subsecond
diff --git a/‎content/cumulus-linux-37/Whats-New/rn.md‎
Lines changed: 16 additions & 0 deletions b/‎content/cumulus-linux-37/Whats-New/rn.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎content/cumulus-linux-37/rn.xml‎
Lines changed: 96 additions & 0 deletions b/‎content/cumulus-linux-37/rn.xml‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎content/cumulus-linux-40/Whats-New/rn.md‎
Lines changed: 2 additions & 2 deletions b/‎content/cumulus-linux-40/Whats-New/rn.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎content/cumulus-linux-40/rn.xml‎
Lines changed: 12 additions & 12 deletions b/‎content/cumulus-linux-40/rn.xml‎
Lines changed: 12 additions & 12 deletions
@@ -43,6 +43,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -1788,6 +1794,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -4209,6 +4221,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -6854,6 +6872,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -9362,6 +9386,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -11573,6 +11603,12 @@ To work around this issue, run the &lt;tt&gt;apt-get upgrade&lt;/tt&gt; command
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -13227,6 +13263,12 @@ More information at https://security-tracker.debian.org/tracker/CVE-2018-6594 .<
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2556037</td>
 <td>After you add an interface to the bridge, an OSPF session flap can occur.
 
@@ -15207,6 +15249,12 @@ To work around this issue, run the {{sudo ethtool -S swp1}} command to collect i
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2553887</td>
 <td>When using TACACS+ configured with a DEFAULT user providing privilege level lower than 16, TACACS+ configured users with privilege level 16 access might not be able to run privilege level 16 NCLU commands, such as {{net add}} and {{net del}} and see an error similar to the following:
 
@@ -16645,6 +16693,12 @@ To work around this issue, use {{net show interface}} command for LLDP output wh
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2553887</td>
 <td>When using TACACS+ configured with a DEFAULT user providing privilege level lower than 16, TACACS+ configured users with privilege level 16 access might not be able to run privilege level 16 NCLU commands, such as {{net add}} and {{net del}} and see an error similar to the following:
 
@@ -18413,6 +18467,12 @@ If you need link pause or PFC functionality, you must use a switch that does not
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552739</td>
 <td>Counters for IPROUTER rules do not increase when traffic is forwarded to the CPU because there is no IP neighbor.</td>
 <td>3.7.2-3.7.14.2</td>
@@ -19925,6 +19985,12 @@ This issue was discovered on the Helix4 switch but applies to all switches.
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552739</td>
 <td>Counters for IPROUTER rules do not increase when traffic is forwarded to the CPU because there is no IP neighbor.</td>
 <td>3.7.2-3.7.14.2</td>
@@ -21089,6 +21155,12 @@ The NetQ agent has been removed from Cumulus VX 3.7.7. The NetQ agent will be bu
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552739</td>
 <td>Counters for IPROUTER rules do not increase when traffic is forwarded to the CPU because there is no IP neighbor.</td>
 <td>3.7.2-3.7.14.2</td>
@@ -22280,6 +22352,12 @@ The NetQ agent has been removed from Cumulus VX 3.7.7. The NetQ agent will be bu
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552739</td>
 <td>Counters for IPROUTER rules do not increase when traffic is forwarded to the CPU because there is no IP neighbor.</td>
 <td>3.7.2-3.7.14.2</td>
@@ -23572,6 +23650,12 @@ The NetQ agent has been removed from Cumulus VX 3.7.7. The NetQ agent will be bu
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552739</td>
 <td>Counters for IPROUTER rules do not increase when traffic is forwarded to the CPU because there is no IP neighbor.</td>
 <td>3.7.2-3.7.14.2</td>
@@ -24894,6 +24978,12 @@ Permanent MAC address sync between MLAG peers is now supported.</td>
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552352</td>
 <td>The following security vulnerabilities have been announced in the nss / libnss3 packages:
 CVE-2020-6829: Side channel attack on ECDSA signature generation
@@ -25527,6 +25617,12 @@ To work around this issue, remove the matching {{network}} statement. </td>
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2552352</td>
 <td>The following security vulnerabilities have been announced in the nss / libnss3 packages:
 CVE-2020-6829: Side channel attack on ECDSA signature generation
 
