TITLE: ComOS 3.2R Release Notes
DATE: July 25, 1995

Release Notes for 3.0.1R --> 3.2R

This document describes bug fixes and enhancements made to the IRX operating system between release 3.0.1R and 3.2R.

Enhancements

  1. Latency between back to back packets on synchronous interfaces has been significantly decreased. This improves utilization of high speed links (ie. T1 or E1).
  2. The Annex-D version of LMI has been added for use with Frame Relay. The command "set annex_d Interval" where "Interval" is the number of seconds between LMI requests will enable this feature. Setting "Interval" to zero (0) or enabling the older LMI will disable Annex-D.
  3. Frame Relay Sub-Interface support. User's can create a "bundle" of DLCI addresses or PVC's which are attached to an alternate interface. The alternate interface can have different network numbers than the primary Frame Relay interface for managing the interconnection of networks via frame relay. In addition, each interface can have different filters which provide for Firewall level security between interconnected networks. This is especially useful if a customer has a private Frame Relay network and an Internet connected Frame Relay link. Frame Relay Sub-Interfaces are managed through the PortMaster Location Table as standard locations with the protocol set to "frame_relay". In addition, Frame Relay Sub-Interfaces allow a large number of DLCI's to be specified when using static DLCI assignment. This number is only limited by available memory and can be hundreds of entries.
  4. Support for 4 or 16 megabytes of memory has been added. The IRX will auto-detect the physical installed memory. 70ns SIMMs are required, and there must be 4 SIMMs, all of them either 256K, 1MB, or 4MB. Mixing SIMMs is not supported. In addition, utilization of the first megabyte (factory installed) of memory has been improved allowing configurations which require significant amounts of system memory to run comfortably on the IRX.
  5. Report an IP address different than the ether0 IP address during PPP negotiation and SLIP notification. Any IP address may be used with the "set reported_ip X.X.X.X" command.
  6. The PortMaster now supports unidirectional Van Jacobson compression. This allows for TCP/IP header compression in one direction while running uncompressed in the other direction.
  7. The IRX now displays the Ethernet MAC address in the "show ether0" or "show ether1" commands.
  8. A new netmasks table now supports special netmasks which override consolidation of hosts into subnets and subnets into networks as defined in the RIP RFC 1058. This feature is useful when more than one PortMaster must appear as a single PortMaster and in some cases allows CIDR based network numbering to work with the PortMaster. For example, "add netmask 192.9.200.0 255.255.255.255" causes host routes to be propagated for all dial-in clients with 192.9.200.X addresses, instead of sending out a single network route for 192.9.200.0.
  9. The command "show table netmasks" now displays both active and static "special" netmasks being used by the PortMaster. This is useful when debugging routing table problems.
  10. Scheduler latency improvements. The speed in which certain events are processed has been increased. This was accomplished by decreasing the rate at which certain non-critical events were being processed. The effect is that high priority events are processed more quickly.
  11. The administration prompt has now been enhanced to display the "System Name" followed by a ">" instead of "Command>" on IRXs which have had their System Name set.
  12. "show netconns" now truncates the hostname to fewer characters to assure that the TCP or UDP port number is not truncated.
  13. Ethernet performance enhancement. Packets are now loaded directly into internal NetBufs from the Ethernet controller. This eliminates a duplicate copy, decreasing latency and enhancing throughput.
  14. Better servicing of flash updates of routes via RIP. Previously, in some cases, changes to the routing table would not be immediately propagated to the network. The new routes would not appear in network routing tables until the next 30 second RIP update. This has been fixed and new routes will now be sent to the network within 1 second of their arrival.
  15. System uptime is now displayed as part of the "version" command.
  16. "show arp frm1" on IRX now shows DLCI as well as Q.922 address on frm1.

Bug Fixes

  1. A theoretical firewall attack scheme to bypass "Established" filter rules now has protection. In previous releases it was theoretically possible to bypass a packet filter which used the "tcp established" rule by sending IP packets with overlapping fragments. The new release checks for these packets and denies them to eliminate this possible attack.
  2. ARP replies are now directed to the sender instead of being broadcast.
  3. More FLASH file system sanity checks are now performed. While a corrupt file may still cause configuration errors, the PortMaster will still complete its boot procedures rather than just hanging trying to make sense out of invalid configuration data.
  4. Inverse ARP over Frame Relay compatibility. Inverse ARP in earlier releases was not compatible with other vendors' implementations. This has been fixed. In addition, a feature to maintain backward compatibility was added.
  5. A memory leak in the IPX SAP subsystem has been removed. This leak occurred in networks with unstable, rapidly changing SAP tables.
  6. When using Frame Relay on a sync port FECN, BECN, and DE bits are removed from DLCI headers of Inverse ARP requests to properly glean ARP table entries from Frame Relay switches which assert these bits.
  7. Dial-in PPP users who refuse all forms of authentication are shutdown immediately after completing LCP negotiation instead of waiting for Carrier to drop.
  8. SNMP queries for the software release level now return the correct release.
  9. UDP packet corruption has been fixed. On heavily loaded Firewall IRX's where ethernet to ethernet packets were being sent at full network bandwidth occasional packets would get corrupted data. This is visible with UDP packets which do not contain a checksum. This has been fixed.
  10. Improved Ethernet interface re-enable time - When network error (i.e. lost carrier) occurred it was taking 1-3 seconds for the ethernet interface to recover in some cases. This delay has been removed.
  11. Long filter rule sets now paginate instead of being truncated when using the show filter command.

Copyright and Trademarks

© Copyright 1997 Lucent Technologies, Inc. All rights reserved.

The product names, "ComOS," "IRX," "PortMaster," "PMconsole," and "RADIUS" are trademarks belonging to Lucent Technologies, Inc.

All brand product names mentioned in this document are trademarks or registered trademarks of their respective manufacturers.

Notices

Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this manual, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies, Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes.

Contacting Lucent InterNetworking Systems Technical Support

Every Lucent PortMaster or IRX¿ product comes with a one year hardware warranty. Lucent Technologies provides technical support via voice, FAX, and electronic mail. Technical support is available Monday through Friday 6am-5pm Pacific Time (GMT-8).

To contact Lucent InterNetworking Systems technical support by voice, dial 1-800-458-9966 within the US or 1-510-426-0770 outside the US, by FAX, dial 1-510-426-8951, by electronic mail, send mail to support@livingston.com, and through the World Wide Web at http://www.livingston.com/.