the flow is software forwarded on the egress VTEP. |
+Following an EVPN extended mobility event, where a host with IPA and MACA moves within the fabric and now resides at IPA MACB, you might see traffic destined to this host experience drops as the flow is being software forwarded on the egress VTEP. |
5.9.1 |
@@ -559,6 +606,11 @@ This issue occurs because {{poectl}} is called on non-PoE switches. To work arou
| 5.9.0-5.9.1 |
+| 3878166 |
+The NVUE {{nv show interface eth0}} and {{nv show vrf}} commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get {{vlan/link/tunnel}} bridge information. |
+5.9.0-5.9.1 |
+
+
| 3875589 |
MLAG bonds might report an incorrect DOWN reason of {{lacp partner mac mismatch}} when the bond is out of service for another reason. |
5.9.0-5.9.1 |
@@ -599,6 +651,18 @@ This issue occurs because {{poectl}} is called on non-PoE switches. To work arou
5.7.0-5.9.1 |
+| 3711913 |
+When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in {{syslog}}.
The following shows an example configuration:
+cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIA
+cumulus@switch:~$ nv set acl one rule 1 match ip protocol udp
+cumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2
+cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34
+cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4
+cumulus@switch:~$ nv set acl one type mac
+ |
+5.7.0-5.9.1 |
+
+
| 3636266 |
When an unresolved next hop is present in a next hop group, especially over an SVI interface, the switch checks if the neighbor MAC address is in the forwarding table. If the neighbor's MAC address is not there, the switch skips this next hop from backend programming and you see the {{switchd}} error {{ERR NH: l3 nhg v6 l3 nhg contains one or more unresolvable nexthops}}. There is no impact to switch functionality as unresolved neighbors are not programmed in hardware until they are resolved. |
5.7.0-5.9.1 |
diff --git a/content/cumulus-linux-57/Whats-New/rn.md b/content/cumulus-linux-57/Whats-New/rn.md
index d96d296261..ea3f7a6c81 100644
--- a/content/cumulus-linux-57/Whats-New/rn.md
+++ b/content/cumulus-linux-57/Whats-New/rn.md
@@ -43,6 +43,7 @@ pdfhidden: True
| [3713420](#3713420)
| When you run the systemctl restart switchd.service command or reboot the switch after you set the host route preference option with the NVUE nv set system forwarding host-route-preference command or manually in the /etc/cumulus/switchd.conf file, switchd crashes and creates core files. | 5.7.0 | 5.8.0-5.10.0|
| [3713419](#3713419)
| When monitoring system statistics and network traffic with sFlow, an aggressive link flap might produce a memory leak in the sFlow service hsflowd. | 5.1.0-5.7.0 | 5.8.0-5.10.0|
| [3712007](#3712007)
| In RSTP mode when there is a bridge port flap, Cumulus Linux flushes, then re-adds dynamic MAC addresses on the peer link, which might cause short traffic disruption. | 5.6.0-5.7.0 | 5.8.0-5.10.0|
+| [3711913](#3711913)
| When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in syslog.
The following shows an example configuration:
cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIAcumulus@switch:~$ nv set acl one rule 1 match ip protocol udpcumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4cumulus@switch:~$ nv set acl one type mac
| 5.7.0-5.9.1 | 5.10.0|
| [3710396](#3710396)
| In an eBGP multihop configuration with dynamic neighbors, Cumulus Linux does not update the configured TTL but uses the MAXTTL instead. This issue is only observed with dynamic peers. | 5.6.0-5.7.0 | 5.8.0-5.10.0|
| [3702431](#3702431)
| Traditional SNMP snippets do not take effect unless you first enable SNMP with the NVUE nv set service snmp-server enable on and nv set service snmp-server listening-address commands. Alternatively, you can use the equivalent REST API methods. | 5.4.0-5.8.0 | 5.9.0-5.10.0|
| [3698680](#3698680)
| If you run the ifreload -a command when ACLs exist but nonatomic update mode is set in the switchd.conf file, traffic pauses on unaffected interfaces. | 5.6.0-5.7.0 | 5.8.0-5.10.0|
diff --git a/content/cumulus-linux-57/rn.xml b/content/cumulus-linux-57/rn.xml
index c6b6676b3a..e4f8f154cf 100644
--- a/content/cumulus-linux-57/rn.xml
+++ b/content/cumulus-linux-57/rn.xml
@@ -201,6 +201,19 @@ leaf01# exit
5.8.0-5.10.0 |
+| 3711913 |
+When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in {{syslog}}.
