Avaya has released the 4.2 VOSS Software for the VSP4000 and VSP8000 switch series.
With SW 4.2 is also some new hardware introduced:
VSP 8400 switch, which supports the following four Ethernet Switch Modules (ESMs):
– 8424XS: 24-port 10GBASE-SFP+ ESM
– 8424XT: 24-port 10GBASE-T ESM
– 8408QQ: 8-port* 40GBASE-QSFP+ ESM
– 8418XSQ: 16-port 10GBASE-SFP+ and 2-port 40GBASE-QSFP+ Combo ESM
New QSFP+ direct attach cables:
– QSFP+ to QSFP+ 40–gigabit, 0.5 meter Direct Attach Cable (DAC) assembly, which directly connects two QSFP+ ports
– QSFP+ to four SFP+ 10–gigabit direct attach breakout cable (BOC) assembly, which directly connect one QSFP+ port to four channelized SFP+ ports
The VSP 8400 is a modular device with 4 slots. With the 4 available modules you get more flexebilty than with the fixed VSP8200 model and more 40G ports.
New Software Features:
Authentication and password enhancements (enhanced secure mode)
Release 4.2 supports authentication and password enhancements. After you enable the new boot config flags enhancedsecure-mode, enhanced secure mode provides new role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use.
Border Gateway Protocol
Release 4.2 updates the Border Gateway Protocol (BGP) to support the Internal Border Gateway Protocol (iBGP) and External Border Gateway Protocol (eBGP) features.
Channelization
Release 4.2 adds support for channelization, which allows you to configure 40Gbps QSFP+ ports to operate as four 10 Gigabit Ethernet ports.
Encryption module changes
Release 4.2 includes the encryption modules in the image file. There are no separate encryption modules. Therefore, the commands load-encryption-module and software add-modules have been removed. The commands are no longer required for the current release to load the encryption modules
Gratuitous ARP changes
Release 4.2 adds the ability to enable and disable Gratuitous Address Resolution Protocol (ARP).
Internet Protocol Security (IPsec)
Release 4.2 adds support for Internet Protocol Security (IPSec) for IPv6. IPSec adds support for OSPF virtual link for the security protection of the communication between the end points. You can also use IPSec with OSPFv3 on a brouter port or VLAN interface, for example, if you want to encrypt OSPFv3 control traffic on a broadcast network. You can also use IPSec with ICMPv6.
Log file updates with enhanced secure mode
With enhanced secure mode enabled, only individuals in the administrator or auditor role-based access levels can view log files to analyze switch access and configuration activity. However, no access level role can modify the content of the log files, not even the administrator or the auditor access level roles. After you enable enhanced secure mode, you cannot delete or clear log files no matter what your role-based access level is.
Remote Monitoring 2 (RMON2)
Release 4.2 adds support for Remote Monitoring 2 (RMON2) and updates information about RMON1. Remote Monitoring (RMON) is a management information base (MIB) or a group of management objects that you use to obtain or configure values using the Simple Network Management Protocol (SNMP). Remote Monitoring 1 (RMON1) is the original version of the protocol, which collects information for OSI Layer 1 and Layer 2 in Ethernet networks. RMON1 provides traffic statistics at the MAC layer, and provides statistics on Ethernet segments for packets and bytes received and transmitted.
RMON2 monitors network and application layer protocols on configured network hosts that you enable for monitoring. RMON2 expands the capacity of RMON1 to upper layer protocols in the OSI model. RMON2 adds the following MIBS: protocol directory, protocol distribution, address map, network-layer host and application layer host for the traffic passing through the CP for these MIB tables.
The system only collects statistics for packets that pass through the Control Processor (CP). RMON2 does not monitor packets on other interfaces processed on the switch that do not pass through the Control Processor (CP).
RMON2 collects statistics on:
• Protocols predefined by the system.
• Address mapping between physical and network address on particular network hosts that you configure for monitoring.
