Avi Vantage 17.2.X Release Notes

Issues Resolved in 17.2.13 Patch Releases

Issues Resolved in Patch Release 17.2.13-7p1

  • AV-33724: Health monitor’s HOST header does not update with server name update
  • AV-44724: OpenShift-Azure: Route virtual service may fail to come up operationally
  • AV-45667: Unable to view events older than a day
  • AV-45852: Delay in creating Avi routes

Issues Resolved in Patch Release 17.2.13-5p1

  • AV-46061: Third party GSLB sites are not shown in the list of primary and fallback sites in DNS policy
  • AV-47069: GSLB health monitor dropdown list is missing the search function
  • AV-47181: On logging in as administrator, default tenant is not set to “admin”

Issues Resolved in Patch Release 17.2.13-3p1

  • AV-45958: Pools may go down when one of the redundant links on router is brought down

Issues Resolved in Patch Release 17.2.13-1p2

  • AV-46045: Linux server cloud: Service Engine may fail when DPDK is enabled on server with Mellanox NICs

Issues Resolved in Patch Release 17.2.13-1p1

  • Support for 1500 servers in a single pool

What’s New in 17.2.13

ADC

DNS

Logging

Containers

  • OpenShift: Handle port mapping on the service port for virtual service
  • OpenShift: Option to use OpenShift info and annotations as the source of truth
  • OpenShift: Support private repository for Service Engine image in pod deployment
  • OpenShift: Avi ServiceAccounts restricted to projects requesting egress pod service
  • OpenShift/Kubernetes: Route/ingress status reflected in objects

Public Cloud

Private Cloud

  • vCenter : Support for virtual hardware version 10

Networking

  • Support for “includeSubDomains” as a configurable option in HSTS header
  • Support configuring a custom source port range for connections to the servers
  • Support for HTTP server reselect when the connection fails
  • Support for UDP maximum session idle timeout to be one hour
  • Support for bond interfaces’ status visibility

Key Changes in 17.2.13

  • Per virtual service server metrics for shared pools is not supported.
  • vCenter : Support for virtual hardware version 10.
    Starting with Avi Vantage release 17.2.13, ESXi 5.0 and 5.1 are not supported.

Issues Resolved in 17.2.13

  • AV-28981: AWS: Application response delayed through secondary Service Engine
  • AV-35805: Multiple SE_NIC_DUPLICATE_IP events after an upgrade
  • AV-35899: Line break inconsistencies on creating exact HTTP request for health monitor in web UI
  • AV-41878: OpenShift: Insecure termination policy does not work with HTTP when shared virtual service is used
  • AV-42367: Services state_cache_mgr and glb_local_worker might fail during an upgrade
  • AV-42759: Azure: Latency increases after some time
  • AV-43787: Service engine may fail when there are a large number of connections and there is a change in ECMP hash on the neighboring BGP router
  • AV-44089: Service Engine with large memory may fail during an SE list update for a virtual service
  • AV-44473: Import configuration fails if string contains unicode character
  • AV-44659: Error message on saving HTTP security policy with rate-limit and local response HTML file
  • AV-44673: OpenShift: All Service Engines in OpenShift cloud fails to upgrade with SE_IMAGE_INSTALL error
  • AV-45229: Service Engine failure when pool has Server Reselect enabled in connection multiplex mode
  • AV-45417: Pools using AWS autoscaling group are marked down when there is a connectivity issue to AWS API

Known Issues in 17.2.13

  • AV-44724: OpenShift-Azure: Route virtual service may fail to come up operationally

Issues Resolved in 17.2.12 Patch Releases

Issues Resolved in Patch Release 17.2.12-3p1

What’s New in 17.2.12

ADC

DNS

Security

Logging

  • Support significant logs for SIP application

Public Cloud

Cisco ACI

Private Cloud

Networking

Issues Resolved in 17.2.12

  • AV-31453: Changes to /etc/docker/daemon.json are not preserved across Avi Vantage upgrade
  • AV-35689: API session ID does not expire
  • AV-37407: OpenShift: Cloud connector failing continuously to delete one tenant
  • AV-38351: Controller using too much disk space when vCenter has a lot of objects
  • AV-38693: Virtual service scaleout/migrate UI page errors out preventing virtual service migration across clusters
  • AV-39602: Controller patch install fails to install patch on the follower nodes
  • AV-39784: Service Engine unresponsive when a specific malformed packet is received
  • AV-40377: CSP: Secondary Service Engine may not process flows if multiple bond interfaces are in use
  • AV-40421: While creating a Service Engine VLAN interface cannot see more than eight VRFs in the dropdown menu
  • AV-40782: Enhance TCP stack congestion control
  • AV-40800: Failure in creating shared host virtual services with explicit dedicated_route annotation in “shared VS” mode
  • AV-40953: RSS scaleout: Skew in favour of secondary SE in the number of connections handled per SE
  • AV-41232: BGP peering not established on Service Engine restart when there are a lot of VRFs
  • AV-41289: Service Engine failure on updating dp_hb_frequency value in Service Engine properties
  • AV-41500: RSS scaleout: Memory leak per heartbeat-IPC sent to the dispatcher cores within the Primary SE
  • AV-41710: Azure: Pools configured with Azure scale sets may go down when there is an Azure API error
  • AV-41877: OpenShift: Ingress creation fails with “Max VS per IP reached” message

