Mellanox MLNX-OS® Release Notes for Ethernet
Contents
1. 4 2 2 Supported CPU Architecture _ 4 2 3 Supported Firmware u u us yu een 4 2 4 Supported Software Licenses 5 2 5 Upgrade From Previous Releases 5 2 6 Supported Cable8 eerte eros eater A Pese ed I denen 6 Chapter 3 Changes and New Features 7 Chapter4 Known Issues 4a ves ens e behead ob ee See RR NUR UR RR eR ADR is 12 4 1 General Known Issues 0 0 ccc eect n 12 42 Ethernet Known 155085 5 UB te wie eat ele agen 15 4 3 IP Routing Known Issues 21 Chapter 5 Bug eese cote Side oes RA A OP Rea xb E Game bee Pur dida 27 5 1 General Bug FIXes Viet on keeles 27 5 2 Security Bug Fikes 2 6009 eve e EE RUE eng ig EON DRE 28 Chapter 6 Submitting a Service 31 Mellanox Technologies Confidential 3 1 Introduction This document is the Mellanox MLNX OS Release Notes for Ethernet MLNX OS is a comprehensive management software solution that provides optimal perfor mance for cluster computing enterprise data centers and cloud computing over Mellanox SwitchX family The fabric management capabilities ensure the highest fabric performance while the chassis management ensures the longest switch up time The MLN2. Problems with the power supply cannot be N A monitored on SX1016 switch systems using the command show health report or by observ ing the PS LED on the switch system itself 74 802 1x Show dotlx commands on PPC based systems N A provide output in a slow line by line fashion 75 802 1x A PAE may send unneeded EAP START mes N A sages when authentication starts 4 3 IP Routing Known Issues Table 7 IP Routing Known Issues Sheet 1 of 6 Index Category IP Interfaces Description ICMP echo packets are not counted as part of the VLAN interface counters Possible Workaround ICMP packets are counted in the interface L2 count ers IP Interfaces The maximum number of L3 interfaces that can be configured is 64 N A Mellanox Technologies Confidential 21 Table 7 IP Routing Known Issues Sheet 2 of 6 Index Category Description Possible Workaround 3 IP Interfaces A VLAN bound with an ACL action must not N A be bound to a router port Else router port behavior is unpredictable 4 IP Interfaces Router ports are not supported on N A SX10xx xxxR and SX60xx xxxR systems 5 IP Interfaces It is not possible to add or remove member Physical port must explic interfaces from a LAG or delete that LAG itly be changed from no when it 1s configured as a router port switchport to switch port so that router capa bilities are reset
3. User Manual Ethernet Switching Added support for disabling MAC address learning Mellanox Technologies Confidential 8 Table 4 Ethernet Changes and New Features Category Description General Added support for Mellanox OFED 2 3 integration Interconnect Added support for LR4 modules on Ethernet switch systems Toma F en E inci in the User Manual MLAG Added support for MLAG LACP Security Added support for security strict mode SNMP Added support for setting hostname through SNMP See section 4 17 1 7 SNMP SET Operations in the User Manual SNMP Added support for power cycling through SNMP See section 4 17 1 7 SNMP SET Operations in the User Manual SNMP Added support for changing configuration through SNMP See section 4 17 1 7 SNMP SET Operations in the User Manual Systems GA support for SX1710 switch systems GA support for Virtual Machine for x86 based switch systems Virtual Machine See section 4 19 Virtual Machine in the User Manual WebUI Added support for Internet Explorer 11 web browser Release 3 3 5200 GA support for Router Port See Chapter 6 Routing in the User Manual Proof of concept support for See section 6 3 BGP in the User Manual GA support for route maps See section 6 4 Route in the User Manual GA support for Bi Dir See section 6 6 Multica
4. channel configuration must be identical in both switches 22 MLAG MLAG VIP is limited to 2 switches If more N A than 2 switches connected to the same MLAG VIP MLAG behavior is not anticipated 23 MLAG When the MPO is connected to the host span N A ning tree should be disabled on the MLAG port channel before it is enabled port type set to edge and BPDU filter enabled When con nected to a switch spanning tree should be dis abled on the switch no Spanning tree 24 MLAG Deleting an IPL port channel interface while Shutdown the port before MLAG 15 enabled using the command no deleting it interface port channel lt id gt might cause errors These errors may be safely ignored 25 MLAG The IPL VLAN interface must be used only for N A MLAG protocol and must not be used by any other interfaces e g port channel Ethernet 26 MLAG An MLAG port channel must be administra N A tively disabled interface mpo id shut down before deleting it 27 MLAG IGMP snooping is automatically enabled on N A MLAGs and may not be disabled 28 MLAG Keepalive interval should be set to 3 seconds N A when working with over 1k VLANs on PPC Mellanox Technologies Confidential 17 Table 6 Ethernet Known Issues Sheet 4 of 7 Mellanox Technologies Confidential 18 J Index Category Description Possible Workaround 29 MLAG Configuri
5. in the guest operating system in order to exploit VENOM Mellanox Technologies Confidential 30 J Table 9 List of Security Bug Fixes CVE Description CVE 2015 4000 The TLS protocol 1 2 and earlier when a DHE EXPORT ciphersuite is enabled on a server but not on a client does not properly convey a EXPORT choice which allows man in the middle attackers to conduct cipher downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE EXPORT replaced by DHE aka the Logjam issue CVE 2015 5119 This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized the details for this candidate will be provided 6 Submitting a Service Request The Mellanox Support Center is at your service for any issues You may access the Warranty Service through the Web Request Form by using the following link http www mellanox com content pages php pg support index Mellanox Technologies Confidential 31
6. those VLANs Assuming port 1 is in trunk allowed vlan remove 1 mode and there 3000 VLANs created a 100 in succession good practice would be to achieve membership of port 1 in VLANs 100 3000 use the com mand interface ethernet 1 x switchport trunk allowed vlan remove 1 100 instead of interface ethernet 1 x switchport trunk allowed vlan 100 3000 35 Spanning Tree Non standard behavior may occur on third N A party switch STP functionality when the port moves from Root to Alternate state The stan dard Proposal Agreement sent by MLNX OS is unanswered which may result in traffic loss of up to 30 seconds 36 Spanning Tree STP convergence time is slower than expected N A 37 Spanning Tree BPDUs are sent from both the superior and the N A inferior switches Table 6 Ethernet Known Issues Sheet 5 of 7 Mellanox Technologies Confidential 19 J Index Category Description Possible Workaround 38 MSTP The command no vlan ona VLAN interface Dissociate the VLAN associated with an MSTP instance is not sup from the MSTP instance ported before running the com mand 39 MSTP Under heavy MSTP configuration the system N A may exhibit slowness after adding a new MSTP instance In the ensuing minute if a show com mand is issued an error message may appear That message can be safely ignored 40 IGMP Snooping Setting the ip igmp snooping N A unregistered multicast o
