| description | Latest features and enhancements added in this release. |
|---|---|
| icon | sparkles |
{% hint style="info" %} Only significant new updates are listed here. To see the complete list of changes, refer to the NSO Changelog Explorer. {% endhint %}
This release includes major enhancements in the following areas:
Improved HA Transport
Raft- and rule-based HA now use a unified TLS transport for improved security and additional features:
- Rule-based HA deployment uses TLS certificates for authentication and encryption of communication between nodes, same as HA Raft.
- HA Raft leader monitors quorum and relinquishes the leader role if quorum is lost, aborting the hanging ongoing transactions. The leader also generates an alarm and releases resources, such as a shared VIP address or primary-listen ports.
- HA Raft now requires only a single listening port to be open for communication, port 4570 by default, same as rule-based HA. The port can be changed in the configuration if required.
Documentation Updates:
- Described the new transport requirements in HA Raft and Rule-based HA.
- Added a section on provisioning TLS certificates with the help of example scripts to High Availability.
Changes to CDB Persistence Mode
From NSO 6.7, the default CDB persistence mode has been set to on-demand-v1, instead of the in-memory-v1 mode, which has also been deprecated. If you're upgrading to NSO 6.7, the on-demand-v1 mode will become the new default. Read more about the change in the documentation.
Documentation Updates:
- Updated the CDB Persistence section to reflect the new changes in the CDB persistence mode.
Updates to Multi-Factor Authentication Handling
MFA handling is now tied directly to the authentication method being attempted. When a method issues a challenge, NSO invokes the challenge handler associated with that method only. Package-based MFA is the preferred approach. The configuration option /ncs-config/aaa/challenge-order is deprecated and ignored at runtime; authentication flow is controlled solely by /ncs-config/aaa/auth-order.
Documentation Updates
- Updated the Multi-Factor Authentication documentation in AAA Infrastructure to cover new changes.