Known Issues in 17.2.12

  • AV-33381: OpenStack: “Service Timeout” for network drop-down-selection list on VS-create UI page
  • AV-41637: Bandwidth exceeded event is seen even when bandwidth has not reached the licensed 200Mbps limit
  • AV-42902: OpenShift: Services without Endpoints default to HTTP Profile

Issues Resolved in 17.2.11 Patch Releases

Issues Resolved in Patch Release 17.2.11-6p2

  • AV-45667: Unable to view events older than one day
  • AV-45852: Delay in creation of Avi routes

Issues Resolved in Patch Release 17.2.11-6p1

  • AV-42902: OpenShift: Services without Endpoints default to HTTP Profile

Issues Resolved in Patch Release 17.2.11-4p1

  • AV-40953: In RSS-scaleout scenario, there is skew observed in favor of Secondary SE in the number of connections handled per SE.
  • AV-41500: In RSS-scaleout scenario, there is a memory leak issue per heartbeat-IPC sent to the dispatcher cores within the Primary SE.

Issues Resolved in Patch Release 17.2.11-3p4

  • AV-41637: Bandwidth exceeded event is seen even when bandwidth has not reached the licensed 200Mbps limit

Issues Resolved in Patch Release 17.2.11-3p3

  • AV-41710: Azure: Pools configured with Azure scale sets may go down when there is an Azure API error

Issues Resolved in Patch Release 17.2.11-3p2

  • AV-38864: Support for vSphere 6.7

Issues Resolved in Patch Release 17.2.11-3p1

  • AV-39232: Azure: Reduce Avi Controller’s dependency on Azure tags
  • AV-39689: Azure: Increase fault domains of availability set to 3
  • AV-40381: Azure: Increase update domains of availability set to 20

Issues Resolved in Patch Release 17.2.11-2p2

  • AV-41232: BGP peering not established on Service Engine restart when there are a lot of VRFs
  • AV-41289: Service Engine fails when updating dp_hb_frequency value in Service Engine properties

Issues Resolved in Patch Release 17.2.11-2p1

  • AV-40782: Enhance TCP stack congestion control

Issues Resolved in Patch Release 17.2.11-1p1

  • AV-38351: Controller is using too much disk space when vCenter has a lot of objects

What’s New in 17.2.11

  • Analytics APIs are load balanced to follower nodes

Issues Resolved in 17.2.11

  • AV-31263: Service Engine may fail when scaling in or deleting a virtual service with BGP enabled
  • AV-37407: OpenShift: Cloud connector failing continuously to delete one tenant
  • AV-39426: Virtual services with BGP enabled became unavailable during upgrade
  • AV-39602: Controller patch install fails to install patch on follower nodes
  • AV-39784: Service Engine unresponsive when a specific malformed packet is received

Known Issues in 17.2.11

  • AV-39679: Traffic to service ports using UDP fast path fail if auto gateway is enabled
  • AV-40569: Health monitor request string is truncated after upgrade
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Note: Avi Vantage’s patch upgrade feature is explained in this article.

Issues Resolved in 17.2.10 Patch Releases

Issues Resolved in Patch Release 17.2.10-3p2

  • AV-47800: When VIP to SNAT is enabled, changing non critical fields, such as name, causes virtual service to detach and reattach to Service Engines

Issues Resolved in Patch Release 17.2.10-2p1

  • AV-40569: Health monitor request string is truncated after upgrade

Issues Resolved in Patch Release 17.2.10-1p6

  • AV-41416: Fixed Branch-ID parameter of Via header in SIP by generating it using MD5 of already present SIP headers.
  • AV-41416: Fixed SIP parser code issue so that header names and escape sequences go out unmodified.
  • AV-41416: Free the SIP receive buffer whenever possible to reduce SE memory usage.

Issues Resolved in Patch Release 17.2.10-1p5

  • AV-40382: Support for 16KB sized SIP messages.
  • AV-40382: Service Engine incorrectly forwards SIP message with multipart payload, when there is no “MIME-Version” header.

Issues Resolved in Patch Release 17.2.10-1p4

  • AV-39679: Traffic to service ports using UDP fast path fail if auto gateway is enabled
  • AV-38864: Support for vSphere 6.7

Issues Resolved in Patch Release 17.2.10-1p3

  • AV-39784: Service Engine gets into an infinite loop when a specific malformed packet is received