• Network host statistics for particular hosts on a network layer protocol (IP) that you configure for monitoring.
• Application host statistics for particular host on an application layer protocol that you configure for monitoring.
SNMP Q-Bridge MIB support
Release 4.2 adds support to Q-Bridge MIB (Management Information Base ) which is an industry standard to get statistics from switches.
Secure Copy changes
The current release does not support Secure Copy (SCP). The preferred alternative file transfer mechanism is Secure File Transfer Protocol (SFTP). A secondary alternative is File Transfer Protocol (FTP).
This feature change has impact on the following areas:
•Scripts:
For those scripts that use SCP for file transfer, they will need to be modified to use
SFTP or FTP in place of SCP.
•Third-party tools:
For those tools that currently use SCP, the alternate methods of support are SFTP or FTP.
•COM:
Because COM does not support SFTP, the alternative file transfer mechanism in place
of SCP is to enable and use FTP.
To enable FTP support in COM, do the following:
Within COM, under the Admin Group, modify the Device Credentials for the devices. In the Device and Server Credentials Editor, edit the Credential Set; click on the FTP tab and
populate the FTP User field and Password field that match with the devices. Save the changes, and then, you will be able to use FTP in COM with the devices.
For more information on COM, see the COM documentation.
Secure hash algorithm 1 and secure hash algorithm 2
Release 4.2 adds support for the secure hash algorithm 1 (SHA-1) and SHA-2.
SHA-1 is a cryptographic hash function that uses 160-bit encryption, usually given in a 40 digit hexadecimal number. SHA-1 is one of the most widely used of the existing SHA hash functions and is more secure than MD5.
SHA-2 is also a cryptographic hash function. SHA-2 updates SHA-1 and offers six hash functions that include SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA 512/256, with hash values that are 224, 256, 384, or 512 bits message digest size values. Output size depends on the hash function, so, for instance SHA-256 is 256 bits.
SHA-1 and SHA-2 take a variable length input message and create a fixed length output message referred to as the hash, or message digest, of the original message. If you use SHA-1 or SHA-2 with OSPF, each OSPF packet has a message digest appended to it. The message digest or hash must match between the sending and receiving routers. If the message digest computed at the sender and receiver does not match, the receiver rejects the packet. The hash functions produce a type of checksum or summary of the input.
Secure Shell changes
Release 4.2 updates Secure Shell implementation on the switch. The switch now supports only Secure Shell version 2 (SSHv2). SSHv2 also adds encryption support for MD5, SHA-1, and SHA-2.
SNMPv3 enhancements
Release 4.2 updates SNMPv3 to support Federal Information Processing Standards (FIPS) 140-2. SNMPv3 supports the Advanced Encryption Standard (AES) and Data Encryption Standard (DES) encryption options and Message Digest algorithm 5 (MD5), Secure Hash Algorithm 1 (SHA-1) and SHA-2 authentication types.
If you enable enhanced secure mode, the VSP switch does not support the default SNMPv1 and default SNMPv2 community strings, and default SNMPv3 user name. The individual in the administrator access level role can configure a non-default value for the community strings, and the VSP switch can continue to support SNMPv1 and SNMPv2. The individual in the administrator access level role can also configure a non-default value for the SNMPv3 user name and the VSP switch can continue to support SNMPv3.
If you disable enhanced secure mode, the SNMPv1 and SNMPv2 support for community strings remains the same, and the default SNMPv3 user name remains the same. Enhanced secure mode is disabled by default.
SoNMP Changes
Release 4.2 updates the SoNMP Topology Discovery Protocol to include support for channelization.
The SONMP hello packet includes sub-port information channelization is enabled.
Note:
For the update it is no longer the modules files wich included in privious releases the encryption files needed.
Avaya has now integrated all encryption files inside the main image.
There are also some bugfixes included in the 4.2 release.
For more informations check out the 4.2 Release Notes: