Advertisement
Q01872471
Q01847032
Q01877961
Q01831671
Q01863867
Q01855791
©2007-2008 Nortel Networks Limited
The existing FTP connections are getting terminated when any FIN packet with
invalid sequence number intruded into the firewall. This issue is caused because of a
bug in the code, which was corrected as part of an enhancement to the TCP
sequence Verification issue and it is resolved in 4.2.3 release.
Port fctl settings are set properly when autoneg is ON. When autoneg is ON, manual
port settings should not be considered while applying the configuration on the
accelerator ports. But there was no check to prevent the manual port settings be ing
applied on the SFA with autoneg ON. Due to this, the fctl settings are not properly
set as expected.
The issue is fixed by adding a check in SFD for the status of autoneg before
updating the port configurations to the accelerator. When autoneg is ON, no port
configurations will be updated to the accelerator and will be auto negotiated.
In a cluster of 6 SFDs connected to 2 SFAs, first 4 SFDs would be automatically
configured as 'Master' and the remaining two would be configured as 'Slave'. Only
Master SFDs can take MIP ownership in case of a failure. This is designed so as to
limit the MIP election procedure.
Rebooting the master SFA will result in the Slave SFDs losing the connectivity with
the MIP. All the CLI operations on the Slave would fail due to this. But even after
the connectivity is restored, the Slave SFDs cannot recover.
The reason for this issue is similar to CR # Q01866402 and fixed in 4.2.3.
Route learnt via type-3 LSA is not added to route table if the same route learnt via
type-5 LSA is available. After initially adding a type-3 route, any similar type-5 is not
added to route table. OSPF then sends a message to delete this type-5 route without
specifying the gateway. Since type3 route is also same as the type-5 route, this route
it gets deleted.
This issue is fixed in 4.2.3 by correcting the logic of deleting the type-3 and type-5
route entries.
Traffic is affected when BCM5822 with CPacc4 module and BCM5823 with CPacc3
module are installed. This issue is resolved in the release 4.2.3 by modifying the
install script, which will load the appropriate CPacc3 module for BCM5822 and
CPacc4 for BCM5823 VPN accelerator cards.
The fix for this CR has also fixed the following CRs:
• Q01870058 - In secure client mode of VPN setup, the remote secure client PC is
able to connect to its gateway but the same is not able to get any desktop security
rules and not able to send the traffic.
• Q01870063- In secure remote mode of VPN setup, the secure remote PC is able
to connect to its gateway but the same is not able to handle any traffic.
L2FW over trunked ports doesn't work as desired and regular traffic is affected. This
issue is caused due to incorrect assumptions in the FDB lookup. FDB lookup
returns trunk ID as the egress port, which is treated as a port number for the L2FW
processing.
This issue is resolved by checking the return type from the FDB lookup. If it returns
a trunk Id, a hash is calculated on all the trunk ports upon which the egress port is
selected.
5
Advertisement