What’s New in 17.2.10

Issues Resolved in 17.2.10

  • AV-30762: High app response time reported erroneously on Avi Vantage
  • AV-31262: Move error.log to /var/log/upstart/ to enable log rotation
  • AV-31513: state_cache_mgr process keeps restarting and consumes memory
  • AV-32809: SIP virtual service with TCP-Proxy transport
  • AV-33725: Client logs: Support for removing or masking Personally Identifiable Information (PII) in request-headers and response-headers fields
  • AV-33904: Raise alert if an AWS Auto Scaling group has been removed from AWS but is still configured in the pool
  • AV-34196: Restricting SNMP access to Avi Vantage does not function as expected
  • AV-34571: Publish private IP DNS A record to Route 53 public zone
  • AV-34817: SE shows high memory usage when ‘Host Geo DB’ is configured, even when there is no traffic
  • AV-35032: High memory usage may show up in SE CPU metrics when the kernel uses memory that can be reclaimed
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-35740: Upgrade command issued via CLI fails if tenants are being simultaneously added or deleted
  • AV-35812: CSP: Avi Vantage does not support more than four bond interfaces
  • AV-36487: Need SE-VNIC-UP event to flag that VNIC is back up after an SE-VNIC-DOWN event
  • AV-36490: Controllers restarted with CONTROLLER_SERVICE_FAILURE
  • AV-36553: When multiple SNI parent virtual services are configured, SNI child virtual service may not be placed correctly on Service Engines
  • AV-36691: All Service Engines restart at the same time during an upgrade from 17.2.4 to 17.2.7
  • AV-36891: Health monitors fail with SNAT in active/active mode
  • AV-37202: Intermittent health monitor failures due to an address error when multiple pools sharing the same servers use different health monitors with the same monitor-port
  • AV-37214: Service Engine fails to connect back sometimes after a patch is applied and rebooted.
  • AV-37429: OpenStack: Cloud gets into error state when Glance public endpoint URL (in Keystone catalog) does not end in v1 or v2
  • AV-37431: OpenStack: Creating virtual service fails when ‘Security Groups’ option is disabled in cloud configuration
  • AV-37465: IP stack fails to respond to traceroute UDP packets generated with -F (dont fragment)
  • AV-37492: SQS-based monitoring of AWS Auto Scaling groups does not work when AWS proxy is enabled
  • AV-37493: KMS master keys are not listed in the AWS cloud configuration UI
  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37521: CSP: ARP broadcast request does not work from external switch to a VF on a Service Engine
  • AV-37579: IPAM/DNS integration with Infoblox does not create PTR records
  • AV-37676: OpenShift: Routes may not be learnt in an OpenShift cloud using a shared virtual service
  • AV-37746: Azure: Latency increases after some time
  • AV-37759: OpenStack: LBaaSv2: listener disable/enable fails for listeners in non-admin tenants
  • AV-37832: UDP packets with zero checksum are dropped incorrectly
  • AV-37840: SE failure when HTTP Host Header rewrite is configured and the request is HTTP 1.0 without host header
  • AV-37894: K8S Ingress: Virtual service name should not be dependent on DNS provider
  • AV-37940: Upgrade fails at the Controller upgrade stage and aborts after 20% progress
  • AV-37947: WAF: Service Engine crash - Large POST is stuck in WAF processing
  • AV-38008: OpenShift: VIP change may not be reflected in DNS
  • AV-38025: OpenStack: Accessing usable_network_uuids field in the UI results in a null for JSON request
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface for Service Engine running on CoreOS
  • AV-38099: Service Engine fails when server reselect is enabled in a pool where the number of retries is greater than the number of servers in the pool and all servers return failure
  • AV-38134: Service Engine loses connectivity to Controller due to secure channel failure
  • AV-38157: vCenter discovery fails when vCenter has 14k virtual machines
  • AV-38257: Updating email configuration triggers Controller restart
  • AV-38329: Packets are looping between Service Engines after a primary switchover
  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Known Issues in 17.2.10

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-37445: There may be a brief (a few seconds) traffic disruption during upgrade
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-39679: Traffic to service ports using UDP-Fast-Path fail if auto gateway is enabled
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Note: Avi Vantage’s patch upgrade feature is explained in this article.

Issues Resolved in 17.2.9 Patch Releases

Issues Resolved in Patch Release 17.2.9-2p6

  • AV-45417: Pools using AWS autoscaling group are marked down when there is connectivity issue to AWS API

Issues Resolved in Patch Release 17.2.9-3p1

  • AV-38305: External health monitors using ldap-utils does not work
  • AV-38329: Packets may loop between Service Engines after a primary switchover

Issues Resolved in Patch Release 17.2.9-2p3

  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Issues Resolved in Patch Release 17.2.9-2p2

  • AV-37465: Avi Service Engine fails to respond to traceroute UDP packets with “don’t fragment” (-F) flag

Issues Resolved in Patch Release 17.2.9-2p1

  • AV-35812: CSP: Avi does not support more than four bond interfaces
  • AV-37521: CSP: ARP broadcast request does not work from external switch to a VF on a Service Engine

Issues Resolved in Patch Release 17.2.9-1p1

  • AV-38008: OpenShift: VIP change may not be reflected in DNS
  • AV-37676: OpenShift: Routes may not be learned in an OpenShift cloud when virtual services share a VIP

Issues Resolved in 17.2.9

  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37517: Upgrade may be disruptive due to a race condition in Controller initialization

Known Issues in 17.2.9

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox does not create PTR records
  • AV-37746: Azure: Latency increases after some time
  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS
  • AV-38305: External health monitors using ldap-utils does not work
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure
  • AV-38442: Service Engine fails due an invalid SSL certificate
  • AV-38569: OpenShift: Service Engines don’t reconnect after Controller warmstart if there is a large number of microservice objects
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in Patch Release 17.2.8-1p1

