Lumina SDN Controller Release Notes

Overview

Lumina SDN Controller, 7.3.0, brings in support for OpenDaylight Nitrogen SR3, the seventh OpenDaylight platform release. For more information about Opendaylight Nitrogen, refer to the following URL: https://www.opendaylight.org/blog/2017/09/26/opendaylight-introduces-nitrogen

Behavior Changes

The behavior changes in this release are the following:

New Features

This release introduces the following new features and enhancements:

Modified features

For information about modified features in this release, refer to Behavior Changes.

Deprecated features

There are no deprecated features in this release.

Software Upgrade

For information about installing and upgrading Lumina SDN Controller apps and extensions, refer to Lumina SDN Controller Software Installation Guide.

Limitations and Restrictions

Limitations of the OpenFlow plug-in

The following features are not supported in the OpenFlow plug-in:

  • Table configuration
  • Port configuration
  • Queue configuration
  • DTLS-based connection establishment

OpenDaylight Projects

Lumina SDN Controller 7.x.x is derived from the following OpenDaylight Nitrogen projects:

  • AAA
  • BGP-PCEP
  • Controller
  • Data Export Import
  • L2Switch
  • MD-SAL
  • NETCONF
  • NetVirt
  • ODL Root Parent
  • OpenFlow Java
  • OpenFlow Plug-in
  • OVSDB
  • Neutron
  • YANG tools

Refer to Lumina SDN Controller User Guide for details about supported features.

Nitrogen-SR3 Release Notes

For information about the OpenDaylight Nitrogen-SR3 release, go to: http://docs.opendaylight.org/en/stable-nitrogen/release-notes/index.html

Security Vulnerabilities

The following section lists the known security issues in this release and their status.

Note

For more information about these issues, refer to the following URL: https://wiki.opendaylight.org/view/Security:Advisories

  • CVE-2017-1000357
    • Description: Denial of Service attack risk exists when a switch rejects to receive packets from the controller. This vulnerability affects the OpenDaylight odl-l2switch-switch component, which is the component responsible for OpenFlow communication.
    • Mitigation: Restricting access to the management network to ensure that only known, trusted devices can connect to the OpenFlow ports of OpenDaylight should minimize or eliminate the risk.
    • Affected Releases: Boron
    • Patch commitments: None.
    • Upstream Status: Not fixed upstream
    • Lumina SDN Controller Status: Not fixed in Lumina SDN Controller
  • CVE-2017-1000358
    • Description: The controller throws an exception and does not allow users to add subsequent flows for a particular switch. This vulnerability affects the OpenDaylight odl-restconf feature.
    • Mitigation: Ensuring that only restricted users can add flows to devices and that they do not repeatedly add the same flow should minimize or eliminate risk of the attack.
    • Affected Releases: Boron
    • Patch commitments: None.
    • Upstream Status: Not fixed upstream
    • Lumina SDN Controller Status: Not fixed in Lumina SDN Controller
  • CVE-2017-1000359
    • Description: Java out-of-memory error and significant increase in resource consumption is observed. The OpenDaylight odl-mdsal-xsql component is vulnerable to this flaw.
    • Mitigation: Ensuring that only restricted users can add flows to devices and that they do not repeatedly add the same flow should minimize or eliminate risk of the attack.
    • Affected Releases: Boron <= SR2 (patched in SR3)
    • Patch commitments:
      • Patches for Boron (shipped in Boron-SR3)
      • Patches for Carbon (shipped in Carbon)
    • Upstream Status: Fixed upstream
    • Lumina SDN Controller Status: Never vulnerable
  • CVE-2017-1000360
    • Description: Controller launches StreamCorruptedException and NullPointerException in the console. OpenDaylight odl-mdsal-xsql component is vulnerable to this flaw.
    • Affected Releases: Boron <= SR2 (patched in SR3)
    • Patch commitments:
      • Patches for Boron (shipped in Boron-SR3)
      • Patches for Carbon (shipped in Carbon)
    • Upstream Status: Fixed upstream
    • Lumina SDN Controller Status: Never vulnerable
  • CVE-2017-1000361
    • Description: DOMRpcImplementationNotAvailableException is launched when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources.
    • Mitigation: Restricting access to the management network to ensure that only known, trusted devices can connect to the OpenFlow ports of OpenDaylight should minimize or eliminate the risk.
    • Affected Releases: Boron
    • Patch commitments: None
    • Upstream Status: Not fixed upstream
    • Lumina SDN Controller Status: Not fixed in Lumina SDN Controller.

Note

Lumina actively monitors and patches security vulnerabilities in Lumina SDN Controller.

Note

Lumina SDN Controller is a Java application, and, hence, is susceptible to Java security vulnerabilities. Lumina recommends that you keep the Java runtime environment current with the latest security patches and updates.

Resolved Issues

The following section lists the resolved issues in this release.

