IBM RackSwitch G8264CS Version 7.7.5.0 (Released August 2013) ** Changes since the 7.7.3.0 release ** Enhancements: None Changes: - Dynamic link aggregation (LACP) ports that are not able to converge with peer ports will now result in a link-down state. This will occur when ports configured as members of an LACP trunk are connected to non-LACP ports. This is expected behavior. When connecting different IBMNOS products using LACP ports, it is recommended to install complimentary firmware versions (e.g., 7.7.5) on each device to ensure matching LACP behavior. - Added support for a new front-to-back airflow power supplies (part numbers 94Y8104 and 94Y8105). Fixes: - Inefficiencies in the SNMP-processing code could result in high CPU utilization, SNMP client time-outs, protocol flaps, or a switch reset by the Hardware Watchdog. (66769, 70649) - User-configured ACL Deny rules were not being respected for packets with a Layer-4 (TCP) port of 22 or 23 (i.e., SSH and Telnet, respectively). (69126 / XB202484) - A prolonged period of high CPU utilization can lead to protocol-thread starvation. In one such case, LACP PDUs were not being sent by the CPU, leading to the break down of the LACP trunk forming the ISL in a vLAG topology. The ISL trunk ports that had previously been in the STP Discarding state would then errantly go into the Forwarding state, resulting in flooding of STP BPDUs into the network, and the inevitable network loop. (70887) - A hang of the Switch's I2C bus could occur, leading to a reset of the Switch by the hardware watchdog. (71721) - The SNMP dot1qVlanCurrentEntry OID was not being populated, resulting in SNMP Walks being stuck indefinitely at that point. (71785) - Disabling LACP (from the peer device) on a member port of an LACP trunk that also has STP disabled would result in the port being errantly displayed as FORWARDING in the output of the "show spanning-tree stp" command (and via the BBI), when in fact the port would be in the BLOCKING state (as designed). (71805, 71822) - Inefficiencies in the periodic polling of I2C devices would result in a persistent high CPU-utilization condition. (71814) - Deleting the LACP key (from the peer device) on a member port of an LACP trunk that also has STP disabled would result in the port errantly going into the FORWARDING state. (71841) - With STP in PVRST mode and with a high active-port/STG product, a memory leak could occur while processing BPDUs (this was demonstrable with 47 ports active and more than 127 STGs configured per port). Over time, the memory leak could lead to a reset of the switch by the Memory Monitor. (71844) - A crash would occur when issuing the "show ufp info vport" command without explicitly specifying a vport number. (71951) - A watchdog timeout could occur if an IGMPv3 Report packet was received with the invalid source-IP address of 0.0.0.0. (71749) - Receiving multicast packets on server-facing ports at a high rate could cause FCoE sessions to go down momentarily. (XB148188) - Attempting to set port speed via the CMM would fail. (XB171317) - If the CMMs had "Failover on Physical Network Link" enabled (default), and the network link of the Active CMM went down, ports INTB1 and INTB2 could get disabled when the Standby CMM became active. (XB172285) - An IP address could not simultaneously be configured as a global DHCP server address, and a broadcast-domain DHCP server address. (XB172381) - A crash would occur while handling an SNMP “Get” Request for the Object that contains UFP information pertaining the switch (OID 1.0.8802.1.1.2.1.4.1.1.12.2700.65.4). (XB194463, XB202919) - A crash could occur if an FCoE-related CLI command was issued while the external management port was being flooded with packets. (XB199890) - If in Stacking mode, the switch would no longer receive time-sync updates from NTP servers over IPv6 interfaces after a CMM failover. (XB200147) - NTPv3 authentication information was being added to outgoing NTP Client Requests, even when authentication was disabled on the Switch. The consequence was that NTP servers that do not support authentication would discard the requests (i.e,, not respond to the Client Requests). (XB204541) - A crash could occur while handling an HTTPS request if the connection to the client was suddenly terminated while handling the transaction. (XB205895) - If the switch's Hostname was used to access the switch via BBI (i.e., relying on DNS instead of inputting the raw IP address), attempting to perform an image upgrade would result in redirection to a blank page. (XB206876) ====================================================================== IBM RackSwitch G8264CS 7.7.3.0 (Released, June 2013) ------- Enhancements: VMReady coexistence with QBG ---------------------------- In the previous releases, VMready and QBG cannot be enabled at the same time on the switch system due to conflicting behavior. In this release, the user is allowed to run both VMready and QBG at the same time on the same switch system. Debug enhancements ------------------ Added debug commands to provide more detail than shown in current counters. New commands added for LACP packets and spanning tree BPDU packets. Diff flash support in iSCLI --------------------------- Provided a command in iSCLI to display the differences between the running configuration and the saved configuration. This functionality is currently available in IBMNOSCLI and is now added to the iSCLI. VMcheck ------- Provide MAC checking mechanism to prevent untrusted devices from spoofing the MAC of a trusted device and gaining access to the VM network. When VMcheck is enabled on an ESX server port virtual machines are only allowed to use their assigned MAC address. VMcheck can be configured to disable port, drop packets only from intruding MAC, only send a log if MAC checking detects a VM transmitting with a different MAC address than what is listed in VMware’s Vcenter. Host Resources MIB(RFC-1514) ---------------------------- Provided support for standards based HOST-RESOURCES-MIB defined in RFC 2790 allowing the switches to be managed by standard objectIDs. Host resources mib defines