7. 02 3 3 5006 3 3 4406 3 3 4304 Mellanox Technologies Confidential 5 For upgrade instructions refer to the section Upgrading MLNX OS Software in Mellanox MLNX OS User Manual Downgrading from MLNX OS version 3 4 0012 or later on x86 switch systems is not supported 2 6 Supported Cables For a list of the Mellanox supported cables please visit the LinkXTM Cables and Transceivers page of the Mellanox Website at http www mellanox com page cables mtag cable overview When using Mellanox AOC cables longer than 50m use one VL to achieve full wire speed Mellanox Technologies Confidential 6 Changes and New Features Table 4 Ethernet Changes and New Features Category Description Release 3 4 3002 Security Added support for switch secure mode Usei Accounts Improved logic of AAA authorization map order System Management See the command aaa authorization map order in the User Manual Added support for auto BIOS upgrade for SX1400 and SX1710 switch sys tems Chassis Management Added new System Health Monitor notification alert See the section System Health Monitor Alerts Scenarios in the User Manual Improved module status display SH See command show module in the User Manual Software Added support for MLNX OS over ONIE Management See section Image Maintenance via Mellanox ONIE in the User Manual Software Removed requirement for 56GbE license Management S
8. Category Modules Description When using 5m splitter cable P N MC2609125 005 wrong data 1s displayed under transceiver information Possible Workaround N A 51 Modules Using 1GbE copper modules leads to the port status being constantly reported as active regardless from the actual link state N A 52 53 Modules SNMP The command show interface does not dis play IGbE modules correctly LLDP MIB OID IldpRemPortDesc is not sup ported 54 Puppet Agent Speed parameter 1s not supported for LAG interfaces 35 56 Puppet Agent Port Mirroring Description parameter is not supported on L2 interfaces When port mirroring congestion is configured to drop excessive frames best effort while using the same analyzer port for more than a single mirroring session that port could drops packets from all flows not according to their configured priorities 57 sFlow The discarded packets counter in sFlow sam ples may not be accurate and may expose a skew of one second N A 58 59 sFlow sFlow Discard counters are not reported to the collec tor Errors are seen when defining sFlow session from two WebUI or CLI sessions simultane ously N A N A 60 OpenFlow OpenFlow ARP packet matching rule does not include IP source and destination addresses N A 61 62 OpenFlow OpenFlow OpenFlow is n
9. Mellanox TECHNOLOGIES Mellanox MLNX OS Release Notes for Ethernet Software Ver 3 4 3002 www mellanox com NOTE THIS HARDWARE SOFTWARE OR TEST SUITE PRODUCT PRODUCT S AND ITS RELATED DOCUMENTATION ARE PROVIDED B Y MELLANOX TECHNOLOGIES AS IS WITH ALL FAULTS OF ANY KIND AND SOLELY FOR THE PURPOSE OF AIDING THE CUSTOMER IN TESTING APPLICATIONS THAT USE THE PRODUCTS IN DESIGNATED SOLUTIONS THE CUSTOMER S MANUFACTURING TEST ENVIRONMENT HAS NOT MET THE STANDARDS SET BY MELLANOX TECHNOLOGIES TO FULLY QUALIFY THE PRODUCT S AND OR THE SYSTEM USING IT THEREFORE MELLANOX TECHNOLOGIES CANNOT AND DOES NOT GUARANTEE OR WARRANT THAT THE PRODUCTS WILL OPERATE WITH THE HIGHEST QUALITY ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT ARE DISCLAIMED IN NO EVENT SHALL MELLANOX BE LIABLE TO CUSTOMER OR ANY THIRD PARTIES FOR ANY DIRECT INDIRECT SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND INCLUDING BUT NOT LIMITED TO PA YMENT FOR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABLITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY FROM THE USE OF THE PRODUCT S AND RELATED DOCUMENTATION EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Mellanox TF HNnI MRIFS Mel
10. X based systems 2 33 5000 and higher Mellanox Technologies Confidential 4 2 44 Supported Software Licenses For the software licenses supported with MLNX OS software please refer to the Licenses section of the Getting Started chapter of the Mellanox MLNX OS User Manual 2 5 Upgrade From Previous Releases Older versions of MLNX OS may require upgrading to one or more intermediate versions prior to upgrading to the latest Missing an intermediate step may lead to errors Please refer to Table 2 and Table 3 to identify the correct upgrade order Table 2 Supported Software Upgrades for PPC Systems Target Version Verified Versions From Which to Upgrade 3 4 3002 3 4 2306 3 4 2008 3 4 1120 3 4 2306 3 4 2008 3 4 1120 3 4 2008 3 4 1954 3 4 1950 3 4 1804 3 4 1120 3 4 0012 3 4 1120 3 4 1110 3 4 1100 3 4 0012 3 4 1110 3 4 1100 3 4 0012 3 4 0012 3 3 5006 3 3 4402 3 3 5200 3 3 5006 3 3 4402 3 3 5006 3 3 4402 3 3 4304 3 3 4402 3 3 4304 3 3 4100 3 3 4304 3 3 4100 3 3 3500 3 3 4100 3 3 3500 3 3 3000 Table 3 Supported Software Upgrades for x86 Systems Target Version Verified Versions From Which to Upgrade 3 4 3002 3 4 2008 3 4 1120 3 4 2306 3 4 2306 3 4 2008 3 4 1120 3 4 2008 3 4 1120 3 4 0012 3 4 1120 3 4 1110 3 4 1100 3 4 0012 3 3 5006 3 4 1110 3 4 1100 3 4 0012 3 3 5006 3 4 0012 3 3 5006 3 3 5200 3 3 5006 3 3 44
11. X OS documentation package includes the following documents User Manual provides general information about the scope organization and com mand line interface of MLNX OS as well as basic configuration examples Release Notes provides information on the supported platforms changes and new fea tures and reports on software known issues as well as bug fixes 2 Supported Platforms Firmware Cables and Licenses 2 1 Supported Switch Systems Table 1 Supported Switch Systems Model Number Description MSX1036 36 Port QSFP 40GbE 1U Ethernet switch system MSX1024 12 Port QSFP 40GbE 48 Port SFP 10GbE 1U Ethernet switch system MSX1024 52 4 Port QSFP 40GbE 48 Port SFP 10GbE 1U Ethernet switch system MSX1016 64 Port SFP 10GbE 1U Ethernet switch system MSX1012 12 Port QSFP 40GbE 1U Ethernet switch system MSX1400 48 Port SFP 10GbE 12 Port QSFP 40GbE 1U x86 Ethernet switch system MSX1410 48 Port SFP 10GbE 12 Port QSFP 40GbE 1U dual core x86 Ethernet switch system engineering sample MSX1710 36 Port QSFP 40GbE 1U Ethernet dual core x86 switch system MSX1710 O 36 Port QSFP 40GbE 1U Ethernet dual core x86 switch system with ONIE 2 2 Supported CPU Architecture PPC 460 x86 2 3 Supported Firmware SwitchX firmware version 9 3 5080 SwitchX 2 firmware version 9 3 5080 ConnectX 2 firmware version 2 9 1000 and higher ConnectX 3 firmware version with Switch
