MLNX-OS July release was delivered in two phases: v3.6.4006 in June, and v3.6.4100 in July.
This post shows the main highlights of this release (available via the MyMellanox portal).
- Docker Container
- OpenFlow 1.3 - Enhancements
- ISCSI LLDP DCBX TLV Support
- Switch Forwarding Mode
- Storm Control - Ingress Policers
- Visibility and Telemetry
- IEEE 1588
- Management and Security
One of the major capabilities provided as part of this release is the ability to create docker containers. With docker, you can run your own application on the CPU.
Our Docker on Spectrum implementation provides additional values:
- SDK access - access Spectrum's complete SDK API and silicon capabilities
- Persistent - up after reload with the same parameters and configuration
- Share storage space between the various containers and MLNX-OS (part of 3.6.4100 release)
For more info see: Getting Started with Docker Container over MLNX-OS .
OpenFlow 1.3 - Enhancements
The below enhancements are available as part of this release:
- Controller-less mode of work - configure flows through CLI
- Persistent Configuration for CLI configured flows
- Open & Enhanced OVS CLI
- Use of port panel numbering (instead of OVS port numbering / ifIndex):
ISCSI LLDP DCBX TLV Support
Mapping priority automatically for applications that use TCP/UDP transport methods can be useful. For example, this is important for lossless applications such as ISCSI, when a lossless network is required and achieved via PFC.
For more information, see HowTo Map TCP/UDP port to priority via LLDP DCBX TLV on MLNX-OS (ISCSI example) .
Switch Forwarding Mode
This release introduced the ability to set the switch forwarding mode per port. Two options are available: Storage-and-Forward and Cut-through (default). For more information see Switch Forwarding: "Store and Forward" vs. "Cut-through"
Storm Control - Ingress Policers
This feature prevents system attacks that use broadcast, unknown unicast, and multicast (BUM) traffic by performing the below:
- Limits the bandwidth of BUM traffic allowed per port (done AFTER global policer)
- All excess traffic gets discarded.
For more information and configuration examples see HowTo Configure Storm Control Policers for BUM traffic on MLNX-OS
Visibility and Telemetry
One major aspect on which we put a lot of emphasize in this release is Visibility & Telemetry.
The following features are added as part of this effort, enabling us to provide Best-in-Class Visibility & Telemetry.
Enhanced Link & Phy Monitoring
This is your built-in Phy analyzer, enabling you with:
- Faster, easier and efficient link / phy issues resolution
- Enhanced link monitoring & diagnostic capabilities
- BER Degradation Monitor (Flaky cable) - Automatic shutdown of faulty cable / transceiver when defined BER level is crossed,
eliminating errors of a noisy network
Priority Counters on SNMP MIB
Per priority counters support on SNMP for all the counters along the pipeline:
- Per port (ingress / egress)
- PFC (received vs sent)
- Per PG (ingress buffers)
- Per TC (egress buffers)
- Per Switch Priority
- Telemetry Thresholds – Second phase of Telemetry following the Telemetry Histograms is provided as part of this release.
This features provides the user with an event log when the defined threshold is crossed per TC.
The available information includes the start time and duration.
Telemetry Histograms and Thresholds are supported also on the WebUI.
Additional counters and control
- show interface status command
- clear LLDP counters command
- show interface Ethernet rates now include Mega/Giga-bit units (Mbps/Gbps)
- show LLDP remote command - show parent interface (PO or MPO)
- show mac-address-table filter per port-channel and MPO
- Transceiver diagnostics reported also in dB units
- interface VLAN - manual state ("no autostate“)
(do not move to link down automatically when no members are available)
Added several capabilities:
- Automatic remote MAC learning, aging and migration
- VTEP configuration via switch CLI (eliminating the need for external controller for specific static mode of work, AKA lite-VTEP)
- Remote VTEPs IP are configured manually
As part of the effort to provide a comprehensive solution for the Media & Entertainment market, the below major modules are provided:
- Precision Time Protocol - IEEE-1588 – Boundary Clock, implementing the SMPTE ST2059-2 Profile
- Multicast is a major component of the Media market. The following protocols are available as part of this release in order to enable the switch to take part in a media network fabric:
- IGMP Querier v3
Management and Security
On management & security aspects, the below enhancements are provided:
- A-sync mode of work on JSON commands - enables efficient work with Long execution commands, removing the need to remain on-hold until command execution is completed with the relevant result, thus
enabling the user to send the command request and get a trap when execution completed
- Batch commands - enable the user to send a batch of commands for execution
Please refer to the user manual for the full list of the commands covered by JSON.
- SHA-256 as the default hashing algorithm for Self-Signed Certificates
- TLS settings – added elliptic dephie-helman key exchange (additional cyphers to work with FireFox)
- CVEs – vulnerabilities
- CVE-2016-1583 - stacking overflow
- CVE-2016-3841 - IPv6 sendmsg
- CVE-2016-7910 - use after free in seq file