The following shows an example configuration:
+cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIA
+cumulus@switch:~$ nv set acl one rule 1 match ip protocol udp
+cumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2
+cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34
+cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4
+cumulus@switch:~$ nv set acl one type mac
+ |
+5.7.0-5.9.1 |
+5.10.0 |
+
+
| 3710396 |
In an eBGP multihop configuration with dynamic neighbors, Cumulus Linux does not update the configured TTL but uses the MAXTTL instead. This issue is only observed with dynamic peers. |
5.6.0-5.7.0 |
diff --git a/content/cumulus-linux-58/Whats-New/rn.md b/content/cumulus-linux-58/Whats-New/rn.md
index 27ecfee46d..d4e1abae5b 100644
--- a/content/cumulus-linux-58/Whats-New/rn.md
+++ b/content/cumulus-linux-58/Whats-New/rn.md
@@ -14,8 +14,10 @@ pdfhidden: True
| Issue ID | Description | Affects | Fixed |
|--- |--- |--- |--- |
+| [4035681](#4035681)
| The nv show interface commands show RX and TX Power values from the wrong lanes on breakout ports. | 5.8.0-5.10.0 | |
| [4007614](#4007614)
None | Static ARP configured with NVUE commands is deleted when the relevant layer 3 interface flaps. | 5.8.0-5.10.0 | |
| [4004453](#4004453)
None | The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. | 4.3.0-4.4.5, 5.0.0-5.10.0 | |
+| [3982242](#3982242)
| PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. | 5.8.0-5.10.0 | |
| [3982222](#3982222)
| When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. | 5.4.0-5.10.0 | |
| [3970626](#3970626)
| When you configure the bridge.kernel_mac_refresh_interval parameter in the switchd.conf file, a switchd restart fails with core dump. | 5.8.0-5.9.1 | 5.10.0|
| [3956091](#3956091)
None | When you modify the default QoS configuration on top of the base RoCE configuration, NVUE reports an Invalid exception in the nv show qos roce command output even when the configuration is valid. | 5.8.0-5.10.0 | |
@@ -60,6 +62,7 @@ pdfhidden: True
| [3739159](#3739159)
| Disabling adaptive routing globally or on interfaces and performing ISSU, has a significant traffic outage. The issue recovers after ISSU completes. | 5.7.0-5.10.0 | |
| [3739008](#3739008)
| The Lenovo MSN4600-VS2RC (PN SSG7B27990 Back-to-Front/C2P Airflow) might run the fan tray fans at a high speed because the software believes the PSU fans are running in the wrong direction. | 5.5.1-5.8.0 | 5.9.0-5.10.0|
| [3730904](#3730904)
| When sending untagged frames to the CPU with an MTU higher than the SVD (single VXLAN device) MTU, the kernel might crash. | 5.4.0-5.8.0 | 5.9.0-5.10.0|
+| [3711913](#3711913)
| When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in syslog.
The following shows an example configuration:
cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIAcumulus@switch:~$ nv set acl one rule 1 match ip protocol udpcumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4cumulus@switch:~$ nv set acl one type mac
| 5.7.0-5.9.1 | 5.10.0|
| [3702431](#3702431)
| Traditional SNMP snippets do not take effect unless you first enable SNMP with the NVUE nv set service snmp-server enable on and nv set service snmp-server listening-address commands. Alternatively, you can use the equivalent REST API methods. | 5.4.0-5.8.0 | 5.9.0-5.10.0|
| [3685007](#3685007)
| Cumulus Linux does not support 802.1X dynamic VLANs on PEAP with MS Windows-based supplicants. | 5.7.0-5.10.0 | |
| [3679478](#3679478)
| During switch boot, you see the following messages in the syslog:
2024-03-04T10:34:49.650950+00:00 cumulus sx_sdk: 2262 [TELE] [ERROR ]: Tele impl module is already initialized2024-03-04T10:34:49.651041+00:00 cumulus sx_sdk: 2262 [TELE] [ERROR ]: sdk_tele_init failed, for chip type CHIP_TYPE_SWITCH_SPECTRUM3, err = Already initialized
This is due to both the ASIC Monitoring service and the What Just Happened (WJH) service trying to initialize the SDK TELE module. You can ignore the messages because the TELE service has already initialized properly. | 5.7.0-5.8.0 | 5.9.0-5.10.0|
diff --git a/content/cumulus-linux-58/rn.xml b/content/cumulus-linux-58/rn.xml
index 3638a45d4b..63090c6ff4 100644
--- a/content/cumulus-linux-58/rn.xml
+++ b/content/cumulus-linux-58/rn.xml
@@ -7,6 +7,12 @@
Fixed |
+| 4035681 |
+The {{nv show interface <interface>}} commands show RX and TX Power values from the wrong lanes on breakout ports. |
+5.8.0-5.10.0 |
+ |
+
+
| 4007614 |
Static ARP configured with NVUE commands is deleted when the relevant layer 3 interface flaps. |
5.8.0-5.10.0 |
@@ -19,6 +25,12 @@
|
+| 3982242 |
+PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. |
+5.8.0-5.10.0 |
+ |
+
+
| 3982222 |
When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. |
5.4.0-5.10.0 |
@@ -307,6 +319,19 @@ leaf01# exit
5.9.0-5.10.0 |
+| 3711913 |
+When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in {{syslog}}.
