Merge pull request #2995 from CumulusNetworks/create-pull-request/patch

Changes by create-pull-request action

Author: mergify[bot]

content/cumulus-linux-514/Whats-New/rn.md

@@ -37,11 +37,11 @@ pdfhidden: True
 | <a name="4647325"></a> [4647325](#4647325) <a name="4647325"></a> <br /> | Running the <code>nv config save</code> command while a diff is pending might result in unexpected <code>nv config diff</code> output. To work around this issue, run the <code>nv config diff --verbose</code> command. | 5.14.0 | 5.15.0|
 | <a name="4643537"></a> [4643537](#4643537) <a name="4643537"></a> <br /> | The <code>nv action clear interface <port></code> command does not clear the in and out packet counters under <code>interface/<port>/link/stats</code>. | 5.12.1-5.14.0 | 5.15.0|
 | <a name="4641806"></a> [4641806](#4641806) <a name="4641806"></a> <br /> | When gNMI streaming is enabled and clients are subscribed to system information such as the firmware version with xPath <code>'/components/component&#91;name=*&#93;/state/firmware-version'</code>, the <code>nv config replace</code> command might take longer than expected to complete. | 5.14.0 | 5.15.0|
-| <a name="4641344"></a> [4641344](#4641344) <a name="4641344"></a> <br /> | The switch sends out IPv6 neighbor discovery (ND) router advertisement through an interface that does not have router advertisement enabled. To prevent this issue, do not change or remove the remote-as of a peer-group that is used by BGP unnumbered peers.  To work around this issue, restart FRR. | 5.14.0 | 5.15.0|
-| <a name="4641343"></a> [4641343](#4641343) <a name="4641343"></a> <br /> | The switch sends out IPv6 neighbor discovery (ND) router advertisement through an interface that does not have router advertisement enabled. To prevent this issue, do not change or remove the remote-as of a peer-group that is used by BGP unnumbered peers.  To work around this issue, restart FRR. | 5.14.0 | 5.15.0|
-| <a name="4641341"></a> [4641341](#4641341) <a name="4641341"></a> <br /> | The neighbor manager service memory usage increases significantly after the number of entries in the kernel neighbor table exceeds the <code>gc_threshold</code>. | 5.13.1-5.14.0 | 5.15.0|
-| <a name="4641340"></a> [4641340](#4641340) <a name="4641340"></a> <br /> | The neighbor manager service memory usage increases significantly after the number of entries in the kernel neighbor table exceeds the <code>gc_threshold</code>. | 5.13.1-5.14.0 | 5.15.0|
-| <a name="4641326"></a> [4641326](#4641326) <a name="4641326"></a> <br /> | Trying to apply a hashed password of '*' blocks access to the switch instead of rejecting the password and showing an error. | 5.12.0-5.14.0 | 5.15.0|
+| <a name="4641344"></a> [4641344](#4641344) <a name="4641344"></a> <br /> | The switch sends out IPv6 neighbor discovery (ND) router advertisement through an interface that does not have router advertisement enabled. To prevent this issue, do not change or remove the remote-as of a peer-group that is used by BGP unnumbered peers.  To work around this issue, restart FRR. | 5.14.0-5.15.0 | |
+| <a name="4641343"></a> [4641343](#4641343) <a name="4641343"></a> <br /> | The switch sends out IPv6 neighbor discovery (ND) router advertisement through an interface that does not have router advertisement enabled. To prevent this issue, do not change or remove the remote-as of a peer-group that is used by BGP unnumbered peers.  To work around this issue, restart FRR. | 5.14.0-5.15.0 | |
+| <a name="4641341"></a> [4641341](#4641341) <a name="4641341"></a> <br /> | The neighbor manager service memory usage increases significantly after the number of entries in the kernel neighbor table exceeds the <code>gc_threshold</code>. | 5.13.1-5.15.0 | |
+| <a name="4641340"></a> [4641340](#4641340) <a name="4641340"></a> <br /> | The neighbor manager service memory usage increases significantly after the number of entries in the kernel neighbor table exceeds the <code>gc_threshold</code>. | 5.13.1-5.15.0 | |
+| <a name="4641326"></a> [4641326](#4641326) <a name="4641326"></a> <br /> | Trying to apply a hashed password of '*' blocks access to the switch instead of rejecting the password and showing an error. | 5.12.0-5.15.0 | |
 | <a name="4641291"></a> [4641291](#4641291) <a name="4641291"></a> <br /> | In rare circumstances, the switch stops streaming telemetry data for interface counters, buffers, or phy. | 5.13.1-5.14.0 | 5.15.0|