@@ -151,8 +151,10 @@ pdfhidden: True
 
 |  Issue ID 	|   Description	|   Affects	|   Fixed |
 |---	        |---	        |---	    |---	                |
+| <a name="CM-28249"></a> [CM-28249](#CM-28249) <a name="CM-28249"></a> <br /> | On the Mellanox switch, when you modify the buffer and queue configuration without restarting `switchd`, you might see a one second interruption in forwarding. | 4.0.0-4.3.0 | |
 | <a name="CM-28080"></a> [CM-28080](#CM-28080) <a name="CM-28080"></a> <br /> | TACACS+ through ClearPass is not currently supported. Cumulus Linux sends authorization before authentication, but ClearPass does not accept an authorization before the user is authenticated. | 3.7.11-3.7.14.2, 4.0.0-4.3.0 | |
 | <a name="CM-21678"></a> [CM-21678](#CM-21678) <a name="CM-21678"></a> <br /> | On a Dell switch with a Maverick ASIC, NetQ might receive false alerts like the following via PagerDuty: <br /><br /><pre> <br />cumulus&#64;switch:~$ netq show sensors temp changes \| grep absent \| grep -v psu <br />P2Leaf01 temp9 networking asic die temp sensor absent 43 105 100 5 Unable to find driver path: /cumulu Add 7d:22h:1m:41s <br />P2Leaf01 temp6 networking asic die temp sensor absent 45 105 100 5 Unable to find driver path: /cumulu Add 7d:22h:1m:41s <br />P2Leaf01 temp6 networking asic die temp sensor absent 47 105 100 5 Unable to read temp4_highest Add 9d:23h:26m:6s <br />P2Leaf01 temp6 networking asic die temp sensor absent 45 105 100 5 Unable to read temp4_highest Add 14d:22h:46m:45s <br /></pre></div></div> <br />This message might occur as a result of a timeout at the hardware level, or the switch might be reporting a failure to get a response.  | 3.5.3-3.7.14.2, 4.0.0-4.3.0 | |
+| <a name="CM-15812"></a> [CM-15812](#CM-15812) <a name="CM-15812"></a> <br /> | Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs. | 3.2.1-3.7.14.2, 4.0.0-4.3.0 | |
 | <a name="2595889"></a> [2595889](#2595889) <a name="2595889"></a> <br />CM-31120 | In a traditional bridge configuration with <code>ip-forward off</code>, neighbors are synchronized to hardware with a <code>switchd</code> restart but are cleared when you flap the bridge interface. | 3.7.10-4.2.1 | 4.3.0|
 | <a name="2595816"></a> [2595816](#2595816) <a name="2595816"></a> <br />CM-31222 | Tenant VRF BGP peers appear in the EVPN RMAC and nexthop tables, which causes the kernel RMAC to point at invalid IP address. | 3.7.12-4.2.1 | 4.3.0|
 | <a name="2589747"></a> [2589747](#2589747) <a name="2589747"></a> <br />CM-32226 | If <code>switchd</code> successfully signals <code>clagd</code> that it is going down, <code>clagd</code> stops responding to keepalive echo requests from the peer instead of sending a good bye to the peer over both the peerlink and the backup switch. Eventually, the keepalive timer expires and the secondary switch becomes the primary, and brings the bonds and VNIs back up. However, if <code>switchd</code> does not successfully signal it is going down, (in the event of a crash), the primary switch continues to respond to keepalives, and the bonds and VNIs are down on both peers.  | 3.7.12-4.2.1 | 4.3.0|
@@ -323,7 +325,6 @@ pdfhidden: True
 | <a name="2547573"></a> [2547573](#2547573) <a name="2547573"></a> <br />CM-28322 | On Tomahawk switches, when the <code>vxlan_tnl_arp_punt_disable</code> option is set to FALSE, ARP packets are not forwarded to the CPU. | 3.7.9-4.0.1 | 4.1.0-4.3.0|
 | <a name="2547558"></a> [2547558](#2547558) <a name="2547558"></a> <br />CM-28313 | On the EdgeCore Wedge100 and Facebook Wedge-100S switch, certain physical ports are not correctly mapped to the logical ones. For example:<br />Logical swp39 controls physical swp41<br />Logical swp40 controls physical swp42<br />Logical swp43 controls physical swp45<br />Logical swp44 controls physical swp46<br />This might causes incorrect forwarding behavior. | 3.7.11, 4.0.0-4.0.1 | 3.7.12-3.7.14, 4.1.0-4.3.0|
 | <a name="2547509"></a> [2547509](#2547509) <a name="2547509"></a> <br />CM-28276 | When a Trident3 switch receives packets containing an IP checksum value that is not compliant with RFC 1624, the TTL is decremented after a routing operation but the checksum is not recalculated. This results in the IP checksum value being invalid as the packet leaves the switch.  | 3.7.10-3.7.11, 4.0.0-4.0.1 | 3.7.12-3.7.14, 4.1.0-4.3.0|
-| <a name="2547445"></a> [2547445](#2547445) <a name="2547445"></a> <br />CM-28249 | On the Mellanox switch, when you modify the buffer and queue configuration without restarting <code>switchd</code>, you might see a one second interruption in forwarding. | 4.0.0-4.3.0 | |
 | <a name="2547443"></a> [2547443](#2547443) <a name="2547443"></a> <br />CM-28248 | On the Dell N3248PXE-ON switch, 25G SFP ports do not work in 10G mode. | 3.7.11-4.0.1 | 4.1.0-4.3.0|
 | <a name="2547405"></a> [2547405](#2547405) <a name="2547405"></a> <br />CM-28226 | When you restart the <code>hsflowd</code> service, you see a <code>systemd</code> warning message similar to the following:<br /><pre><br />Warning: The unit file, source configuration file or drop-ins of hsflowd&#64;mgmt.service changed on disk. Run 'systemctl daemon-reload'.<br /></pre> | 4.0.0-4.3.0 | |
 | <a name="2547399"></a> [2547399](#2547399) <a name="2547399"></a> <br />CM-28221 | The following security vulnerabilities have been announced in qemu, which is not installed by default on Cumulus Linux but is available in the repository for optional installation:<br />CVE-2019-15890 CVE-2020-7039 CVE-2020-1711: security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.<br />https://security-tracker.debian.org/tracker/source-package/qemu<br />Vulnerable: <= 3.1+dfsg-8+deb10u3<br />Fixed: 3.1+dfsg-8+deb10u4 | 4.0.0-4.0.1 | 4.1.0-4.3.0|
@@ -510,7 +511,6 @@ pdfhidden: True
 | <a name="2532017"></a> [2532017](#2532017) <a name="2532017"></a> <br />CM-18192 | In FRR, <code>bgp_snmp</code> does not show all BGP peers when peer groups used. | 3.7.11-4.0.1 | 4.1.0-4.3.0|
 | <a name="2531273"></a> [2531273](#2531273) <a name="2531273"></a> <br />CM-17494 | In certain cases, a peer device sends an ARP request from a source IP address that is not on the connected subnet and the switch creates a STALE neighbor entry. Eventually, the switch attempts to keep the entry fresh and sends ARP requests to the host. If the host responds, the switch has REACHABLE neighbor entries for hosts that are not on the connected subnet. <br />To work around this issue, change the value of <code>arp_ignore</code> to 2. See &#91;Address Resolution Protocol in the Cumulus Linux user guide\|https://docs.cumulusnetworks.com/cumulus-linux/Layer-3/Address-Resolution-Protocol-ARP/&#93; for more information. | 4.0.0-4.3.0 | |
 | <a name="2530322"></a> [2530322](#2530322) <a name="2530322"></a> <br />CM-16571 | NCLU cannot manage <code>rsyslog</code> to addresses routed via a VRF.  In Cumulus Linux 4.0.0 and later, management VRF is enabled by default.   To work around this issue, update the <code>/etc/network/interfaces</code> file to disable management VRF. | 4.0.0-4.3.0 | |
-| <a name="2529544"></a> [2529544](#2529544) <a name="2529544"></a> <br />CM-15812 | Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs. | 4.0.0-4.3.0 | |
 
