XT-Family Firmware History

This is the firmware revision log for the XT family Products.

----------

XT-6605, XT-6606, XT-6632 V1.10 1/8/2021

This release corrects the following:

Several possible vulnerabilities in the web server were patched. This includes addressing the SWEET32 vulnerability in TLS and disabling support for TLS v1.0. This means that the web server will only support TLS v1.1 and v1.2. As a result, users relying on Windows XP to configure the device may find that they can no longer connect to the web server.

This release adds the following features:

Additional metrics were added to the Ethernet Tunnel. The "Tunnel Nodes" status display will show the bandwidth and packet-per-second load on the unit.

The MAC table was increased from 2048 entries to 4096 entries.

The Multicast Snooping table was increased from 2048 entries to 16384 entries.

The network socket buffering was increased by 10x. (XT-6632 only)

Addition of "IPv4 Multicast Exclusive" mode. This mode should only be used in consultation with DCB support. It is intended for applications where XT devices are being used to bridge IPv4 multicast between different subnets. It invokes a number of special filter rules which limit the scope of packets allowed to cross the bridge. Specifically, it blocks all unicast traffic. In addition, it blocks multicast link-local traffic (224.0.0.0 - 224.0.0.255) not related to IGMP. This range includes router-discovery and other local multicast protocols that should never bridge between two different subnets. Link-local IGMP membership reports are allowed to pass as they are necessary for IGMP Snooping. Users should be aware that link-local IGMP membership reports crossing subnets may confuse any Protocol Independent Multicast (PIM) enabled routers on the subnets.

Addition of "IPv4 Multicast Loop Mitigation" mode. This mode is intended for use with "IPv4 Multicast Exclusive" mode. It performs non-standard time-to-live (TTL) processing on IPv4 multicast packets in order to mitigate multicast packet loops. In order to use this feature, the end-user may need the ability to configure the original TTL value in their multicast source devices. When a packet with a TTL of 0 or 1 passes through the tunnel, the TTL will be replaced with the value of 3 and allowed to pass. Any value of 3 or greater is decremented by one and allowed to pass. A TTL value of 2 is blocked. Thus, an original TTL of 0 or 1 will be allowed to cross the tunnel 2 times. An original TTL of 3 or greater will be allowed to cross the tunnel (TTL - 2) times. An original TTL of 2 will not be allowed to cross the tunnel at all. This logic was chosen because many multicast applications that hard-code the TTL will use a TTL of 1.

Note: The above two features are intended for an RoIP application where the customer is using the XT tunnels to exclusively bridge their RoIP multicast. They have wide-area layer-3 network access to all of their nodes, but their service provider is not providing multicast routing. This customer has been using our tunnels for quite some time and has been configuring filters to only pass multicast. However, every once in a while, they forget to install the filter rules. When this occurs, very bad things happen on their network. By enabling IPv4 Multicast Exclusive mode in their server, they no longer need to configure each client device with the filter rules. The IPv4 Multicast Loop Mitigation is to prevent a network meltdown in the event that two client tunnels are accidentally installed on the same subnet.

----------

XT-3303 VERSION 1.08 12/9/2020

1.0 INTRODUCTION

This release corrects several possible vulnerabilities in the web server. This includes addressing the SWEET32 vulnerability in TLS and disabling support for TLS v1.0. The web server will only support TLS v1.1 and v1.2. As a result, users relying on Windows XP to configure the XT-3303 may find that they can no longer connect to the web server.

This release adds some additional metrics to the Ethernet Tunnel. The "Tunnel Nodes" status display will show the bandwidth and packet-per-second load on the unit.

----------

XT-3305, XT-3305-S VERSION 1.09 12/8/2020

1.0 INTRODUCTION

This is the initial firmware release for the XT-3305-S. This is an XT-3305 with a RS-232 serial port.

The following features and corrections were implemented for the XT-3305.

This release patches several possible vulnerabilities in the configuration web server. This includes addressing the SWEET32 vulnerability in TLS and disabling support for TLS v1.0. This means that the web server will only support TLS v1.1 and v1.2. As a result, users relying on Windows XP to configure the XT-3305 may find that they can no longer connect to the web server.