The following shows an example configuration:
+cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIA
+cumulus@switch:~$ nv set acl one rule 1 match ip protocol udp
+cumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2
+cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34
+cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4
+cumulus@switch:~$ nv set acl one type mac
+ |
+5.7.0-5.9.1 |
+5.10.0 |
+
+
| 3702431 |
Traditional SNMP snippets do not take effect unless you first enable SNMP with the NVUE {{nv set service snmp-server enable on}} and {{nv set service snmp-server listening-address}} commands. Alternatively, you can use the equivalent REST API methods. |
5.4.0-5.8.0 |
diff --git a/content/cumulus-linux-59/Whats-New/rn.md b/content/cumulus-linux-59/Whats-New/rn.md
index bc6246ac81..613f7d3086 100644
--- a/content/cumulus-linux-59/Whats-New/rn.md
+++ b/content/cumulus-linux-59/Whats-New/rn.md
@@ -14,11 +14,16 @@ pdfhidden: True
| Issue ID | Description | Affects | Fixed |
|--- |--- |--- |--- |
-| [4012011](#4012011)
| A memory corruption kernel crash might occur due to a netfilter error. The log message from netfilter might contain a warning similar to the following:
kernel: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_core.c:1210 __nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 5.9.1 | 5.10.0|
+| [4035681](#4035681)
| The nv show interface commands show RX and TX Power values from the wrong lanes on breakout ports. | 5.8.0-5.10.0 | |
+| [4023637](#4023637)
| When you disable dynamic NAT manually in the /etc/cumulus/switchd.conf file instead of using NVUE commands but the dynamic NAT rules still exist in the /etc/cumulus/acl/policy,d/.rules file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in /etc/cumulus/acl/policy.d before you disable dynamic NAT in the /etc/cumulus/switchd.conf file. | 5.9.0-5.9.1 | 5.10.0|
+| [4012011](#4012011)
| A memory corruption kernel crash might occur due to a netfilter error. The log message from netfilter might contain a warning similar to the following:
kernel: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_core.c:1210 __nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 5.9.1-5.10.0 | |
| [4007614](#4007614)
None | Static ARP configured with NVUE commands is deleted when the relevant layer 3 interface flaps. | 5.8.0-5.10.0 | |
+| [4007613](#4007613)
| If there are multiple relay switches in the path reaching the DHCP server, DHCP packets are duplicated at each transit relay switch and the server receives duplicate packets. | 5.9.1-5.10.0 | |
+| [4005261](#4005261)
| On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. | 5.9.0-5.10.0 | |
| [4004453](#4004453)
None | The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. | 4.3.0-4.4.5, 5.0.0-5.10.0 | |
| [3990258](#3990258)
None | Cumulus Linux incorrectly handles unnumbered neighbor types, which causes discrepancies in the running configuration and session flaps during FRR reload. | 5.9.0-5.10.0 | |
| [3985600](#3985600)
| NTP initialization issues prevent the NTP service from starting on a non-default VRF. | 5.9.0-5.9.1 | 5.10.0|
+| [3982242](#3982242)
| PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. | 5.8.0-5.10.0 | |
| [3982222](#3982222)
| When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. | 5.4.0-5.10.0 | |
| [3980957](#3980957)
None | The password on NVIDIA Cumulus VX is not getting reset to the default value of cumulus. | 5.9.0-5.10.0 | |
| [3980956](#3980956)
None | The default memory configuration for NVIDIA Cumulus VX OVA is too low and needs to be increased. | 5.9.0-5.10.0 | |
@@ -26,7 +31,8 @@ pdfhidden: True
| [3974890](#3974890)
| The ntpsec@mgmt service does not come up by default when you install an image with ONIE because the trigger to bring up the service is missing. | 5.9.1 | 5.10.0|
| [3972715](#3972715)
| The fans on the NVIDIA SN2410 switch (Part Number SSG7A80800) might spin at high speed. | 5.9.1 | 5.10.0|
| [3970626](#3970626)
| When you configure the bridge.kernel_mac_refresh_interval parameter in the switchd.conf file, a switchd restart fails with core dump. | 5.8.0-5.9.1 | 5.10.0|
-| [3966673](#3966673)
| In an EVPN multihoming configuration, if you enable multihoming without any local ESI configuration, arp-nd-redirect remains disabled unless you restart FRR with the sudo systemctl restart frr.service command. | 5.9.1 | 5.10.0|
+| [3966673](#3966673)
| In an EVPN multihoming deployment, if you enable multihoming without any local ESI configuration, arp-nd-redirect remains disabled unless you restart FRR. | 5.9.1-5.10.0 | |
+| [3965574](#3965574)
| The optical DOM information in ethtool -m command output is incorrect for SFP modules. | 5.9.1-5.10.0 | |
| [3965021](#3965021)
| The ethtool -m command shows incorrect optical DOM information for SFP modules. To work around this issue, run the l1-show command to show optical power values for SFP optical transceivers.. | 5.9.1 | 5.10.0|
| [3957691](#3957691)
| After a networking restart, ERSPAN mirror sessions might not come up. To work around this issue, run the systemctl reload switchd command to bring up the ERSPAN mirror sessions. | 5.9.0-5.9.1 | 5.10.0|
| [3957620](#3957620)
| On the Spectrum-4 switch, when you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. | 5.9.0-5.9.1 | 5.10.0|
@@ -42,7 +48,7 @@ pdfhidden: True
| [3939667](#3939667)
| The password on NVIDIA Cumulus VX is not getting reset to the default value of cumulus. | 5.9.0-5.9.1 | 5.10.0|
| [3935658](#3935658)
None | SNMP IF-MIB reports all interfaces (including layer 3 and VNIs) as ifType=6 (ethernetCsmacd) instead of IANA MIB-II types. | 5.9.1-5.10.0 | |
| [3929440](#3929440)
