MLNX-OS release July release is delivered in two phases: 3.6.4006 in June & 3.6.4100 in July.
This post shows the main highlights for release 3.6.4006 (available in MyMellanox portal).
- Docker Container
- OpenFlow 1.3 - Enhancements
- ISCSI LLDP DCBX TLV support
- Switch Forwarding mode
- Storm Control - Ingress Policers
- Visibility and Telemetry
- IEEE 1588
- Management and Security
One of the major capabilities provided as part of this release is ability to create docker containers. With docker, you can run your own application over the CPU.
Our implementation of Docker on Spectrum has additional added values:
- SDK access - access Spectrum's complete SDK API and silicon capabilities
- Persistent - up after reload with the same parameters and configuration
- Share storage space between the various containers and MLNX-OS (will be part of 3.6.4100 release)
For more info see: Getting Started with Docker Container over MLNX-OS .
OpenFlow 1.3 - Enhancements
The below enhancements are available as part of this release:
- Controller-less mode of work - configure flows through CLI
- Persistent Configuration for CLI configured flows
- Open & Enhanced OVS CLI
- Using port panel numbering (instead of OVS port numbering / ifIndex):
ISCSI LLDP DCBX TLV support
Mapping priority automatically for applications that use TCP/UDP transport methods could be useful. This is important for example, for lossless applications such as ISCSI, when lossless network is required and achieved via PFC.
For more information, see HowTo Map TCP/UDP port to priority via LLDP DCBX TLV on MLNX-OS (ISCSI example) .
Switch Forwarding mode
The ability to set the switch forwarding mode per port was added in this release. Two options are available, Storage-and-Forward and Cut-through (default), for more information see Switch Forwarding: "Store and Forward" vs. "Cut-through"
Storm Control - Ingress Policers
This feature enable us to eliminate system attack using broadcast, unknown unicast, and multicast (BUM) traffic by performing the below:
Limits the bandwidth of BUM traffic allowed per port (done AFTER global policer)
All excess traffic gets discarded.
For more information and configuration examples see HowTo Configure Storm Control Policers for BUM traffic on MLNX-OS
Visibility and Telemetry
One major aspect on which we put a lot of emphasize in this release is Visibility & Telemetry.
The following features are added as part of this effort, enabling us to provide Best in Class Visibility & Telemetry
Enhanced Link & Phy Monitoring
This is your built-in Phy analyzer, enabling you with:
- Faster, easier and efficient link / phy issues resolution, and
- Enhanced link monitoring & diagnostic capabilities
- BER Degradation Monitor (Flaky cable) - Automatic shut-down of faulty cable / transceiver when defined BER level is crossed,
eliminating noisy network
Priority Counters on SNMP MIB
Per priority counters support on SNMP for all the counters along the pipeline:
- Per port (ingress / egress)
- PFC (received vs sent)
- Per PG (ingress buffers)
- Per TC (egress buffers)
- Per Switch Priority
- Telemetry Thresholds – Second phase of Telemetry following the Telemetry Histograms is provided as part of this release
This features provides the user with an event log when the defined threshold is crossed per TC.
The available information includes the start time and duration.
Telemetry Histograms and Thresholds are supported also on the Web UI.
Additional counters and control
- show interface status command
- clear LLDP counters command
- show interface Ethernet rates now include bits unit (Mbps/Gbps)
- show LLDP remote command - show parent interface (PO or MPO)
- show mac-address-table filter per port-channel and MPO
- transceiver diagnostics reported also in dB units
- interface VLAN - manual state ("no autostate“)
(do not move to link down automatically when no members available)
On the VXLAN story, we added several capabilities:
- Automatic remote MAC learning, aging and migration
- VTEP configuration via switch CLI (eliminating the need for external controller for specific static mode of work, AKA lite-VTEP)
- Remote VTEPs IP are configured manually
As part of the effort to provide a comprehensive solution for the Media & Entertainment market, the below major modules are provided:
- Precision Time Protocol - IEEE-1588 – Boundary Clock, implementing the SMPTE ST2059-2 Profile
- Multicast is a major component of the Media market. The following protocols are available as part of this release in oredr to enable the switch to take part in a media network fabric
- IGMP Querier v3
Management and Security
On management & security aspects, the below enhancements are provided:
- We have added A-sync mode of work on JSON commands, enabling efficient work with Long execution commands
removing the need to get stuck on a command until command execution is completed with the relevant result,
enabling the user to send the command request and get a trap when execution completed
- Batch commands - Enabling the user to send a batch of commands for execution
- Please refer to the user manual for the full list of the commands covered by JSON
- SHA-256 as the default hashing algorithm for Self-Signed Certificates
- TLS settings – Adding elliptic dephie-helman key exchange (additional cyphers to work with firefox)
- CVEs – Vulnerabilities
- CVE-2016-1583 - stacking overflow
- CVE-2016-3841 IPV6 sendmsg
- CVE-2016-7910 Use after free in seq file