12. ad 48 BGP The command bgp aggregate address sum N A mary only does not silence aggregate route re advertisements Mellanox Technologies Confidential 25 J Table 7 IP Routing Known Issues Sheet 6 of 6 Index Category Description Possible Workaround 49 BGP AS path request set are limited to 128 When N A more are received TCP FIN is sent and con nection to the peer is lost 50 BGP When running both BGP and OSPF changing N A the configuration of the command router bgp lt AS gt external distance internal dis tance local distance requires running clear ip bgp all afterwards 51 Four byte ASN 15 not supported N A 52 BGP The command no neighbor lt ip address gt Delete the neighbor with local as is not functional no neighbor lt 1 address gt remote as and restore the neighbor without the command neighbor local as 53 ACL When upgrading to this release it is advised to N A reduce the number of ACL configured to 3 54 VRF A router port LAG cannot be mapped to user N A VRF 55 VRF Any VRF can be monitored with sFlow but a N A collector can be on the management VRF only Mellanox Technologies Confidential 26 5 Bug Fixes 5 1 General Bug Fixes The following table describes MLNX OSQ bug fixes in this software release Table 8 General Bug Fixes Index Category Description l SNMP SNMP E
13. an organization or individual that will use it when announcing a new security problem When the candidate has been publicized the details for this candidate will be provided Mellanox Technologies Confidential 28 J Table 9 List of Security Bug Fixes CVE Description CVE 2015 0204 Thessl3 get key exchange function in s3_clnt c in OpenSSL before 0 9 8zd 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k allows remote SSL servers to conduct RSA to EXPORT RSA downgrade attacks and facilitate brute force decryption by offering a weak ephemeral RSA key in a noncompliant role related to the FREAK issue NOTE the scope of this CVE is only client code based on OpenSSL not EXPORT_RSA issues associated with servers or other TLS implementations CVE 2015 0205 5513 get cert verify function in 53 srvr c in OpenSSL 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k accepts client authentication with a Diffie Hellman DH certificate without requiring a CertificateVerify message which allows remote attackers to obtain access with out knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support CVE 2015 0206 Memory leak in the 0151 buffer record function in dl pkt c in OpenSSL 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch lea
14. before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a allows remote attackers to cause a denial of service s2 lib c assertion failure and daemon exit via a crafted CLIENT MASTER KEY message CVE 2015 1789 The X509 time function in crypto x509 x509_vfy c in OpenSSL before 0 9 8zg 1 0 0 before 1 0 0s 1 0 1 before 1 0 1n and 1 0 2 before 1 0 2b allows remote attackers to cause a denial of service out of bounds read and application crash via a crafted length field in ASNI TIME data as demonstrated by an attack against a server that supports client authen tication with a custom verification callback CVE 2015 1790 The PKCS7 dataDecodefunction in crypto pkcs7 pk7 doit c in OpenSSL before 0 9 8zg 1 0 0 before 1 0 0s 1 0 1 before 1 0 1n and 1 0 2 before 1 0 2b allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a 7 blob that uses ASN 1 encoding and lacks inner EncryptedContent data CVE 2015 1791 Race condition in the 5513 get new session ticket function in 551 53 clnt c in OpenSSL before 0 9 8zg 1 0 0 before 1 0 0s 1 0 1 before 1 0 1n and 1 0 2 before 1 0 2b when used for a multi threaded client allows remote attackers to cause a denial of service double free and application crash or possibly have unspecified other impact by providing a NewSes sionTicket during an attempt to reuse a ticket that had been obtained earlier CVE 2015 1792 The do fre
15. ded subnets 27 OSPF If the MTU is reconfigured while the interface Shut down the interface is up disruptions may be experienced in L3 before reconfiguring traffic MTU 28 OSPF A loopback interface assigned to area 0 does Keep the loopback not get redistributed as direct route after assigned to the OSPF area removal from the OSPF 0 29 DHCP Relay DHCP Relay is supported on SwitchX 2 plat N A forms only 30 DHCP Relay DHCP Relay is not supported on N A SX10xx xxxR and SX60xx xxxR systems 31 VRRP Using the same Virtual IP VIP as the VLAN N A interface is not supported 32 MAGP Designated traffic such as ping to the MAGP N A interface is not supported 33 PIM Connecting two routers via VLAN interface Use a router port instead with PIM load sharing causes loops in the net work 34 PIM PIM BIDIR routers must have point to point N A connection 35 PIM The command show ip pim rp does not distin Use the command show guish elected RP from other active RPs ip pim rp hash to see the elected RP and show ip mroute to see active RPF interface Mellanox Technologies Confidential 24 Table 7 IP Routing Known Issues Sheet 5 of 6 Index Category Description Possible Workaround 36 PIM Per interface multicast TTL threshold and Enable PIM SM on the static OIF cannot be configured without interface enabling PIM in the interface 37 PIM Local settin
16. ding to failure of replay detection CVE 2015 0209 Use after free vulnerability in the d21 ECPrivateKey function in crypto ec ec asnl c in OpenSSL before 0 9 8zf 1 0 0 before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a might allow remote attackers to cause a denial of service memory corruption and applica tion crash or possibly have unspecified other impact via a malformed Elliptic Curve EC private key file that is improperly handled during import CVE 2015 0285 5513 client hello function in s3_clnt c in OpenSSL 1 0 2 before 1 0 2a does not ensure that the PRNG is seeded before proceeding with a handshake which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute force attack CVE 2015 0286 The ASNI TYPE cmp function in crypto asnl a type c in OpenSSL before 0 9 8zf 1 0 0 before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a does not properly perform bool ean type comparisons which allows remote attackers to cause a denial of service invalid read operation and application crash via a crafted X 509 certificate to an endpoint that uses the certificate verification feature CVE 2015 0287 The ASNI item ex 21 function in crypto asnl tasn dec c in OpenSSL before 0 9 8zf 1 0 0 before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a does not reinitialize CHOICE and ADB data structures which might allow attackers to cause a d
