What's New

This document supports the Cumulus Linux 5.9 release, and lists new platforms, features, and enhancements.

For a list of open and fixed issues in Cumulus Linux 5.9, see the Cumulus Linux 5.9 Release Notes.
To upgrade to Cumulus Linux 5.9, follow the steps in Upgrading Cumulus Linux.

Cumulus Linux 5.9 is an Extended-Support Release (ESR). For more information, refer to this Knowledge base article.

What’s New in Cumulus Linux 5.9.2

Cumulus Linux 5.9.2 provides bug fixes and includes a new forwarding profile called ecmp-nh-heavy for Spectrum 1 switches.

What’s New in Cumulus Linux 5.9.1

Cumulus Linux 5.9.1 replaces Cumulus Linux 5.9.0, which is no longer available.

Cumulus Linux 5.9.1 provides all the same new features and enhancements as Cumulus Linux 5.9.0, and in addition, includes stability enhancements.

The NVIDIA SN5600 switch supports Cumulus Linux 5.9 and later; do not install Cumulus Linux 5.8 and earlier on this switch.
Cumulus Linux 5.9 provides a set of default firewall rules that allows only specific IP addresses and ports, and drops packets that are disallowed. Be sure to review the firewall rules before upgrading.

New Features and Enhancements

Cumulus Linux upgrade to Debian 12 (bookworm)
All switches that ship with a 32 GB or larger SSD now include a secondary partition for future use
Latency histogram for ASIC monitoring
LLDP application priority TLV transmission
Firewall rules
CLI Session pagination and timeout options
Password security commands
SSH strict mode
Warmboot support for VXLAN EVPN is now generally available
4x breakout on QSFP-DD/OSFP 8 lane ports now allocates two lanes per port by default instead of one
New Linux ifreload -a --diff option processes and applies only incremental changes instead of reloading entire configuration
Cumulus Linux no longer supports NCLU; all net show commands have been removed

NVUE

ISSU upgrade mode and package upgrade commands
New nv show --output raw option shows native vtysh (FRR) output
Auto save is enabled by default; when you run nv config apply, NVUE saves the configuration to the startup configuration file
NVUE ships with a default /etc/nvue.d/startup.yaml file
- The default startup file sets the default hostname as cumulus; Cumulus Linux does not accept the DHCP host-name option. If you do not manage your switch with NVUE and want to change this behavior with Linux configuration files, see this knowledge base article.
- The default NVUE startup.yaml file includes the cumulus user account, which is the default account for the system. Modifying the NVUE configuration to not include the cumulus user account, replacing the configuration or applying a startup configuration, deletes the cumulus account. To merge in configuration changes or to restore a backup startup.yaml file, use the nv config patch command.
▼ Redesigned nv show interface commands

The nv show interface command outputs have changed. If you are using automation, be sure to update your automation scripts.

5.9 commands
nv show interface and nv show interface <interface> output shows the administrative status and the operational status of an interface.
5.8 and earlier
nv show interface and nv show interface <interface> output shows the operational status of the interface.

▼ Redesigned nv show platform commands

Command	Description
`nv show platform`	Shows platform hardware information on the switch, such as the model and manufacturer, memory, Cumulus Linux release, serial number and system MAC address.
`nv show platform capabilities`	Shows the switch platform capabilities.
`nv show platform environment`	Shows information about the sensors, fans, LEDs, and PSUs on the switch.
`nv show platform firmware`	Shows information about the switch firmware.
`nv show platform inventory`	Shows the switch inventory, which includes fan and PSU hardware version, model, serial number, state, and type.
`nv show platform pulse-per-second`	Shows a summary of the PPS In and PPS out configuration settings.
`nv show platform software`	Shows the software installed on the switch.

Command	Description
`nv show platform`	Shows the software installed on the switch.
`nv show platform capabilities`	Shows the switch platform capabilities.
`nv show platform environment`	Shows information about the sensors, fans, LEDs, and PSUs on the switch.
`nv show platform hardware`	Shows information about the switch hardware, such as the model and manufacturer, memory, Cumulus Linux release, serial number and system MAC address.
`nv show platform pulse-per-second`	Shows a summary of the PPS In and PPS out configuration settings.
`nv show platform software`	Shows the software installed on the switch and includes version numbers.