This release adds some additional metrics to the Ethernet Tunnel. The "Tunnel Nodes" status display will show the bandwidth and packet-per-second load on the unit.

This release adds the following feature:

The ability to view the Linux system firewall was added to the "status" menu.

----------

XT-3305 VERSION 1.08 9/21/2020

1.0 INTRODUCTION

This release corrects the following:

There was problem related to NAND flash bad-block handling which prevented firmware installation on some units. If the first block of the UBI partition was bad, the system would not allow the UBI filesystem to be created.

This release adds the following feature:

The ability to view the Linux system firewall was added to the "status" menu.

----------

XT-3303 VERSION 1.07 9/18/2020

1.0 INTRODUCTION

This is the initial release of the XT-3303 firmware. It starts at v1.07 to indicate it's feature compatibility with the other XT products.

----------

XT-3306 VERSION 1.06 6/25/2020

1.0 INTRODUCTION

This release corrects the following:

When the Ethernet Tunnel is configured for TCP mode, the device may get in a state where it can't connect with it's peer. The Server Tunnel Log will repeatedly report the error "No challenge response from client". The Client Tunnel Log will repeatedly report "Timeout waiting for challenge from server". This problem effects both client and server devices.

----------

XT-6605, XT-6606, XT-6632 VERSION 1.09 08/31/2020

1.0 INTRODUCTION

This release adds the following feature:

This release adds the ability to view the Linux system firewall. This feature was requested by a Utility customer needing to verify the firewall for a CIP audit. The new feature is found under "Status - Firewall".

XT-3306 VERSION 1.06 6/25/2020

1.0 INTRODUCTION

This release corrects the following:

When the Ethernet Tunnel is configured for TCP mode, the device may get in a state where it can't connect with it's peer. The Server Tunnel Log will repeatedly report the error "No challenge response from client". The Client Tunnel Log will repeatedly report "Timeout waiting for challenge from server". This problem effects both client and server devices.

----------

XT-3305 VERSION 1.07 6/25/2020

1.0 INTRODUCTION

This release corrects the following:

When the Ethernet Tunnel is configured for TCP mode, the device may get in a state where it can't connect with it's peer. The Server Tunnel Log will repeatedly report the error "No challenge response from client". The Client Tunnel Log will repeatedly report "Timeout waiting for challenge from server". This problem effects both client and server devices.

The Ethernet Tunnel would not transport an Ethernet frame if it was a UDP packet with a checksum error in the UDP header. The XT-3305 hardware has a feature to automatically discard such packets. Our other tunnel products do not have such a feature, so this feature was disabled to maintain consistency across the platforms. The problem was discovered because a customer was using an Ethernet test set to validate a tunnel connection. The test set used UDP frames to perform it's test, but did not generate valid UDP checksums.

Note: Instead of requiring customers to upgrade v1.04 and v1.05 units to v1.06, followed by installing v1.07, a special v1.07 version was generated that eliminates the extra step. If the customer does choose the wrong image, it won't damage anything. Instead they will receive an "invalid firmware image" message.

XT-3305_v1.07.bin - Upgrade image via the web browser - for units running firmware 1.06.
XT-3305r0_v1.07.bin - Upgrade image via the web browser - for units running firmware v1.04 or v1.05.

----------

XT-6605, XT-6606, XT-6632 VERSION 1.08 6/08/2020

1.0 INTRODUCTION

This release corrects the following:

Multicast-snooping was running even though the configuration was set for disabled. In most applications this would not cause any issue. However, some applications, especially those where the XT is carrying multiple VLANs, may have a problem. The problem would manifest where multicast seems to operate correctly for 5 to 10 minutes, then stop running. Resetting the XT, pulling and reinserting the LAN cable, or stopping and restarting the multicast application would cause the multicast to resume again for 5 to 10 minutes.

When the Ethernet Tunnel is configured for TCP mode, the device may get in a state where it can't connect with it's peer. The Server Tunnel Log will repeatedly report the error "No challenge response from client". The Client Tunnel Log will repeatedly report "Timeout waiting for challenge from server". This problem effects both client and server devices.