| When you enable or disable MLAG configuration on an interface, Cumulus Linux logs LACP partner MAC address and BPDU guard mismatches incorrectly. This issue does not impact functionality. | 5.9.0-5.9.1 | 5.10.0|
-| [3927016](#3927016)
| Following an EVPN extended mobility event, where a host with IP address A and MAC address A moves within the fabric and now resides at IP address A and MAC address B, you might see traffic destined to this host experience drops as the flow is software forwarded on the egress VTEP. | 5.9.1 | 5.10.0|
+| [3927016](#3927016)
| Following an EVPN extended mobility event, where a host with IPA and MACA moves within the fabric and now resides at IPA MACB, you might see traffic destined to this host experience drops as the flow is being software forwarded on the egress VTEP. | 5.9.1-5.10.0 | |
| [3926523](#3926523)
None | When there are multiple interface flaps with sFlow on 100G interfaces, sFlow might use a different value than the one configured. | 5.9.1-5.10.0 | |
| [3925259](#3925259)
None | When you start Cumulus VX in Vagrant with libvirt, VM provisioning might fail with errors that indicate a missing ifup@eth0.service systemd service. | 5.9.0-5.10.0 | |
| [3917601](#3917601)
None | If a packet containing an all zero source MAC address (00:00:00:00:00:00) is learned on the ASIC, switchd sends the learn notification to the kernel but the kernel rejects the MAC address as invalid. The ASIC continuously sends the mac-learn notifications, which wastes CPU resources. To work around this issue, configure ACLs to match on the all-zero source MAC address and drop the invalid packets. | 5.5.0-5.10.0 | |
@@ -56,9 +62,11 @@ pdfhidden: True
| [3881789](#3881789)
| If you configure the anycast IP address with the nv set nve vxlan mlag shared-address command after you configure MLAG, the anycast IP address configuration is not applied and the VXLAN interface is in a protodown state. To work around this issue, run sudo ifreload -a.
To avoid this issue, either apply the anycast configuration before you apply the MLAG configuration or configure the anycast IP address and MLAG together with a single nv config apply command. | 5.9.0-5.9.1 | 5.10.0|
| [3879635](#3879635)
| ERSPAN port-mirror sessions might not come up after a switchd service restart. To work around this issue and bring up the ERSPAN session, either run switchd reload after a switchd restart or use an ACL-based ERSPAN session. | 5.9.0-5.9.1 | 5.10.0|
| [3878394](#3878394)
| When ZTP runs a script that contains wget, ZTP fails and you see a message similar to the following:
ZTP: ZTP DHCP: Unexpected error: 'ascii' codec can't decode byte 0xe2 in position 181: ordinal not in range(128)ZTP: Script returned failure
To work around this issue, use the -q option with wget. | 5.9.0-5.10.0 | |
+| [3878166](#3878166)
| The NVUE nv show interface eth0 and nv show vrf commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get vlan/link/tunnel bridge information. | 5.9.0-5.9.1 | 5.10.0|
| [3875696](#3875696)
| The default TX State for 1G Base-X optical modules that are unconfigured or admin down in Cumulus Linux 5.7.0 and later is OFF. However, on the first boot after upgrade from an earlier release, a module TX power might be ON or OFF depending on the TX State it was before the upgrade. The TX_Disable line is not properly set on first boot. To work around this issue, reboot the switch again, or ifup or ifdown the 1G Base-X interface to disable TX Power. | 5.7.0-5.10.0 | |
| [3875589](#3875589)
None | MLAG bonds might report an incorrect DOWN reason of lacp partner mac mismatch when the bond is out of service for another reason. | 5.9.0-5.10.0 | |
| [3873219](#3873219)
| When you remove a port from a bond and add it to the bridge in a single set of NVUE commands, then apply the configuration, the port forwarding state is blocked on all the bridge VLANs. To work around this issue, apply the configuration in two steps. First remove the port from the bond and apply the configuration, then add the port to the bridge and apply the configuration. | 5.9.0-5.9.1 | 5.10.0|
+| [3861745](#3861745)
| On UEFI hardware (where the /sys/firmware/efi directory exists), using the update-grub program might generate a /boot/grub/grub.cfg that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run mount LABEL="EFI System" /boot/efi before using update-grub. | 5.9.0-5.10.0 | |
| [3854807](#3854807)
| When you enable Optimized Multicast Flooding (OMF) and change VLAN configuration, a few ports might carry multicast traffic even when they are not in the MDB or they are not router ports. | 5.6.0-5.9.1 | 5.10.0|
| [3854800](#3854800)
None | The switch forwards multicast traffic to the CPU when PIM is enabled globally, regardless of the interface configuration. | 5.6.0-5.10.0 | |
| [3851499](#3851499)
None | On the Spectrum A1 switch, when you enable the ip-acl-heavy TCAM profile, VXLAN tunnel initialization might fail. | 5.8.0-5.10.0 | |
@@ -69,6 +77,7 @@ pdfhidden: True
| [3771168](#3771168)
| When you perform an ISSU upgrade on a Spectrum 1 switch, the switchd service might crash. | 5.8.0-5.10.0 | |
| [3763543](#3763543)
| The NVIDIA SN4600C switch fails to boot fully after you upgrade from Cumulus Linux 4.2.1 to 5.7 with ONIE install. To work around this issue, perform an intermediate step image upgrade; for example, upgrade the switch from Cumulus Linux 4.2.1 to 5.2.1 to 5.7.0. | 5.7.0-5.9.1 | 5.10.0|
| [3739159](#3739159)
| Disabling adaptive routing globally or on interfaces and performing ISSU, has a significant traffic outage. The issue recovers after ISSU completes. | 5.7.0-5.10.0 | |
+| [3711913](#3711913)
| When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in syslog.