 | <a name="4640126"></a> [4640126](#4640126) <a name="4640126"></a> <br /> | LLDP session flaps might result in a PTMD process crash due to a double free memory block. | 5.11.2-5.14.0 | 5.15.0|
 | <a name="4638802"></a> [4638802](#4638802) <a name="4638802"></a> <br /> | When you attempt to set a new BGP peer group on a neighbor with a current peer group configured, NVUE fails to apply the new configuration. To work around this issue, remove the existing peer group before configuring the new one. | 5.14.0 | 5.15.0|
@@ -85,12 +85,16 @@ pdfhidden: True
 | <a name="4548514"></a> [4548514](#4548514) <a name="4548514"></a> <br /> | When a connected route for an SVI interface with VRR configured is installed by FRR, the route might be installed with the next hop interface of the VRR device instead of the SVI. For example, instead of interface <code>vlan10</code>, the route might install against <code>vlan10-v0</code>. This prevents next-hop tracking and route installation into hardware.<br>This issue can occur in the following conditions:<br><ul><li>When initially configuring VRF route leaking, the target VRF might not install a route into hardware when leaking directly connected routes for SVI interfaces with VRR enabled.</li><li>In an MLAG and VRR configuration, static routes fail to install when the route is resolved through a connected route and the interface of the connected route undergoes a link state change for any reason, such as link flaps, interface bring-up, <code>clagd</code> restart, <code>switchd</code> restart, and so on.</li></ul><br>To work around this issue, restart the FRR service using the <code>sudo systemctl restart frr.service</code> command.  | 5.9.1-5.9.3, 5.14.0-5.15.0 | 5.9.4|
 | <a name="4548512"></a> [4548512](#4548512) <a name="4548512"></a> <br /> | When a connected route for an SVI interface with VRR configured is installed by FRR, the route might be installed with the next hop interface of the VRR device instead of the SVI. For example, instead of interface <code>vlan10</code>, the route might install against <code>vlan10-v0</code>. This prevents next-hop tracking and route installation into hardware.<br>This issue can occur in the following conditions:<br><ul><li>When initially configuring VRF route leaking, the target VRF might not install a route into hardware when leaking directly connected routes for SVI interfaces with VRR enabled.</li><li>In an MLAG and VRR configuration, static routes fail to install when the route is resolved through a connected route and the interface of the connected route undergoes a link state change for any reason, such as link flaps, interface bring-up, <code>clagd</code> restart, <code>switchd</code> restart, etc.</li></ul><br>To work around this issue, restart the FRR service using the <code>sudo systemctl restart frr.service</code> command.  | 5.11.0-5.15.0 | |
 | <a name="4547463"></a> [4547463](#4547463) <a name="4547463"></a> <br /> | When you try to run <code>nv action boot-next</code> commands during optimized image upgrade, the commands time out. This does not necessarily mean an issue occurred; the system might still be executing the action.<br>To check that the action command completed before going to the next step to reboot the system:<ol><li>Find the Request ID for the REST API invocation corresponding to the <code>nv action boot-next</code> command by doing a grep for <code>ActionKey.*boot-next</code> in the /var/log/nvued.log</code> file. For example, the value 3 in the <code>Ran Job running ActionKey('&#64;boot-next', '/system/image', (), 3, (('partition', 'partition1'),))</code> line indicates the Request ID.</li><li>Run the <code>curl -u '<username>:\<password\>'  -X GET https://127.0.0.1:8765/nvue_v1/action/<Request ID> -k</code> command from the shell to show the status of the action command. If the value of <code>state</code> is <code>action_success</code>, the action command completed successfully. If the value of <code>state</code> is <code>running</code>, the system is still processing. If the value of <code>state</code> is <code>action_error</code>, the system encountered an error.</li></ol> | 5.14.0-5.15.0 | |
+| <a name="4535856"></a> [4535856](#4535856) <a name="4535856"></a> <br /> | When you try to import an invalid server certificate file, Cumulus Linux does not import the certificate file but fails to show an error message. | 5.13.0-5.15.0 | |