▼ New NVUE Commands

For descriptions and examples of all NVUE commands, refer to the NVUE Command Reference for Cumulus Linux.

nv show

nv show acl acl-default-dos
nv show acl acl-default-dos rule <rule>
nv show acl acl-default-whitelist
nv show acl acl-default-whitelist rule <rule>
nv show acl <acl-id> rule <rule-id> match ip connection-state
nv show acl <acl-id> rule <rule-id> match ip recent-list
nv show acl <acl-id> rule <rule-id> match ip hashlimit
nv show acl <acl-id> rule <rule-id> action recent
nv show interface <interface-id> telemetry histogram latency
nv show interface <interface-id> telemetry histogram latency traffic-class
nv show interface <interface-id> telemetry histogram latency traffic-class <if-tc-id>
nv show interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold
nv show interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> snapshot
nv show interface <interface-id> link protodown-reason
nv show interface <interface> lldp application-tlv
nv show interface <interface> lldp application-tlv app
nv show interface <interface-id> lldp application-tlv app <app-id>
nv show interface <interface> lldp application-tlv tcp-port
nv show interface <interface> lldp application-tlv tcp-port <port-id>
nv show interface <interface> lldp application-tlv udp-port
nv show interface <interface> lldp application-tlv udp-port <port-id>
nv show platform environment temperature
nv show platform environment temperature <sensor-id>
nv show platform environment voltage
nv show platform environment voltage <volt-sensor-id>
nv show platform firmware
nv show platform firmware <platform-component-id>
nv show platform inventory
nv show platform inventory <inventory-id>
nv show service ptp <instance-id> ipv6-scope
nv show service lldp application-tlv
nv show service lldp application-tlv app
nv show service lldp application-tlv app <app-id>
nv show service lldp application-tlv tcp-port
nv show service lldp application-tlv tcp-port <port-id>
nv show service lldp application-tlv udp-port
nv show service lldp application-tlv udp-port <port-id>
nv show service telemetry histogram latency
nv show system cli
nv show system cli pagination
nv show system reboot required
nv show system security password-hardening
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv4-unicast graceful-restart timers
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv4-unicast graceful-restart timers stale-path
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv4-unicast graceful-restart timers selection-deferral
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv6-unicast graceful-restart timers
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv6-unicast graceful-restart timers stale-path
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family ipv6-unicast graceful-restart timers selection-deferral
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family l2vpn-evpn graceful-restart timers
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family l2vpn-evpn graceful-restart timers stale-path
nv show vrf <vrf-id> router bgp neighbor <neighbor-id> address-family l2vpn-evpn graceful-restart timers selection-deferral
nv show vrf <vrf-id> router ospf area <area-id> network <network-id>