Key Summary
LUM-373 In a clustered environment when one member becomes isolated, links may mistakenly be removed from the OpenFlow topology. The links may or may not be recovered when the cluster is reformed.
LUM-539 When changing PCEP session timer values after the PCEP session is established, the PCEP session closes and does not get re-established with the new timer values. Karaf logs show that the blueprint fails to restart successfully.
LUM-704 In openflowplugin, if a user increases the inactivity_probe or disables the echo request functionality in the switch, the controller sends the echo request if channel goes idle for 2 seconds. In this case, the controller disconnects the switch because of mis-processing the echo response. For more information, https://jira.opendaylight.org/browse/OPNFLWJAVA-86
LUM-707 Unable to establish connections with switches after frequent connectiond and disconnections. For more information, go to: https://jira.opendaylight.org/browse/OPNFLWPLUG-970
LUM-1305 Links are not discovered when the receiving controller is the entity-owner of the LLDP source For more information, https://jira.opendaylight.org/browse/OPNFLWPLUG-984
LUM-1307 Controller cannot handle switches with queues. For more information, https://jira.opendaylight.org/browse/OPNFLWPLUG-995
LUM-1308 Datastore transactions fail to converge during partitioning. For more information https://jira.opendaylight.org/browse/CONTROLLER-1814
LUM-1309 TransactionContextWrapper acting as blocker causing performance issues. For more information https://jira.opendaylight.org/browse/CONTROLLER-1825
ODLS-239 In a cluster or geo-cluster environment, if the size of data in data-store is large, daexim export operation may fail with AskTimeoutException reported in the log.
ODLS-243 It is observed that a BGP session may not recover when there is an exception thrown during BGP session negotiation. When this occurs, the BGP session will go stale and the controller will consider the BGP session state as established, even though the underlying BGP connection is not there. After the BGP hold timer expires, the controller will try to reconnect to BGP peer; however, it will fail with a message that the BGP peer address already exists.

Known Issues

The following section lists the known issues in this release.

Key Summary
ODLS-299

Due to a bug in paxweb, when multiple HttpConnectors are configured, only the first one has SSL enabled. For more information, go to: https://ops4j1.jira.com/browse/PAXWEB-1170

Workaround: https://ops4j1.jira.com/browse/PAXWEB-1170

LUM-288

BGP sessions are unable to parse BGP attributes when injecting routes with receive flag set to false. For more information, go to: https://bugs.opendaylight.org/show_bug.cgi?id=9310

Workaround: There is no workaround.

LUM-328

While performing NETCONF operations, Master is down and transaction submit failures are observed.

Workaround:: Use http://<controller:8181>/restconf/module instead of http://<controller:8181>/restconf/streams

LUM-476

When secondary non-voting site is down and a voting node in primary goes down and comes up, it fails to join the cluster. The same is valid if the Secondary site is voting and Primary site is non-voting.

Workaround: Run the down-unreachables-nodes action in the Geo Cluster Manager script on all active nodes in the cluster.

LUM-477

When secondary non-voting site is down and one node in secondary site is brought up, it fails to join the cluster even though Primary site is voting. The same is valid if the Secondary site is voting and Primary site is non-voting.

Workaround: Run the down-unreachables-nodes action in the Geo Cluster Manager script on all active nodes in the cluster.

LUM-514

Schema cache is sometimes empty on slave nodes when mounting vRouter, resulting in the following exception: “MissingSchemaSourceException: All available providers exhausted”. For more information, go to: https://jira.opendaylight.org/browse/NETCONF-491

Workaround: There is no workaround.

LUM-749

PCEP fails to come up on cluster node after restart if the node was not shut gracefully

Workaround: 1. delete the offending queue-id (e.g. DELETE http://controller-ip:8181/restconf/config/odl-programming-config:odl-programming/odl-programming-config/global-instruction-queue-1) and restart the corresponding node

OR, shutdown the affected node, change instruction-queue-id instance in etc/opendaylight/karaf/30-programming.xml to a different value e.g. global-instruction-queue-11, and start the node again

ODL-6987

Illegal state exception is observed when routes with the same prefix and different path ID and local preference values are deleted. For more information, go to: https://bugs.opendaylight.org/show_bug.cgi?id=8254

Workaround: There is no workaround.

ODL-6475

The maximum snapshot file size (for the clustered data store) is 2 GB.

Workaround: There is no workaround.

ODL-5145

If the primary voting nodes are isolated from the secondary nonvoting nodes and one of the secondary nodes is restarted, the Geo Cluster Manager (geo_config.py) utility script indicates that it cannot find the voting status, even though the Jolokia link says VOTING=FALSE. It also indicates that it has lost connection with the other two secondary nonvoting nodes.

Workaround: In case of a network isolation, the script is not expected to display the correct voting status of nodes. After the network connections are resolved, the script displays the correct voting status in the output.

ODL-6289

IPv6 BGP add path is not respecting the configured topmost paths (n-best-paths); instead, it always injects only one path. For more information, go to: https://bugs.opendaylight.org/show_bug.cgi?id=8079

Workaround: There is no workaround.

Documentation

The following guides support this release:

  • Lumina SDN Controller Quick Start Guide
  • Lumina SDN Controller Software Installation Guide
  • Lumina SDN Controller User Guide
  • Lumina Topology Manager User Guide