The following sections detail what is new in VSP 8600 Series Release 8.1.
This release introduces support for the following transceivers and cables. These transceivers and cables have been consolidated and qualified for use in Extreme Networks platforms, with enhanced diagnostics for transceivers. Enhanced diagnostic information includes power-on counters, comparison statistics for actual Tx and Rx dB values versus low alarm values, and the associated logging for these enhancements.
100 Gb transceiver modules
100G FR QSFP28 2km LC connector Single-Mode MSA (PN: 100G-FR-QSFP2KM)
100G SR4 QSFP28 100m MPO connector Multi-Mode MSA (PN: 100G-SR4-QSFP100M)
25 Gb cables
25G Passive DAC SFP28 Copper Cable 0.5m MSA (PN: 25G-DACP-SFPZ5M), 0.5 meter
Note
25 Gb transceiver module use on VSP 8600 Series requires the 100G QSFP28 SFP28 adapter (PN: 10506) and channelization enabled on a 100 Gb port.
Extreme Networks can announce support for additional optical components in the future. Check the following documents for a complete and current list of supported optical components:
Compatibility for Extreme Networks SFP, SFP+, SFP28, QSFP+, and QSFP28 transceiver modules with the VSP Series switches |
Extreme Optics website |
Descriptions of Extreme Networks optical transceivers and components |
Extreme Optics website |
This release implements support for the Link Layer Discovery Protocol (LLDP) Fabric Connect Type–Length–Value (TLV) on the VSP 8600 Series. The LLDP Fabric Connect TLV contains details about the pre-configured B-VLANs and system ID that a system sends to other devices in a network topology.
For more information, see VOSS User Guide.
The factorydefaults boot flag now removes the runtime, primary, and backup configuration files, resets all local default user account passwords, and removes all digital certificates. The Radsec, IPsec, IKE, OSPF, SNMP, SSL, SSH, OVSDB, and NTP files are also removed. The CLI displays a warning that the configurations, passwords, and files will be reset, and the system logs an informational message. The configuration and file removals occur during the next boot sequence when the factorydefaults boot flag is enabled. After the switch reboots, the security mode setting is retained. To enable Zero Touch Onboarding after a factorydefaults boot, reboot the switch again without saving a configuration.
For more information, see VOSS User Guide.
In previous releases, you could use a default password to initially access the CLI. Now a password change is required to access the CLI on first login after a factory default or if your switch has no primary or backup configuration files. The system provides three attempts to change the password. If unsuccessful, you are taken back to the login prompt but you are not locked out. You cannot use an empty password. A password change is required irrespective of security mode, console, SSH, or Telnet access.
For more information, see VOSS User Guide.
This release introduces OSPFv3 neighbor advertisements without R-bit. If an OSPFv3 neighbor does not provide the R-bit in the Network Discovery (ND) packet, the system enables R-bit for every OSPFv3 neighbor with dependent routes to avoid deletion resulting from inactivity. An OSPFv3 neighbor without R-bit that experiences a timeout can now trigger the Network Unreachability Detection (NUD), instead of being deleted.
For more information, see VOSS User Guide.
This release adds support for Open Shortest Path First Version 3 (OSPFv3) configuration on circuitless IP (CLIP) interfaces for the Global Router or a specific Virtual Router Forwarding (VRF) instance. The switch supports a maximum of 64 OSPFv3 CLIP interfaces.
For more information, see VOSS User Guide.
This release adds a Key Health Indicator (KHI) new parameter rx-queue to the command show khi performance to display the queue performance and utilization statistics on the switch.
For more information, see VOSS User Guide.
The log now shows warning messages earlier when approaching FDB scaling limits. When reaching 75% and higher of FDB table scaling limit, the system begins logging warning messages so you can take corrective action while the node remains responsive. You can contact support before the limit is reached to troubleshoot the cause of the increase.
For more information, see VOSS User Guide.
MACsec Key Agreement (MKA) protocol discovers mutually authenticated MACsec peers, and elects one as a key server. The key server generates and distributes Secure Association Keys (SAKs), which are used at both ends of an Ethernet link to encrypt and decrypt frames. The key server periodically generates and distributes SAKs to maintain the link for as long as MACsec is enabled.
This release adds support for MKA on VSP 8600 Series switches.
For more information, see VOSS User Guide.
MACsec is now supported for channelized ports on an 8606CQ IOC module. MACsec is supported on 8606CQ channelized ports in 4x10 Gbps or 4x25 Gbps configurations. If you enable channelization on a port, the MACsec configuration migrates from the main port to the first subport. If you disable channelization on a port, the MACsec configuration migrates from the first subport to the main port.
For more information, see VOSS User Guide.
Note
All IPv6 applications have partial HA-CPU support. The system synchronizes user configuration data, including IPv6 addresses and static routes from the primary CPU to the standby CPU. The system does not synchonize dynamic data from protocol learning. After a CPU failover, the IPv6 applications must restart and rebuild data tables, which causes an interruption of traffic that is dependent on the IPv6 protocol or applications with partial HA support.
Factory Default flag behavior enhancements
SHA512 secure password hashing
MACsec Key Agreement (MKA)
IPv6 OSPFv3 neighbor advertisements without R-bit
IPv6 OSPFv3 support on circuitless IP interfaces
For more information, see VOSS User Guide.
In earlier releases, the secret key displayed in clear text on the console and in the configuration file when you assigned an authentication key to the server using the ntp server command.
In this release, the secret key is encrypted and is not visible on the console or in the configuration file. Asterisks now display as the secret key. The show ntp key CLI command output no longer displays the secret key field. The keysecret field in EDM is also removed.
For more information, see VOSS User Guide.
SHA2 512-bit password hashing is available as a security enhancement beyond the previous default SHA1 160-bit password hashing method. The new CLI command password hash is introduced to change the password hash between SHA1 and SHA2. The new default is SHA2 for new switches running this release.
Note
Switches upgraded to this release retain SHA1 password hashes and custom users, until a factory default reset or until the password hash level is changed. During a factory default reset, SHA2 512-bit becomes the default password hash, all custom users are deleted, and SHA1 passwords are removed.
For more information, see VOSS User Guide.
You can now view IO resources related debug information with the new parameters l3-kaps-count, l3-lem-count, and model-dnx-stats for the CLI command show io resources.
For more information, see VOSS Command Line Interface Commands Reference.