Versions Compared

Old Version 4

changes.mady.by.user Duncan Eastoe

Saved on

compared with

New Version 5

changes.mady.by.user Scott Leishman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
show interface dataplane detail
show interface dataplane <if>

Link Aggregation fast-periodic ("fast rate") support support 

Link aggregation, 802.1AX-2014 (formerly 802.3ad), supports a shorter timeout for LACPDU packets and this feature adds such support. This is often called "fast periodic" or "fast rate”.

Code Block
interfaces bonding <if> lacp-options periodic-rate (fast|slow)

IPsec Remote Access VPN server: EAP-TLS authentication support

This feature adds support for EAP-TLS (RFC 5126).

Code Block
set security vpn ipsec remote-access-vpn-server profile <profile-name> authentication mode eap-tls

IPsec RA VPN server: DNS configuration attributes 

This feature introduces support for the configuration payloads INTERNAL_IP4_DNS and INTERNAL_IP6_DNS. These allow the IPsec RA VPN server to communicate to the IPsec RA VPN client which DNS server should be used inside the tunnel, in accordance with RFC 7296.

...

Code Block
set security vpn ipsec remote-access-server profile <profile-name> authentication remote-id <filter>

Increase TWAMP Server Maximum Control Sessions Sessions 

This feature allows support for up to 4096 concurrent control sessions.

Code Block
routing routing-instance <alpha-numeric> service twamp server maximum-connections <1..4096>
service twamp server maximum-connections <1..4096>

Netconf – Confirmed Commit 

Commit confirm is a feature which is currently available on the vRouter CLI. It helps guard against committing configurations which can cause loss of connection to the system being managed, or perhaps the configuration being committed causes system instability or crashes. Such scenarios are automatically recovered from if the configuration is not confirmed

Yang Identity and Identityref Support

This feature will complete the support of identities in the Yang compiler, as specified in RFC 6020

...

Code Block
interfaces pppoe <if> firewall in <name>
interfaces pppoe <if> firewall local <name>
interfaces pppoe <if> firewall out <name>
interfaces pppoe <if> ip tcp-mss limit <1..65535>
interfaces pppoe <if> ip tcp-mss mtu
interfaces pppoe <if> ip tcp-mss mtu-minus <1..65535>
interfaces pppoe <if> ipv6 tcp-mss limit <1..65535>
interfaces pppoe <if> ipv6 tcp-mss mtu
interfaces pppoe <if> ipv6 tcp-mss mtu-minus <1..65535>
interfaces pppoe <if> policy route pbr <name>

CGNAT

Support for PCP in CG-NAT

...

Code Block
service nat cgnat session-timeout (tcp|udp) ...