The following shows an example configuration:
cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIAcumulus@switch:~$ nv set acl one rule 1 match ip protocol udpcumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4cumulus@switch:~$ nv set acl one type mac
| 5.7.0-5.9.1 | 5.10.0|
| [3685007](#3685007)
| Cumulus Linux does not support 802.1X dynamic VLANs on PEAP with MS Windows-based supplicants. | 5.7.0-5.10.0 | |
| [3677533](#3677533)
| Due to resource constraints on the Spectrum 1 switch, staticd performance drops and takes longer to read static routes compared to the time BGP takes to complete a graceful restart, and advertise routes and EOR to its helpers. As a result, static routes are advertised after the EOR is sent to graceful restart helpers, which delete the stale static routes and relearn them after receiving the EOR from the restarting node. Temporary traffic loss might occur. | 5.7.0-5.10.0 | |
| [3637444](#3637444)
| Applying an inbound control plane ACL on the eth0 management interface does not take effect. To work around this issue, apply the ACL on the mgmt interface; for example, nv set interface mgmt acl inbound control-plane. | 5.7.0-5.10.0 | |
@@ -128,10 +137,14 @@ pdfhidden: True
| Issue ID | Description | Affects | Fixed |
|--- |--- |--- |--- |
+| [4035681](#4035681)
| The nv show interface commands show RX and TX Power values from the wrong lanes on breakout ports. | 5.8.0-5.10.0 | |
+| [4023637](#4023637)
| When you disable dynamic NAT manually in the /etc/cumulus/switchd.conf file instead of using NVUE commands but the dynamic NAT rules still exist in the /etc/cumulus/acl/policy,d/.rules file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in /etc/cumulus/acl/policy.d before you disable dynamic NAT in the /etc/cumulus/switchd.conf file. | 5.9.0-5.9.1 | 5.10.0|
| [4007614](#4007614)
None | Static ARP configured with NVUE commands is deleted when the relevant layer 3 interface flaps. | 5.8.0-5.10.0 | |
+| [4005261](#4005261)
| On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. | 5.9.0-5.10.0 | |
| [4004453](#4004453)
None | The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. | 4.3.0-4.4.5, 5.0.0-5.10.0 | |
| [3990258](#3990258)
None | Cumulus Linux incorrectly handles unnumbered neighbor types, which causes discrepancies in the running configuration and session flaps during FRR reload. | 5.9.0-5.10.0 | |
| [3985600](#3985600)
| NTP initialization issues prevent the NTP service from starting on a non-default VRF. | 5.9.0-5.9.1 | 5.10.0|
+| [3982242](#3982242)
| PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. | 5.8.0-5.10.0 | |
| [3982222](#3982222)
| When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. | 5.4.0-5.10.0 | |
| [3980957](#3980957)
None | The password on NVIDIA Cumulus VX is not getting reset to the default value of cumulus. | 5.9.0-5.10.0 | |
| [3980956](#3980956)
None | The default memory configuration for NVIDIA Cumulus VX OVA is too low and needs to be increased. | 5.9.0-5.10.0 | |
@@ -160,9 +173,11 @@ pdfhidden: True
| [3881789](#3881789)
| If you configure the anycast IP address with the nv set nve vxlan mlag shared-address command after you configure MLAG, the anycast IP address configuration is not applied and the VXLAN interface is in a protodown state. To work around this issue, run sudo ifreload -a.