+| <a name="4535843"></a> [4535843](#4535843) <a name="4535843"></a> <br /> | After a switch reboot, the <code>nv show system health</code> command shows incorrect system LED status and color. | 5.13.0-5.15.0 | |
 | <a name="4535806"></a> [4535806](#4535806) <a name="4535806"></a> <br /> | After a factory reset, the switch does not clear the <code>/var/tmp</code> directory, which the switch uses for temporary files. | 5.14.0-5.15.0 | |
+| <a name="4535804"></a> [4535804](#4535804) <a name="4535804"></a> <br /> | If you use a bridge name other than <code>br_default</code>, PTP neighbors fail to establish because the PTP packets are sourced from an unexpected IP address.<br>To work around this issue, configure the <code>base-interface</code> for the VLAN interface with the <code>nv set interface <VLAN-id> base-interface <interface-id></code> command. | 5.10.0-5.15.0 | |
 | <a name="4535749"></a> [4535749](#4535749) <a name="4535749"></a> <br /> | The <code>uc-discards</code> field in the <code>nv show interface <interface> counters qos egress-queue-stats</code> command output is actually the number of packets discarded per queue, but it is wrongly interpreted as bytes. To work around this issue, convert the data shown in bytes to packets by multiplying by 1024 if the data is in KB, 1024x1024 if the data is in MB, and 1024x1024x1024 if the data is in GB. | 5.11.0-5.15.0 | |
 | <a name="4535699"></a> [4535699](#4535699) <a name="4535699"></a> <br /> | When you configure the RADIUS authentication order with <code>local</code> first and <code>radius second</code>, the RADIUS user is authenticated as a default user name.  | 5.11.3-5.15.0 | |
 | <a name="4535696"></a> [4535696](#4535696) <a name="4535696"></a> <br /> | When you configure the RADIUS authentication order with <code>local</code> first and <code>radius second</code>, the RADIUS user is authenticated as a default user name.  | 5.12.1-5.15.0 | 5.9.4|
 | <a name="4534357"></a> [4534357](#4534357) <a name="4534357"></a> <br /> | During Cumulus Linux upgrade or downgrade, <code>rsyslog</code> might crash because the management (eth0) port is unavailable, which triggers a use-after-free fault and  produces a cl-support file as a response. | 5.13.1-5.15.0 | |
 | <a name="4531960"></a> [4531960](#4531960) <a name="4531960"></a> <br /> | The GNMI Subscription to xpath <code>interfaces/interface&#91;name=swp61s0&#93;/state/counters/out-pkts</code> with a high sample interval results in an initial response of zero but in subsequent updates, the value is correct. You do not see this issue when the sample interval is 1 second. | 5.14.0-5.15.0 | |
+| <a name="4513849"></a> [4513849](#4513849) <a name="4513849"></a> <br /> | After upgrading from Cumulus Linux 5.12 on the NVIDIA SN5400 switch bonus port, PTP does not converge. To work around this issue, disable, then enable the bonus port after upgrade. | 5.13.0-5.15.0 | |
 | <a name="4509255"></a> [4509255](#4509255) <a name="4509255"></a> <br /> | In PTP two-step, the hardware incorrectly modifies the SYNC message correction field. | 5.12.0-5.15.0 | |
 | <a name="4508830"></a> [4508830](#4508830) <a name="4508830"></a> <br /> | Cumulus Linux allows you to add bond ports of mismatched speeds (such as 10G and 25G) to the same LACP bond without error and the bond reports UP.  | 5.11.2-5.15.0 | |
 | <a name="4501632"></a> [4501632](#4501632) <a name="4501632"></a> <br /> | NVIDIA recommends you wait for approximately 60 seconds after running <code>nv config apply</code> before power cycling the switch so that NVUE database has time to sync to the filesystem.  | 5.14.0-5.15.0 | |
@@ -101,10 +105,18 @@ pdfhidden: True
 | <a name="4475111"></a> [4475111](#4475111) <a name="4475111"></a> <br /> | When you try to convert a layer 3 port that is part of ECMP to a bond member,  you might see a failure in the <code>switchd</code> logs. This issue does not have any functional impact. | 5.11.2-5.15.0 | 5.9.4|
 | <a name="4472414"></a> [4472414](#4472414) <a name="4472414"></a> <br /> | After you modify the IP address of an SVI, DHCP relay uses an old cached IP address instead of the changed IP address. This occurs because DHCP relay monitors the link state change not IP address change. | 5.11.0-5.14.0 | 5.15.0|
 | <a name="4440766"></a> [4440766](#4440766) <a name="4440766"></a> <br /> | When you try to delete a trusted ca key, Cumulus Linux shows an incorrect error message. To remove a trusted ca key, you must unset the key ID, not the key literal. | 5.13.0-5.15.0 | |
