128T 5.1 Release Notes

Release 5.1.0

New Features and Improvements

  • I95-19132 Role-Based Access Control: Role-Based Access Control provides a mechanism for an Administrator to create Access Management Roles that allow specific access to 128T resources such as routers, tenants, services, and other Authority-level configuration objects, as well as actions such as install, upgrade, or download.

  • I95-21775 BGP VRF Support: Support for learning VRF routes through BGP and the associated routing tables has been added. Virtual Routing and Forwarding (VRF) instances make it possible to maintain multiple routing tables with overlapping address spaces in one router.

  • I95-21776 Ethernet Over SVR Support: Ethernet Over SVR (EoSVR) is a proprietary 128 Technology protocol that extends the Ethernet broadcast domain across multiple sites. EoSVR provides a site to site ethernet broadcast domain between 128T routers with increased security and efficiency, without the overhead of IP packet encapsulation.

  • I95-23206 Custom Chart Legends: This feature allows the user to assign a custom series name to each trace in the legend by hovering over the series name, and clicking on the displayed icon. The pop up dialog allows you to assign a name to the series.


  • I95-27678 Configurable Audit Events: Audit events such as traffic, admin, and system can be configured with this feature. The persistence of those events is now configurable.

  • I95-33016 Router and Node Page Dynamically Refresh Analytics and State: Router and Node pages automatically refresh data at 30 second intervals.

  • I95-33385 Implement dark-mode in GUI: There is a switch in the User Profile under Preferences allowing a user to switch the display to "dark mode"; a black background with light text.

  • I95-34919 Show Commands for Services: The show service path and show fib commands have been enhanced to provide more granular path-related debugging.

  • I95-35051 Provide a way to generate & stage all auto-generated configuration: The create-config autogenerated command has been added, which forces re-generation of all automatically generated configuration items, and stages the configuration changes into the current candidate configuration. This command serves only to aid in debugging, and allows you to validate, inspect, and make edits, without committing the changes.

  • I95-35952 PCLI support for multi-line fields: Configurations with multi-line input fields are restricted to a single line when displayed.


  • I95-36912 PCLI commands accept resource-group wherever possible: Commands that can specify router all on the conductor can now target a resource group using the new group argument. router and group are mutually exclusive, so only one can be specified at a time.

  • I95-37251 Provide an Interface description on hover: An interface description is provided in the GUI on hover.

  • I95-37443 Latency/Jitter/Loss chart: A chart showing the latency, jitter, and loss for the selected peer path over time is accessible by clicking the Source field in the Peer Paths table on the Router page.

  • I95-37473 PCLI: Advanced mode: Advanced Mode allows viewing and editing configuration fields that are normally hidden and automatically generated by 128T. The new mode is invoked by passing --user-mode=advanced to the PCLI at launch.

  • I95-37663 GUI rebrand for managed service providers: The Authority Settings now has a 'Theme' section that allows you to change the primary color, secondary color, and main icon of the GUI.

  • I95-38212 Restart System From the Node Panel: The Process Management button has been added to the top of the Node Panel in the GUI. When selected, a list of operations displays, allowing the user to; Start, Stop, or Restart the 128T Conductor or Router. The option to Reboot the OS is also available.


  • I95-38642 Form Based Template Instantiation: An administrator can now define a JSON Schema to create a template for variables so a user can fill out the variables in a simple form.

  • I95-38920 MIB additions - router metadata: The following fields have been added to the T128-SYSTEM MIB:
    • Router Description
    • Router Location
    • Router Coordinates
    • Node Description
    • Node Location

  • I95-39017 SR-IOV VLAN filtering: VLAN filtering has been enabled for the SR-IOV virtual functions to support the NFX150 and NFX250 platforms.

note

Please refer to the Caveats section for important information prior to installation.

Resolved Issues

  • I95-30812 PCLI session terminated when actively running commands: PCLI sessions now recognize all activity.

  • I95-30883 Add Enumeration Description to Combo Dropdown in Edit Config Pages: GUI drop downs now display descriptions.

  • I95-31882 Inconsistency in show alarm output: The show alarms output message is now consistent for shelved alarms and active alarms.