a uniform set of objects to manage host devices that are independent of the vendor, software or network capabilities. Implementation of the system and interface groups is mandatory. Terminal-length 0 persistent ---------------------------- Provided isCLI commands for configuring the terminal length for CLI sessions. The commands saved in the flash for persistency across resets. Runtime option to change the terminal length for the current session without affecting the saved configuration. Manual Reflective Relay mode for SRIOV/VEPA NICs ------------------------------------------------ Reflective relay is a basic feature on switch. Manual reflective relay means configuring reflective relay manually by user. Currently, reflective relay is enabled by Qbg automatically when EVB profile is enabled on port, and peer server requests it via LLDP. Meanwhile there is no interface for user to configure. In this release we added the option to manually configured reflective relay by user, especially when Qbg is disabled. IPv6 Address support with VSIDB ------------------------------- The servers on FSM use IPv6 address by default and support IPv6 HTTP server. But IPv6 HTTP client has not been supported by VSIDB so far. In this release, we added the support of IPv6 HTTP client to communicate to VSIDB. Duplicate IP Detection ---------------------- The switch uses a simple mechanism to detect if two hosts on the same subnetwork are using the same IPv4 address at the same time. The switch sends a gratuitous ARP request for its own IP address. If it receives an ARP response, it sends a syslog message with the IP address and MAC address of the host that is using its IP address. DHCP Option 7 and option 12 --------------------------- These features enhance the DHCP client support on the switch to support Option 12 which defines the configuration of hostname and Option 7 which is used to get the syslog server address from DHCP server. Enhanced Password security -------------------------- This feature provides stronger login enforcements for userIDs and password by forcing the local user passwords to be case sensitive, 8-64 character mix of uppercase letters, lowercase letters, numbers, and special characters, including at least one of each. Configurable port for SFTP -------------------------- This enhancement provides an option to perform SFTP operations on the switch using port numbers that can be configured explicitly (different from standard port 22) BGP multipath relax ------------------- This functionality allows load balancing across different autonomous system paths that have equal AS path length. SMIS IPv6 support ----------------- The Storage Management Initiative - Specification (SMIS) protocol was introduced in the last release to provide the management of storage devices within the fiber channel fabric. In this release we introduced support to configure IPv6 switch management addresses. LACP Suspend Port ----------------- This feature provides the capability to allocate an assigned trunk to LACP ports by LACP key, which avoids a potential traffic loop caused by mis-connection or error configuration. Static ARP entry with mcast address ----------------------------------- Provide solution to allow static unicast ARPs with multicast MAC entries to support networks using Microsoft NLB. IBM NOS now allows two enhancements: a multicast address is now configured as a static ARP entry and the static ARP entry does not require the port to be defined. VMReady Distributed vswitch support ----------------------------------- Starting from this release VMReady distributed vswitch support and VMCheck features are supported in stacking mode. NTP Client Display Improvements: --------------------------------- The Network Time Protocol (NTP) is widely used to synchronize computer clocks in the Internet. With the NTP service enabled, the switch can accurately update its internal clock to be consistent with other devices on the network. The "show ntp" command has been updated with details like clock offset, stratum, reference clock etc. NTP enhancements have been provided to minimize the number of syslogs sent when NTP sync fails and when the system clock is updated. SNMP and BBI Support for OSPFv3 and MLDv2 ----------------------------------------- IPSec feature was provided in 6.7 release but only in command line interfaces. This release addded configuration and monitoring support for MLDv2 via the BBI and SNMP interfaces. SNMP trap for power failure --------------------------- The IBM RackSwitch has hot-swappable redundant power supplies that can be monitored. When one power supply fails/is removed, the switch will send a failure notification SNMP trap. When the power supply returns to normal operation the switch will send another notification SNMP trap. RFC5340 Support (OSPFv3 IPv6) ----------------------------- Modifications to OSPF for IPv6 in order to update it from current supported RFC2740 to newer RFC5340. Distributed vSwitch and vSphere 5.0 ----------------------------------- A distributed vSwitch (dvSwitch) spans across multiple hypervisors in a data center and simplify virtual machine networking by enabling the administrator to set up virtual machine networking for the entire datacenter from a centralized interface. SNMP: need 8 RO & RW communities -------------------------------- Update switch SNMP incoming packet processing to support 8 read community strings and 8 write community strings. BGP Route Reflector ------------------- Route reflector (RFC 4456) is a technique to avoid the large number of sessions between IBGP peers. Typically BGP requires that IBGP peers should be in a full mesh topology. For a large number of peers scaling problems may appear. A route reflector(RR) basically is a router which distributes routes received from an IBGP peer to another IBGP peer. Qbg/Vepa phase 2 ---------------- Enable 802.1QBG support with Virtual Ethernet Port Aggregator (VEPA) mode (also called reflective relay) per port. BGP Debug --------- This feature will allow administrator to turn on log for BGP update message sent/received from/to a particular neighbor.