+| <a name="4423368"></a> [4423368](#4423368) <a name="4423368"></a> <br /> | When all links go down or the switch reboots,  you see next hop group churn from Zebra to the SOO next hop group. This issue might cause some convergence degradation.  | 5.12.0-5.15.0 | |
+| <a name="4423360"></a> [4423360](#4423360) <a name="4423360"></a> <br /> | After a remote link flap, neighbor entries using the link might not get resolved immediately. Only when some traffic uses the nexthop will they be resolved. | 5.12.0-5.15.0 | |
+| <a name="4423352"></a> [4423352](#4423352) <a name="4423352"></a> <br /> | ZTP scripts return an error due to incorrect ASCI to UTF-8 conversion. | 5.11.0-5.15.0 | |
+| <a name="4423335"></a> [4423335](#4423335) <a name="4423335"></a> <br /> | When you configure TACACS with NVUE or merge an NVUE configuration file that includes TACACS configuration with the <code>nv config patch</code> command, you see an unrecoverable error when running additional NVUE commands. To work around this issue, restart the NVUE service with <code>systemctl restart nvued.service</code>. | 5.9.0-5.15.0 | |
+| <a name="4423277"></a> [4423277](#4423277) <a name="4423277"></a> <br /> | When the username in a 802.1X session includes the equals (=) character, the ISSU warmboot fails. Make sure that = is not part of the 802.1X session name. | 5.11.0-5.15.0 | |
+| <a name="4423269"></a> [4423269](#4423269) <a name="4423269"></a> <br /> | When you configure the switch to move to warm restart mode, the message does not clearly indicate that the reboot to get the switch into warm mode is not hitless. | 5.11.0-5.15.0 | |
 | <a name="4423248"></a> [4423248](#4423248) <a name="4423248"></a> <br /> | If you unset an interface static IP address when the interface IP gateway is configured, the <code>nv config apply</code> command fails with an <code>ifreload.service</code> error. To work around this issue, unset both the static IP address and gateway together. | 5.9.0-5.15.0 | |
 | <a name="4423244"></a> [4423244](#4423244) <a name="4423244"></a> <br /> | When you enable, then disable adaptive routing, the BGP neighbors might go down because of an unresolved MAC address. To work around this issue, configure another attribute on the interface. | 5.9.0-5.15.0 | |
+| <a name="4423235"></a> [4423235](#4423235) <a name="4423235"></a> <br /> | The <code>snmpd</code> service generates debugging logs of sudo calls. To work around this issue, disable sudo logging for the specific commands run by the Debian-snmp user in the <code>/etc/sudoers.d/snmp</code> file by adding <code>Defaults:Debian-snmp !syslog</code>. | 5.11.0-5.15.0 | |
 | <a name="4423175"></a> [4423175](#4423175) <a name="4423175"></a> <br /> | When you configure an API port with a TCP port already in use, the <code>nginx</code> server fails to restart. | 5.13.0-5.15.0 | |
 | <a name="4413589"></a> [4413589](#4413589) <a name="4413589"></a> <br /> | A MAC-only EVPN type-2 route is wrongly advertised with the layer 3 VNI label in the BGP NLRI (Network Layer Reachability Information). Although this does not have any functional impact, it is not the desired RFC behavior. | 5.13.0-5.15.0 | |
+| <a name="4370954"></a> [4370954](#4370954) <a name="4370954"></a> <br /> | After enabling, then disabling truncation on a SPAN session,  truncated packets are still received on the SPAN destination. To work around this issue, remove the SPAN session configuration, reboot the switch, then reconfigure the SPAN session without truncation. | 5.12.0-5.15.0 | |
 | <a name="4337278"></a> [4337278](#4337278) <a name="4337278"></a> <br /> | In certain cases, statically configured VXLAN entries age out after a peerlink flap. | 5.12.0-5.15.0 | |
 | <a name="4329931"></a> [4329931](#4329931) <a name="4329931"></a> <br /> | In previous releases, Cumulus Linux incorrectly allowed SyncE and PPS In features to be enabled at the same time. Upgrading systems with both features configured using NVUE to 5.12.0 or higher results in a failure to apply the startup configuration as part of the first boot of the upgraded version. To work around the issue, unset one of the features before you upgrade. | 5.12.0-5.15.0 | |
 | <a name="4309876"></a> [4309876](#4309876) <a name="4309876"></a> <br /> | When you configure an invalid switch port (swp), NVUE adds the invalid configuration instead of rejecting it. The invalid interface in the configuration does not have any functional impact. | 5.12.0-5.15.0 | |