nv set

nv set acl <acl-id> rule <rule-id> action log rate (1-50000)
nv set acl <acl-id> rule <rule-id> action log level (0-7)
nv set acl <acl-id> rule <rule-id> action recent
nv set acl <acl-id> rule <rule-id> match ip tcp mss <tcpmss-format>
nv set acl <acl-id> rule <rule-id> match ip tcp all-mss-except <tcpmss-format>
nv set acl <acl-id> rule <rule-id> match ip connection-state (established|related|new|invalid)
nv set acl <acl-id> rule <rule-id> match ip recent-list name <value>
nv set acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295)
nv set acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295)
nv set acl <acl-id> rule <rule-id> match ip recent-list action (set|update)
nv set acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name>
nv set acl <acl-id> rule <rule-id> match ip hashlimit rate-above <rate-limit>
nv set acl <acl-id> rule <rule-id> match ip hashlimit burst <integer>
nv set acl <acl-id> rule <rule-id> match ip hashlimit source-mask <value>
nv set acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <value>
nv set acl <acl-id> rule <rule-id> match ip hashlimit expire <value>
nv set acl <acl-id> rule <rule-id> match ip hashlimit mode (src-ip|dst-ip)
nv set interface <interface> lldp application-tlv app <application> 
nv set interface <interface> lldp application-tlv tcp-port <port>
nv set interface <interface> lldp application-tlv udp-port <port>
nv set interface <interface-id> ptp ipv6-scope
nv set interface <interface-id> telemetry histogram latency traffic-class <if-tc-id>
nv set interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold action log
nv set interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold value
nv set interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> bin-min-boundary
nv set interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> histogram-size
nv set service lldp application-tlv app <application> priority <priority> 
nv set service lldp application-tlv tcp-port <port> priority <priority> 
nv set service lldp application-tlv udp-port <port> priority <priority>
nv set service ptp <instance-id> ipv6-scope
nv set service telemetry histogram latency bin-min-boundary
nv set service telemetry histogram latency histogram-size
nv set system cli pagination state
nv set system cli pagination pager
nv set system cli inactive-timeout
nv set system control-plane acl acl-default-dos inbound
nv set system control-plane acl acl-default-whitelist inbound
nv set system security password-hardening digits-class
nv set system security password-hardening expiration
nv set system security password-hardening expiration-warning
nv set system security password-hardening history-cnt
nv set system security password-hardening len-min
nv set system security password-hardening lower-class
nv set system security password-hardening reject-user-passw-match
nv set system security password-hardening special-class
nv set system security password-hardening state
nv set system security password-hardening upper-class
nv set system ssh-server strict

nv unset

nv unset acl <acl-id> rule <rule-id> match ip tcp mss
nv unset acl <acl-id> rule <rule-id> match ip tcp all-mss-except
nv unset acl <acl-id> rule <rule-id> match ip connection-state
nv unset acl <acl-id> rule <rule-id> match ip recent-list
nv unset acl <acl-id> rule <rule-id> match ip recent-list name
nv unset acl <acl-id> rule <rule-id> match ip recent-list update-interval
nv unset acl <acl-id> rule <rule-id> match ip recent-list hit-count
nv unset acl <acl-id> rule <rule-id> match ip recent-list action
nv unset acl <acl-id> rule <rule-id> match ip hashlimit
nv unset acl <acl-id> rule <rule-id> match ip hashlimit name
nv unset acl <acl-id> rule <rule-id> match ip hashlimit rate-above
nv unset acl <acl-id> rule <rule-id> match ip hashlimit burst
nv unset acl <acl-id> rule <rule-id> match ip hashlimit source-mask
nv unset acl <acl-id> rule <rule-id> match ip hashlimit destination-mask
nv unset acl <acl-id> rule <rule-id> match ip hashlimit expire
nv unset acl <acl-id> rule <rule-id> match ip hashlimit mode
nv unset acl <acl-id> rule <rule-id> action log rate
nv unset acl <acl-id> rule <rule-id> action log level
nv unset acl <acl-id> rule <rule-id> action recent
nv unset interface <interface> lldp application-tlv
nv unset interface <interface> lldp application-tlv app <application> 
nv unset interface <interface> lldp application-tlv tcp-port
nv unset interface <interface> lldp application-tlv tcp-port <port>
nv unset interface <interface> lldp application-tlv udp-port <port>
nv unset interface <interface> lldp application-tlv udp-port
nv unset interface <interface-id> ptp ipv6-scope
nv unset interface <interface-id> telemetry histogram latency
nv unset interface <interface-id> telemetry histogram latency traffic-class
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id>
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold action
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> threshold value
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> bin-min-boundary
nv unset interface <interface-id> telemetry histogram latency traffic-class <if-tc-id> histogram-size
nv unset service lldp application-tlv
nv unset service lldp application-tlv app
nv unset service lldp application-tlv app <application>
nv unset service lldp application-tlv app <application> priority <priority>
nv unset service lldp application-tlv tcp-port
nv unset service lldp application-tlv tcp-port <port> 
nv unset service lldp application-tlv tcp-port <port> priority <priority>
nv unset service lldp application-tlv udp-port
nv unset service lldp application-tlv udp-port <port>
nv unset service lldp application-tlv udp-port <port> priority <priority>
nv unset service ptp <instance-id> ipv6-scope
nv unset service telemetry histogram latency
nv unset service telemetry histogram latency bin-min-boundary
nv unset service telemetry histogram latency histogram-size
nv unset system cli
nv unset system cli pagination
nv unset system cli pagination state
nv unset system cli pagination pager
nv unset system cli inactive-timeout
nv unset system control-plane acl acl-default-dos
nv unset system control-plane acl acl-default-whitelist
nv unset system security password-hardening
nv unset system security password-hardening digits-class
nv unset system security password-hardening expiration
nv unset system security password-hardening expiration-warning
nv unset system security password-hardening history-cnt
nv unset system security password-hardening len-min
nv unset system security password-hardening lower-class
nv unset system security password-hardening reject-user-passw-match
nv unset system security password-hardening special-class
nv unset system security password-hardening state
nv unset system security password-hardening upper-class
nv unset system ssh-server strict