 ### Fixed Issues in 4.0.0
 |  Issue ID 	|   Description	|   Affects	|
 
@@ -1086,6 +1086,12 @@ To work around this issue, change the value of &lt;tt&gt;arp_ignore&lt;/tt&gt; t
 <th> Fixed </th>
 </tr>
 <tr>
+<td>CM-28249</td>
+<td>&lt;p&gt;On the Mellanox switch, when you modify the buffer and queue configuration without restarting &lt;tt&gt;switchd&lt;/tt&gt;, you might see a one second interruption in forwarding.&lt;/p&gt;</td>
+<td>4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>CM-28080</td>
 <td>&lt;p&gt;TACACS+ through ClearPass is not currently supported. Cumulus Linux sends authorization before authentication, but ClearPass does not accept an authorization before the user is authenticated.&lt;/p&gt;</td>
 <td>3.7.11-3.7.14.2, 4.0.0-4.3.0</td>
@@ -1109,6 +1115,12 @@ To work around this issue, change the value of &lt;tt&gt;arp_ignore&lt;/tt&gt; t
 <td></td>
 </tr>
 <tr>
+<td>CM-15812</td>
+<td>&lt;p&gt;Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.&lt;/p&gt;</td>
+<td>3.2.1-3.7.14.2, 4.0.0-4.3.0</td>
+<td></td>
+</tr>
+<tr>
 <td>2595889</td>
 <td>In a traditional bridge configuration with {{ip-forward off}}, neighbors are synchronized to hardware with a {{switchd}} restart but are cleared when you flap the bridge interface.</td>
 <td>3.7.10-4.2.1</td>
@@ -2558,12 +2570,6 @@ This might causes incorrect forwarding behavior.</td>
 <td>3.7.12-3.7.14, 4.1.0-4.3.0</td>
 </tr>
 <tr>
-<td>2547445</td>
-<td>On the Mellanox switch, when you modify the buffer and queue configuration without restarting {{switchd}}, you might see a one second interruption in forwarding.</td>
-<td>4.0.0-4.3.0</td>
-<td></td>
-</tr>
-<tr>
 <td>2547443</td>
 <td>On the Dell N3248PXE-ON switch, 25G SFP ports do not work in 10G mode.</td>
 <td>3.7.11-4.0.1</td>
@@ -4065,12 +4071,6 @@ To work around this issue, change the value of {{arp_ignore}} to 2. See [Address
 <td>4.0.0-4.3.0</td>
 <td></td>
 </tr>
-<tr>
-<td>2529544</td>
-<td>Multicast forwarding fails for IP addresses whose DMAC overlaps with reserved DIPs.</td>
-<td>4.0.0-4.3.0</td>
-<td></td>
-</tr>
 </table>
 <table name="Fixed issues in 4.0.0">
 <tr>