RackSwitch G8264 Firmware Release Version 7.6.7.0 (Released October 2013) ** Changes since the 7.6.6.0 release ** Enhancements: None. Changes: None. Fixes: - Inefficiencies in the SNMP-processing code could result in high CPU utilization, SNMP client time-outs, protocol flaps, or a switch reset by the Hardware Watchdog. (66769, 70649) - A crash would occur when routing packets to an unreachable IPv6 gateway. (68081) - A watchdog timeout could occur if an IGMPv3 Report packet was received with the invalid source-IP address of 0.0.0.0. (71749) - BGP neighborship sessions would flap when receiving BGP route messages that contained community attributes (XB194426) - A crash could occur while handling an HTTPS request if the connection to the client was suddenly terminated while handling the transaction. (XB205895) - The ACL logging feature would not report incoming packets that matched an ACL qualified by a TCP or UDP destination port. (XB208108) - A crash would occur if a data port was used to upload a file to an FTP server, if the file already existed on the server and had read-only access permissions. (XB209257) - A crash would occur if the traceroute command was executed with an IPv6 address specified, and no IPv6 management interfaces were configured. (XB215717) - A crash would occur if a ping was issued to a random host name, and an IPv6 DNS server was unreachable or non-existent (XB216882) - A crash would occur during a second attempt to authenticate a user via an unreachable or non-existent LDAP server. (XB217674) - A crash would occur if a TFTP upload or download was attempted, and no IPv6 interfaces were configured. (XB218041) - The switch's Browser-based Interface (BBI) was vulnerable to attacks by Web scanning tools, potentially resulting in crashes. (XB218795) - A crash would occur when receiving a random sequence of IGMPv3 reports that were interleaved from different Multicast receivers. (XB219263) - Invalid TCP packets (e.g., having both SYN and FIN flags set) received by the switch would not be discarded, resulting in a potential security vulnerability. (XB220985) ====================================================================== RackSwitch G8264 Firmware Release Version 7.6.6.0 (Released July 2013) ** Changes since the 7.6.5.0 release ** Enhancements: None. Changes: None. Fixes: - A Security vulnerability existed in the OSPFv2 Routing Protocol that is used in IBM System Networking Ethernet Switches (CVE-2013-0149). - A Security vulnerability existed in IBM Switches which support Fibre Channel over Ethernet (FCoE), in that data frames were being flooded out of every port if the destination address was not in the MAC table. (CVE-2013-0570). ====================================================================== RackSwitch G8264 Firmware Release Version 7.6.5.0 (Released July 2013) ** Changes since the 7.6.4.0 release ** Enhancements: None. Changes: None. Fixes: - In a Hotlinks topology, copying either the active or backup configuration to the running configuration could lead to the HotLinks standby interface being put into the forwarding state, resulting in a network loop. (68596) - A prolonged period of high CPU utilization can lead to protocol-thread starvation. In one such case, LACP PDUs were not being sent by the CPU, leading to the break down of the LACP trunk forming the ISL in a vLAG topology. The ISL trunk ports that had previously been in the STP Discarding state would then errantly go into the Forwarding state, resulting in flooding of STP BPDUs into the network, and the inevitable network loop. (70887) ======================================================================= RackSwitch G8264 Firmware Release Version 7.6.4.0 (Released April 2013) New and Updated Features: Local proxy ARP: - Local proxy ARP enables the switch to send ARP replies on configured interfaces for Layer-2 communication which normally would not need to acknowledge ARP requests. This feature is useful in secure-network designs where Layer-2 devices on the same logical subnet are physically disconnected. IBM NOS requires that the ICMP-Redirect function be disabled on the switch when Local Proxy ARP is enabled. The Local Proxy ARP feature is configurable on a per-interface basis. VRRP Next Hop: - Next-hop tracking provides a mechanism that allows VRRP failover decisions to be based on the availability of a remote device. The device's availability is determined by its replies to ping or ARP requests. Up to four addresses can be configured per virtual-router. Tracking based on next-hop, and the associated priority-increment value are configurable via the VRRP menu. Changes: None. Fixes: - With Putty SSH client version v0.61 or later, if the amount of data being transferred is larger than the Putty Channel Window (16KB), the client will send an SSH channel request to the server. The issue was that the switch would misinterpret this request and erroneously close the session, and display the "ERROR in processing the SSH message(payload too large)" message at the terminal. (65974) - Polling the Forwarding Database via SNMP would result in prolonged