background image

10

Patch Release Note

Patch 86222-22 for Software Release 2.2.2

C613-10319-00 REV U

VRRP used the wrong source IP address in ICMP redirects. RFC 2338 states 
that the source IP address of ICMP redirects should be the IP address that 
the end host used when making its next hop routing decision. In the case of 
a packet sent to a VRRP virtual MAC address, this is the primary VRRP IP 
address associated with the MAC address, provided such a VR exists and is 
in the master state. This issue has been resolved.

The SIZE functionality on the IP filter was not working for IP fragmented 
packets. This issue has been resolved.

Features in 86222-19

Patch file details for Patch 86222-19 are listed in Table 4:

Patch 86222-19 includes all issues resolved and enhancements released in 
previous patches for Software Release 2.2.2, and the following enhancements:

When OSPF was calculating routes from an AS external LSA and the AS 
external router had two next hops with different metrics, the router 
erroneously added two routes instead of one route with the best metric. This 
issue has been resolved. Also, when the two equal cost routes were on the 
same IP interface, but to different next hops, the router sent the packets to 
the wrong MAC address. This issue has been resolved.

STP always transmits untagged packets. If a port does not belong to a 
VLAN as an untagged port, then the port must belong to one VLAN as a 
tagged port. In this case, STP should transmit VLAN tagged packets out of 
the port.

The IP, MASK, and ACTION parameters could not be set with the SET IP 
ROUTE FILTER command.  This issue is resolved when the filter number is 
specified at the start of the command, for example:

   SET IP ROUTE FILTER=

filter-id 

IP=

ipadd 

MASK=

ipadd 

ACTION={INCLUDE|EXCLUDE}

where: 

filter-id

 is the filter number.  Filter numbers are displayed in the 

output of the SHOW IP ROUTE FILTER command.

PCR: 02304

Module: VRRP

Network affecting: No

PCR: 02317

Module: IPG

Network affecting: No

Table 4: Patch file details for Patch 86222-19.

Base Software Release File

86s-222.rez

Patch Release Date

11-Jun-2002

Compressed Patch File Name

86222-19.paz

Compressed Patch File Size

364584 bytes

PCR: 02018

Module: OSPF

Network affecting: No

PCR: 02098

Module: STP

Network affecting: No

PCR:  02123

Module: IPG

Network affecting: No

Summary of Contents for Rapier Series

Page 1: ...m www alliedtelesyn co nz documentation documentation html AR800 Series Modular Switching Router Documentation Set for Software Release 2 2 1 available on the Documentation and Tools CD ROM packaged with your switching router or from www alliedtelesyn co nz documentation documentation html WARNING Using a patch for a different model or software release may cause unpredictable results including dis...

Page 2: ...isible with a SHOW FFILE command During compaction if the amount of free space was less than two erase blocks including the spare erase block the file system erroneously reported that a large amount of space was available for a new file due to an underflow problem When a new file was written it would corrupt existing data If the file system was completely full and the deletion of a single file led...

Page 3: ...now shows the number of trigger activations for the Upmaster and Downmaster triggers DHCP RENEW request messages are now unicast as defined in the RFC not broadcast If a problem occurred with NVS some critical files were lost As a result the equipment was forced to load only boot ROM software at boot time This patch combined with the new version of the boot ROM software pr1 1 2 0 for the AR700 ser...

Page 4: ...ded for the reserved IP address This issue has been resolved Features in 86222 21 Patch file details are listed in Table 2 Patch 86222 21 includes all issues resolved and enhancements released in previous patches for Software Release 2 2 2 and the following enhancements Locally generated ICMP messages that were passed out through a firewall interface because they were associated with another packe...

Page 5: ...ere corrupted This issue has been resolved IGMP failed to create an automatic IGMP membership with no joining port when it received multicast data that no ports were interested in when IP TimeToLive was set to 1 second Also IGMP erroneously sent a query on an IGMP enabled IP interface even when IGMP was disabled These issues have been resolved In the ADD SWITCH L3FILTER command the EPORT parameter...

Page 6: ...sent packets before the session was established with the host on the private side of the firewall This issue has been resolved Some FTP packets handled by the firewall were forwarded with incorrect sequence numbers causing FTP sessions to fail This issue has been resolved When passing 64 bit counters in an SNMP packet only the lower 32 bits were passed Now the full 64 bits of the counter will be r...

