IMPORTANT NOTICE TO ALL OUR CUSTOMERS OF MICROCHIP (MICROSEMI) S600/S650 NTP TIME SERVER
Dear Customers, We are pleased to announce a new software release 4.0 for S600/S650 NTP Time Server from MicroChip. Here are the latest information regarding features, improvements, and known issues.
• Broadcast industry SMPTE 2059-2 PTP Profile support – Grandmaster – Client • IEC 62439-3 PRP (Parallel Redundancy Protocol) for PTP profiles • REST API for machine-to-machine interface • Phase coherency selection to precisely align the system 1PPS output to the LPN/ULPN 10 MHz outputs • Week Number Roll-Over (WNRO) shifted from 2031 to 2037 • PTP version 2.1 support with default PTP profile • Security Improvements – Configurable password expiration (enable & number of days) – Configurable password policy: Length, uppercase, lowercase, number, special character – Lockouts: Configurable lockout after failed login attempts (enable & number) – SNMP: Allow blank communities (read and write) to disable SNMPv2 • NTP Enhancements – New NTP version 4.2.8p14 – Support SHA2 symmetric keys – Support 3 for NTP minpoll (8 seconds) • HaveQuick: Provide protocol-only input for HaveQuick on J1
• If DHCP has been used to obtain an IP address for a LAN port, the SyncServer S6x0 will not attempt to obtain a new address from a new DHCP server until the DHCP lease expires, even if the old DHCP server is no longer reachable. See note in user guide for the recommended procedure. • Have confirmed that only allowing configuration of the prefix value to 64 in DHCP mode is the desired behavior for IPv6. • System user interface response time is improved when the unit is heavily loaded processing NTP/PTP traffic. • If the Event Time feature is being used, if a signal with a frequency less than 1 Hz is connected to J1 of a Timing I/O module, then the unit will create LOS (loss of signal) set and clear log entries. See note in user guide for the recommended procedure. • It was reported that the system may prematurely report that it is locked to an NTP input before NTP was fully locked and had set the system time. Further investigation showed that this behavior is not reproducible. Microchip recommends that you wait until NTP leap indicator shows the system is synchronized (value is not 11). • The Timing I/O Module digital outputs will not glitch when the output is first squelched or the configuration is changed. • PTP power profile packets in VLAN mode on 10G Ethernet ports have improved timestamp accuracy for peer-delay packets • If PTP power profile is used on one port, with NTPr or other PTP profiles as a grandmaster on another port, occasional packets are no longer dropped on the NTPr or non-power profile packet streams. • Optical ports on fiber output module will now squelch or turn off properly. • IPv4 addresses with values of 100 to 109 in the first octet (for example 126.96.36.199) are now properly accepted for the RADIUS/TACACS+/LDAP server IP address. • Updated HTTP X-Content-Type-Options header with "nosniff" to improve security. • Updated HTTP Strict-Transport-Security header with long "max-age" to improve security. • Individual ACL entries with length greater than 15 characters are now properly handled. • Corrected text on programmable pulse GUI pop-up to display correct string of "DDD:HH:MM:SS.[fractional seconds]" • The cgi/test-cgi URL is now not accessible and not visible on a security scan. • Configuration settings for IRIG year, manual UTC offset, and manual leapsecond are now properly preserved through a reboot cycle • Users can successfully login to the SyncServer with the Microsoft Edge browser • Resolved/mitigated the following CVEs: – CVE-2018-20856 – CVE-2019-8912 – CVE-2019-10638 – CVE-2019-11477 – CVE-2019-11478 – CVE-2019-11479 – CVE-2019-15916 – CVE-2019-15921 – CVE-2020-11868