AV-38442: Service Engine fails due an invalid SSL certificate AV-38569: OpenShift: Service Engines don’t reconnect after Controller warmstart if there is a large number of microservice objects

What’s New in 17.2.8

Issues Resolved in 17.2.8

  • AV-16357: SE_Down event generated when the SE is deleted by the user
  • AV-18604: TCP retransmission being sent too quickly from Service Engine to client
  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Service Engines
  • AV-30640: The show bgp CLI command causes latency for VIP traffic
  • AV-31565: Web portal on Controller fails to start after changing ciphers
  • AV-31901: DataScript: An extra character appears in the IP address while getting the server IP address using avi.pool.server_ip()
  • AV-33047: Unused open ports smux 199, ms-sql-m 1434, unknown 5060 on Avi Controller
  • AV-33381: OpenStack: Configuring VIP with “Auto Allocate IP” results in “Service Timeout” error
  • AV-33492: East-west virtual services are not pushed to the disabled Service Engines
  • AV-33729: In an OpenStack deployment, a large number of concurrent VS creations may fail due to the API timing out
  • AV-33744: Empty entry in content-rewrite profile causes SE failure
  • AV-33872: During Controller initialization, access via Avi UI or via SSH to the leader node failing
  • AV-34250: Case-insensitive regex match on a string group fails
  • AV-34430: SE may fail when a pool is added to a pool group when there is a lot of traffic
  • AV-34780: Service Engine is responding to ARP requests for non-VIP IP addresses
  • AV-34904: OpenShift discovery fails to create DNS entries due to conflicting FQDNs
  • AV-34914: GSLB service creation fails if Avi DNS is also used
  • AV-34947: VIP does not respond to UDP traceroute
  • AV-35011: WAF: Users can remove CRS groups from System-WAF-Policy
  • AV-35051: Upgrade fails because /var/lib/avi/upgrade_pkg directory does not exist
  • AV-35116: UDP fragments are dropped in non-DPDK mode
  • AV-35119: Avi configuration updates sometimes hit Azu API API rate-limiting error
  • AV-35199: In OpenShift, re-encrypt route creation fails if the destinationCACertificate field is left blank in the YAML file
  • AV-35222: There are gaps in the traffic log stream sent to the external monitoring server
  • AV-35225: TLS 1.0 is allowed on port 8443 communications on Avi Controller
  • AV-35303: HTTP persistence does not work for SNI child virtual services
  • AV-35368: SOA TTL record is picked from Avi’s static NS record TTL value
  • AV-35401: ARP not sent out for VIPs that are not in any subnet configured on the SE
  • AV-35524: Service Engine may fail if IP address group is removed and added back quickly
  • AV-35535: In OpenShift, GSLB configuration for child virtual services is not handled when using shared VS
  • AV-35538: Route 53 DNS registration fails when multiple DNS zones use the same name
  • AV-35691: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade
  • AV-35893: HSMGroup in docker mode is incorrectly using the container IP instead of host management IP
  • AV-35900: l4_server.avg_server_count is incorrect when real-time metrics are disabled
  • AV-36025: SE fails when a request comes to a pool with app-cookie persistence and all servers are down
  • AV-36443: Host translation occasionally translates the location header to an incorrect value
  • AV-36498: POST requests are failing with HTTP version 0.9 message in logs
  • AV-36556: Service+route deletion quickly followed by re-creation leaves the route without a status update
  • AV-36605: InfoBlox: Deletion of VIPs does not automatically remove the FQDN if Infoblox is sharing zones with Microsoft
  • AV-36612: Route does not honor target-port configuration
  • AV-36814: Service Engine fails after adding 40 VLAN interfaces
  • AV-37023: UDP/DNS load balancing does not work with SNAT IP configuration on virtual service
  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events are generated when persistence/cache table size is > 20M
  • AV-37322: Linux Server Cloud: When SE has 7 or more configured NICs with IP address, the SE may fail if not using DPDK

Known Issues in 17.2.8

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37517: Upgrade may be disruptive due to a race condition in Controller initialization
  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox doesn’t create PTR records
  • AV-37746: Azure: Latency increases after some time
  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in 17.2.7 Patch Releases

Issues Resolved in Patch Release 17.2.7-2p3

  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure

Issues Resolved in Patch Release 17.2.7-2p2

  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox doesn’t create PTR records

Issues Resolved in Patch Release 17.2.7-2p1

  • AV-36605: Infoblox: Deletion of of a VIP doesn’t automatically remove the FQDN if Infoblox is sharing zones with Microsoft

Issues Resolved in Patch Release 17.2.7-1p7

  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in Patch Release 17.2.7-1p5

  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Issues Resolved in Patch Release 17.2.7-1p4

  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS

Issues Resolved in Patch Release 17.2.7-1p3

  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped

Issues Resolved in Patch Release 17.2.7-1p2

  • AV-33872: Cluster convergence may take a long time or never complete due to a race condition in membership probe
  • AV-36814: Service Engine fails after adding 40 VLAN interfaces

Issues Resolved in Patch Release 17.2.7-1p1

  • AV-36498: POST requests fail with HTTP version 0.9 message in logs

What’s New in 17.2.7

Key Changes in 17.2.7

  • Service Engine container in Linux server cloud uses Docker’s CPU and memory shares to restrict the maximum usage of the configured CPU and memory.