  • I95-33272 End port field validation accepts leading space: An issue where the PCLI accepted a leading space in some fields has been resolved. Validation now removes leading and trailing spaces for number types.

  • I95-33526 No indication that a restore configuration operation has completed: Users are now directed to view the restored configuration, indicating that the operation has completed.

  • I95-33973 PCLI suggesting commands not available in the config context: This issue has been resolved.

  • I95-34443 Provisioner status in router dialog not matching the Asset status in router page: Asset Reconciliation now takes place automatically every 1.5 minutes in the GUI to assure the states of all assets are correctly reflected in the UI.

  • I95-35521 Ambigious validation error: Errors now more clearly identify the source of the error.

  • I95-35646 Wrong date for weekday in date picker: The date-picker logic has been updated to resolve this issue.

  • I95-35783 Bootstrap DHCP server not resilient to power loss or abrupt shutdown: The handling of abrupt shutdowns has been strengthened.

  • I95-36053 High number of System Events on 128T Config changes: Added a filter to audit logs of type SERVICE-START and SERVICE-STOP based on service to filter just the required services.

  • I95-36366 Security keys are not automatically generated for unmanaged router: Security keys are now automatically generated.

  • I95-36397 / I95-36614 Auto Generated DHCP Server Interface Down: Generate namespace ID with node specific namespace name for device interface to prevent namespace id collision.

  • I95-36509 Validation may be terminated or not execute if the 128T SSR experiences a disconnect from the conductor: This issue has been resolved.

  • I95-36761 Configuring default-route-distance under bgp causes a fault in the PCLI: This issue has been resolved by providing defaults for default BGP distances (ebgp, ibgp, and local).

  • I95-37002 Help text on shared-mac parameter should be more explicit: The description has been updated to provide additional information.

  • I95-37181 LTE Modem denied from network with 128T Service Running: Resolved an issue where UDP packets larger than the network-interface MTU causes Rx Error on the LTE interface, resulting in denial of the LTE modem.

  • I95-37699 save tech-support-info may generate a corrupted zip file on systems that have greater than 10K alarms: Added a limit argument to PCLI show events and Tech Support to resolve this issue.

  • I95-37728 show rib summary hangs/return no data: Added support to proxy the routing engine endpoint in the web server, and provided support for the vrf argument in show rib summary.

  • I95-37770 Password Obfuscator consumes password as a command line argument: This issue has been resolved.

  • I95-37826 Ensure permissions on bootloader config are configured: Appropriate permissions are set on bootloader config files.

  • I95-37832 Ensure no world writable files exist: Added software tools to avoid world writable files.

  • I95-37910 AWS c5.xlarge instance shows 2 cores in GUI: Custom Report charts now persist the displayed data even if an error occurs, specifically if internet connection drops or a node becomes unavailable. A small error indicator now appears above the chart, which can be hovered and displays the error.

  • I95-38378 Salt-minion config broken after enabling asset connection resiliency: The minion config is now loaded on conductor migration operations at time of operation.

  • I95-38389 PDM gets pegged at 100% which makes the GUI and PCLI inaccessible: The config export process has been made more efficient to reduce the chance of a race condition.

  • I95-38393 Router Cannot Get Past Connected State: Resolved an issue where assets could become stuck in Connected state.

  • I95-38458 PCLI fails to start after upgrade: Resolved an issue where caching errors prevented 128T from starting.

  • I95-38474 The router > dns-config does not account for the immutable bit on /etc/resolv.conf: Resolved an issue with the DNS proxy not working due to the immutable bit set by ISO.

  • I95-38495 Duplicate link-layer-address configuration causes DHCP server to fail to start: A configuration validation error is shown when duplicate link-layer-address are configured.

  • I95-38500 CVE Medium: binutils (CESA-2018:3032), binutils (CESA-2019:2075): Added binutils to deprecated packages.

  • I95-38543 salt_master memory leak using up all conductor memory: This issue has been resolved with an update to saltstack 3002.2

  • I95-38666 Management Services and routes may not be generated for PPPoE: Resolved an issue where management-over-forwarding was not generating service or service-route config for PPPoE interfaces.