To avoid this issue, either apply the anycast configuration before you apply the MLAG configuration or configure the anycast IP address and MLAG together with a single nv config apply command. | 5.9.0-5.9.1 | 5.10.0|
| [3879635](#3879635)
| ERSPAN port-mirror sessions might not come up after a switchd service restart. To work around this issue and bring up the ERSPAN session, either run switchd reload after a switchd restart or use an ACL-based ERSPAN session. | 5.9.0-5.9.1 | 5.10.0|
| [3878394](#3878394)
| When ZTP runs a script that contains wget, ZTP fails and you see a message similar to the following:
ZTP: ZTP DHCP: Unexpected error: 'ascii' codec can't decode byte 0xe2 in position 181: ordinal not in range(128)ZTP: Script returned failure
To work around this issue, use the -q option with wget. | 5.9.0-5.10.0 | |
+| [3878166](#3878166)
| The NVUE nv show interface eth0 and nv show vrf commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get vlan/link/tunnel bridge information. | 5.9.0-5.9.1 | 5.10.0|
| [3875696](#3875696)
| The default TX State for 1G Base-X optical modules that are unconfigured or admin down in Cumulus Linux 5.7.0 and later is OFF. However, on the first boot after upgrade from an earlier release, a module TX power might be ON or OFF depending on the TX State it was before the upgrade. The TX_Disable line is not properly set on first boot. To work around this issue, reboot the switch again, or ifup or ifdown the 1G Base-X interface to disable TX Power. | 5.7.0-5.10.0 | |
| [3875589](#3875589)
None | MLAG bonds might report an incorrect DOWN reason of lacp partner mac mismatch when the bond is out of service for another reason. | 5.9.0-5.10.0 | |
| [3873219](#3873219)
| When you remove a port from a bond and add it to the bridge in a single set of NVUE commands, then apply the configuration, the port forwarding state is blocked on all the bridge VLANs. To work around this issue, apply the configuration in two steps. First remove the port from the bond and apply the configuration, then add the port to the bridge and apply the configuration. | 5.9.0-5.9.1 | 5.10.0|
+| [3861745](#3861745)
| On UEFI hardware (where the /sys/firmware/efi directory exists), using the update-grub program might generate a /boot/grub/grub.cfg that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run mount LABEL="EFI System" /boot/efi before using update-grub. | 5.9.0-5.10.0 | |
| [3854807](#3854807)
| When you enable Optimized Multicast Flooding (OMF) and change VLAN configuration, a few ports might carry multicast traffic even when they are not in the MDB or they are not router ports. | 5.6.0-5.9.1 | 5.10.0|
| [3854800](#3854800)
None | The switch forwards multicast traffic to the CPU when PIM is enabled globally, regardless of the interface configuration. | 5.6.0-5.10.0 | |
| [3851499](#3851499)
None | On the Spectrum A1 switch, when you enable the ip-acl-heavy TCAM profile, VXLAN tunnel initialization might fail. | 5.8.0-5.10.0 | |
@@ -173,6 +188,7 @@ pdfhidden: True
| [3771168](#3771168)
| When you perform an ISSU upgrade on a Spectrum 1 switch, the switchd service might crash. | 5.8.0-5.10.0 | |
| [3763543](#3763543)
| The NVIDIA SN4600C switch fails to boot fully after you upgrade from Cumulus Linux 4.2.1 to 5.7 with ONIE install. To work around this issue, perform an intermediate step image upgrade; for example, upgrade the switch from Cumulus Linux 4.2.1 to 5.2.1 to 5.7.0. | 5.7.0-5.9.1 | 5.10.0|
| [3739159](#3739159)
| Disabling adaptive routing globally or on interfaces and performing ISSU, has a significant traffic outage. The issue recovers after ISSU completes. | 5.7.0-5.10.0 | |
+| [3711913](#3711913)
| When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in syslog.