Issues Resolved in 17.2.7

  • AV-27722: In Layer 4 pool selection policy, direct client traffic to pool/member based on the client IP/group
  • AV-27753: Service port range with ‘disable port translation’ is not considered.
  • AV-30212: OpenStack: Editing ‘Prefer Static Routes’ setting for the cloud does not take effect until the cloud connector is restarted
  • AV-30512: OpenStack with Contrail: Floating IP assignment to VIP does not take effect when floating IP is created after VIP allocation
  • AV-30974: Service Engine may fail when the least-load load balancing algorithm is used
  • AV-32577: Azure: Support for Azure Load Balancer Standard SKU with availability sets
  • AV-32640: GSLB leader and follower services and health monitors are not in sync
  • AV-32649: Rules in a HTTP policy set are sorted incorrectly, in the case of more than 10 rules
  • AV-32854: 503 service temporary unavailable error on using ‘preserve_client_ip’ option
  • AV-32868: Service Engine requires reboot to complete upgrade due to memory fragmentation
  • AV-32952: Error on changing GSLB leader on Avi Controller CLI
  • AV-32954: Virtual services placed on AWS SE Interfaces exceeds the maximum IP limits
  • AV-32961: Virtual service export does not include all referenced objects
  • AV-33004: Service Engine failure when the bond interface used for management link goes down
  • AV-33146: OpenStack: Service Engine may fail when a tenant using that SE is deleted
  • AV-33377: OpenStack: Service Engine gets multiple vNICs on the same subnet
  • AV-33467: Service Engine fails when both HTTP cache and WAF are enabled
  • AV-33481: Link failure is not detected when port-channel is in aggregator mode
  • AV-33492: East-West virtual services are not pushed to the disabled Service Engines
  • AV-33496: Duplicate GCP routes with active/standby legacy HA and route summarization
  • AV-33518: Graceful server disable with a timeout higher than 60 minutes
  • AV-33620: For the first failed Service Engine upgrade, ‘suspend_on_failure’ option did not take effect to prevent traffic outage
  • AV-33811: Virtual service with permission set to NO_ACCESS and WRITE_/READ_ACCESS alerts, blocks user from logging in
  • AV-33959: URL invalid encoding for redirect action
  • AV-34123: Enabling ‘use_vip_as_snat’ does not work in active/standby legacy HA configuration
  • AV-34138: Numeric filters on logs page don’t work
  • AV-34164: Initial link state is incorrect for member interfaces of port-channel
  • AV-34272: Missing flavor type in SEVM object for AWS leads to placement issues
  • AV-34326: Service Engine failure when the server is configured as an FQDN for virtual service configured with an LDAP AuthProfile
  • AV-34360: OpenShift: Service Engine remains in OPER_DISABLING state indefinitely once the node is marked unschedulable
  • AV-34607: Traffic may be disrupted during an upgrade in Linux server cloud deployments
  • AV-34645: OpenStack: Failure to scale out or create new Service Engines after an upgrade to 17.2.6
  • AV-34659: Hyperthreaded cores are not skipped on bare-metal Service Engine
  • AV-34797: Service Engine failure when WAF is enabled

Known Issues in 17.2.7

  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Avi Service Engines
  • AV-34947: Avi VIP does not respond to UDP traceroute
  • AV-35222: Gaps in log streaming to external monitoring server
  • AV-35303: HTTP persistence does not work for SNI child virtual services
  • AV-35691: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade
  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events generated when persistence/cache table size is > 20M
  • AV-37746: Azure: Latency increases after some time

Issues Resolved in 17.2.6 Patch Releases

Issues Resolved in Patch Release 17.2.6-2p2

  • AV-35691: OpenShift: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade

Issues Resolved in Patch Release 17.2.6-2p1

  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Avi Service Engines
  • AV-34360: OpenShift: Service Engine remains in OPER_DISABLING state indefinitely once the node is marked unschedulable

Issues Resolved in Patch Release 17.2.6-1p5

  • AV-37746: Azure: Latency increases after some time

Issues Resolved in Patch Release 17.2.6-1p4

  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events generated when persistence/cache table size is > 20M