Full CGNAT configuration

Code Block
service nat cgnat
service nat cgnat cpu-affinity event session <0..65535>
service nat cgnat disable-hairpinning
service nat cgnat export event port-block-allocation using kafka
service nat cgnat export event port-block-allocation using kafka cluster <text>
service nat cgnat export event port-block-allocation using kafka with field-delimiter <pattern>
service nat cgnat export event port-block-allocation using kafka with key-field (cgn-instance|public-ip-address|subscriber-ip-address)
service nat cgnat export event port-block-allocation using kafka with priority critical
service nat cgnat export event port-block-allocation using kafka with storage-limit <1..1048576>
service nat cgnat export event port-block-allocation using kafka with topic <pattern>
service nat cgnat export event resource-constraint using kafka
service nat cgnat export event resource-constraint using kafka cluster <text>
service nat cgnat export event resource-constraint using kafka with field-delimiter <pattern>
service nat cgnat export event resource-constraint using kafka with key-field cgn-instance
service nat cgnat export event resource-constraint using kafka with priority critical
service nat cgnat export event resource-constraint using kafka with storage-limit <1..1048576>
service nat cgnat export event resource-constraint using kafka with topic <pattern>
service nat cgnat export event session using kafka
service nat cgnat export event session using kafka cluster <text>
service nat cgnat export event session using kafka with field-delimiter <pattern>
service nat cgnat export event session using kafka with key-field (cgn-instance|destination-ip-address|destination-port|interface|ip-protocol|public-ip-address|public-port|session-id|sub-session-id|subscriber-ip-address|subscriber-port)
service nat cgnat export event session using kafka with priority critical
service nat cgnat export event session using kafka with storage-limit <1..1048576>
service nat cgnat export event session using kafka with topic <pattern>
service nat cgnat export event subscriber using kafka
service nat cgnat export event subscriber using kafka cluster <text>
service nat cgnat export event subscriber using kafka with field-delimiter <pattern>
service nat cgnat export event subscriber using kafka with key-field (cgn-instance|subscriber-ip-address)
service nat cgnat export event subscriber using kafka with priority critical
service nat cgnat export event subscriber using kafka with storage-limit <1..1048576>
service nat cgnat export event subscriber using kafka with topic <pattern>
service nat cgnat interface <text>
service nat cgnat interface <text> policy <text>
service nat cgnat log event port-block-allocation
service nat cgnat log event resource-constraint
service nat cgnat log event session
service nat cgnat log event subscriber
service nat cgnat max-dest-per-session <1..64>
service nat cgnat max-sessions <1..33554432>
service nat cgnat policy <alpha-numeric>
service nat cgnat policy <alpha-numeric> log session address-group <text>
service nat cgnat policy <alpha-numeric> log session all-subscribers
service nat cgnat policy <alpha-numeric> log session creation
service nat cgnat policy <alpha-numeric> log session deletion
service nat cgnat policy <alpha-numeric> log session periodic <300..86400>
service nat cgnat policy <alpha-numeric> log subscriber
service nat cgnat policy <alpha-numeric> match source address-group <text>
service nat cgnat policy <alpha-numeric> priority <1..9999>
service nat cgnat policy <alpha-numeric> select event session address-group <text>
service nat cgnat policy <alpha-numeric> select event session all-subscribers
service nat cgnat policy <alpha-numeric> select event session creation
service nat cgnat policy <alpha-numeric> select event session deletion
service nat cgnat policy <alpha-numeric> select event session periodic <300..86400>
service nat cgnat policy <alpha-numeric> select event subscriber
service nat cgnat policy <alpha-numeric> translation pool <text>
service nat cgnat select warning event resource-constraint mapping-table
service nat cgnat select warning event resource-constraint mapping-table interval <1..4294967295>
service nat cgnat select warning event resource-constraint mapping-table threshold <1..99>
service nat cgnat select warning event resource-constraint public-addresses
service nat cgnat select warning event resource-constraint public-addresses interval <1..4294967295>
service nat cgnat select warning event resource-constraint public-addresses threshold <1..99>
service nat cgnat select warning event resource-constraint session-table
service nat cgnat select warning event resource-constraint session-table interval <1..4294967295>
service nat cgnat select warning event resource-constraint session-table threshold <1..99>
service nat cgnat select warning event resource-constraint subscriber-table
service nat cgnat select warning event resource-constraint subscriber-table interval <1..4294967295>
service nat cgnat select warning event resource-constraint subscriber-table threshold <1..99>
service nat cgnat session-timeout other established <30..1800>
service nat cgnat session-timeout other partially-open <10..240>
service nat cgnat session-timeout tcp established <30..14400>
service nat cgnat session-timeout tcp partially-closed <10..240>
service nat cgnat session-timeout tcp partially-open <10..240>
service nat cgnat session-timeout tcp port <1..65535>
service nat cgnat session-timeout tcp port <1..65535> established <10..14400>
service nat cgnat session-timeout udp established <30..1800>
service nat cgnat session-timeout udp partially-open <10..240>
service nat cgnat session-timeout udp port <1..65535>
service nat cgnat session-timeout udp port <1..65535> established <10..1800>
service nat cgnat snat-alg-bypass
service nat pool <alpha-numeric>
service nat pool <alpha-numeric> address-allocation round-robin
service nat pool <alpha-numeric> address-pooling paired
service nat pool <alpha-numeric> blacklist address-group <text>
service nat pool <alpha-numeric> entry <alpha-numeric>
service nat pool <alpha-numeric> entry <alpha-numeric> ip-address prefix <x.x.x.x/x>
service nat pool <alpha-numeric> entry <alpha-numeric> ip-address range
service nat pool <alpha-numeric> entry <alpha-numeric> ip-address range end <x.x.x.x>
service nat pool <alpha-numeric> entry <alpha-numeric> ip-address range start <x.x.x.x>
service nat pool <alpha-numeric> entry <alpha-numeric> ip-address subnet <x.x.x.x/x>
service nat pool <alpha-numeric> log block-allocation
service nat pool <alpha-numeric> port allocation (random|sequential)
service nat pool <alpha-numeric> port dynamic-block-allocation block-size <64..4096>
service nat pool <alpha-numeric> port dynamic-block-allocation max-blocks-per-subscriber <1..32>
service nat pool <alpha-numeric> port range end <0..65535>
service nat pool <alpha-numeric> port range start <0..65535>
service nat pool <alpha-numeric> select event port-block-allocation
service nat pool <alpha-numeric> type CGNAT
system export kafka cluster <pattern>
system export kafka cluster <pattern> bootstrap ipv4-address <x.x.x.x>
system export kafka cluster <pattern> bootstrap ipv6-address <h:h:h:h:h:h:h:h>
system export kafka cluster <pattern> bootstrap routing-instance (<alpha-numeric>|default)

...

Code Block
system iommu passthrough (false|true)

Acknowledgements

Special thanks to Niral Networks (https://niralnetworks.com/) for the upgrade of FRR to version 7.3.1, and thanks to the following people who submitted fixes:

Resolved Security Vulnerabilities

...