The following shows an example configuration:
cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIAcumulus@switch:~$ nv set acl one rule 1 match ip protocol udpcumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4cumulus@switch:~$ nv set acl one type mac
| 5.7.0-5.9.1 | 5.10.0|
| [3685007](#3685007)
| Cumulus Linux does not support 802.1X dynamic VLANs on PEAP with MS Windows-based supplicants. | 5.7.0-5.10.0 | |
| [3677533](#3677533)
| Due to resource constraints on the Spectrum 1 switch, staticd performance drops and takes longer to read static routes compared to the time BGP takes to complete a graceful restart, and advertise routes and EOR to its helpers. As a result, static routes are advertised after the EOR is sent to graceful restart helpers, which delete the stale static routes and relearn them after receiving the EOR from the restarting node. Temporary traffic loss might occur. | 5.7.0-5.10.0 | |
| [3637444](#3637444)
| Applying an inbound control plane ACL on the eth0 management interface does not take effect. To work around this issue, apply the ACL on the mgmt interface; for example, nv set interface mgmt acl inbound control-plane. | 5.7.0-5.10.0 | |
diff --git a/content/cumulus-linux-59/rn.xml b/content/cumulus-linux-59/rn.xml
index e99fdab115..ce37f486fe 100644
--- a/content/cumulus-linux-59/rn.xml
+++ b/content/cumulus-linux-59/rn.xml
@@ -7,11 +7,23 @@
Fixed |
+| 4035681 |
+The {{nv show interface <interface>}} commands show RX and TX Power values from the wrong lanes on breakout ports. |
+5.8.0-5.10.0 |
+ |
+
+
+| 4023637 |
+When you disable dynamic NAT manually in the {{/etc/cumulus/switchd.conf}} file instead of using NVUE commands but the dynamic NAT rules still exist in the {{/etc/cumulus/acl/policy,d/.rules}} file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in {{/etc/cumulus/acl/policy.d}} before you disable dynamic NAT in the {{/etc/cumulus/switchd.conf}} file. |
+5.9.0-5.9.1 |
+5.10.0 |
+
+
| 4012011 |
A memory corruption kernel crash might occur due to a {{netfilter}} error. The log message from {{netfilter}} might contain a warning similar to the following:
kernel: WARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_core.c:1210 __nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack] |
-5.9.1 |
-5.10.0 |
+5.9.1-5.10.0 |
+ |
| 4007614 |
@@ -20,6 +32,18 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
|
+| 4007613 |
+If there are multiple relay switches in the path reaching the DHCP server, DHCP packets are duplicated at each transit relay switch and the server receives duplicate packets. |
+5.9.1-5.10.0 |
+ |
+
+
+| 4005261 |
+ On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. |
+5.9.0-5.10.0 |
+ |
+
+
| 4004453 |
The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. |
4.3.0-4.4.5, 5.0.0-5.10.0 |
@@ -38,6 +62,12 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
5.10.0 |
+| 3982242 |
+PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. |
+5.8.0-5.10.0 |
+ |
+
+
| 3982222 |
When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. |
5.4.0-5.10.0 |
@@ -81,9 +111,15 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 3966673 |
-In an EVPN multihoming configuration, if you enable multihoming without any local ESI configuration, {{arp-nd-redirect}} remains disabled unless you restart FRR with the {{sudo systemctl restart frr.service}} command. |
-5.9.1 |
-5.10.0 |
+In an EVPN multihoming deployment, if you enable multihoming without any local ESI configuration, {{arp-nd-redirect}} remains disabled unless you restart FRR. |
+5.9.1-5.10.0 |
+ |
+
+
+| 3965574 |
+The optical DOM information in {{ethtool -m}} command output is incorrect for SFP modules. |
+5.9.1-5.10.0 |
+ |
| 3965021 |
@@ -177,9 +213,9 @@ kernel: RIP: 0010:__nf_conntrack_confirm+0x5c7/0x6b0 [nf_conntrack]
| 3927016 |
-Following an EVPN extended mobility event, where a host with IP address A and MAC address A moves within the fabric and now resides at IP address A and MAC address B, you might see traffic destined to this host experience drops as the flow is software forwarded on the egress VTEP. |
-5.9.1 |
-5.10.0 |
+Following an EVPN extended mobility event, where a host with IPA and MACA moves within the fabric and now resides at IPA MACB, you might see traffic destined to this host experience drops as the flow is being software forwarded on the egress VTEP. |
+5.9.1-5.10.0 |
+ |
| 3926523 |
@@ -267,6 +303,12 @@ To work around this issue, use the {{-q}} option with {{wget}}.
|
+| 3878166 |
+The NVUE {{nv show interface eth0}} and {{nv show vrf}} commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get {{vlan/link/tunnel}} bridge information. |
+5.9.0-5.9.1 |
+5.10.0 |
+
+
| 3875696 |
The default TX State for 1G Base-X optical modules that are unconfigured or admin down in Cumulus Linux 5.7.0 and later is OFF. However, on the first boot after upgrade from an earlier release, a module TX power might be ON or OFF depending on the TX State it was before the upgrade. The TX_Disable line is not properly set on first boot. To work around this issue, reboot the switch again, or {{ifup}} or {{ifdown}} the 1G Base-X interface to disable TX Power. |
5.7.0-5.10.0 |
@@ -285,6 +327,12 @@ To work around this issue, use the {{-q}} option with {{wget}}.
5.10.0 |
+| 3861745 |
+On UEFI hardware (where the {{/sys/firmware/efi}} directory exists), using the update-grub program might generate a {{/boot/grub/grub.cfg}} that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run {{mount LABEL="EFI System" /boot/efi}} before using update-grub. |
+5.9.0-5.10.0 |
+ |
+
+
| 3854807 |
When you enable Optimized Multicast Flooding (OMF) and change VLAN configuration, a few ports might carry multicast traffic even when they are not in the MDB or they are not router ports. |
5.6.0-5.9.1 |
@@ -351,6 +399,19 @@ cumulus@switch:~$ sudo apt upgrade
|
+| 3711913 |
+When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in {{syslog}}.