Issues Resolved in Patch Release 17.2.6-1p3

  • AV-35303: HTTP persistence does not work for SNI child virtual services

Issues Resolved in Patch Release 17.2.6-1p2

  • AV-35222: Gaps in log streaming to external monitoring server

Issues Resolved in Patch Release 17.2.6-1p1

  • AV-34138: Numeric filters on logs page don’t work

What’s New in 17.2.6

Issues Resolved in 17.2.6

  • AV-15793: Packets with bad checksums are sent on an SE running on OpenStack on VMware ESX
  • AV-30397: GSLB HTTP health monitor fails for the same member from the follower site
  • AV-30790: Virtual services in AWS are not reachable because the VIP was associated with the wrong SE interface
  • AV-32404: SE fails during log streaming of significant application logs due to file corruption
  • AV-32573: L7 log shows server returned 502 when it actually returned 200 OK
  • AV-32597: Service Engine fails due to a memory leak when all logging is disabled
  • AV-32862: Service Engine may fail due to out of memory if many virtual services with WAF policies are placed on the same Service Engine
  • AV-32911: A spurious VCENTER_BAD_CREDENTIALS event occurs after upgrade
  • AV-32951: Only real-time analytics are visible after a Controller warmstart
  • AV-32979: In a Mesos environment, an avi_proxy label with a syntax error can cause the cloud connector to stop processing additional Marathon applications
  • AV-33047: Tenant configuration is removed when Keystone becomes unreachable
  • AV-33400: FQDNs in Avi DNS provider for OpenShift routes are not being created for any routes
  • AV-33486: Horizon dashboard tab requires login
  • AV-33552: After an upgrade from 17.1.13 to 17.2.5, the daemonset avise-defaultgroup is missing the proper image name
  • AV-33558: In a tenant-scoped cloud, VRF should be owned by the tenant, instead of admin
  • AV-33620: The suspend-on-failure option does not take effect to prevent a traffic outage when the first SE fails to upgrade
  • AV-32954: VS’s getting placed on AWS SE Interfaces exceeding the Max IP limits
  • AV-32952: Changing GSLB leader on Avi Controller CLI throws error
  • AV-32868: SE required reboot to complete upgrade due to memory fragmentation.
  • AV-32640: GSLB leader and follower services and health monitors are not in sync
  • AV-30974: Service Engine may fail when least-load load balancing algorithm is used

Known Issues in 17.2.6

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration
  • AV-32854: “503 service temporary unavailable” error when using preserve_client_ip option
  • AV-34164: Initial link state is incorrect for member interfaces of port-channel
  • AV-34607: Traffic may be disrupted during upgrade in Linux server cloud deployments
  • AV-34947: Avi VIP does not respond to UDP traceroute

Issues Resolved in 17.2.5 Patch Releases

Issues Resolved in Patch Release 17.2.5-2p1

  • AV-32854: “503 service temporary unavailable” error when using preserve_client_ip option

Issues Resolved in Patch Release 17.2.5-1p6

  • AV-34947: Avi VIP does not respond to UDP traceroute

Issues Resolved in Patch Release 17.2.5-1p5

  • AV-34164: Initial link state is incorrect for member interfaces of port-channel

Issues Resolved in Patch Release 17.2.5-1p4

  • AV-33481: Link failure is not detected when aggregator mode is used for port channel
  • AV-33620: The “suspend_on_failure” option did not take effect to prevent a traffic outage when the first SE failed to upgrade
  • AV-33889: Cloud stuck in image upload state after applying patch 17.2.5-1p3

Issues Resolved in Patch Release 17.2.5-1p3

  • AV-32862: Service Engine may fail due to out of memory if many virtual services with WAF policies are placed on the same Service Engine
  • AV-33487: CLI login into Avi Controller for LDAP/TACACS+ users failed
  • AV-33558: In a tenant-scoped cloud, VRF should be owned by the tenant instead of admin

Issues Resolved in Patch Release 17.2.5-1p2

  • AV-33684: Tenant-scoped cloud does not work for Linux Server Cloud

Issues Resolved in Patch Release 17.2.5-1p1

  • AV-32182: Headers sent & received from server are logged even when “Log all headers” is turned off

What’s New in 17.2.5

Key Changes in 17.2.5

Issues Resolved in 17.2.5

  • AV-24858: Cannot export configuration due to the absence of the var/lib/avi/downloads directory
  • AV-26077: Avi UI does not show default values for log throttles
  • AV-29355: When [] is in the account name on the remote LDAP server, the user is unable to make any account changes on Avi Vantage
  • AV-29840: l4_server.avg_server_count metric reports wrong value
  • AV-29932: When Kubernetes/OpenShift runs in AWS, the VIP is created only in the first availability zone
  • AV-30355: Service Engine may fail if log streaming is enabled
  • AV-30436: An L4 virtual service which does not have a default pool is marked down, even though there are two healthy pools
  • AV-30500: Upgrade can fail if HTTP health monitor response contains non-ASCII characters
  • AV-30805: Invalid HTTP cookies can cause a Service Engine failure
  • AV-30849: In OpenShift, DNS entries may be incorrect if applications are deleted and added
  • AV-30860: Creating subnets within a network with intersecting pool ranges should not be allowed
  • AV-30914: In OpenStack, the Avi UI’s Add NTP Server button does not function if no NTP servers are present
  • AV-30991: Enabling the server_reselect feature with status codes configured as individual codes as well as blocks can cause Service Engine failure
  • AV-31078: A CLI user is not properly created and user is prompted for password when SSHing as the CLI user
  • AV-31156: In OpenShift, the Service Engine fails when a route with a mix of services (80/TCP and 53/UDP) is created
  • AV-31183: When upgrading from a pre-17.2.3 release to either 17.2.3 or 17.2.4, GSLB leader-to-follower connectivity issues arise when multiple DNS-VS(es) are configured on a GSLB site
  • AV-31189: After a Controller warmstart, virtual services go to OPER_PARTITIONED state
  • AV-31479: The HTTP health monitor does not support request sizes greater than 512 bytes
  • AV-31551: 500 error response for GET /api/pool-inventory/
  • AV-31625: In OpenStack, the Avi LBaaSv1 driver causes “internal server error” response for “port show” API for a non-existent port
  • AV-31635: Due to a race condition, the Service Engine may sometimes fail while constructing the client log
  • AV-31820: Disabling/enabling multiple GSLB pool members causes inconsistent state on different sites
  • AV-31904: Service Engine fails when parsing a malformed CONNECT request
  • AV-32244: The number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small
  • AV-32247: The number of descriptors in VMware is too small
  • AV-32382: SE may fail when consistent hash is the algorithm for GSLB pools, and Geo DB is configured
  • AV-32442: SE may fail if an HTTP health monitor is configured and there is an update/delete operation while there is an outstanding connection