Page 7: ... Static DHCP entries now return to the correct state when timing out DHCP entry hashes now have memory protection to prevent fatal errors DHCP client now retransmits XID correctly Lost OFFER messages on the server are now handled correctly The DHCP server now correctly handles DHCP clients being moved to a different interface on the DHCP server after they ve been allocated an IP address Responses ...

Page 8: ...l value The entry now shows the CPU s port value Sometimes the Firewall erroneously used NAT This issue has been resolved A dual Ethernet router was incorrectly accepting an IP address from a DHCP server when the offered address was on the same network as the other Ethernet interface An error is now recorded when DHCP offers an address that is in the same subnet as another interface When a n LF ch...

Page 9: ... fix synchronisation of the software forwarding database with the hardware table Some routes were not added into the OSPF route list and therefore were not added into the IP route table This issue has been resolved The CREATE CONFIG command did not save the SOURCEPORT parameter to the configuration file when the low value of the source port range was set to zero This issue has been resolved Existi...

Page 10: ... with the best metric This issue has been resolved Also when the two equal cost routes were on the same IP interface but to different next hops the router sent the packets to the wrong MAC address This issue has been resolved STP always transmits untagged packets If a port does not belong to a VLAN as an untagged port then the port must belong to one VLAN as a tagged port In this case STP should t...

Page 11: ... been added The trap is triggered when a DHCP request cannot be satisfied The gateway address and the interface address are sent as trap variables The range table shows which range was exhausted A debug variable swiDebugBroadcomParityErrors has been added to the SWI module MIB to count the SDRAM parity errors in the packet memory of the Broadcom switch chip Packets traversing in and out of the sam...

Page 12: ...n the mean time This patch also improves the performance of flow cache updates If the FILE module was required to re write a file the existing file would be deleted before the size of the new file was known This issue has been resolved OSPF virtual links running across a single network segment would accept 0 0 0 0 as the next hop address This was inherited by derivative routes making them unusable...

Page 13: ...is section of memory and misinterpreted the result as a low Vpp voltage Also errors occurred during FLASH compaction These issues have been resolved Features in 86222 16 Patch file details for Patch 86222 16 are listed in Table 6 Patch 86222 16 includes all issues resolved and enhancements released in previous patches for Software Release 2 2 2 and the following enhancements The SET SWITCH L3 FILT...

Page 14: ...configuration of other ports was corrupted This issue has been resolved The TickTimer ran one percent slower than it should have This issue has been resolved Static ARPs can now be added to tagged vlans When an IP flow table contained the IP flow structure for a spoofed packet the SHOW IP FLOW command would crash when executed This issue has been resolved PCR 02099 Module DHCP Network affecting No...

Page 15: ...02011 in Patch 12 sometimes caused a fatal error This issue has been resolved The SHOW IP ROUTE FILTER command output displayed counters for passes and include that were the same This issue has been resolved Counters now increment only when a filter is active and do not count interface routes PCR 02019 permitted the reception of packets by the CPU that should have been discarded This issue has bee...

Page 16: ...e not correctly decremented This issue has been resolved If a layer 3 hardware filter for a particular packet type e g Netbeui was configured all IP packets destined for the CPU were discarded This issue has been resolved Features in 86222 12 Patch file details for Patch 86222 12 are listed in Table 10 Table 10 Patch file details for Patch 86222 12 Patch 86222 12 includes all issues resolved and e...

Page 17: ... OSPF packets higher priority to expedite OSPF convergence A new feature permits hardware filtering by the Rapier family based on the Ethernet frame type The TYPE parameter TYPE 802 ETHII SNAP has been added to the following commands ADD SWITCH L3FILTER ENTRY ADD SWITCH L3FILTER MATCH SET SWITCH L3FILTER ENTRY SET SWITCH L3FILTER MATCH SHOW SWITCH L3FILTER A physical port could not be re enabled o...

