Open Issues

The following are new open issues for supported features found in ExtremeXOS 16.1.3-Patch1-8.

expand icon

Open Issues, Platform-Specific, and Feature Change Requests (CRs)

CR Number Description
General
xos0061053

ExtremeXOS supports the use of RC4 in one or more cipher suites.

The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness.

If plaintext is repeatedly encrypted (e.g., HTTP cookies), and an attacker is able to obtain many (i.e., tens of millions) ciphertexts, the attacker may be able to derive the plaintext.

xos0061052 ExtremeXOS accepts connections encrypted using SSL 2.0 and/or SSL 3.0, which reportedly suffer from several cryptographic flaws. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
xos0060993 Nessus scan detects the following medium vulnerabilities in ExtremeXOS:
  • SSH: CBC Mode Ciphers Enabled
  • SSH: Weak Mac Algorithms Enabled
xos0060930 When ONEPolicy is enabled and you reach the configured maximum number of authenticated sessions, sessions continue to attempt to authenticate, and then terminate if successful.
xos0061492

For the Summit X430 series switches, you can only create around 3,900 VLANs, which is short of the limit of 4,094.

For Summit X440 series switches, you can only create 4,094 VLANs and 40–43K VPIF, whereas 53K VPIF was obtainable in ExtremeXOS 15.7.1.

xos0063245 With IGMP per-VLAN mode, VRRP flaps occur after adding tagged ports to VLANs.
BlackDiamond 8800 Series Switches
xos0060136 With NetLogin with MAC enabled and with dynamic VLAN configured, if FDB ageout timer is configured as 50, sometimes FDB does not synchronize and the command show netlogin mac shows clients authenticated on nlvlan itself.
Summit X450-G2 Series Switches
xos0061097 On Summit X450G2 stack of eight, back-to-back failovers while sending slow-path traffic across eight slots, produce the following error:
04/01/2015 13:36:33.65 <Erro:Kern.Card.Error> Slot-5: bcm_tx_list() returned -4: Invalid parameter
Issue does not occur, if slow-path traffic is stopped.
Summit X670 Series Switches
xos0062312 On Summit X670V-48x-VIM4-40G4X switches, when you disable ports on a peer switch, additional 40G ports may go down.
Note: Configuring the debounce timer to 4 seconds on these ports may resolve this issue.
Summit Series Switches
xos0060283 The SMON MIB (RFC 2613) which was used to configure mirroring using SNMP is not available in ExtremeXOS.
ACLs
xos0061183 On BlackDiamond X8 and 8800 series switches, if failover occurs during an active ESVT test, sometimes it might persist in "running" state.
BGP
xos0060352 BGP speaker accepts invalid updates (for example, invalid IP addresses such as 0.0.0.0/24). These are installed in BGP LOCAL RIB, as well as in route table.
Clocking (1588v2)
xos0060785 Precision time feature limitations for ExtremeXOS 16.1:
  • ExtremeXOS 16.1 slave ports sync to grandmasters, such as Symmetricom, and to other ExtremeXOS 16.1 clocks, but not to ExtrememXOS 15.7, and earlier. If networks of clocks are to be upgraded to ExtremeXOS 16.1, complete the upgrades simultaneously or staged starting closest to the grandmaster. Before beginning a staged upgrade, where an earlier version of ExtremeXOS must sync to an ExtremeXOS 16.1 clock, test the particular configuration beforehand.
  • ExtremeXOS 16.1 slave clock ports must be configured with the “slave-only” option to sync to other ExtremeXOS 16.1 clocks.
MPLS
xos0061018 After failover, traffic fails across VPLS configured with 64 LSPs across LAG.
xos0061276 MPLS LSP (LDP/RSVP) is not formed when BGP is used as IGP routing protocol.
xos0061374 With an L2VPN session between two Label Edge Routers (LERs), broadcast packets egressing the LERs are corrupted.
xos0062314 Detour LSP counters display incorrect values in the output of the commands show mpls rsvp-te lsp and show mpls rsvp-te lsp fast-reroute.
NetLogin
xos0060488 With upload and download of NetLogin with UPM XSF file, UPM profile is not executed for the user-authenticate and unauthenticate events.
xos0060280 Enabling NetLogin mac on mirrored ports does not produce an error.
xos0061375 Re-authentication fails for some NetLogin authenticated clients after changing the EXTREME_NETLOGIN_EXTENDED_VLAN VSA (211) with scaled number of NetLogin authenticated clients.
xos0061116 After disabling NetLogin dot1x, attempting to enable NetLogin dot1x produces an error indicating that NetLogin is already enabled on a port.
OSPF
xos0061100 CPU utilization monitor incorrectly displays 99% CPU usage for OSPF while restarting OSPF process.