17. e Agreement See section Getting Started in the User Manual General Improved configuration file format Power Management Added support for link width reduction Systems New CPU temperature for MSX10xx systems Systems Beta support for x86 CPU family based systems MSX 1400 and MSX1700 Puppet Agent GA support for Puppet See section Puppet Agent in the User Manual Ethernet Switching GA support for debug per protocol OpenFlow GA support for OpenFlow See section OpenFlow in the User Manual DCBX GA support for DCBX See section DCBX in the User Manual Mellanox Technologies Confidential 10 Table 4 Ethernet Changes and New Features Category Description MSTP GA support for MSTP protocol See section MSTP in the User Manual DHCP Relay GA support for DHCP relay See section DHCP Relay in the User Manual IGMP Snooping GA support for IGMP Querier relay See section IGMP Snooping Querier in the User Manual Release 3 3 4100 Improved debug file upload mechanism General Refer to file debug dump command in the CLI reference guide General Added support for displaying system hardware revision Refer to show Inventory command in the CLI reference guide Added a MELLANOX ENTITY MIB as an extension to the standard SNMP ENTITY MIB to represent system GUID Refer to SNMP chapter in the User Manual The new MIB can be fo
18. e upto function in crypto cms cms smime c in OpenSSL before 0 9 8zg 1 0 0 before 1 0 0s 1 0 1 before 1 0 1n and 1 0 2 before 1 0 2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data struc ture as demonstrated by an unrecognized X 660 OID for a hash function CVE 2015 1798 The symmetric key feature in the receive function in proto c in ntpd in NTP 4 x before 4 2 8p2 requires a correct MAC only if the MAC field has a nonzero length which makes it easier for man in the middle attackers to spoof packets by omitting the MAC CVE 2015 1799 The symmetric key feature in the receive function in proto c in ntpd in NTP 3 x and 4 x before 4 2 8p2 performs state variable updates upon receiving certain invalid packets which makes it easier for man in the middle attackers to cause a denial of service synchronization loss by spoofing the source IP address of a peer CVE 2015 3456 The Floppy Disk Controller FDC in QEMU as used in Xen 4 5 x and earlier and KVM allows local guest users to cause a denial of service out of bounds write and guest crash or possibly execute arbitrary code via the 1 FD CMD READ ID 2 FD CM D DRIVE SPECIFICATION COMMAND or other unspecified commands aka VENOM Though the VENOM vulnerability is also agnostic of the guest operating system an attacker or an attacker s malware would need to have administrative or root privileges
19. ee section Licenses in the User Manual XMLAPI Improved XML interface Ethernet Switching Refer to MLNX OS XML API Reference Guide for more information Added support for QinQ See section QinQ in the User Manual 802 1x Protocol Added support for single host 802 1x authentication protocol See section 802 1x Protocol in the User Manual Added support for next hop load balancing p See section Next Hop Load Sharing in the User Manual Release 3 4 2008 CLI Modified user interface for the command show asic version CLI Improved module hierarchy in the output of the commands show power and show temperature CLI Removed CPU component from the output of the command show inventory SNMP Applied new index scheme for SNMP EntityTable Ethernet Switching Added support for multiport 802 1x authentication protocol See section 802 1x Protocol in the User Manual IP Routing Added support for VRF with static IPv4 and ECMP See section Virtual Routing and Forwarding in the User Manual PIM Added GA support for PIM Load Sharing See section PIM Load Sharing in the User Manual Mellanox Technologies Confidential 7 Table 4 Ethernet Changes and New Features Category Description IPv6 Added support for IPv6 over loopback port MLAG Support for MLAG fast recovery Release 3 4 1120 General Removed sx prefix from version numbers in the c
20. ely ignored 21 Logging The warning pgm_set_timeout may appearin N A the log This warning can be safely ignored 22 Logging During system de init the error mdreq ERR N A init mdr_main c 634 build 1 Error code 14014 may appear in the log This error can be safely ignored Mellanox Technologies Confidential 13 Table 5 General Known Issues Sheet 3 of 4 Mellanox Technologies Confidential 14 Index Category Description Workaround 23 Logging The warning mgmtd WARNING Upgrade N A could not find node to delete iss config stp switch ethernet default spanning tree mode may appear in the log This warning can be safely ignored 24 Logging When using a regular expression containing N A OR with the command show 1og not matching lt reg exp gt the expression should be surrounded by quotes lt expression gt otherwise it is parsed as filter PIPE com mand 25 Logging Port up down events on a port quickly toggling For actual port stats use states may be displayed in wrong order in the the command show monitoring terminal interface 26 Logging The following error may appear in the log N A sn mdc msg handler tms sn mgmt c 910 build 1 Error code 14002 assertion failed returned This error may be safely ignored 27 User Management Some RADIUS and TACACS configurations Press the reset button for
21. ement system using the image fetch command The user must remove old image files prior to fetch ing a new one 13 User Accounts If AAA authorization order policy is config N A ured to remote only then when upgrading to 3 4 3002 or later from an older MLNX OS ver sion this policy is changed to remote first 14 Configuration Loading the wrong system configuration file N A Management may hang the system For example an attempt to use an SX1016 con figuration file on an 5 6036 5 6536 5 1035 system may cause the system to hang 15 Configuration After loading a new configuration file please N A Management reboot the system Otherwise configuration may not be properly applied and errors may appear in the log 16 Configuration When using a large set of configuration files N A Management configuration apply can take more time than usual due to parallel activity of statistics data collecting 17 Configuration Applying a configuration file of one system N A Management profile to another is not supported 18 Configuration If the last box leaving an HA MLAG cluster N A Management is not the box on which the cluster was created bogus configuration will result which does not allow recreating the same cluster name 19 Configuration Sending packets to a non default port in TFTP N A Management transport layer 15 not supported 20 Logging DROPPED MSG errors may appear during N A reload shutdown phase These errors can be saf