Page 18: ...e PPP default of 1500 to 1492 This issue has been resolved IGMP did not send the Start Up Query and the Other Querier Present Timer did not change the Time Out value accordingly if Query Interval was changed IGMP did not notify other registered parties PIM and DVMRP when a port was deleted from a membership group IGMP reported a membership leave to other parties while it was still waiting for a re...

Page 19: ... enhancements When a Rapier CPU was handling a large amount of traffic and a busy egress port went down it was possible for the transmission of packets by the CPU to cease This issue has been resolved When trunking was in operation in some instances the switch transmitted tagged packets on untagged trunk ports This issue has been resolved When a switch port was forced to half duplex mode and the l...

Page 20: ... STP forwarding is enabled all STP forwarding is ignored and all BDPUs received on a port are forwarded on all other ports The switch now delays sending link traps immediately after a restart to give the link to the trap host time to come up A similar change has been made for the cold start trap After a 10s delay all interfaces which are UP have a link trap generated for them After that link traps...

Page 21: ... was not possible to select the T1 mode of operation regardless of the jumper setting This issue has been resolved A fatal error occurred when the firewall discarded disallowed multicast packets This issue has been resolved Features in 86222 08 Patch file details for Patch 86222 08 are listed in Table 14 Patch 86222 08 includes all issues resolved and enhancements released in previous patches for ...

Page 22: ...rrectly handles request messages containing request list options not supported by the router The router would accept TCP sessions with destination address the same as the subnet broadcast address for one of the router s interfaces Firewall generated packets destined for a subnet broadcast address on one of the routers interfaces would cause a fatal error These issues have been resolved A watchdog ...

Page 23: ...ation conforms to RFC 1541 ISAKMP quick mode exchanges are now committed if any traffic is received over the newly generated SA This improves stability in very lossy networks where the commit message may get lost ISAKMP debugging caused a fatal error when the debugging mode was set to ALL and PFS was enabled This issue has been resolved PPPoE interfaces with IDLE set to ON would not retry active d...

Page 24: ...essage in the message age of the BDPU it transmitted Also the message age of the message transmitted BDPU could be less than that of the received BDPU which contravenes IEEE 802 3d This issue has been resolved Reception of incorrectly tagged packets was causing corruption of the ARL table eventually causing the switch to lock up This issue has been resolved Tagged packets with invalid VLAN identif...

Page 25: ...ase 2 2 2 and the following enhancements The power supply voltages of the base board PHYs on a Rapier G6 are controlled by a PHY register value which was incorrectly set This issue has been resolved In PIM Dense Mode if a data stream started before PIM hello messages were exchanged the receiver did not get the data stream This issue has been resolved The Rapier G6 base ports sometimes experienced ...

Page 26: ...rom a configuration script are now processed correctly A fatal error occurred if an IPv6 interface was deleted while packets were being transmitted The number of current interfaces was not being updated correctly when a new IPv6 interface was added As a result after multiple additions and deletions no more IPv6 interfaces could be added These issues have been resolved The CREATE CONFIG command now...

Page 27: ...resolved Features in 86222 04 Patch file details for Patch 86222 04 are listed in Table 18 Patch 86222 04 includes all issues resolved and enhancements released in previous patches for Software Release 2 2 2 and the following enhancements Message protection validation failures would occur intermittently This issue has been resolved ISAKMP now interoperates with other vendor s products in aggressiv...

Page 28: ... been resolved RSA encryption is now periodically suspended to ensure other processes get some CPU time during large RSA calculations The CREATE ISAKMP command now checks that the key specified by the LOCALRSAKEY parameter actually exists in the ENCO module The INTERFACE parameter of the CREATE TRIGGER and SET TRIGGER commands now supports Ethernet interfaces Ethernet interface events can now gene...

Page 29: ... corrected The VALID parameter specifies the life of the address and defaults to INFINITE The address is deleted when the lifetime expires The PREF parameter specifies the time that the address is the preferred address of the interface and defaults to INFINITE PREF must be less than or equal to VALID IPV6 now checks and ensures that if either PREF or VALID is specified PREF is less than or equal t...

Page 30: ...are Release 2 2 2 C613 10319 00 REV U Availability Patches can be downloaded from the Software Updates area of the Allied Telesyn web site at www alliedtelesyn co nz support updates patches html A licence or password is not required to use a patch ...

Reviews: