Enhanced Security and Performance
Per-Core CPU Average Setting
OcNOS introduces the cpu-core-monitor-average interval <60-600> command to set the averaging interval (in seconds) for CPU per-core usage monitoring. This command sets the average window OcNOS uses to calculate and report CPU usage per core. Configure any value between 60 and 600 seconds; the default is 60 seconds. Use the no cpu-core-monitor-average interval command to restore the default.
For more details, refer to the
SNMPv3 User Password Encryption
The SNMPv3 user password is now stored in an encrypted format in the /etc/snmp/snmp.conf file. Passwords associated with the CreateUser and trapsess entries are now stored in encrypted form using either MD5 or SHA encryption methods.
For more details, refer to the
Fan Duty Cycle Control
OcNOS introduces a new command that allows the user to manually override the fan speed(duty cycle) chosen by the thermal policy to the required RPM by specifying a value between 0% to 100% to enhance system performance on supported BMC devices. Unconfiguring this command will give complete control back to the thermal policy.
For more details, refer to the fan-duty-cycle command in the OcNOS System Management Guide, Release 7.0.0.
L2VPN–L3VPN Stitching
The current release extends the L2VPN–L3VPN stitching functionality, introduced in OcNOS 6.6.0 release, by supporting the Qumran1 (Q1) series platforms.
For more details, refer to the
VC Reversion Enhancement with Revert Timer for VPWS and VPLS (H-VPLS)
This enhancement adds and improves VC reversion behavior in OcNOS for both VPWS and VPLS (H-VPLS) topologies:
VPWS: Introduces a revert timer that delays the bring-up of the Primary VC after a fault is cleared. This ensures traffic convergence is smooth and prevents traffic blackholing.
VPLS (H-VPLS): Adds VC reversion support, which was previously unavailable, along with a revert timer. This allows the Primary VC to regain priority and be restored first after faults, improving network resiliency and traffic recovery in Primary/Secondary VC scenarios.
For more details, refer to the
Container Runtime and Life Cycle Management Using K3S
OcNOS introducing the K3S lightweight Kubernetes distribution integrated within OcNOS. The container runtime is directly integrated with K3S, simplifying how applications are deployed on the OcNOS. K3S actively manages the complete container lifecycle, from pulling images and resource allocation to monitoring and healing. When a Pod fails, the orchestration engine immediately detects the issue and instructs the runtime to restart the container. This environment ensures the crucial services remain self-healing and run consistently without manual intervention.
For more details, refer to the Container Runtime and Life Cycle Management Using K3S section in the OcNOS System Management Guide, Release 7.0.0.
NIF LED Behavior Enhancements
OcNOS introducing the port status visibility for configurable interfaces that support both single-port and breakout modes. The LEDs now dynamically adjust their behavior based on the port configuration: In Non-Breakout Mode, all physical LEDs are intended to act as one unified indicator. In Breakout, there are two modes: Mode-1, where LEDs are individually allocated to sub-ports (e.g., one LED per 25G/50G/100G link), which provides granular, per-link status and fault connection indicators, allowing for precise connection monitoring and Mode-2, where ports have a single LED.
For all the breakout and non-breakout port LED behavior details, refer to the UfiSpace S9510-28DC (Q2A) Port Mapping and UfiSpace S9510-30XC (Q2U) Port Mapping sections in the OcNOS Installation Guide, Release 7.0.0.
LAG Egress Shaping or Policing on Sub-interfaces
Egress shaping and policing are supported on MLAG sub-interfaces, ensuring consistent QoS behavior across all active member links. Traffic management actions—such as shaping, WRED, tail-drop, and header compensation—are applied uniformly at the sub-interface level, even during link addition or removal events. This consistency helps maintain predictable bandwidth usage and simplifies QoS configuration for MLAG deployments.
For more details, refer to the LAG Egress Shaping or Policing on Sub-Interfaces section in the OcNOS Quality of Service Guide, Release 7.0.0.
TWAMP Scaling Enhancements
TWAMP scaling has been enhanced on Q2 series platforms to support higher session and rate limits, extended configuration options, and improved monitoring. The burst count range has been updated from 1–5 to 1–10. In accordance with the Q2 scaling specifications, the Dynamic Session and Rate Limits have been updated, with the fixed 64-session limit removed. The show commands provide detailed operational status:
The show twamp session-count command displays a full breakdown of sessions, categorized by type (Link, End-to-End, Reflector) and operational state (Idle, Accepted, Running). The show twamp packet-rate command shows the overall TWAMP sending rate in packets per second (pps) across all active sessions.
For more details, refer to the delay-profile interfaces subcommands section in the OcNOS System Management Guide and the TWAMP Commands section in the OcNOS Layer 3 Guide, Release 7.0.0.
LDP-over-RSVP Phase 2 (OSPF Support)
In earlier releases, LDP-over-RSVP tunneling functionality was limited to ISIS-based environments. This update extends support to OSPF, allowing LDP label distribution over RSVP-TE tunnels when OSPF is configured as the IGP.
For more details, refer to the
ROAN Application on the UFI9510-28DC board
This release extends platform support for the RAON container application to the UFI9510-28DC Q2 board. This integration enables customers to deploy custom RAON services on the high-performance Q2 platform, while ensuring independent container lifecycle management and secure access for management.
Enhanced SSH HostKey Algorithm
After upgrading to 6.6.0, SSH sessions from remote servers fail because OpenSSH was updated to version 9.2p1, which deprecates ssh-rsa and ssh-dsa. The problem is further caused by the absence of the HostKeyAlgorithms in the upgraded sshd_config, resulting in rejected connections. This has been addressed in the 7.0.0 release by adding the HostKeyAlgorithms , enforcing security with modern algorithms such as Ed25519 and RSA-SHA.
The Key Exchange (KEX) algorithm list was subsequently updated to align with the new OpenSSL package, specifically regarding the sntrup761x25519-sha512 algorithm.
For more details, refer to the Secure Shell Commands topic in the OcNOS System Management Guide, Release 7.0.0.