nv action

nv action clear interface <interface-id> link flap-protection violation
nv action clear system link flap-protection violation
nv action upgrade system packages to latest use-vrf <vrf> dry-run
nv action upgrade system packages to latest use-vrf <vrf>

What’s New in Cumulus Linux 5.9.0

Cumulus Linux 5.9.0 is no longer available. Cumulus Linux 5.9.1 replaces Cumulus Linux 5.9.0.

Release Considerations

Review these release considerations before you upgrade to Cumulus Linux 5.9.

Linux Configuration Files Overwritten

If you use Linux commands to configure the switch, read the following information before you upgrade to Cumulus Linux 5.9.1 or later.

Cumulus Linux 5.9.1 and later includes a default NVUE startup.yaml file. In addition, NVUE configuration auto save is enabled by default. As a result of these changes, Cumulus Linux overwrites any manual changes to Linux configuration files on the switch when:

The switch reboots after upgrade
You change the cumulus account password with the Linux passwd command.

These issues occur only if you use Linux commands to configure the switch. If you use NVUE commands to configure the switch, these issues do not occur and no action is needed.

Switch Reboot

To prevent Cumulus Linux from overwriting manual changes to the Linux configuration files when the switch reboots after upgrade:

Before you upgrade to Cumulus Linux 5.9.2 or later, disable NVUE auto save:

cumulus@switch:~$ nv set system config auto-save enable off
cumulus@switch:~$ nv config apply
cumulus@switch:~$ nv config save

Delete the /etc/nvue.d/startup.yaml file:

cumulus@switch:~$ sudo rm -rf /etc/nvue.d/startup.yaml

cumulus Account Password

To prevent Cumulus Linux from overriding changes to the Linux configuration files when you change the cumulus account password with the Linux passwd command, comment out the password optional pam_exec.so seteuid /usr/lib/cumulus/reconcile_password_with_nvue.sh line from the following files before you upgrade to 5.9.1 or later:

/etc/pam.d/chpasswd
/etc/pam.d/login
/etc/pam.d/passwd

You can also add these commands to your automation scripts after you upgrade to Cumulus Linux 5.9.1.

NVUE Commands After Upgrade

Cumulus Linux 5.9 includes the NVUE object model. After you upgrade to Cumulus Linux 5.9, running NVUE configuration commands might override configuration for features that are now configurable with NVUE and removes configuration you added manually to files or with automation tools like Ansible, Chef, or Puppet. To keep your configuration, you can do one of the following:

Update your automation tools to use NVUE.
Configure NVUE to ignore certain underlying Linux files when applying configuration changes.
Use Linux and FRR (vtysh) commands instead of NVUE for all switch configuration.

Cumulus Linux 3.7, 4.3, and 4.4 continue to support NCLU. For more information, contact your NVIDIA Spectrum platform sales representative.