Known Issues in 17.2.5

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration

Issues Resolved in 17.2.4 Patch Releases

Issues Resolved in Patch Release 17.2.4-1p7

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration

Issues Resolved in Patch Release 17.2.4-1p6

  • AV-33487: CLI login into Avi Controller for LDAP/TACACS+ users failed

Issues Resolved in Patch Release 17.2.4-1p5

  • AV-19590: Support for legacy active/standby HA in GCP
  • AV-32597: Service Engine fails due to a memory leak when all logging is disabled
  • AV-32751: Service Engine may fail due to a race condition between writing a client log and deletion of virtual service

Issues Resolved in Patch Release 17.2.4-1p4

  • AV-31904: Service Engine fails when parsing a malformed CONNECT request
  • AV-32244: Number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small
  • AV-32247: Number of descriptors used in VMware is too small

Issues Resolved in Patch Release 17.2.4-1p3

  • AV-31496: Support MAC masquerade in VMware

Issues Resolved in Patch Release 17.2.4-1p2

  • AV-31513: state_cache_mgr process keeps restarting, consuming memory

Issues Resolved in Patch Release 17.2.4-1p1

  • AV-30860: Creating subnets within a network with intersecting pool ranges should not be allowed
  • AV-31184: The restore_config.py script should not run if the Controller has any configuration
  • AV-31189: After a Controller warm start, virtual services go to OPER_PARTITIONED state

What’s New in 17.2.4

Issues Resolved in 17.2.4

  • AV-16469: Avi Controller slow to pick up new configurations after OpenShift or Avi Service Engine reboots
  • AV-16748: Memory leak in job manager
  • AV-17025: The number of open connections is incorrect
  • AV-20067: OpenShift: Gateway monitor does not work
  • AV-20280: Certificates are incorrectly chained if intermediate certificates have the same name
  • AV-24395: FQDN changes in Avi are not reflected correctly in Infoblox
  • AV-25165: PATCH is not supported for virtual service HTTP policy
  • AV-25581: OpenShift: BFD is not supported
  • AV-25974: API returns 504 when importing application profile object
  • AV-26023: Analytics log does not show NXD response code triggered by DNS policy
  • AV-26558: OpenStack: Avi API times out during large heat stack deployment
  • AV-26740: Avi CLI Linux-mode command not honoring cloud name parameter
  • AV-27066: Exporting a virtual service does not include all dependencies
  • AV-27935: SERVER_DELETD event seen when there is an update of the corresponding VM in vCenter
  • AV-28227: Filtering virtual service logs using Service Engine name is not working
  • AV-28492: Duplicate IP addresses getting assigned to Service Engine’s data vNIC
  • AV-28663: Service Engines can fail if a large amount of data is cached
  • AV-28903: Packet drops in the TX direction for non-VIP traffic
  • AV-28968: Cannot create DNS records when using Infoblox profile
  • AV-29045: Streaming log throttling not working when throttling is set to 0
  • AV-29261: Security tab doesn’t fully load on Avi UI
  • AV-29284: Trending health score does not load in Avi UI (just showing spinner)
  • AV-29439: Avi UI does not display the progress of Service Engine upgrade
  • AV-29529: vCenter Cloud : After upgrade, network object configuration can get lost
  • AV-29611: OpenShift: Traffic to non-primary Service Engine fails when using ECMP scale out
  • AV-29700: Cannot migrate a VIP sharing virtual services to a new SE group even after disabling the virtual services
  • AV-29799: EBS optimization not enabled on EC2 instances
  • AV-29930: Cannot SSH as CLI user
  • AV-30073: Updated SSL certificate does not take effect until virtual service is disabled and re-enabled
  • AV-30228: OpenShift: All virtual services placed on one Service Engine are not reachable
  • AV-30378: Service Engine may fail under queue-full conditions with UDP/DNS health monitor configured

Issues Resolved in 17.2.3 Patch Releases

Issues Resolved in Patch Release 17.2.3-1p6

  • AV-32315: Scale-out errors during upgrade for virtual services having SNAT IPs configured