high CPU utilization if the same MAC addresses were learned in multiple VLANs. This would make it difficult for the CPU to process BPDUs in a timely manner, possibly resulting in an STP topology change. (66621) - A crash would occur when booting if the "logging synchronous" command was in the startup configuration. (66885) - FTP sessions established over an IPv6 interface could close unexpectedly during data transfer. (67076) - A crash would occur during reboot if the "no tacacs-server enable-bypass" command was present the start-up configuration, but the "tacacas-server enable" command was not. (67376) - A crash could occur when polling the Forwarding Database via SNMP. (67410) - With Hotlinks configured, the STP configuration would be lost when the mode was changed from RSTP to MSTP. (67522) - During boot-up with a large OpenFlow configuration, if "fdb-timeout" was configured and the value was set to less than the time it took to apply the configuration, the boot process would not complete (i.e., the login prompt would never be presented). (67611) - After disabling the Virtual Router group, the "show running" command would erroneously display the factory default information for the group. (67667) - A Watchdog timeout could occur in a Stacking configuration with Teaming enabled. (68142) - If the LACP member port for which the PBR next-hop ARP entry was associated went down, traffic destined for the next-hop router would temporarily be lost. (68150) - After a VRRP fail-over (i.e., the Master switch goes down), the route to the PBR next-hop Router would not always be reestablished after the Backup switch became the Master, and traffic would not resume. (68352) - In a Hotlinks topology, copying either the active or backup configuration to the running configuration could lead to the HotLinks standby interface being put into the forwarding state, resulting in a network loop. (68596) =============================================================================== Version 7.6.3.0 (Released February 2013) ** Changes since the 7.6.1.0 release ** New and Updated Features: None. Changes: - Added support for power supplies that meet the new China Compulsory Certificate (CCC) requirements for altitude and humidity. (68355) Fixes: None =============================================================================== Version 7.6.1.0 (Released December 2012) New and Updated Features: ======================== BGP Route Reflection: --------------------- Route Reflection is a technique to avoid a large number of sessions between IBGP peers. In this release, support for RFC4456 (BGP Route Reflection - An Alternative to Full Mesh Internal BGP (IBGP)) has been added. SNMP: Support for 8 Read-Only and Read-Write communities: --------------------------------------------------------- This release adds support for 8 read-community names(Read-Only), and 8 write-community names(Read-Write) with SNMPv1 and SNMPv2. RFC5340: OSPF For IPv6: ----------------------- The switch was previously compliant with RFC2740. Starting with this release, the switch is compliant with RFC5340, which supersedes RFC2740. VLAG and PIM Support: --------------------- Previous releases supported IP Multicast routing through the PIM protocol. Also previously supported was the VLAG (Virtual Link Aggregation) protocol. This release adds support for PIM over a vLAG topology, so that the most efficient multicast routing can be achieved in a vLAG topology. NTP Client Display Improvements: --------------------------------- The Network Time Protocol (NTP) is widely used to synchronize computer clocks in the Internet. With the NTP service enabled, the switch can accurately update its internal clock to be consistent with other devices on the network. In this release, the "show ntp" command has been updated with such details as clock offset, stratum, and reference clock. Also in this release is a dampening of the number of syslog messages generated when the system clock is updated or if NTP synchronization fails. Cisco-like CLI: --------------- As part of this change, some existing ISCLI commands have been modified to look more like those in Cisco's IOS. The commands chosen for modification in this release are ones frequently used for VLAN, Port, and STP configuration. With these changes, those familiar with Cisco-IOS CLI can more readily configure the IBM-NOS VLAN, Port, and STP modules. Openflow Phase3: ---------------- Openflow enhancements including Hybrid mode, etc., have been added in this release. VMReady Distributed Vswitch support and VMCheck Stacking support: ----------------------------------------------------------------- Starting with this release, the VMReady Distributed Virtual Switch and VMCheck features are supported in Stacking mode. SNMP traps from members in stacking mode: ----------------------------------------- Added in this release is support for sending essential Traps like over-temperature conditions and hardware failures (e.g., fans and power supplies) for Member switches in a Stack. Support for 4K VLANS: --------------------- Increased the scalability of VLANS from 2K to 4K