22. enial of service invalid write operation and memory corruption by leveraging an application that relies on ASN 1 structure reuse CVE 2015 0288 The X509 to X509 REQ function in crypto x509 x509 req c in OpenSSL before 0 9 8zf 1 0 0 before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key CVE 2015 0289 The PKCS 7 implementation in OpenSSL before 0 9 8zf 1 0 0 before 1 0 0r 1 0 1 before 1 0 1m and 1 0 2 before 1 0 2a does not properly handle a lack of outer ContentInfo which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an application that processes arbitrary PKCS 7 data and providing malformed data with ASN 1 encoding related to crypto pkcs7 pk7 doit c and crypto pkcs7 pk7 lib c Mellanox Technologies Confidential 29 J Table 9 List of Security Bug Fixes CVE Description CVE 2015 0292 Integer underflow in the EVP_DecodeUpdate function in crypto evp encode c in the base64 decoding implementation in OpenSSL before 0 9 8za 1 0 0 before 1 0 0m and 1 0 1 before 1 0 1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted base64 data that triggers a buffer over flow CVE 2015 0293 The SSLv2 implementation in OpenSSL before 0 9 8zf 1 0 0
23. from physical port 6 IP Interfaces ICMP redirect is not supported over router N A port T LLDP A port connected to a router port receives from N A it an LLDP packet containing IPv4 and IPv6 management addresses However the IPv6 address is not included in the LLDP MIB as a remote management address Only the IPv4 remote management address is published 8 IP Diagnostic Tools While using invoked shell commands such as N A ping traceroute tcpdump for egressing from a specific router interface use I i vlan lt vlan id gt For example to ping 10 10 10 10 via interface VLAN 30 run the command ping 10 10 10 10 I vlan30 9 IP Routing Prior to upgrading to this software release the N A user must align the number of configured mul ticast routes to the number of routes defined in section IPv4 Routing Mode in the User Man ual 10 IP Routing LAG and L3 ECMP Hash functions lack the Change the distribution configuration of a randomization seed parame function between layers ter Traffic passed over LAG or L3 ECMP in performing LAG or L3 hierarchy topology via multiple SwitchX based ECMP using the com systems is not distributed evenly mand port channel load balance ip load sharing The work around is applicable in case there are multiple mixed flows Mellanox Technologies Confidential 22 Table 7 IP Routing Known Issues Sheet 3 of 6 Index Category Desc
24. g of candidate BSR interval affects Use the default BSR inter the BSR hold time of other winner BSR router val on the BSR router 60 seconds or configure all routers with the same interval Note that this does not affect per RP hold time within BSR 38 PIM At most 300 IGMP packets can be processed Do not use PIM in envi per second ronments where there are more than 300 joins leaves per second 39 PIM RP candidate can be enabled only on one inter N A face at a time 40 PIM BSR candidate can be enabled only on one N A interface at a time 41 PIM In an L3 network with two or more PIM BIDIR N A routers IGMP snooping should be disabled 42 PIM Updating BSR hash mask only affects new Reboot all routers in the multicast groups while groups already active network still use the old map This may lead to loops in the network 43 Multicast Multicast protocol PIM must be enabled in Enable PIM order to configure static multicast route 44 Multicast Router port does not filter outgoing multicast N A packets according to configured multicast time to live TTL value 45 BGP Route aggregation configuration cannot be Delete route aggregation modified and create a new configu ration 46 BGP Aggregate overlapping not supported N A 47 BGP Using the command clear ip bgp ip soft Ifroute refresh is not sup in mandates enabling route fresh on the peer ported on the peer device use the command clear ip bgp ip in inste
25. he no negation prefix is not supported pre Use the no keyword as Interfaces fix in the following CLI commands an infix e g interface interface ethernet lt s p gt ipv4 port access group port channel num no nodhcprelay switchport interface port channel num switchport mode 4 Management Switch systems may have an expired HTTPS Generate a new certificate Interfaces certification by changing the hostname 5 Management Consecutive hostname modification is not sup Wait 25 seconds before Interfaces ported reattempting to modify the hostname 6 Puppet Agent Only the resource ID default is supported for N A Puppet router 7 Puppet Agent Duplex parameter is not supported for Ethernet N A or LAG interfaces 8 In Band In band management mode does not support N A Management IPv6 9 In Band In band management ARPs are not taken into N A Management account in the command show ip arp count 10 In Band In band management is not operational without Contact Mellanox to get Management an L3 license L3 license for free 11 The command show ntp always lists the last N A configured NTP server even if it has been deleted This output can be safely ignored Mellanox Technologies Confidential 12 Table 5 General Known Issues Sheet 2 of 4 Index Category Description Workaround 12 Software Only one image is allowed to be copied into the N A Manag
26. he N A following commands show log show puppet agent log show configuration text files lt file gt 36 SNMP The error Cannot find module MELLANOX N A MIB may appear in the log when performing rollback to MLNX OS version older than 3 3 3000 This error can be safely ignored 37 SNMP Upon system shutdown the following error N A may appear mibd ERR foreach bind ing prequeried parsed mdc main c This error can be safely ignored 38 SNMP The ifNumbers MIB OID 1 3 6 1 2 1 2 1 0 N A on x86 switch systems displays 42 interfaces while the ifTable displays 40 due to VM man agement interfaces that are not shown in the ifTable 39 Chassis Management Duplicate notification is sent upon high tem N A perature alerts both specific module alerts and general too high alerts 40 Chassis Management When plugging in the power supply without Plug in the power source connecting it to the power source the system status and power supply LEDs become RED 41 Virtual Machine For volume fetch using a USB drive formatted Use EXT3 USB format with VFAT causes errors in the log and may require additional reboot for the USB to be reg istered for virtual machine volume usage 4 2 Ethernet Known Issues Table 6 Ethernet Known Issues Sheet 1 of 7 Index Category Description Possible Workaround 1 Ethernet Interfaces The system allows tolerance of 4 b
27. in 53 pkt c CVE 2014 3572 Thessl3 get key exchange function in s3_clnt c in OpenSSL before 0 9 8zd 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k allows remote SSL servers to conduct ECDHE to ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyEx change message CVE 2014 7817 The wordexp function in GNU C Library aka glibc 2 21 does not enforce the WRDE NOCMD flag which allows context dependent attackers to execute arbitrary com mands as demonstrated by input containing CVE 2014 8176 The 4151 clear queues function in ssl d1 lib c in OpenSSL before 0 9 8za 1 0 0 before 1 0 0m and 1 0 1 before 1 0 1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message which allows remote DTLS peers to cause a denial of service memory corruption and application crash or possibly have unspecified other impact via unexpected application data CVE 2014 8275 OpenSSL before 0 9 8zd 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k does not enforce cer tain constraints on certificate data which allows remote attackers to defeat a fingerprint based certificate blacklist protection mechanism by including crafted data within a certifi cate s unsigned portion related to crypto asnl a verify c crypto dsa dsa asnl c crypto ecdsa ecs vrf c and crypto x509 x all c CVE 2014 9297 This candidate has been reserved by
28. interface net before configuring the and cannot be deleted later next hop itself 18 IP Routing Global and interface specific ARP timeout N A configuration commands do not function 19 IP Routing The command ip arp timeout does not take Reload the system after effect on L3 interfaces which have been created running the command before changing the ARP timeout 20 OSPF Changing the IP address on an OSPF Interface Reconfigure all OSPF set VLAN deletes the interface OSPF attachment tings after changing the IP 21 OSPF Interface configuration cannot be performed Enable OSPF admin state while OSPF is admin disabled shutdown using the command router OSPF no shut down Mellanox Technologies Confidential 23 J Table 7 IP Routing Known Issues Sheet 4 of 6 Index Category Description Possible Workaround 22 OSPF Removing a static ID using the command no N A router id requires at list one VLAN interface to be configured 23 OSPF OSPF supports learning of up to 4K routes N A 24 OSPF Default route advertise by ABR to NSSA area Install the default route not installed by NSSA area router manually on the NSSA area using the command ip route 25 OSPF Changing administrative distance the com N A mand router ospf distance is not sup ported 26 OSPF Reverse packet filtering is not supported When N A misconfigured traffic may pass on an unin ten
29. keep the user locked out of the machine due to 15 seconds and then log timeout limitation in using your local authen tication Additionally fix the configuration to avoid any future timeout issues 28 WebUI Reversing the time clock can result in WebUI Clear the graphs data after graphs corrupted data setting the clock 29 WebUI Enabling disabling HTTPS while connected Refresh the page or navi via HTTP to the WebUI may result in tempo gate back using the rary loss of connection to the webpage browser s back button 30 WebUI The following commands cannot be executed To run those commands from Execute CLI commands section on use the CLI WebUI interface ethernet interface module type dcb priority flow control enable 31 WebUI If the configured ciphers in versions prior to N A 3 4 0012 were SSL and TLS ciphers upgrading to this version will override that The new default is to allow TLS ciphers only To enable SSL please run the command web https ssl ciphers all 32 WebUI When SSH strict mode is activated with TLS N A 1 2 Firefox does not work properly Table 5 General Known Issues Sheet 4 of 4 Index Category Description Workaround 33 WebUI When upgrading to version 3 4 3002 statistics N A files are reset As a result WebUI statistic graphs are reset as well 34 CLI MLNX OS support up to 50 CLI session open N A in parallel 35 CLI Command output filtering does not support t
30. lanox Technologies 350 Oakmead Parkway Suite 100 Sunnyvale 94085 U S A www mellanox com Tel 408 970 3400 Fax 408 970 3403 Copynght 2015 Mellanox Technologies All Rights Reserved Mellanox Mellanox logo BndgeX CloudX logo Connect IB ConnectX CoolB ox CORE Direct GPUDirect InfiniHost InfiniScale K otura K otura logo Mellanox Federal Systems Mellanox Open Ethernet Mellanox scalableHPC Mellanox Connect Accelerate Outperform logo Mellanox Virtual Modular Switch MetroD X Metro X MLNX O5 Open Ethernet logo PhyX SwitchX B TestX The Generation of Open Ethemet logo UFM Virtual Protocol Interconnect V oltaire and Voltaire logo are registered trademarks of Mellanox Technologies Ltd Accelio CyPU FPGADirect InfiniBridge LinkxX Mellanox Care Mellanox CloudX Mellanox Multi Host Mellanox NEO Mellanox PeerDirect Mellanox Socket Direct Mellanox Spectrum NVMeDirect StPU Spectrum logo Switch IB Unbreakable Link are trademarks of Mellanox Technologies Ltd All other trademarks are property of their respective owners 2 Mellanox Technologies Confidential J Table of Contents Chapt r T Titroductiono4 ras uec eb E Rt Xe kG 4 Chapter 2 Supported Platforms Firmware Cables and Licenses 4 2 1 Supported Switch Systems
31. ll number of SMACSs 13 LAG When converting static LAG to dynamic LAG Disable and enable the LACP some of the ports remain in DOWN LAG state 14 LAG LAG Hash function lacks configuration of a Change the distribution randomization seed parameter Traffic passed function between layers over LAG in hierarchy topology via multiple performing LAG using the SwitchX based systems is not distributed command port channel evenly load balance The work around is applicable in case there are multiple mixed flows 15 LAG When removing all ports of a port channel and Disable and enable the then re adding them to the port channel in a port channel different type port channel may not converge Mellanox Technologies Confidential 16 J Table 6 Ethernet Known Issues Sheet 3 of 7 Index Category Description Possible Workaround 16 LAG The following LACP port states are not avail N A able in MLNX OS I Individual H hot standby LACP only s Suspended R module removed 17 LAG Configuring multiple LAGs as a range causes N A the switch to hang for up to 10 minutes 18 MLAG Each MLAG VIP group must be configured N A with a different unicast IP address If not MLAG behavior is not anticipated 19 MLAG MLAG is not supported in WebUI N A 20 MLAG MLAG port channels Mpo appear as regular N A port channels Po in WebUI 21 MLAG MLAG configuration including mlag port N A