Issues Resolved in Patch Release 17.2.3-1p5

  • AV-32244: Number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small

Issues Resolved in Patch Release 17.2.3-1p4

  • AV-31479: HTTP health monitor does not support request size > 512 bytes

Issues Resolved in Patch Release 17.2.3-1p3

  • AV-29931: DNS health monitor intermittently flaps

Issues Resolved in Patch Release 17.2.3-1p2

  • AV-29555: Avi Vantage doesn’t support active/backup port channel in Cisco CSP 2100

Issues Resolved in Patch Release 17.2.3-1p1

  • AV-29225: In Microsoft Azure cloud, Avi Vantage does not support an SSL-application VS having a floating IP
  • AV-29261: The Avi UI’s security tab doesn’t fully load
  • AV-29284: The Avi UI’s trending health score does not load — it just shows a spinner
  • AV-29469: Upgrading Linux bare-metal deployments is broken in the 17.2.x release family

What’s New in 17.2.3

Issues Resolved in 17.2.3

  • AV-25448: Management access to Avi Controller is restricted even after removing the access control rules
  • AV-25646: Weak cipher is used on certificate that’s used for Controller-SE communication on port 8443
  • AV-25716: With connection multiplexing is disabled and IP persistence is enabled, multiple requests on the same connection may result in SE failure
  • AV-25891: When custom Geo-DB is configured, DNS analytics logs may show conflicting location information
  • AV-25952: Service Engine fails when multiple pool groups are attached to a DataScript
  • AV-26095: SSL certificate content update done in OpenShift is not picked up by Avi Vantage
  • AV-26118: When using IE11 browser, the Operations menu does not respond and VS pop-up menu formatting is broken
  • AV-26629: BGP state on SE is not initialized after many VRF updates
  • AV-26663: Upgrade fails if there are a large number of alerts
  • AV-26726: Sending multiple DNS requests over the same TCP connection causes SE to fail
  • AV-26831: If timestamp option is not present in a TCP packet, RTT values and timestamps in client logs may be incorrect
  • AV-26836: Upgrade fails when a tenant name contains a plus (+) symbol
  • AV-26984: If connection multiplexing is disabled, graceful disable of servers may cause an SE failure
  • AV-27215: Unable to create virtual service for OpenStack cloud with Infoblox DNS provider
  • AV-27273: In the VS logs tab of Avi UI, bar graph is blank even though log details appear in the logs pane
  • AV-27378: During an upgrade from 16.x version, an SE fails if it gets disconnected from the Avi Controller
  • AV-27396: In auto-allocation of VIPs, IP addresses overlap with other VIPs in the system
  • AV-27876: In an OpenShift cloud, cloud-inventory call fails in Avi UI
  • AV-27894: User sees the <sensitive> tag in the private key field, despite having the superuser role
  • AV-28058: The AWS Auto Scaling group list displayed while creating a pool is not complete
  • AV-28502: Generation of an SE’s authentication token works only in admin tenant

Known Issues in 17.2.3

  • AV-29155: With Docker CE version 17.09, Avi Controllers and Avi SEs cannot be co-located on the same host. If they are, restart of any of them will fail.
  • AV-29469: Upgrade for Linux server cloud will be disruptive.
  • AV-29529: In a vCenter cloud, after upgrading to 17.2.3, network object configuration can get lost.

What’s New in 17.2.2

This section summarizes the enhancements in 17.2.2. For more information, click on the feature names, which link to additional information in the Avi Networks Knowledge Base.

Cloud Connectors

Networking

OpenShift/Kubernetes

Metrics

  • Users can now gain insight on Controller cluster health on a per-node basis

Key Changes in 17.2.2

Issues Resolved in 17.2.2

  • AV-21493: Controller cluster leader election takes too long if one of the nodes is inaccessible
  • AV-24660: SE fails when root certification is attached to an HTTPS health monitor
  • AV-24788: SE fails due to disk-full condition
  • AV-25078: Virtual service VIP is lost due to race condition if an SE is deleted out-of-band
  • AV-25158: If the management network name is changed in AWS, the netwrok settings are missing in the cloud configuration
  • AV-25518: SE upgrade fails on Cisco CSP 2100 with bond configuration
  • AV-25637: Loss of Zookeeper connectivity results in Controller warm reboot
  • AV-25676: HTTPS slow when many small packets are received from the server
  • AV-25692: Changing the cluster IP in OpenShift is not reflected in Avi Vantage
  • AV-25936: SE fails during configuration of floating IP
  • AV-26037: SE fails during upgrade to 17.1.6
  • AV-26737: SE may fail in bare-metal installations due to large packets
  • AV-26776: Server-side connections are not re-usable for HTTP 1.0 requests

Performing the Upgrade

Upgrade prerequisite: The current version of Avi Controller must be 17.1 or later.

Upgrade Instructions

Protocol Ports Used by Avi Vantage for Management Communication

Supported Platforms

Refer to System Requirements: Ecosystem

Product Documentation

For more information, please see the following documents, also available within this knowledge base.

Installation Guides

Avi Networks software, Copyright © 2013-2018 by Avi Networks, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php