The following shows an example configuration:
+cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIA
+cumulus@switch:~$ nv set acl one rule 1 match ip protocol udp
+cumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2
+cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34
+cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4
+cumulus@switch:~$ nv set acl one type mac
+ |
+5.7.0-5.9.1 |
+5.10.0 |
+
+
| 3685007 |
Cumulus Linux does not support 802.1X dynamic VLANs on PEAP with MS Windows-based supplicants. |
5.7.0-5.10.0 |
@@ -686,12 +747,30 @@ You can safely ignore this warning.
Fixed |
+| 4035681 |
+The {{nv show interface <interface>}} commands show RX and TX Power values from the wrong lanes on breakout ports. |
+5.8.0-5.10.0 |
+ |
+
+
+| 4023637 |
+When you disable dynamic NAT manually in the {{/etc/cumulus/switchd.conf}} file instead of using NVUE commands but the dynamic NAT rules still exist in the {{/etc/cumulus/acl/policy,d/.rules}} file, the switch encounters a memory leak. To work around this issue, remove dynamic NAT rules in rules files in {{/etc/cumulus/acl/policy.d}} before you disable dynamic NAT in the {{/etc/cumulus/switchd.conf}} file. |
+5.9.0-5.9.1 |
+5.10.0 |
+
+
| 4007614 |
Static ARP configured with NVUE commands is deleted when the relevant layer 3 interface flaps. |
5.8.0-5.10.0 |
|
+| 4005261 |
+ On a Spectrum-4 switch, if you use PTP on a 800G link, jumbo frames traversing the same link might cause a degradation in PTP performance. |
+5.9.0-5.10.0 |
+ |
+
+
| 4004453 |
The NVUE commands to delete SNMP users, and change authentication passwords and encryption passphrases are not successful. |
4.3.0-4.4.5, 5.0.0-5.10.0 |
@@ -710,6 +789,12 @@ You can safely ignore this warning.
5.10.0 |
+| 3982242 |
+PTP does not come up with IPv6 over a trunk port because the IPv6 VLAN tag is not sent. PTP over an IPv4 trunk works fine. |
+5.8.0-5.10.0 |
+ |
+
+
| 3982222 |
When SPAN is enabled on a bridge member, an ARP or Gratuitous ARP received during a failover event between locally attached redundant devices such as load balancers might fail to update the bridge MAC table to point to the interface with the newly active load balancer. |
5.4.0-5.10.0 |
@@ -885,6 +970,12 @@ To work around this issue, use the {{-q}} option with {{wget}}.
|
+| 3878166 |
+The NVUE {{nv show interface eth0}} and {{nv show vrf}} commands take more than two minutes to run if you have configured hundreds of interfaces because NVUE makes repetitive system calls to get {{vlan/link/tunnel}} bridge information. |
+5.9.0-5.9.1 |
+5.10.0 |
+
+
| 3875696 |
The default TX State for 1G Base-X optical modules that are unconfigured or admin down in Cumulus Linux 5.7.0 and later is OFF. However, on the first boot after upgrade from an earlier release, a module TX power might be ON or OFF depending on the TX State it was before the upgrade. The TX_Disable line is not properly set on first boot. To work around this issue, reboot the switch again, or {{ifup}} or {{ifdown}} the 1G Base-X interface to disable TX Power. |
5.7.0-5.10.0 |
@@ -903,6 +994,12 @@ To work around this issue, use the {{-q}} option with {{wget}}.
5.10.0 |
+| 3861745 |
+On UEFI hardware (where the {{/sys/firmware/efi}} directory exists), using the update-grub program might generate a {{/boot/grub/grub.cfg}} that is incorrect for booting ONIE if the ONIE option is selected on the console while booting. To work around this issue, run {{mount LABEL="EFI System" /boot/efi}} before using update-grub. |
+5.9.0-5.10.0 |
+ |
+
+
| 3854807 |
When you enable Optimized Multicast Flooding (OMF) and change VLAN configuration, a few ports might carry multicast traffic even when they are not in the MDB or they are not router ports. |
5.6.0-5.9.1 |
@@ -969,6 +1066,19 @@ cumulus@switch:~$ sudo apt upgrade
|
+| 3711913 |
+When you set an IPv4 ACL with a log action, logs do not appear under syslog after a match. This issue affects bridged packets when the rule is installed in iptables. To work around this issue, set the ACL with a MAC rule type so that it is installed in ebtables and the packets are logged correctly in {{syslog}}.
The following shows an example configuration:
+cumulus@switch:~$ nv set acl one rule 1 action log log-prefix NVIDIA
+cumulus@switch:~$ nv set acl one rule 1 match ip protocol udp
+cumulus@switch:~$ nv set acl one rule 1 match ip source-ip 10.0.14.2
+cumulus@switch:~$ nv set acl one rule 1 match ip udp source-port 34
+cumulus@switch:~$ nv set acl one rule 1 match mac protocol ipv4
+cumulus@switch:~$ nv set acl one type mac
+ |
+5.7.0-5.9.1 |
+5.10.0 |
+
+
| 3685007 |
Cumulus Linux does not support 802.1X dynamic VLANs on PEAP with MS Windows-based supplicants. |
5.7.0-5.10.0 |