32. ng a LAG to become an IPL when Have only one LAG set as another LAG is already configured as IPL leads IPL Remove any previous to MLAG going down and an error being configuration if a new one printed in the log Is to be applied 30 MLAG Changing STP mode affects traffic and may User should disable cause MLAG to stop working for an interval of MLAG prior to changing 21 seconds until the new STP topology is built the STP mode 31 MLAG Adding and removing VLAN ranges on trunk Restrict the range of hybrid ports is correlated to the number of the VLANs added removed trunk hybrid ports in the system to from an MLAG port to groups of up to a 500 VLANs 32 VLAN It might take approximately 20 seconds to cre N A ate delete 1000 VLANS or to change the switchport mode of an interface 33 VLAN Creating deleting VLAN ranges on trunk Restrict the range of hybrid ports is correlated to the number ofthe VLANs created deleted to trunk hybrid ports in the system groups of up to a 70 VLANs 34 VLAN When working with more than 2000 VLANs To fix the problem run and trying to change a port s VLAN member the commands inter ship in modes hybrid trunk using the command face ethernet 1 x interface 1 switchport trunk allowed switchport trunk vlan the operation may timeout on account of allowed vlan all and it being too heavy Thus the port does not interface ethernet 1 x become properly configured as a member of switchport trunk
33. ntityTable does not refresh immediately after an event 2 Chassis Management The command show module displays incorrect Power status 3 Chassis Management On rare occasions when sending MAD queries which require access e g cable information to SX1710 switch systems the transaction may hang 4 Chassis Management Over temperature alert on QSFP module is sent on wrong threshold 5 Chassis Management Power supply may appear as not present but powered when extracted from the system 6 Chassis Management The internalSpeedMismatch trap is raised only once the first time it is dis covered 7 Chassis Management Syslog messages and trap messages for internal link speed mismatch do not include the ifName of the link which identify both ends of the connec tion amp m I User Accou ts Setting AAA authorization mapping to remote only does not work Local credentials are still used 9 User Accounts ASCII based authentication using is not functional 10 f System Mansoemeni Received SysRq signals from serial connection RS232 to USB adapter can cause switch to reboot System Management rare occasion MGMTI link may go down on SX1710 switch systems 12 XML API XML node for interface vlan enable disable does not work Mellanox Technologies Confidential 27 5 2 Security Bug Fixes Table 9 presents the security bug fixes which are added in this MLNX OS
34. ode Release 3 4 1110 General Bug fixes Release 3 4 1100 LACP Added support for specific port in the command show lacp neighbor Added GA support for RPVST Switching See section RPVST in the User Manual Added support for LACP individual mode Ethernet Switchi See the command suspend individual in the User Manual Ethernet Switching OpenFlow bitwise IP match Added support for BPDU guard Ethernet Switchi ss See the command spanning tree port type in the User Manual IP Routin Added GA support for IPv6 See section IPv6 Routing in the User Manual IP Routing Added support for VRRP counters IP Routing Added prefix filter in the command show ip route lt ip address gt MAGP Added MAGP disabled indication in the command show magp when applicable SNMP Added support for SNMP SET upgrade See section Upgrading MLNX OS Software with SNMP in the User Manual WebUI Added popup Welcome screen when connecting via WebUI See section Starting the Web User Interface in the User Manual Securit Added default passwords to the XML default users y See section User Accounts in the User Manual Release 3 4 0012 Security Changed the HTTPS default ciphers to TLS IP Routin GA support for PIM Bi Dir See section 6 3 Multicast IGMP and PIM in the User Manual IP Routing Added support for ICMP redirect See command 1 icmp redirect in the
35. ot supported over LAG member ports of LAG or split port interfaces OpenFlow can support up to 1000 flows sup porting 12 tuples with wildcards according to the standard N A N A 63 OpenFlow Standard ACL cannot be configured while OpenFlow is in use N A 64 Mellanox Technologies Confidential 20 OpenFlow OpenFlow counters can support counting of packets N A Table 6 Ethernet Known Issues Sheet 7 of 7 Index Category Description Possible Workaround 65 OpenFlow OpenFlow packet modify action supports N A VLAN setting VLAN ID setting VLAN prior ity and stripping VLAN header for QinQ packets 66 OpenFlow Output can only be set to flood physical N A port normal controller and drop 67 OpenFlow OpenFlow EtherType matching rule can be set N A to one of IPv4 IPv6 ARP RARP FCoE and 2 user defined Ethertypes 68 OpenFlow OpenFlow ICMP packet matching rule does N A not include type and code 69 DCBX Enabling LLDP triggers a faulty notation of N A PFC oper state This status should be ignored 70 DCBX There is no automatic fallback between IEEE N A and CEE 71 DCBX When moving from DCBX CEE to DCBX After mode change the IEEE TLVs may be sent inappropriately TLVs to be sent must be reset 72 DCBX DCBX auto select type IEEE CEE is not sup DCBX type should be ported selected manually 73 Chassis Management
36. ption to forward to mrouter ports option reduces the amount of supported VLANs to 250 41 IGMP Snooping There is no possibility to have more than one After enabling IGMP mrouter port on a single VLAN if IGMP snooping on that VLAN snooping is disabled for that VLAN the user needs to re add the mrouter ports on that VLAN 42 IGMP Snooping When no IP interfaces exist on the switch the Create an interface VLAN default IGMP querier address is 10 0 0 1 with the required IP address and reconfigure the IGMP querier on the required VLAN 43 IGMP Snooping IGMP snooping is limited to a single MC IP N A per MC MAC 44 LLDP LLDP notifications are not supported N A 45 LLDP The mgmt0 mgmt IPv6 addresses and the N A management address are not advertised on LLDP TLV s 46 LLDP When configuring LLDP with PFC ona LAG After switch reload after switch reload the LLDP does not show reconfigure the PFC the PFC configuration anymore LLDP on the LAG using the command interface ethernet x y z lldp tlv select dcbx 47 LLDP LLDP ifIndexes do not match the ones pub Use the ifDescr and fields lished in the ifTable in IEEE 802 1 48 ACLs Packets dropped by the switch due to conges N A tion or ACL rules are added to the bad type counter of the matching VLAN interface 49 ACLs When IP Routing is enabled the maximum N A number of ACLs that can be configured 1s 3 Table 6 Ethernet Known Issues Sheet 6 of 7 Index 50
