i40e and i40evf now fully supported
The i40e and i40evf kernel drivers have been updated to versions 1.3.21-k and 1.3.13. These updated drivers, which were previously included as a Technology Preview, are now fully supported. Note that you need to apply the i40e Driver Update Program (DUP) for Red Hat Enterprise Linux 7.2 available at https://rhn.redhat.com/errata/RHEA-2016-0464.html
. For more information, see the Knowledgebase article available at https://access.redhat.com/articles/1400943
On i40e ports, an attempt to run iSCSI related commands previously led to loss of network connectivity out of i40e ports. This update fixes the bug, and the system now allows for iSCSI commands to proceed.
SNMP now correctly obeys the clientaddr directive over IPv6
clientaddr option in
snmp.conf only affected outgoing messages sent over IPv4. With this release, the outgoing IPv6 messages are correctly sent from the interface specified by
tcpdump supports -J, -j, and --time-stamp-precision options
libpcap now provide APIs to obtain nanosecond resolutions time stamps,
tcpdump has been updated to leverage this functionality. Users can now query which time stamp sources are available (-J), set a specific time stamp source (-j), and request time stamps with a specified resolution (--time-stamp-precision).
TCP/IP rebase to version 3.18
TCP/IP stack has been upgraded to upstream version 3.18, which provides a number of bug fixes and enhancements over the previous version. Notably, this update fixes TCP fast open extension, which now works as expected when using IPv6. In addition, this update provides support for optional TCP autocorking and implements Data Center TCP (DCTCP).
NetworkManager libreswan rebase to version 1.0.6
A number of bug fixes and enhancements have been incorporated from upstream, for example:
* Password handling is now more robust
* Connection start and stop is now more robust
* Default routing is now autodetected from pushed routes
* Added support for interactive password requests
* Fixed erroneous import and export capability advertisement.
NetworkManager now supports setting the MTU of a bonded interface
Both 'nmcli' and the GUI interface now allow the setting of MTU on a bonded interface.
NetworkManager now validates IPv6 Router Advertisement MTU options before applying them
Malicious or misconfigured nodes could send an IPv6 MTU that would make further network communication problematic or impossible if applied. NetworkManager now gracefully handles these events and maintains IPv6 connectivity.
IPv6 Privacy extensions now enabled by default
To determine and set IPv6 privacy settings at device activation, NetworkManager now checks its network configuration in NetworkManager.conf by default, and falls back to
/proc/sys/net/ipv6/conf/default/use_tempaddr if necessary.
The control-center Network Panel now displays WiFi device capabilities
Supported operating frequencies of WiFi devices are now displayed in the control-center network panel.
NetworkManager now gracefully handles route conflicts when multiple interfaces point to the same gateway
NetworkManager now keeps track of configured routes and avoids attempts to set conflicting routes. When a conflicting route is no longer active, it is removed.
Fix for network blackout with multihomed connections
NetworkManager now avoids a network blackout when activating the second device in a multihomed connection.
New option to prevent NetworkManager from overriding
ip route add
The new 'never-default' option has been added to the connection IP configuration. This option prevents NetworkManager from setting the default route itself, allowing the administrator to set different default routes as required.
Fix for legacy network.service errors when Carrier Down is detected on some hardware
When a device has no carrier during boot, NetworkManager will wait for the carrier to be detected instead of causing activation to fail immediately.
NetworkManager now supports Wake On Lan
The nmcli utility now allows
Wake on Lan to be set on a per device basis.
Improved support for firewalld zones with VPN connections
When a firewall zone is configured for a device-based VPN connection, the zone is now correctly configured in firewalld.
Fair Queue packet scheduler now supported
The Fair Queue packet scheduler, known as
fq, has been added to Red Hat Enterprise Linux 7.2 and can be selected using the
tc (traffic controller) utility.
Added support for transmit coalescing
xmit_more extension has been implemented, improving transmit performance of virtio-net and other drivers, especially when TSO (TCP Segmentation Offload) is disabled.
Improved network frame receiving performance
By refactoring the code to eliminate IRQ save and restore operations in NAPI memory allocation, latency when receiving network frames has been reduced.
Significantly improved performance of route lookups
The IPv4 FIB (Forward Information Base) code has been updated from upstream to improve performance.
Network Namespace support for Virtual Interfaces
The netns id is now supported on virtual interfaces, allowing reliable tracking of linked network interfaces across network namespace boundaries.
Docker and LXC containers can now read net.ipv4.ip_local_port_range
Network name space support for the net.ipv4.ip_local_port_range sysctl has been added, improving container support for software that requires access to this information.
Improved reporting of autoconfigured IPv6 routes by the 'ip' tool
ip tool could not get the mtu or hoplimit information from a Route Advertisement, this has been fixed.
Dual-stack socket options are now correctly exported
AF_INET6 sockets are only exclusive to IPv6 when IPV6_V6ONLY is set. In all other cases the socket is also IPv4 capable. This information is now properly exported and can be interrogated using iproute2.
Data Center TCP Now Supported
This release includes an implementation of DCTCP to improve network performance in Data Center environments. the parameter
dctcp can be set either in
sysctl or on a per route basis with
Per Route Congestion Control
To enable different congestion control algorithms on a per route basis, the
congctl parameter has been added to
Improved Congestion Window handling for TCP Cubic and Reno when using GRO
The method to determine bandwidth and congestion window sizing has been improved, reducing the number of ACK packets required for transmission of large volumes of data.
TCP Pacing is now supported
SO_MAX_PACING_RATE has been added. This enables greater control of throughput rate for environment where this is a consideration.
Support for both client and server TFO
The TCP Fast Open feature has been added, using the RFC 7413 assigned option number.
Mitigation of TCP ACK loops
Handling of duplicated TCP ACKs has been improved, preventing some problems with buggy or potentially malicious middleboxes.
Minimal support for secondary endpoints with nf_conntrack_proto_sctp
Basic multihoming support has been added to SCTP.
AF_UNIX implementation rebased
The AF_UNIX (sometimes called AF_LOCAL) code has been updated to include many fixes and enhancements. In particular, sendpage and splice (also known as zerocopy) are now supported.
Kernel tunneling support rebased to upstream
The kernel tunneling drivers have been updated from kernel 4, bringing in many fixes and enhancements, especially for VXLAN.
Added support for crossing network namespaces to GRE
Both gre and ip6gre now have support for x-netns.
Improved performance when running Virtual Machine Traffic over VXLAN
The transmit flow hashing code has been updated, resulting in improved performance when traffic originating from a virtual machine is directed into a tunnel.
Improved offloading for VLAN frames received in a VXLAN or from GRE tunnels
A number of changes have been introduced to enable GRO support and improve performance under VXLAN and NVGRE tunneling.
Improved performance of Open vSwitch tunneling
tx-nocache-copy device feature is now disabled by default. The previous default created a significant overhead for many workloads and particularly for OVS tunnels running over a VXLAN.
Improved IPsec Handling
IPsec has been updated to provide many fixes and some enhancements. Of particular note is that this release now provides the ability to match on outgoing interfaces.
Inclusion of VTI6 support including netns capabilities
Virtual Tunnel Interfaces for IPv6, including netns capabilities, have been added to the kernel.
Default value of nf_conntrack_buckets increased
If not specified as parameter during module loading, the default number of buckets is calculated through dividing total memory by 16384 to determine the number of buckets. The hash table will never have fewer than 32 and is limited to 16384 buckets. For systems with more than 4GB of memory however, this limit will be 65536 buckets.
Improvements in memory usage for iptables on large SMP machines
Previously, large iptables rulesets could use significant amounts of memory unnecessarily, this was due to storing the ruleset on a per (possible) CPU basis. The memory overhead has been reduced by changing the way rulesets are stored.
Network bonding driver updated
To improve maintainability, the kernel network bonding driver has been updated to bring it in line with upstream source.
Kernel netlink interfaces for bonding and 802.3ad (LACP)
Additional netlink interfaces for reading and setting bonding parameters on LACP devices have been added to the kernel.
Improvements in performance for mactap and macvtap with VLANs
Several low throughput issues involving segmentation problems have been addressed:
* Communicating with e1000 devices to virtio devices over mactap.
* Communicating with an external host when using VLANs in the guest.
* Communicating with the KVM host over a VLAN in both the guest and host.
Improved ethtool network querying
The network-querying capabilities of the ethtool utility were enhanced in a Technology Preview for Red Hat Enterprise Linux 7.1 on IBM System z and are fully supported as of Red Hat Enterprise Linux 7.2. As a result, when using hardware compatible with the improved querying, ethtool provides improved monitoring options, and displays network card settings and values more accurately.