  • I95-38682 CVE Medium: Rebuild Python: Python has been updated to address vulnerabilities.

  • I95-38694 SNMP ifTable does not conform to correct IF-MIB representation of high speed interfaces: The ifSpeed field in the legacy ifTable has been set to conform with the higher speed values.

  • I95-38728 Interface configuration on Azure: Resolved an issue where a module was not loaded by default, causing the interface configuration to fail.

  • I95-38768 VMXNet3 driver not functional: A fix has been applied to the ip header checksum and is now calculated via hardware offload.

  • I95-38830 Validation error when device-interface type is set to vmbus-uuid and forwarding is disabled: Resolved a configuration problem wherein vmbus-uuid could not be configured unless forwarding was explicitly configured.

  • I95-38832 Intermittent PCLI command failure when issues queries against managed routers: Resolved an issue that resulted in unresponsive web and command line interfaces caused by certain configuration sizes.

  • I95-38919 Prevent DNF Corruption prior to Plugin Install: Added corruption detection/remediation to plugin installation.

  • I95-38963 Address sudo CVE-2021-3156: Upgraded to later version.

  • I95-38986 Template parse error is difficult to find: Added additonal context to the error to help identify.

  • I95-39011 AutomatedProvisioner process consuming 300%: Resolved by increasing the timeout for local rpm queries.

  • I95-39036 dns-config=automatic should be allowed when using PPPoE: Resolved an issue where management over pppoe interface does not allow dns-config mode to be configured.

  • I95-39163 Long propagation times in FIB entries: The routing agent implementation was improved to enable faster processing of configuration changes when there are services with a large port range.

  • I95-39167 IP violations caused by un-natted packets: Resolved an issue where ICMP unreachables on an LTE interface are generating IP violations causing an unexpected disconnect.

  • I95-39186 Interactive Install ISO not shutting down properly after install: This issue has been resolved.

  • I95-39187 Use same time format in Alarms and Event History: Time format is now consistent between Alarms and Event History.

  • I95-39190 CVE Medium: CESA-2021:0153 dnsmasq: Upgraded dnsmasq to version 2.76-16.el7_9.1 as a remediation for CESA-2021:0153.

  • I95-39239 Event persistence gets stuck on a high number of events: This issue has been resolved.

  • I95-39278 CVE High/Medium: Saltstack Updates: Updated saltstack to 3002.5 to address Saltstack CVEs.

Caveats

  • I95-39023 Conductor Upgrade process forces a log out from the GUI: An issue has been identified that when upgrading the conductor, the user is logged out of the GUI, and presented with an error message when attempting to log back in. The installation is running, and does complete. Log in is again available after the system has restarted.

  • I95-39406 Installer Fails to Update: In some situations, such as an installer conflict, the Installer will fail to update, but the 5.1 software has downloaded and installed.

  • I95-38622 5.1.0 Kernel Upgrade Required for Wireguard Support: Support for the wireguard plugin is not available on a router with 5.1.0 installed. The wireguard plugin can be installed on a Conductor, provided that the Routers are running a version older than 5.1.0.

  • I95-37050 Remove Deprecated API Fields:

    • "averageBandwidth" and "traffic" fields have been removed from the /router/{router}/node/{node}/deviceInterface response message.

    • "averageBandwidth" and "traffic" fields have been removed from /router/{router}/node/{node}/networkInterface and /router/{router}/node/{node}/deviceInterface/{deviceInterface}/networkInterface response message.

    • "traffic", "averageBandwidth", "sessions", "sessionArrivalRate", "cpu", "disk", "memory", and "platform" have been removed from the /router/{router}/node and /router/{router}/node/{node} response message.

    • "bandwidth", "sessions", "sessionArrivalRate" and "bytesTransmitted" fields have been removed from /service and /service/{service} response message.

    • "averageBandwidth", "traffic", "sessions", and "sessionArrivalRate" fields have been removed from /serviceClass response message.

    • "bandwidth", "sessions" and "traffic" fields have been removed from /tenant and /tenant/{tenant} response message.

    • The following endpoint has been removed entirely: /router/{router}/node/{node}/networkInterface/byDeviceInterface

Last updated on