What's New
This document supports the Cumulus Linux 5.17 release, and lists new features and enhancements.
- For a list of open and fixed issues in Cumulus Linux 5.17, see the Cumulus Linux 5.17 Release Notes.
- To upgrade to Cumulus Linux 5.17, first check the Release Considerations below, then follow the steps in Upgrading Cumulus Linux.
What’s New in Cumulus Linux 5.17
Cumulus Linux 5.17 contains new features and improvements, and provides bug fixes.
New Features and Enhancements
- TACACS+ Server-side Per-command Authorization
- Lossless headroom size based on small packet probability (Beta)
- Dynamic ECN (Beta)
- Allow LLDP on 802.1X unauthenticated ports
- Interface debounce timer (link dampening)
- Revert to DHCP if the ZTP URL is not reachable
- BFD offload support for BFD sessions based on the IPv6 link-local address
- Docker Resource Governance & Policy Agent (GA)
- LLDP BGP Route Redistribution Extension (Beta)
- BGP/LLDP X-Plane multi-plane’d GPUs with disjoined planes (EVPN based deployments) (Beta)
- Routing Convergence Enhancement for full connectivity loss (all links Up/restart)
- Integrate logs in tc_log to the syslog, and update log level
- Granular LLDP TLV definition and control
- Support PFC headroom pool (MAYBE OUT for 5.16)
- NVUE
- NVUE command to show secure boot status and details
- nv show interface <interface-id> qos roce counters supports multiple interfaces, including ranges
- NVUE prevents configuration changes during long background operations
- New command to verify a configuration before applying
- Telemetry
- New OTEL metrics: link debounce, PHY link down, and control plane
- New gNMI metrics: PHY link down, link debounce, and control plane
- OTEL granular metric selection (Beta)
- Parity between OpenTelemetry and gNMI (Phase 3)
- High frequency telemetry - Nsight Integration - Phase 2 (Binary format)
- Security
- Support for RADIUS PEAP-GTC authentication type
- Extended disk erase to support SED SSDs
- Change the SED disk password
- Ability to view hashed password with NVUE and with API
- Alert in the event of an audit processing failure
- Support “sudo” validation when TACACS server is connected to the default VRF
- Request to reauthenticae dot1x supplicant(Phase 2)
Release Considerations
Review the following considerations before you upgrade to Cumulus Linux 5.17.
Upgrade Requirements
You can use optimized image upgrade and package upgrade to upgrade the switch to Cumulus Linux 5.17 from Cumulus Linux 5.15 and later. Package upgrade supports ISSU (warm boot) for these upgrade paths.
To upgrade to Cumulus Linux 5.17 from a release that does not support package upgrade or optimized image upgrade, you can install an image with ONIE.
Maximum Number of NVUE Revisions
Cumulus Linux includes an option to set the maximum number of revisions after which NVUE deletes older revisions automatically. The default setting is 100. If you upgrade to Cumulus Linux 5.17 from 5.12 or earlier, the first time you run nv set or nv unset commands, NVUE deletes older revisions if the number of revisions on the switch is greater than 100.
Linux Configuration Files Overwritten
If you use Linux commands to configure the switch, read the following information before you upgrade to Cumulus Linux 5.17.
NVUE includes a default startup.yaml file. In addition, NVUE enables configuration auto save by default. As a result, NVUE overwrites any manual changes to Linux configuration files on the switch when the switch reboots after upgrade, or you change the cumulus user account password with the Linux passwd command.
These issues occur only if you use Linux commands to configure the switch. If you use NVUE commands to configure the switch, these issues do not occur.
To prevent Cumulus Linux from overwriting manual changes to the Linux configuration files when the switch reboots or when changing the cumulus user account password with the passwd command, follow the steps below before you upgrade to 5.17 or after a new binary image installation:
- Disable NVUE auto save:
cumulus@switch:~$ nv set system config auto-save state disabled
cumulus@switch:~$ nv config apply
cumulus@switch:~$ nv config save
-
Delete the
/etc/nvue.d/startup.yamlfile:cumulus@switch:~$ sudo rm -rf /etc/nvue.d/startup.yaml -
Add the
PASSWORD_NVUE_SYNC=noline to the/etc/default/nvuedfile:cumulus@switch:~$ sudo nano /etc/default/nvued PASSWORD_NVUE_SYNC=no
DHCP Lease with the host-name Option
When a Cumulus Linux switch with NVUE enabled receives a DHCP lease containing the host-name option, it ignores the received hostname and does not apply it. For details, see this knowledge base article.
NVUE Commands After Upgrade
After you upgrade to Cumulus Linux, running NVUE configuration commands might override configuration for features that are now configurable with NVUE and removes configuration you added manually to files or with automation tools like Ansible, Chef, or Puppet. To keep your configuration, you can do one of the following:
- Update your automation tools to use NVUE.
- Configure NVUE to ignore certain underlying Linux files when applying configuration changes.
- Use Linux and FRR (vtysh) commands instead of NVUE for all switch configuration.
Cumulus VX
NVIDIA no longer releases Cumulus VX as a standalone image. To simulate a Cumulus Linux switch, use NVIDIA AIR.