This release adds the following feature:

The Simultaneous Client Connection feature, present in the UT/ET product lines, had been removed from the XT product line. Several customers have become dependent on this feature, so it has been restored to the XT product line.

----------

XT-3306 VERSION 1.05 5/18/2020

1.0 INTRODUCTION

This release corrects the following:

The switch port counters displayed on the Interface Status page were erroneous.

Multicast-snooping was running even though the configuration was set for disabled. In most applications this would not cause any issue. However, some applications, especially those where the XT is carrying multiple VLANs, may have a problem. The problem would manifest where multicast seems to operate correctly for 5 to 10 minutes, then stop running. Resetting the XT, pulling and reinserting the LAN cable, or stopping and restarting the multicast application would cause the multicast to resume again for 5 to 10 minutes.

This release adds the following feature:

The Simultaneous Client Connection feature, present in the UT/ET product lines, had been removed from the XT product line. Several customers have become dependent on this feature, so it has been restored to the XT product line.

----------

XT-3305 VERSION 1.05 5/18/2020

1.0 INTRODUCTION

This release corrects the following:

The switch port counters displayed on the Interface Status page were erroneous.

Multicast-snooping was running even though the configuration was set for disabled. In most applications this would not cause any issue. However, some applications, especially those where the XT is carrying multiple VLANs, may have a problem. The problem would manifest where multicast seems to operate correctly for 5 to 10 minutes, then stop running. Resetting the XT, pulling and reinserting the LAN cable, or stopping and restarting the multicast application would cause the multicast to resume again for 5 to 10 minutes.

This release adds the following feature:

The Simultaneous Client Connection feature, present in the UT/ET product lines, had been removed from the XT product line. Several customers have become dependent on this feature, so it has been restored to the XT product line.

----------

XT-6632 VERSION 1.07 12/20/2019

1.0 INTRODUCTION

This release corrects the following:

LAN2 PPPoE mode did not work. A PPPoE module had been installed on the system, which was not compatible with the underlying Linux system. This was specific to the XT-6632. The other XT products had the correct PPPoE module.

----------

XT-6632 VERSION 1.06 9/16/2019

1.0 INTRODUCTION

This is a maintenance release for new hardware. The firmware was modified to support the X11 motherboard. The X11 motherboard has 1 serial port where the X10 motherboard had 2. The firmware will detect the motherboard type and enable/disable configuration of the second serial port.

----------

XT-3305 VERSION 1.04 7/26/2019

1.0 INTRODUCTION

This is the initial release of the XT-3305 firmware, starting at v1.04 to indicate it's feature compatibility with the other XT products.

----------

XT-3306 VERSION 1.04 April 15, 2019

This release adds the following feature:

The Limit UDP Packet Size feature was extended to allow selection of the maximum UDP payload size. In the previous firmware, the maximum UDP payload size was fixed to 1412 bytes. The user may now select between 1412, 1316, 1188, and 1092 bytes. Only the 1412 size is backward compatible with older firmware. If a smaller size is selected and one of the units is running older firmware, the connection will fail with a time-out.

NOTE: The purpose for adding the smaller UDP Payload sizes is to address the MTU issue that customers are encountering when deploying UT/XT tunnels on LTE networks.

----------

XT-6605, XT-6606, XT-6632 VERSION 1.05 April 15, 2019

This release adds the following feature:

The Limit UDP Packet Size feature was extended to allow selection of the maximum UDP payload size. In the previous firmware, the maximum UDP payload size was fixed to 1412 bytes. The user may now select between 1412, 1316, 1188, and 1092 bytes. Only the 1412 size is backward compatible with older firmware. If a smaller size is selected and one of the units is running older firmware, the connection will fail with a time-out.

NOTE: The purpose for adding the smaller UDP Payload sizes is to address the MTU issue that customers are encountering when deploying UT/XT tunnels on LTE networks.

----------

XT-6605, XT-6606, XT-6632 VERSION 1.04 March 20, 2019

This release corrects the following issue:

- The bridge server, when running in TCP or Both mode, may unexpectedly terminate due to receiving an invalid network packet. The server would automatically recover, but would cause a 30 second network disruption.