37. ription Possible Workaround 11 IP Routing In IP Routing mode multicast or broadcast N A packets such as ARP may be counted as discard in case only one interface is a member of the VLAN These kind of packets do reach the CPU for processing The progressing counter can be ignored 12 IP Routing Errors in the log may appear when using N A ECMP routes if next hop belongs to a VLAN interface which lies on port channel whose links operational state is toggling 13 IP Routing If there 15 a static ARP on top of an interface N A VLAN and ECMP route with its next hop equal to the static ARP entry and if the static ARP owner is not responding to ARP requests then performing shutdown and no shutdown to the interface VLAN within a minute causes errors to appear on the log These errors may be safely ignored 14 IP Routing ARP aging timeout minimum value is 240 N A After upgrade to release 3 3 3500 any value lower than this is clamped to 240 15 IP Routing The configuration of ip arp timeout does not N A affect entries related to gateway out of band or management interfaces 16 IP Routing If the number ARP entries configured on a sys Power cycle the system tem is over the permitted limit the machine becomes overloaded and hangs 17 IP Routing If static route next hop of a VLAN interface is Make sure to configure configured before configuring its subnet that the VLAN interface sub configured route is not added to the
38. st IGMP and in the User Manual GA support for IGMP Querier See section 5 8 3 Snooping Querier in the User Manual Added SNMP traps for VLAN Interface MLAG port channel and Port channel SNMP link up down events SNMP Added MSTP MIBs traps support Release 3 3 5006 Ethernet Switching GA support for MLAG ACLs Added MAC based VLAN ACL IP Routing GA support for MAGP Mellanox Technologies Confidential 9 Table 4 Ethernet Changes and New Features Category Description IP Routing GA support for VRRP IP Routing GA support for IGMP IP Routing Alpha support for PIM OSPF Loopback interface on OSPF OSPF Added new OSPF MIB Traps Release 3 3 4664 IP Routing Alpha support for MAGP IP Routing Alpha support for VRRP SNMP Added cable info entries to entPhysicalTable SNMP Added support for SNMP to trigger SNMP test trap via SNMP set command See section MLNX EFM MIB SNMP Added system identifier MAC address to test trap Release 3 3 4402 General Added new certificate hashing algorithm sha256 See section Cryptographic X 509 IPSec in the User Manual General The command show configuration full is no longer supported CLI Added support for command output filtering See section Command Output Filtering in the User Manual DCBX Added support for LLDP DCBX CEE TLVs Release 3 3 4304 General Added End User Licens
39. und in Mellanox support website Added support for event notification to monitor Logging Refer to Event Notification section in the User Manual Chassis Management User Interfaces Improved temperature control algorithm Improved login timeout mechanism NSSA area type support OSPE Refer to area nssa command in the OSPF chapter of the CLI guide Release 3 3 4000 Systems SX1012 supported at GA level General Bug fixes Release 3 3 3500 IP Routing OSPF support GA level Management In band management Interfaces Ethernet Switching Ethernet Switching Port mirroring sFlow IP Routing OSPF support beta level Mellanox Technologies Confidential 11 4 Known Issues The following sections describe MLNX OS known issues in this software release and possible workarounds For hardware issues please refer to the switch support product page 4 1 General Known Issues Table 5 General Known Issues Sheet 1 of 4 Index Category Description Workaround 1 Management The command reset factory keep basic N A Interfaces removes management IP configuration 2 Management The CLI command ip default gateway Delete the entry by using Interfaces interface sets the gateway address to the command no ip 0 0 0 0 and prevents the user from adding other default gateway gateways 3 Management T
40. version Table 9 List of Security Bug Fixes CVE Description CVE 2013 7423 The send_dg function in resolv res_send c in GNU C Library aka glibc or libc6 before 2 20 does not properly reuse file descriptors which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getad drinfo function CVE 2014 0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2 20 allow context dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a dot dot in a 1 LC_ 2 LANG or other locale environment variable CVE 2014 3570 The BN sqr implementation in OpenSSL before 0 9 8zd 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k does not properly calculate the square ofa BIGNUM value which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors related to crypto bn asm mips pl crypto bn asm x86_64 gcc c and crypto bn bn asm c CVE 2014 3571 OpenSSL before 0 9 8zd 1 0 0 before 1 0 0p and 1 0 1 before 1 0 1k allows remote attack ers to cause a denial of service NULL pointer dereference and application crash via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body related to the 40151 get record function in dl pkt c and the 5513 read n function
41. ytes on top N A of the set MTU 2 Ethernet Interfaces In case of faulty cable rise time of other inter N A faces in the system may be delayed Mellanox Technologies Confidential 15 J Table 6 Ethernet Known Issues Sheet 2 of 7 Index Category Description Possible Workaround 3 Ethernet Interfaces 40GDbE passive copper cable of 5m length Replace copper cable with might experience link rise issues when con fiber cable nected to some 3rd party 40GbE interfaces 4 Ethernet Interfaces Default MTU is modified as 1500 instead of N A 1522 5 Ethernet Interfaces There are no port counters for packet sizes N A 1518 1522 6 Ethernet Interfaces Traffic loss may occur when enabling flow N A control on a packet with an MTU larger then 8K on SX1012 7 Ethernet Interfaces LAG cost is not calculated correctly N A 8 Ethernet Interfaces 56Gb s speed is not supported on SwitchX N A 1 ASIC 9 Ethernet Interfaces If using eth single swid system profile static N A ARP cannot be configured on the mgmt0 inter face without an L3 license 10 User Interfaces SX1012 hybrid cable information may not N A appear on WebUI CLI 11 Convergence time of port removal froma LAG Shut down the port prior exceeds the specification by up to 30 seconds of removing it from the LAG 12 LAG Traffic running over LAG may not be evenly N A distributed when testing sma
Download Pdf Manuals
Related Search