* [submodule] update sonic-linux-kernel (#2985)
* Fix many version strings
* Update minor version
* Update arista-drivers submodule (#9)
* Rebuild SDK on new kernel (#10)
* Set the default mac ageing time to 300 seconds
The current mac ageing was disabled, this could lead the mac address
table to increase over time and lead to resource and performance issues.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
* Update the default HW ageing timer to be 600 seconds.
This is to be on the safer side where ARP update interval
is 300 seconds and SONiC does not flood when ARP is aged out.
Signed-off-by: Zhenggen Xu <zxu@linkedin.com>
- Broadcom SAI GA version 20190513
- Broadcom fix for CS7999193, CS7913246, CS4529162, CS8180755, CS8242625
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
- What I did
Currently when the system is under memory pressure, the OOM killer kicks in and kills a rogue process. Killing a rogue process can cause the device to be un-healthy leading to blackholing of the traffic.
To avoid this, configure the OOM to do a kernel panic which will cause the device to reboot and come back up healthy.
- How I did it
Added the sysctl variable panic_on_oom and set the value to 2.
Setting it to 2 will ensure OOM killer to always do a kernel panic.
Submodule src/sonic-utilities 6b4d1a0..46b5aa8:
> [show ip interface] Add support for 'alias' interface naming mode (#486)
Submodule src/sonic-swss 9c4ae18..a637562:
> Suppress storm detect counter increment for ongoing pfc storm case during a warm reboot (#869)
> Remove *_LEFT fields to allow PFC watchdog to enter fresh into the (#897)
> Set LAG mtu value based on kernel netlink msg (#922)
> [warm restart assist] assume vector values could be reordered (#921)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Submodule src/sonic-utilities 7a2348c..4488525:
> use vlan members (#542)
> [sonic_installer] If asked to install an image which is already installed, simply set as default (#534)
Submodule src/sonic-swss 8246bd9..9c4ae18:
> Ignore neighbor entry with BCAST MAC, check SAI status exists (#914)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
* [logrotate] Decrease frequency to every 10 minutes; kill any lingering logrotate processes
* [logrotate] Delete all *.1.gz files as firstaction; Remove note about init-system-helpers < 1.47 workaround
However, continue to send SIGHUP directly to rsyslogd process
because 'service rsyslog rotate' still doesn't work properly with
init-system-helpers version 1.48
* [mlnx] fix mlnx-sfpd shutdown
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
* fix type and handle only EINTR and EAGAIN errors from select
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
* handle select.error as well during init/run
Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
* Switch the nss look up order as "compat" followed by "tacplus".
This helps use the legacy passwd file for user info and go to tacacs only if not found.
This means, we never contact tacacs for local users like "admin".
This isolates local users from any issues with tacacs servers.
W/o this fix, the sudo commands by local users could take <count of servers> * <tacacs timeout> seconds, if the tacacs servers are unreachable.
* Skip tacacs server access for local non-tacacs users.
Revert the order of 'compat tacplus' to original 'tacplus compat' as tacplus
access is required for all tacacs users, who also get created locally.
* Change URL for isc-dhcp source repository
* Modify supervisor conf to generate dhcrelay commands with '-id' and '-iu' options
* Comments; Also clean up jinja2 syntax
* Patch relay to open one socket per interface and send to all servers on all upstream interfaces
* Patch relay agent to properly forward BOOTREQUEST only on appropriate interface if it is a directed broadcast
* Port upstream patches to isc-dhcp-relay to support upstream/downstream interfaces
* Update patch to properly support interfaces with multiple IP addresses assigned
* Pass --enable-use-sockets to configure instead of uncommenting USE_SOCKETS directly
Submodule src/sonic-utilities 6130695..a1f961c:
> update scheme variable name (#531)
> [teamshow]: Add * to indicate if the state has been synced into database (#395)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
Submodule src/sonic-swss e26e1d8..8246bd9:
> [watermarkorch] only perform periodic clear if the polling is on (#781)
Submodule src/sonic-utilities e3bb8b9..6130695:
> [reboot] log reboot progress and add a sanity check before reboot (#526)
> Fix TODO to get/set active ports only (#494)
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
- Add ebtables package, and install some filter rules:
1. ebtables -A FORWARD -d BGA -j DROP
2. ebtables -A FORWARD -p ARP -j DROP
Basically, we let the ARP packets in the VLAN being forwarded by the ASIC,
kernel gets a copy of these ARP packets and the forwarding from Kenerl gets
dropped. So there is always only one copy of ARP/response in the VLAN.
Signed-off-by: Ying Xie <ying.xie@microsoft.com>