- The bridge server, when running in TCP or Both mode and set for no encryption, may unexpectedly terminate when a remote TCP client disconnects.The server would automatically recover, but would cause a 30 second network disruption.

- Corrected several typos with serial setup.

----------

XT-3306 VERSION 1.03 March 20, 2019

This release corrects the following issue:

- The bridge server, when running in TCP or Both mode, may unexpectedly terminate due to receiving an invalid network packet. The server would not recover automatically.

- The bridge server, when running in TCP or Both mode and set for no encryption, may unexpectedly terminate when a remote TCP client disconnects. The server would not recover automatically.

- Corrected several typos with serial setup.

Note: v1.02 was a test version and not released.

----------

XT-6605, XT-6606, XT-6632 VERSION 1.03 October 11, 2017

This release corrects the following issue:

- A change in the Time-Zone setting required a reboot to take effect.

----------

XT-3306 VERSION 1.02 September 19, 2017

This release corrects the following issue:

Ethernet Tunnel configuration changes cause a slow response from the web browser. This issue is not fatal, but is annoying. It is a result of implementing a new MAC address range for the Ethernet controllers and the way MAC addresses are prioritized in a bridge.

----------

XT-6605, XT-6606, XT-6632 Firmware V1.01 Release Notes 2/1/2017

This release corrects the following:

There was a race condition in the tunnel fail-over feature that could result in a client simultaneously connecting to both the primary and alternate server. Any unit configured with fail-over backup connetions should install this update.

If DHCP is enabled and a DHCP lease is lost, the device would receive a new address, but the DNS requests would continue to be sent using the defunct IP address. This would result in never receiving a DNS reply and failure to resolve a name. This type of failure is likely to occur only when a router, also acting as a DHCP server, goes down for a period of time longer than the DHCP lease.

This release adds the following feature:

A layer-3 firewall was added in front of the tunnel server untrusted port. Since the XT products allow TCP for the tunnel connection, this opens up the problem of nuisance TCP connections to the server. The layer-3 firewall can be configured to match on source IP addresses and allow or block the connection. The new feature is found on the "Ethernet Tunnel - Server Firewall" page. This will reduce nuiance log entries.

----------

XT-3306 Firmware V1.01 Release Notes 2/1/2017

This release corrects the following:

Instead of being set to the static MAC address assigned to the device, the system was generating a random virtual MAC address. This was corrected and LAN1 is now set to the assigned MAC.

There was a race condition in the tunnel fail-over feature that could result in a client simultaneously connecting to both the primary and alternate server. Any unit configured with fail-over backup connetions should install this update.

If DHCP is enabled and a DHCP lease is lost, the device would receive a new address, but the DNS requests would continue to be sent using the defunct IP address. This would result in never receiving a DNS reply and failure to resolve a name. This type of failure is likely to occur only when a router, also acting as a DHCP server, goes down for a period of time longer than the DHCP lease.

This release adds the following feature:

A layer-3 firewall was added in front of the tunnel server untrusted port. Since the XT products allow TCP for the tunnel connection, this opens up the problem of nuisance TCP connections to the server. The layer-3 firewall can be configured to match on source IP addresses and allow or block the connection. The new feature is found on the "Ethernet Tunnel - Server Firewall" page. This will reduce nuiance log entries.

----------

XT-3306 VERSION 1.00 9/28/2016

1.0 INTRODUCTION

This is the initial release of the XT-3306 firmware

----------


img
Data Comm for Business Inc.
2949 County Road 1000 E
Dewey, Il 61840
Voice: 217-897-6600
Toll Free: 800-4-DCB-NET
Toll Free: 800-432-2638
Email: Contact Page
Web: www.dcbnet.com
Fax: 217-897-8023
All DCB web pages copyright ©1995- Data Comm for Business, All rights reserved.
EtherPath®, EtherSeries®, EtherPoll®, EtherBridge® and EtherModem® are Registered Trademarks of Data Comm for Business, Inc.