Avi Vantage 17.2.X Release Notes

What’s New in 17.2.17

  • Support for Syslog over TLS

Issues Resolved in 17.2.17

  • AV-56238: Stale NIC offload flags in memory buffers were stalling NIC transmit queues
  • AV-56697: SNMP trap for CONTROLLER_NODE_LEFT is generated as aviSystemAlert rather than aviControllerStatusChanged trap
  • AV-58319: AWS: Virtual services removed from Service Engine due to DHCP renew failure
  • AV-58446: When the link of physical function is flapped, the virtual functions need to send a reset to recover network connectivity
  • AV-58901: Authentication profile cannot be configured using FQDN in system configuration
  • AV-59148: Inherit from site not present in the list of GSLB geo sources on the GSLB pool configuration edit pane
  • AV-60152: If FQDN is used in mgmt_ip_or_fqdn in cluster node config and that FQDN contains dashes, Service Engines fail to connect back
  • AV-60347: show hmonstat for a server results in 500 Internal Error
  • AV-60460: When connection multiplexing is turned off, the requests coming on the client connection are sent on the backend connection
  • AV-60502: Update the list of NIC types to take over and release all i40e NICs
  • AV-60515: Service Engine patch upgrade fails due to lack of directory permissions
  • AV-60868: AWS: Service Engine may fail during vNIC removal
  • AV-60888: Service Engine failure when a UDP network profile is added to an HTTP virtual service
  • AV-61057: AWS autoscale groups with target groups attached in the environment causes polling of autoscale groups to fail
  • AV-61769: Infoblox issued duplicate IPs for VIP with the same name/port
  • AV-62253: When ever glb_mgr processes gets restarted, send_interval timer is not started
  • AV-63025: Depending on the order of configuration, a disable/enable of DNS virtual service associated with a GSLB service may reset geo location configuration on GSLB service pool and pool members
  • AV-63241: Service Engine in down state after an upgrade from 16.x version
  • AV-63248: Virtual services may become unavailable during an upgrade for upto 10 minutes in OpenStack environment with Nuage SDN integration
  • AV-63282: Virtual services with references to missing networks in OpenStack can cause other virtual services to go down
  • AV-63829: OpenStack: Glance image upload fails
  • AV-64025: During metrics reporting for a DNS virtual service, the metrics data collection overflows an internal buffer
  • AV-64306: With HTTP1.0, non-KeepAlive TCP connection can linger even after the request is served resulting in client slowness

Issues Resolved in 17.2.16 Patch Release

Issues Resolved in 17.2.16-8p3

  • AV-64881: OpenStack: When a virtual service is placed in tenant VRF, an issue with the movement across VRF where the Service Engine has an invalid VRF, triggers failure

Issues Resolved in 17.2.16-8p2

  • AV-56238: Stale NIC offload flags in memory buffers stalling NIC transmit queues

Issues Resolved in 17.2.16-8p1

  • AV-58319: AWS: Virtual services removed from Service Engine due to DHCP renew failure
  • AV-60515: Service Engine patch upgrade fails due to lack of directory permissions
  • AV-61769: Infoblox issued duplicate IPs for VIPs with the same name/port

Issues Resolved in 17.2.16-7p2

  • AV-63248: Virtual services may become unavailable during an upgrade for upto 10 minutes in OpenStack environment with Nuage SDN integration

Issues Resolved in 17.2.16-7p1

  • AV-60515: SE patch upgrade fails due to lack of directory permissions
  • AV-62253: When glb_mgr processes gets restarted, send_interval timer is not started
  • AV-63025: Disabling the DNS virtual service causes the geolocation computation to stop, and addresses are handed over round robin

Issues Resolved in 17.2.16-6p1

  • AV-58901: Auth profile cannot be configured using FQDN in system configuration

Issues Resolved in 17.2.16-5p3

  • AV-63454: Syslog over TLS issue with logstash and rsyslog

Issues Resolved in 17.2.16-5p2

  • AV-61704: Support for syslog over TLS

Issues Resolved in 17.2.16-5p1

  • AV-56697: SNMP trap for CONTROLLER_NODE_LEFT is generated as aviSystemAlert rather than aviControllerStatusChanged trap
  • AV-60515: SE patch upgrade fails due to lack of directory permissions

Issues Resolved in 17.2.16-4p3

  • AV-63405: Listing of AWS autoscaling groups in the pool configuration UI can fail and cause AWS_ASG_FAIILURE event
  • AV-61057: AWS autoscale groups with target groups attached in the environment causes polling of autoscale groups to fail

Issues Resolved in 17.2.16-4p2

  • AV-60868: AWS: Service Engine may fail during vNIC removal
  • AV-60888: Service Engine failure when an UDP network profile is added to an HTTP virtual service

Issues Resolved in 17.2.16-4p1

  • AV-58319: AWS: Virtual services removed from SE due to DHCP renew failure

Issues Resolved in 17.2.16-3p1

  • AV-60347: show hmonstat for a server results in “500 Internal Error”
  • AV-60460: When connection multiplexing is turned off, the requests coming on the client connection are sent on the backend connection

Issues Resolved in 17.2.16-2p1

  • AV-55849: Update the PCI search string with 700 series so that i40evf driver is inserted when SE comes up on CSP
  • AV-58446: When the physical function link flaps, the virtual functions need to send a reset to recover the network connectivity
  • AV-60502: Update the list of NIC types to take over and release all i40e NICs
  • AV-60515: SE patch upgrade fails due to lack of directory permissions

What’s New in 17.2.16

  • Support for assigning static IP to an egress pod in Azure
  • Support for adding an option for minimum available servers to pools
  • OpenShift: Support for livenessProbe and imagePullPolicy configuration for egress pod

Issues Resolved in 17.2.16

  • AV-51499: Avi Vantage not caching javascript query URI when ‘*/javascript’ is in the string group
  • AV-52374: DNS virtual service with preserve client IP does not work for UDP traffic
  • AV-52588: Server inventory response pages are not paginated
  • AV-52716: SE failure on server reselect if the server is marked down at the same time
  • AV-54752: Avi Vantage not acknowledging the FIN packets causing delays
  • AV-54931: Service Engine may fail if caching and WAF are enabled on a virtual service
  • AV-54964: SQL injection possible while using some APIs
  • AV-55142: AWS: Unable to configure a pool with autoscaling configuration if autoscale group is created with launch template
  • AV-55343: Service Engine failure when a pool group is configured with a redirect fail action with no destination
  • AV-55454: SE failure for a virtual service with App type System-SSL-Application if the Network Profile type is set to TCP Fast
  • AV-55492: Dynamic resizing of the Controller disk fails
  • AV-55775: OpenShift: Multiple SE include/exclude attributes does not work
  • AV-56625: Over a period of few days SE persistence table usage increased to 99%
  • AV-56674: AWS: Adding more than 200 servers to a pool fails
  • AV-56734: GSLB: When num_dns_ip is set to 0, and multiple pools have the same priority, round robin behavior is not observed
  • AV-57621: Auto-rebalance criteria with PPS is using only client-side PPS instead of the total interface PPS
  • AV-58121: Non-error egress pod logs are displayed on the screen
  • AV-58439: Issues with spinning multiple ALBs in SE group for OpenShift on Azure
  • AV-58483: HTTP response policy is not displayed correctly in the UI
  • AV-58530: External health monitor using ldapsearch fails
  • AV-58831: SNAT sharing between virtual services does not work for legacy HA
  • AV-58888: The maximum value allowed for a rate limiter is too small
  • AV-58986: Service Engine fails to reconnect to the Controller if it fails due to a kernel panic
  • AV-59039: Replication issues between QA instances in GSLB sites
  • AV-59053: GCP: Malformed URL error on adding route
  • AV-59530: Stale PCI ID - name mapping in Linux prevents release of NIC to kernel
  • AV-59542: SE may fail with UDP per pkt VS preserving client ip and client port if client reuses the port
  • AV-59570: SE crashes if the two virtual services sharing the VIP with overlapping port ranges are enabled from the disabled state at the same time
  • AV-59642: Virtual service placement does not follow legacy HA tags for virtual services with shared VIPs, when all virtual services are disabled and enabled in any order
  • AV-59647: When servers are moved to standby in AWS autoscale groups and then terminated, it can cause polling of ASGs to stop

Known Issues in 17.2.16

  • AV-58901: Auth profile cannot be configured using FQDN in system configuration

Issues Resolved in 17.2.15 Patch Release

Issues Resolved in 17.2.15-8p1

  • AV-53339: Controller process can fail randomly due to redis disconnect with large number of configuration objects in the system

Issues Resolved in 17.2.15-7p7

  • AV-61273: Pool metrics are provided even for disabled servers

Issues Resolved in 17.2.15-7p6

  • AV-64858: Running “show serviceengine bgp debug" command in a highly scaled out system causes SE agent to hang leading to SE disconnection
  • AV-64896: Disabling debug_vrf_all flag under debugvrfcontext fails to disable the debugs

Issues Resolved in 17.2.15-7p5

  • AV-58039: SEGSEGV on ipstk_fq_get_vnic_stats while getting interface statistics from Service Engine
  • AV-64560: VIP route withdrawal from peers fail as a part of virtual service scale in operation for shared virtual services when the owner of the portchannel bond is not core-0

Issues Resolved in 17.2.15-7p4

  • AV-62259: Enable multi-queue feature for Intel 25G NIC showing up with model name 158b

Issues Resolved in 17.2.15-7p3

  • AV-60897: Update-pciids hang when there is no internet connectivity

Issues Resolved in 17.2.15-7p2

  • AV-60352: Update the list of NICs to be released to Linux during stop sequence to cover cases where update-pciids command fail

Issues Resolved in 17.2.15-7p1

  • AV-54964: SQL injection possible while using some APIs
  • AV-59530: Stale PCI ID - name mapping in Linux prevents release of NIC to kernel
  • AV-59573: Time limit exceeded while processing rules

Issues Resolved in 17.2.15-4p1

  • AV-36381: ADC: Support minimum health monitors to indicate an active server
  • AV-38227: Support for minimum available servers in a pool

Issues Resolved in 17.2.15-3p2

  • AV-54964: SQL injection possible while using some APIs

Issues Resolved in 17.2.15-3p1

  • AV-58350: External health monitor using ldapsearch fails

Issues Resolved in 17.2.15-2p3

  • AV-54964: SQL injection possible while using some APIs
  • AV-58483: HTTP response policy is not displayed correctly in the UI
  • AV-58888: The maximum value allowed for rate limiter is too small

Issues Resolved in 17.2.15-2p2

  • AV-51099: OpenShift: Avi fails to create virtual service for routes that point to non HTTP/HTTPS service ports
  • AV-55170: Route’s FQDN is not honored if GS annotation is not present
  • AV-55172: OpenShift: Custom GS health monitor reference in annotation is not honored
  • AV-55775: OpenShift: Multiple SE include/exclude attributes do not work as expected
  • AV-55777: Static IP for egress in OpenShift on-prem
  • AV-55778: Static IP for egress configuration for OpenShift on Azure
  • AV-58439: Issues with spinning multiple ALBs in SE group for OpenShift in Azure

Issues Resolved in 17.2.15-2p1

  • AV-54272: Object virtualservice with name vs-we-l4 not found for GET operation

Issues Resolved in 17.2.15-1p2

  • AV-57717: Unable to move interface into new VRF in no access cloud

Issues Resolved in 17.2.15-1p1

  • AV-54964: SQL injection possible while using some APIs
  • AV-55454: SE failure for virtual service with App type System-SSL-Application when network profile is set to TCP Fast

What’s New in 17.2.15

Issues Resolved in 17.2.15

  • AV-45962: Incorrect rule ID displayed in WAF policy
  • AV-47559: Changes to Data files in WAF profile not taking effect
  • AV-51243: Virtual service dropdown list on GSLB service edit modal is missing the search function
  • AV-51693: In case of a failure, GSLB health checks are not performed on newly spawned Service Engines
  • AV-52090: User login fails with concurrent session threshold exceeded error
  • AV-52651: External Health Monitor script does not support more than two variables
  • AV-52932: DPDK: Support for Intel XXV710 - 25G NIC
  • AV-53119: Azure: Controller cluster goes down when the Controller VMs do not get scheduled for some time
  • AV-53365: Incorrect handling of Nagios Health Monitor requests
  • AV-53500: Application logs not available for a SNI child virtual service
  • AV-53966: Controller services may restart on Controller instances that have a large number of CPUs
  • AV-53967: Attaching an error Page for a 400 response code returns a trailing static HTML page
  • AV-54003: Autoscaling configuration did not take effect for some Service Engine groups
  • AV-54734: Replication issues between GSLB sites

Known Issues in 17.2.15

  • AV-54964: SQL injection possible while using some APIs

Issues Resolved in 17.2.14 Patch Release

Issues Resolved in 17.2.14-14p1

  • AV-62771: When a GSLB pool is disabled and has no site attached to its pool members, an internal debug does an invalid reference and leads to a crash
  • AV-62821: For geo load-balancing at GSLB service level, when the distance between the members is smaller compared to the number of members in the pool, then some of the pools are considered to be equi-distant from the client, and a different pool than the desired one could be picked

Issues Resolved in 17.2.14-13p1

  • AV-55492: Dynamic resizing of the Controller Disk fails
  • AV-58901: Auth profile cannot be configured using FQDN in system configuration
  • AV-59148: Inherit from site not present in the list of GSLB geo sources on the GSLB pool configuration edit pane
  • AV-59461: Failure to create a new Service Engine with RPC Failed to Network Manager error

Issues Resolved in 17.2.14-12p1

  • AV-58121: Egress pod logs are generated as STDERR rather than STDOUT

Issues Resolved in 17.2.14-11p1

  • AV-58439: Virtual services trying to associate with second internal Azure ALB in availability set failed to start

Issues Resolved in 17.2.14-10p1

  • AV-56625: Service Engine persistence table overutilized

Issues Resolved in 17.2.14-8p1

  • AV-55492: Dynamic resizing of the Controller disk fails

Issues Resolved in 17.2.14-7p1

  • AV-55343: Service Engine failure when a pool group is configured with redirect fail action with no destination

Issues Resolved in 17.2.14-6p3

  • AV-64025: During metrics reporting for a DNS virtual service, the metrics data collection overflows an internal buffer

Issues Resolved in 17.2.14-6p2

  • AV-51099: OpenShift: Avi Vantage fails to create virtual service for routes that point to non-HTTP/HTTPS service ports

Issues Resolved in 17.2.14-6p1

  • AV-52235: OpenShift: Support for liveness probe and image Pull Policy configuration in egress pod
  • AV-54752: Avi Vantage not acknowledging the FIN packets that are causing delay

Issues Resolved in 17.2.14-5p1

  • AV-55142: Support for AWS autoscaling groups created using launch templates as Avi Pools

Issues Resolved in 17.2.14-2p1

  • AV-43759: /api/switch-to-tenant stuck in a loop when it returns 404
  • AV-52588: Server inventory response pages not paginated

Issues Resolved in 17.2.14-1p1

  • AV-45962: Incorrect rule ID displayed in WAF policy
  • AV-47559: WAF Profile Data field non adaptive to changes
  • AV-53119: Azure: Controller cluster goes down when the controller VMs do not get scheduled for some time
  • AV-53365: Intermittently a malformed HTTP method is sent to the server

What’s New in 17.2.14

Key Changes in 17.2.14

  • AV-51312: To interact with Avi Vantage version 17.2.14, the Avi SDK needs to be upgraded to the latest.

Issues Resolved in 17.2.14

  • AV-43980: Secure Channel flapping between Avi Controller and SE when GRO is enabled
  • AV-45040: Unable to change the virtual service name to have parentheses — () — via the UI, but can do so from the REST API and CLI
  • AV-45221: Virtual service placement stuck at AWAITING_VNIC_IP for SNI parent
  • AV-45496: Service Engine may fail if TLS persistence is used for a non-SSL pool
  • AV-45670: OpenShift: Service Engine connection usage spiked to 99%
  • AV-45852: OpenShift: Delay in creating Avi routes
  • AV-45943: Health monitor fails if there is a \r\n\r\n before the HTTP/x.x in the send string
  • AV-46045: Linux Server Cloud: Service Engine may fail when DPDK is enabled on Mellanox NICs in a port channel
  • AV-46061: Third-party GSLB sites are not shown in the list of DNS policy primary and fallback sites
  • AV-46117: Unable to update/create Infoblox IPAM/DNS profiles from the Avi UI
  • AV-46169: Avi Vantage sending syslog with invalid PRI 324
  • AV-46349: SE_PKT_BUFF_HIGH event and buffer usage rose, causing SE to be unreachable
  • AV-46650: Unable to use regex or list of strings for basic authentication
  • AV-46742: SE stuck at OPER_DISABLING while the cluster and SEs were having intermittent network partitioning issues
  • AV-46832: Mellanox interfaces on the Service Engine are not restored correctly after an SE failure
  • AV-46883: Service Engine fails if TCP FastPath network profile is used for DNS application with dns_over_tcp_enabled set to True
  • AV-46899: OpenShift: Stale Avi bridge ports are not being cleaned up
  • AV-47080: Linux Server Cloud: Service Engine may fail when using multiple bonded interfaces to advertise VIP via BGP
  • AV-47140: SMTP error while running email test
  • AV-47181: When logging in as administrator, the default tenant is not set to “admin”
  • AV-47185: OpenShift: Egress pod not coming up on Azure
  • AV-47333: Upgrade waits forever for remote task to finish when time is not synchronized between Service Engine and the Controller
  • AV-47437: Linux Server Cloud: Default route may not take effect when using Mellanox NICs in inband mode
  • AV-47500: WAF: Service Engine may fail under memory pressure
  • AV-47568: SE failure due to a corrupted persistence cookie
  • AV-47574: vCenter API version 6.7U1 is not supported by Avi Controller
  • AV-47600: Service Engine may stop processing packets if it has been up for more than 392 days
  • AV-47650: Service Engine is advertising routes to BGP for a virtual service that has not been placed
  • AV-47733: Erroneous VS fault message - virtual service needs 3 Services Engines for high availability. Currently only 4 Service Engine(s) available
  • AV-47797: When RSS is enabled, connections to pool servers are delayed due to dropped SYN+ACK packets, causing retransmits
  • AV-47800: When VIP-to-SNAT is enabled, changing non-critical fields (e.g., name) causes virtual service to detach and reattach to Service Engines
  • AV-50783: Virtual service cannot be enabled due to IP address exhaustion
  • AV-50784: Azure: HTTP health monitor fails for VMs added to a pool from a scale set because of “_” (an underscore) in the hostname
  • AV-51019: Linux Server Cloud: NIC bonding may fail on Ubuntu 16.04 servers when Service Engine is restarted
  • AV-54239: GSLB upgrade fails due to Python version change in API

Issues Resolved in 17.2.13 Patch Releases

Issues Resolved in 17.2.13-10p1

  • AV-58900: AZURE_ACCESS_FAILURE event is not generated if access to Azure APIs fails after the cloud is up

Issues Resolved in 17.2.13-7p1

  • AV-33724: Health monitor’s HOST header does not update with server name update
  • AV-44724: OpenShift-Azure: Route virtual service may fail to come up operationally
  • AV-45667: Unable to view events older than a day
  • AV-45852: Delay in creating Avi routes

Issues Resolved in 17.2.13-5p2

  • AV-47359: Import configuration fails on using discovered_networks and placement_networks in the configuration
  • AV-52588: Server inventory response pages not paginated

Issues Resolved in 17.2.13-5p1

  • AV-46061: Third party GSLB sites are not shown in the list of primary and fallback sites in DNS policy
  • AV-47069: GSLB health monitor dropdown list is missing the search function
  • AV-47181: On logging in as administrator, default tenant is not set to “admin”

Issues Resolved in 17.2.13-3p1

  • AV-45958: Pools may go down when one of the redundant links on router is brought down

Issues Resolved in 17.2.13-1p2

  • AV-46045: Linux server cloud: Service Engine may fail when DPDK is enabled on server with Mellanox NICs

Issues Resolved in 17.2.13-1p1

  • Support for 1500 servers in a single pool

What’s New in 17.2.13

ADC

DNS

Logging

Containers

  • OpenShift: Handle port mapping on the service port for virtual service
  • OpenShift: Option to use OpenShift info and annotations as the source of truth
  • OpenShift: Support private repository for Service Engine image in pod deployment
  • OpenShift: Avi ServiceAccounts restricted to projects requesting egress pod service
  • OpenShift/Kubernetes: Route/ingress status reflected in objects

Public Cloud

Key Changes in 17.2.13

  • Per virtual service server metrics for shared pools is not supported.
  • vCenter : Support for virtual hardware version 10.
    Starting with Avi Vantage release 17.2.13, ESXi 5.0 and 5.1 are not supported.

Issues Resolved in 17.2.13

  • AV-28981: AWS: Application response delayed through secondary Service Engine
  • AV-33959: URL invalid encoding for redirect action
  • AV-35805: Multiple SE_NIC_DUPLICATE_IP events after an upgrade
  • AV-35899: Line break inconsistencies on creating exact HTTP request for health monitor in web UI
  • AV-41878: OpenShift: Insecure termination policy does not work with HTTP when shared virtual service is used
  • AV-42367: Services state_cache_mgr and glb_local_worker might fail during an upgrade
  • AV-42759: Azure: Latency increases after some time
  • AV-43787: Service engine may fail when there are a large number of connections and there is a change in ECMP hash on the neighboring BGP router
  • AV-44089: Service Engine with large memory may fail during an SE list update for a virtual service
  • AV-44239: Service Engine fails if external log server cannot be resolved to an IP address
  • AV-44473: Import configuration fails if string contains unicode character
  • AV-44659: Error message on saving HTTP security policy with rate-limit and local response HTML file
  • AV-44673: OpenShift: All Service Engines in OpenShift cloud fails to upgrade with SE_IMAGE_INSTALL error
  • AV-45229: Service Engine failure when pool has Server Reselect enabled in connection multiplex mode
  • AV-45417: Pools using AWS autoscaling group are marked down when there is a connectivity issue to AWS API

Known Issues in 17.2.13

  • AV-44724: OpenShift-Azure: Route virtual service may fail to come up operationally

Issues Resolved in 17.2.12 Patch Releases

Issues Resolved in 17.2.12-10p1

  • AV-63282: Virtual service with references to missing networks in OpenStack can cause other virtual services to go down

Issues Resolved in 17.2.12-9p1

  • AV-58831: Active/passive legacy HA scenario does not failover during outage

Issues Resolved in 17.2.12-7p1

  • AV-51693: In case of a failure, GSLB health checks not performed on newly spawned Service Engines
  • AV-52651: Script variables limited to two on creating external Health Monitor

Issues Resolved in 17.2.12-3p1

Issues Resolved in 17.2.12-1p1

  • AV-52210: Service Engine not getting IP address from OpenStack DHCP server

What’s New in 17.2.12

ADC

DNS

Security

Logging

  • Support significant logs for SIP application

Public Cloud

Cisco ACI

Private Cloud

Networking

Issues Resolved in 17.2.12

  • AV-31453: Changes to /etc/docker/daemon.json are not preserved across Avi Vantage upgrade
  • AV-35689: API session ID does not expire
  • AV-37407: OpenShift: Cloud connector failing continuously to delete one tenant
  • AV-38351: Controller using too much disk space when vCenter has a lot of objects
  • AV-38693: Virtual service scaleout/migrate UI page errors out preventing virtual service migration across clusters
  • AV-39602: Controller patch install fails to install patch on the follower nodes
  • AV-39784: Service Engine unresponsive when a specific malformed packet is received
  • AV-40377: CSP: Secondary Service Engine may not process flows if multiple bond interfaces are in use
  • AV-40421: While creating a Service Engine VLAN interface cannot see more than eight VRFs in the dropdown menu
  • AV-40782: Enhance TCP stack congestion control
  • AV-40800: Failure in creating shared host virtual services with explicit dedicated_route annotation in “shared VS” mode
  • AV-40953: RSS scaleout: Skew in favour of secondary SE in the number of connections handled per SE
  • AV-41232: BGP peering not established on Service Engine restart when there are a lot of VRFs
  • AV-41289: Service Engine failure on updating dp_hb_frequency value in Service Engine properties
  • AV-41500: RSS scaleout: Memory leak per heartbeat-IPC sent to the dispatcher cores within the Primary SE
  • AV-41710: Azure: Pools configured with Azure scale sets may go down when there is an Azure API error
  • AV-41877: OpenShift: Ingress creation fails with “Max VS per IP reached” message

Known Issues in 17.2.12

  • AV-33381: OpenStack: “Service Timeout” for network drop-down-selection list on VS-create UI page
  • AV-41637: Bandwidth exceeded event is seen even when bandwidth has not reached the licensed 200Mbps limit
  • AV-42902: OpenShift: Services without Endpoints default to HTTP Profile

Issues Resolved in 17.2.11 Patch Releases

Issues Resolved in 17.2.11-6p2

  • AV-45667: Unable to view events older than one day
  • AV-45852: Delay in creation of Avi routes

Issues Resolved in 17.2.11-6p1

  • AV-42902: OpenShift: Services without Endpoints default to HTTP Profile

Issues Resolved in 17.2.11-5p5

  • AV-59647: Moving servers to standby in AWS autoscale groups and then terminating stops the polling of ASGs

Issues Resolved in 17.2.11-5p4

  • AV-45417: On issues with connectivity to AWS API, pools using AWS auto scaling group are marked down

Issues Resolved in 17.2.11-5p3

  • AV-56674: Adding more than 200 servers to a pool fails on AWS

Issues Resolved in 17.2.11-4p1

  • AV-40953: In RSS-scaleout scenario, there is skew observed in favor of Secondary SE in the number of connections handled per SE.
  • AV-41500: In RSS-scaleout scenario, there is a memory leak issue per heartbeat-IPC sent to the dispatcher cores within the Primary SE.

Issues Resolved in 17.2.11-3p4

  • AV-41637: Bandwidth exceeded event is seen even when bandwidth has not reached the licensed 200Mbps limit

Issues Resolved in 17.2.11-3p3

  • AV-41710: Azure: Pools configured with Azure scale sets may go down when there is an Azure API error

Issues Resolved in 17.2.11-3p2

  • AV-38864: Support for vSphere 6.7

Issues Resolved in 17.2.11-3p1

  • AV-39232: Azure: Reduce Avi Controller’s dependency on Azure tags
  • AV-39689: Azure: Increase fault domains of availability set to 3
  • AV-40381: Azure: Increase update domains of availability set to 20

Issues Resolved in 17.2.11-2p4

  • AV-67646: Upgrade from version 17.2.4 onwards to 18.x with BGP configuration may result in intermittent BGP flap

Issues Resolved in 17.2.11-2p2

  • AV-41232: BGP peering not established on Service Engine restart when there are a lot of VRFs
  • AV-41289: Service Engine fails when updating dp_hb_frequency value in Service Engine properties

Issues Resolved in 17.2.11-2p1

  • AV-40782: Enhance TCP stack congestion control

Issues Resolved in 17.2.11-1p1

  • AV-38351: Controller is using too much disk space when vCenter has a lot of objects

What’s New in 17.2.11

  • Analytics APIs are load balanced to follower nodes

Issues Resolved in 17.2.11

  • AV-31263: Service Engine may fail when scaling in or deleting a virtual service with BGP enabled
  • AV-37407: OpenShift: Cloud connector failing continuously to delete one tenant
  • AV-39426: Virtual services with BGP enabled became unavailable during upgrade
  • AV-39602: Controller patch install fails to install patch on follower nodes
  • AV-39784: Service Engine unresponsive when a specific malformed packet is received

Known Issues in 17.2.11

  • AV-39679: Traffic to service ports using UDP fast path fail if auto gateway is enabled
  • AV-40569: Health monitor request string is truncated after upgrade
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Note: Avi Vantage’s patch upgrade feature is explained in this article.

Issues Resolved in 17.2.10 Patch Releases

Issues Resolved in 17.2.10-10p1

  • AV-64884: Allow migration to multi ALB without deleting virtual services on Azure cloud

Issues Resolved in 17.2.10-7p1

  • AV-58900: AZURE_ACCESS_FAILURE event is not generated if access to Azure APIs fails after the cloud is up

Issues Resolved in 17.2.10-3p5

  • AV-40637: Memory leak when HTCP congestion control algorithm is used in TCP network profile
  • AV-58101: Service Engine crash due to peer monitor blocking greater than 60 sec

Issues Resolved in 17.2.10-3p4

  • AV-52374: DNS virtual service with preserve client IP does not work for UDP traffic

Issues Resolved in 17.2.10-3p3

  • AV-51542: Intermittent ping drops to the back-end inline servers

Issues Resolved in 17.2.10-3p2

  • AV-47800: When VIP to SNAT is enabled, changing non critical fields, such as name, causes virtual service to detach and reattach to Service Engines

Issues Resolved in 17.2.10-2p1

  • AV-40569: Health monitor request string is truncated after upgrade

Issues Resolved in 17.2.10-1p6

  • AV-41416: Fixed Branch-ID parameter of Via header in SIP by generating it using MD5 of already present SIP headers.
  • AV-41416: Fixed SIP parser code issue so that header names and escape sequences go out unmodified.
  • AV-41416: Free the SIP receive buffer whenever possible to reduce SE memory usage.

Issues Resolved in 17.2.10-1p5

  • AV-40382: Support for 16KB sized SIP messages.
  • AV-40382: Service Engine incorrectly forwards SIP message with multipart payload, when there is no “MIME-Version” header.

Issues Resolved in 17.2.10-1p4

  • AV-39679: Traffic to service ports using UDP fast path fail if auto gateway is enabled
  • AV-38864: Support for vSphere 6.7

Issues Resolved in 17.2.10-1p3

  • AV-39784: Service Engine gets into an infinite loop when a specific malformed packet is received

What’s New in 17.2.10

Issues Resolved in 17.2.10

  • AV-30762: High app response time reported erroneously on Avi Vantage
  • AV-31262: Move error.log to /var/log/upstart/ to enable log rotation
  • AV-31513: state_cache_mgr process keeps restarting and consumes memory
  • AV-32809: SIP virtual service with TCP-Proxy transport
  • AV-33725: Client logs: Support for removing or masking Personally Identifiable Information (PII) in request-headers and response-headers fields
  • AV-33904: Raise alert if an AWS Auto Scaling group has been removed from AWS but is still configured in the pool
  • AV-34196: Restricting SNMP access to Avi Vantage does not function as expected
  • AV-34571: Publish private IP DNS A record to Route 53 public zone
  • AV-34817: SE shows high memory usage when ‘Host Geo DB’ is configured, even when there is no traffic
  • AV-35032: High memory usage may show up in SE CPU metrics when the kernel uses memory that can be reclaimed
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-35740: Upgrade command issued via CLI fails if tenants are being simultaneously added or deleted
  • AV-35812: CSP: Avi Vantage does not support more than four bond interfaces
  • AV-36487: Need SE-VNIC-UP event to flag that VNIC is back up after an SE-VNIC-DOWN event
  • AV-36490: Controllers restarted with CONTROLLER_SERVICE_FAILURE
  • AV-36553: When multiple SNI parent virtual services are configured, SNI child virtual service may not be placed correctly on Service Engines
  • AV-36691: All Service Engines restart at the same time during an upgrade from 17.2.4 to 17.2.7
  • AV-36891: Health monitors fail with SNAT in active/active mode
  • AV-37202: Intermittent health monitor failures due to an address error when multiple pools sharing the same servers use different health monitors with the same monitor-port
  • AV-37214: Service Engine fails to connect back sometimes after a patch is applied and rebooted.
  • AV-37429: OpenStack: Cloud gets into error state when Glance public endpoint URL (in Keystone catalog) does not end in v1 or v2
  • AV-37431: OpenStack: Creating virtual service fails when ‘Security Groups’ option is disabled in cloud configuration
  • AV-37465: IP stack fails to respond to traceroute UDP packets generated with -F (dont fragment)
  • AV-37492: SQS-based monitoring of AWS Auto Scaling groups does not work when AWS proxy is enabled
  • AV-37493: KMS master keys are not listed in the AWS cloud configuration UI
  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37521: CSP: ARP broadcast request does not work from external switch to a VF on a Service Engine
  • AV-37579: IPAM/DNS integration with Infoblox does not create PTR records
  • AV-37676: OpenShift: Routes may not be learnt in an OpenShift cloud using a shared virtual service
  • AV-37746: Azure: Latency increases after some time
  • AV-37759: OpenStack: LBaaSv2: listener disable/enable fails for listeners in non-admin tenants
  • AV-37832: UDP packets with zero checksum are dropped incorrectly
  • AV-37840: SE failure when HTTP Host Header rewrite is configured and the request is HTTP 1.0 without host header
  • AV-37894: K8S Ingress: Virtual service name should not be dependent on DNS provider
  • AV-37940: Upgrade fails at the Controller upgrade stage and aborts after 20% progress
  • AV-37947: WAF: Service Engine crash - Large POST is stuck in WAF processing
  • AV-38008: OpenShift: VIP change may not be reflected in DNS
  • AV-38025: OpenStack: Accessing usable_network_uuids field in the UI results in a null for JSON request
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface for Service Engine running on CoreOS
  • AV-38099: Service Engine fails when server reselect is enabled in a pool where the number of retries is greater than the number of servers in the pool and all servers return failure
  • AV-38134: Service Engine loses connectivity to Controller due to secure channel failure
  • AV-38157: vCenter discovery fails when vCenter has 14k virtual machines
  • AV-38257: Updating email configuration triggers Controller restart
  • AV-38329: Packets are looping between Service Engines after a primary switchover
  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Known Issues in 17.2.10

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-37445: There may be a brief (a few seconds) traffic disruption during upgrade
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-39679: Traffic to service ports using UDP-Fast-Path fail if auto gateway is enabled
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Note: Avi Vantage’s patch upgrade feature is explained in this article.

Issues Resolved in 17.2.9 Patch Releases

Issues Resolved in 17.2.9-2p6

  • AV-45417: Pools using AWS autoscaling group are marked down when there is connectivity issue to AWS API

Issues Resolved in 17.2.9-3p1

  • AV-38305: External health monitors using ldap-utils does not work
  • AV-38329: Packets may loop between Service Engines after a primary switchover

Issues Resolved in 17.2.9-2p3

  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Issues Resolved in 17.2.9-2p2

  • AV-37465: Avi Service Engine fails to respond to traceroute UDP packets with “don’t fragment” (-F) flag

Issues Resolved in 17.2.9-2p1

  • AV-35812: CSP: Avi does not support more than four bond interfaces
  • AV-37521: CSP: ARP broadcast request does not work from external switch to a VF on a Service Engine

Issues Resolved in 17.2.9-1p1

  • AV-38008: OpenShift: VIP change may not be reflected in DNS
  • AV-37676: OpenShift: Routes may not be learned in an OpenShift cloud when virtual services share a VIP

Issues Resolved in 17.2.9

  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37517: Upgrade may be disruptive due to a race condition in Controller initialization

Known Issues in 17.2.9

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox does not create PTR records
  • AV-37746: Azure: Latency increases after some time
  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS
  • AV-38305: External health monitors using ldap-utils does not work
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure
  • AV-38442: Service Engine fails due an invalid SSL certificate
  • AV-38569: OpenShift: Service Engines don’t reconnect after Controller warmstart if there is a large number of microservice objects
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in 17.2.8-1p1

AV-38442: Service Engine fails due an invalid SSL certificate AV-38569: OpenShift: Service Engines don’t reconnect after Controller warmstart if there is a large number of microservice objects

What’s New in 17.2.8

Issues Resolved in 17.2.8

  • AV-16357: SE_Down event generated when the SE is deleted by the user
  • AV-18604: TCP retransmission being sent too quickly from Service Engine to client
  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Service Engines
  • AV-30640: The show bgp CLI command causes latency for VIP traffic
  • AV-31565: Web portal on Controller fails to start after changing ciphers
  • AV-31901: DataScript: An extra character appears in the IP address while getting the server IP address using avi.pool.server_ip()
  • AV-33047: Unused open ports smux 199, ms-sql-m 1434, unknown 5060 on Avi Controller
  • AV-33381: OpenStack: Configuring VIP with “Auto Allocate IP” results in “Service Timeout” error
  • AV-33492: East-west virtual services are not pushed to the disabled Service Engines
  • AV-33729: In an OpenStack deployment, a large number of concurrent VS creations may fail due to the API timing out
  • AV-33744: Empty entry in content-rewrite profile causes SE failure
  • AV-33872: During Controller initialization, access via Avi UI or via SSH to the leader node failing
  • AV-34250: Case-insensitive regex match on a string group fails
  • AV-34430: SE may fail when a pool is added to a pool group when there is a lot of traffic
  • AV-34780: Service Engine is responding to ARP requests for non-VIP IP addresses
  • AV-34904: OpenShift discovery fails to create DNS entries due to conflicting FQDNs
  • AV-34914: GSLB service creation fails if Avi DNS is also used
  • AV-34947: VIP does not respond to UDP traceroute
  • AV-35011: WAF: Users can remove CRS groups from System-WAF-Policy
  • AV-35051: Upgrade fails because /var/lib/avi/upgrade_pkg directory does not exist
  • AV-35116: UDP fragments are dropped in non-DPDK mode
  • AV-35119: Avi configuration updates sometimes hit Azu API API rate-limiting error
  • AV-35199: In OpenShift, re-encrypt route creation fails if the destinationCACertificate field is left blank in the YAML file
  • AV-35222: There are gaps in the traffic log stream sent to the external monitoring server
  • AV-35225: TLS 1.0 is allowed on port 8443 communications on Avi Controller
  • AV-35303: HTTP persistence does not work for SNI child virtual services
  • AV-35368: SOA TTL record is picked from Avi’s static NS record TTL value
  • AV-35401: ARP not sent out for VIPs that are not in any subnet configured on the SE
  • AV-35524: Service Engine may fail if IP address group is removed and added back quickly
  • AV-35535: In OpenShift, GSLB configuration for child virtual services is not handled when using shared VS
  • AV-35538: Route 53 DNS registration fails when multiple DNS zones use the same name
  • AV-35691: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade
  • AV-35893: HSMGroup in docker mode is incorrectly using the container IP instead of host management IP
  • AV-35900: l4_server.avg_server_count is incorrect when real-time metrics are disabled
  • AV-36025: SE fails when a request comes to a pool with app-cookie persistence and all servers are down
  • AV-36443: Host translation occasionally translates the location header to an incorrect value
  • AV-36498: POST requests are failing with HTTP version 0.9 message in logs
  • AV-36556: Service+route deletion quickly followed by re-creation leaves the route without a status update
  • AV-36605: InfoBlox: Deletion of VIPs does not automatically remove the FQDN if Infoblox is sharing zones with Microsoft
  • AV-36612: Route does not honor target-port configuration
  • AV-36814: Service Engine fails after adding 40 VLAN interfaces
  • AV-37023: UDP/DNS load balancing does not work with SNAT IP configuration on virtual service
  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events are generated when persistence/cache table size is > 20M
  • AV-37322: Linux Server Cloud: When SE has 7 or more configured NICs with IP address, the SE may fail if not using DPDK

Known Issues in 17.2.8

  • AV-35351: OpenStack: Heat stack may fail because Neutron ports of a deleted virtual service are not yet cleaned up
  • AV-35700: Upgrade from an SE patch release fails if the Controller is running as a docker container
  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-37501: Azure: Override network profile option does not take effect
  • AV-37517: Upgrade may be disruptive due to a race condition in Controller initialization
  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox doesn’t create PTR records
  • AV-37746: Azure: Latency increases after some time
  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped
  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure
  • AV-39106: GCP: Packets larger than 2 KB cause parsing errors and MAC errors in Virtio NICs when using DPDK
  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in 17.2.7 Patch Releases

Issues Resolved in 17.2.7-2p3

  • AV-36553: SNI child virtual service is not placed on the Service Engine
  • AV-38099: Service Engine fails when server reselect is enabled in the pool and ALL servers return failure

Issues Resolved in 17.2.7-2p2

  • AV-37579: Infoblox: IPAM/DNS integration with Infoblox doesn’t create PTR records

Issues Resolved in 17.2.7-2p1

  • AV-36605: Infoblox: Deletion of of a VIP doesn’t automatically remove the FQDN if Infoblox is sharing zones with Microsoft

Issues Resolved in 17.2.7-1p7

  • AV-40376: Standby Service Engine is also advertising the VIP route to BGP in legacy active/standby mode with SNAT

Issues Resolved in 17.2.7-1p5

  • AV-38380: Unable to define duplicate SNAT in separate VRF context

Issues Resolved in 17.2.7-1p4

  • AV-38033: Kubernetes: IP address is missing on the Avi bridge interface on Service Engine running on CoreOS

Issues Resolved in 17.2.7-1p3

  • AV-37832: UDP packets with 0 checksum are incorrectly being dropped

Issues Resolved in 17.2.7-1p2

  • AV-33872: Cluster convergence may take a long time or never complete due to a race condition in membership probe
  • AV-36814: Service Engine fails after adding 40 VLAN interfaces

Issues Resolved in 17.2.7-1p1

  • AV-36498: POST requests fail with HTTP version 0.9 message in logs

What’s New in 17.2.7

Key Changes in 17.2.7

  • Service Engine container in Linux server cloud uses Docker’s CPU and memory shares to restrict the maximum usage of the configured CPU and memory.

Issues Resolved in 17.2.7

  • AV-27722: In Layer 4 pool selection policy, direct client traffic to pool/member based on the client IP/group
  • AV-27753: Service port range with ‘disable port translation’ is not considered.
  • AV-30212: OpenStack: Editing ‘Prefer Static Routes’ setting for the cloud does not take effect until the cloud connector is restarted
  • AV-30512: OpenStack with Contrail: Floating IP assignment to VIP does not take effect when floating IP is created after VIP allocation
  • AV-30974: Service Engine may fail when the least-load load balancing algorithm is used
  • AV-32577: Azure: Support for Azure Load Balancer Standard SKU with availability sets
  • AV-32640: GSLB leader and follower services and health monitors are not in sync
  • AV-32649: Rules in a HTTP policy set are sorted incorrectly, in the case of more than 10 rules
  • AV-32854: 503 service temporary unavailable error on using ‘preserve_client_ip’ option
  • AV-32868: Service Engine requires reboot to complete upgrade due to memory fragmentation
  • AV-32952: Error on changing GSLB leader on Avi Controller CLI
  • AV-32954: Virtual services placed on AWS SE Interfaces exceeds the maximum IP limits
  • AV-32961: Virtual service export does not include all referenced objects
  • AV-33004: Service Engine failure when the bond interface used for management link goes down
  • AV-33146: OpenStack: Service Engine may fail when a tenant using that SE is deleted
  • AV-33377: OpenStack: Service Engine gets multiple vNICs on the same subnet
  • AV-33467: Service Engine fails when both HTTP cache and WAF are enabled
  • AV-33481: Link failure is not detected when port-channel is in aggregator mode
  • AV-33492: East-West virtual services are not pushed to the disabled Service Engines
  • AV-33496: Duplicate GCP routes with active/standby legacy HA and route summarization
  • AV-33518: Graceful server disable with a timeout higher than 60 minutes
  • AV-33620: For the first failed Service Engine upgrade, ‘suspend_on_failure’ option did not take effect to prevent traffic outage
  • AV-33811: Virtual service with permission set to NO_ACCESS and WRITE_/READ_ACCESS alerts, blocks user from logging in
  • AV-33959: URL invalid encoding for redirect action
  • AV-34123: Enabling ‘use_vip_as_snat’ does not work in active/standby legacy HA configuration
  • AV-34138: Numeric filters on logs page don’t work
  • AV-34164: Initial link state is incorrect for member interfaces of port-channel
  • AV-34272: Missing flavor type in SEVM object for AWS leads to placement issues
  • AV-34326: Service Engine failure when the server is configured as an FQDN for virtual service configured with an LDAP AuthProfile
  • AV-34360: OpenShift: Service Engine remains in OPER_DISABLING state indefinitely once the node is marked unschedulable
  • AV-34607: Traffic may be disrupted during an upgrade in Linux server cloud deployments
  • AV-34645: OpenStack: Failure to scale out or create new Service Engines after an upgrade to 17.2.6
  • AV-34659: Hyperthreaded cores are not skipped on bare-metal Service Engine
  • AV-34797: Service Engine failure when WAF is enabled

Known Issues in 17.2.7

  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Avi Service Engines
  • AV-34947: Avi VIP does not respond to UDP traceroute
  • AV-35222: Gaps in log streaming to external monitoring server
  • AV-35303: HTTP persistence does not work for SNI child virtual services
  • AV-35691: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade
  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events generated when persistence/cache table size is > 20M
  • AV-37746: Azure: Latency increases after some time

Issues Resolved in 17.2.6 Patch Releases

Issues Resolved in 17.2.6-2p2

  • AV-35691: OpenShift: Excessive latency in synchronizing routes and services from OpenShift immediately after upgrade

Issues Resolved in 17.2.6-2p1

  • AV-27551: OpenShift: Disabling or enabling node scheduling is not reflected by Avi Service Engines
  • AV-34360: OpenShift: Service Engine remains in OPER_DISABLING state indefinitely once the node is marked unschedulable

Issues Resolved in 17.2.6-1p5

  • AV-37746: Azure: Latency increases after some time

Issues Resolved in 17.2.6-1p4

  • AV-37065: Erroneous SE_PERSIST_TBL_HIGH events generated when persistence/cache table size is > 20M

Issues Resolved in 17.2.6-1p3

  • AV-35303: HTTP persistence does not work for SNI child virtual services

Issues Resolved in 17.2.6-1p2

  • AV-35222: Gaps in log streaming to external monitoring server

Issues Resolved in 17.2.6-1p1

  • AV-34138: Numeric filters on logs page don’t work

What’s New in 17.2.6

Issues Resolved in 17.2.6

  • AV-15793: Packets with bad checksums are sent on an SE running on OpenStack on VMware ESX
  • AV-30397: GSLB HTTP health monitor fails for the same member from the follower site
  • AV-30790: Virtual services in AWS are not reachable because the VIP was associated with the wrong SE interface
  • AV-32404: SE fails during log streaming of significant application logs due to file corruption
  • AV-32573: L7 log shows server returned 502 when it actually returned 200 OK
  • AV-32597: Service Engine fails due to a memory leak when all logging is disabled
  • AV-32862: Service Engine may fail due to out of memory if many virtual services with WAF policies are placed on the same Service Engine
  • AV-32911: A spurious VCENTER_BAD_CREDENTIALS event occurs after upgrade
  • AV-32951: Only real-time analytics are visible after a Controller warmstart
  • AV-32979: In a Mesos environment, an avi_proxy label with a syntax error can cause the cloud connector to stop processing additional Marathon applications
  • AV-33047: Tenant configuration is removed when Keystone becomes unreachable
  • AV-33400: FQDNs in Avi DNS provider for OpenShift routes are not being created for any routes
  • AV-33486: Horizon dashboard tab requires login
  • AV-33552: After an upgrade from 17.1.13 to 17.2.5, the daemonset avise-defaultgroup is missing the proper image name
  • AV-33558: In a tenant-scoped cloud, VRF should be owned by the tenant, instead of admin
  • AV-33620: The suspend-on-failure option does not take effect to prevent a traffic outage when the first SE fails to upgrade
  • AV-32954: VS’s getting placed on AWS SE Interfaces exceeding the Max IP limits
  • AV-32952: Changing GSLB leader on Avi Controller CLI throws error
  • AV-32868: SE required reboot to complete upgrade due to memory fragmentation.
  • AV-32640: GSLB leader and follower services and health monitors are not in sync
  • AV-30974: Service Engine may fail when least-load load balancing algorithm is used

Known Issues in 17.2.6

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration
  • AV-32854: “503 service temporary unavailable” error when using preserve_client_ip option
  • AV-34164: Initial link state is incorrect for member interfaces of port-channel
  • AV-34607: Traffic may be disrupted during upgrade in Linux server cloud deployments
  • AV-34947: Avi VIP does not respond to UDP traceroute

Issues Resolved in 17.2.5 Patch Releases

Issues Resolved in 17.2.5-2p1

  • AV-32854: “503 service temporary unavailable” error when using preserve_client_ip option

Issues Resolved in 17.2.5-1p6

  • AV-34947: Avi VIP does not respond to UDP traceroute

Issues Resolved in 17.2.5-1p5

  • AV-34164: Initial link state is incorrect for member interfaces of port-channel

Issues Resolved in 17.2.5-1p4

  • AV-33481: Link failure is not detected when aggregator mode is used for port channel
  • AV-33620: The “suspend_on_failure” option did not take effect to prevent a traffic outage when the first SE failed to upgrade
  • AV-33889: Cloud stuck in image upload state after applying patch 17.2.5-1p3

Issues Resolved in 17.2.5-1p3

  • AV-32862: Service Engine may fail due to out of memory if many virtual services with WAF policies are placed on the same Service Engine
  • AV-33487: CLI login into Avi Controller for LDAP/TACACS+ users failed
  • AV-33558: In a tenant-scoped cloud, VRF should be owned by the tenant instead of admin

Issues Resolved in 17.2.5-1p2

  • AV-33684: Tenant-scoped cloud does not work for Linux Server Cloud

Issues Resolved in 17.2.5-1p1

  • AV-32182: Headers sent & received from server are logged even when “Log all headers” is turned off

What’s New in 17.2.5

Key Changes in 17.2.5

Issues Resolved in 17.2.5

  • AV-24858: Cannot export configuration due to the absence of the var/lib/avi/downloads directory
  • AV-26077: Avi UI does not show default values for log throttles
  • AV-29355: When [] is in the account name on the remote LDAP server, the user is unable to make any account changes on Avi Vantage
  • AV-29840: l4_server.avg_server_count metric reports wrong value
  • AV-29932: When Kubernetes/OpenShift runs in AWS, the VIP is created only in the first availability zone
  • AV-30355: Service Engine may fail if log streaming is enabled
  • AV-30436: An L4 virtual service which does not have a default pool is marked down, even though there are two healthy pools
  • AV-30500: Upgrade can fail if HTTP health monitor response contains non-ASCII characters
  • AV-30805: Invalid HTTP cookies can cause a Service Engine failure
  • AV-30849: In OpenShift, DNS entries may be incorrect if applications are deleted and added
  • AV-30860: Creating subnets within a network with intersecting pool ranges should not be allowed
  • AV-30914: In OpenStack, the Avi UI’s Add NTP Server button does not function if no NTP servers are present
  • AV-30991: Enabling the server_reselect feature with status codes configured as individual codes as well as blocks can cause Service Engine failure
  • AV-31078: A CLI user is not properly created and user is prompted for password when SSHing as the CLI user
  • AV-31156: In OpenShift, the Service Engine fails when a route with a mix of services (80/TCP and 53/UDP) is created
  • AV-31183: When upgrading from a pre-17.2.3 release to either 17.2.3 or 17.2.4, GSLB leader-to-follower connectivity issues arise when multiple DNS-VS(es) are configured on a GSLB site
  • AV-31189: After a Controller warmstart, virtual services go to OPER_PARTITIONED state
  • AV-31479: The HTTP health monitor does not support request sizes greater than 512 bytes
  • AV-31551: 500 error response for GET /api/pool-inventory/
  • AV-31625: In OpenStack, the Avi LBaaSv1 driver causes “internal server error” response for “port show” API for a non-existent port
  • AV-31635: Due to a race condition, the Service Engine may sometimes fail while constructing the client log
  • AV-31820: Disabling/enabling multiple GSLB pool members causes inconsistent state on different sites
  • AV-31904: Service Engine fails when parsing a malformed CONNECT request
  • AV-32244: The number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small
  • AV-32247: The number of descriptors in VMware is too small
  • AV-32382: SE may fail when consistent hash is the algorithm for GSLB pools, and Geo DB is configured
  • AV-32442: SE may fail if an HTTP health monitor is configured and there is an update/delete operation while there is an outstanding connection

Known Issues in 17.2.5

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration

Issues Resolved in 17.2.4 Patch Releases

Issues Resolved in 17.2.4-1p7

  • AV-34123: use_vip_as_snat does not work in active/standby legacy HA configuration

Issues Resolved in 17.2.4-1p6

  • AV-33487: CLI login into Avi Controller for LDAP/TACACS+ users failed

Issues Resolved in 17.2.4-1p5

  • AV-19590: Support for legacy active/standby HA in GCP
  • AV-32597: Service Engine fails due to a memory leak when all logging is disabled
  • AV-32751: Service Engine may fail due to a race condition between writing a client log and deletion of virtual service

Issues Resolved in 17.2.4-1p4

  • AV-31904: Service Engine fails when parsing a malformed CONNECT request
  • AV-32244: Number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small
  • AV-32247: Number of descriptors used in VMware is too small

Issues Resolved in 17.2.4-1p3

  • AV-31496: Support MAC masquerade in VMware

Issues Resolved in 17.2.4-1p2

  • AV-31513: state_cache_mgr process keeps restarting, consuming memory

Issues Resolved in 17.2.4-1p1

  • AV-30860: Creating subnets within a network with intersecting pool ranges should not be allowed
  • AV-31184: The restore_config.py script should not run if the Controller has any configuration
  • AV-31189: After a Controller warm start, virtual services go to OPER_PARTITIONED state

What’s New in 17.2.4

Issues Resolved in 17.2.4

  • AV-16469: Avi Controller slow to pick up new configurations after OpenShift or Avi Service Engine reboots
  • AV-16748: Memory leak in job manager
  • AV-17025: The number of open connections is incorrect
  • AV-20067: OpenShift: Gateway monitor does not work
  • AV-20280: Certificates are incorrectly chained if intermediate certificates have the same name
  • AV-24395: FQDN changes in Avi are not reflected correctly in Infoblox
  • AV-25165: PATCH is not supported for virtual service HTTP policy
  • AV-25581: OpenShift: BFD is not supported
  • AV-25974: API returns 504 when importing application profile object
  • AV-26023: Analytics log does not show NXD response code triggered by DNS policy
  • AV-26558: OpenStack: Avi API times out during large heat stack deployment
  • AV-26740: Avi CLI Linux-mode command not honoring cloud name parameter
  • AV-27066: Exporting a virtual service does not include all dependencies
  • AV-27935: SERVER_DELETD event seen when there is an update of the corresponding VM in vCenter
  • AV-28227: Filtering virtual service logs using Service Engine name is not working
  • AV-28492: Duplicate IP addresses getting assigned to Service Engine’s data vNIC
  • AV-28663: Service Engines can fail if a large amount of data is cached
  • AV-28903: Packet drops in the TX direction for non-VIP traffic
  • AV-28968: Cannot create DNS records when using Infoblox profile
  • AV-29045: Streaming log throttling not working when throttling is set to 0
  • AV-29261: Security tab doesn’t fully load on Avi UI
  • AV-29284: Trending health score does not load in Avi UI (just showing spinner)
  • AV-29439: Avi UI does not display the progress of Service Engine upgrade
  • AV-29529: vCenter Cloud : After upgrade, network object configuration can get lost
  • AV-29611: OpenShift: Traffic to non-primary Service Engine fails when using ECMP scale out
  • AV-29700: Cannot migrate a VIP sharing virtual services to a new SE group even after disabling the virtual services
  • AV-29799: EBS optimization not enabled on EC2 instances
  • AV-29930: Cannot SSH as CLI user
  • AV-30073: Updated SSL certificate does not take effect until virtual service is disabled and re-enabled
  • AV-30228: OpenShift: All virtual services placed on one Service Engine are not reachable
  • AV-30378: Service Engine may fail under queue-full conditions with UDP/DNS health monitor configured

Issues Resolved in 17.2.3 Patch Releases

Issues Resolved in 17.2.3-1p6

  • AV-32315: Scale-out errors during upgrade for virtual services having SNAT IPs configured

Issues Resolved in 17.2.3-1p5

  • AV-32244: Number of descriptors used for SRIOV vNICs in Cisco CSP 2100 is too small

Issues Resolved in 17.2.3-1p4

  • AV-31479: HTTP health monitor does not support request size > 512 bytes

Issues Resolved in 17.2.3-1p3

  • AV-29931: DNS health monitor intermittently flaps

Issues Resolved in 17.2.3-1p2

  • AV-29555: Avi Vantage doesn’t support active/backup port channel in Cisco CSP 2100

Issues Resolved in 17.2.3-1p1

  • AV-29225: In Microsoft Azure cloud, Avi Vantage does not support an SSL-application VS having a floating IP
  • AV-29261: The Avi UI’s security tab doesn’t fully load
  • AV-29284: The Avi UI’s trending health score does not load — it just shows a spinner
  • AV-29469: Upgrading Linux bare-metal deployments is broken in the 17.2.x release family

What’s New in 17.2.3

Issues Resolved in 17.2.3

  • AV-25448: Management access to Avi Controller is restricted even after removing the access control rules
  • AV-25646: Weak cipher is used on certificate that’s used for Controller-SE communication on port 8443
  • AV-25716: With connection multiplexing is disabled and IP persistence is enabled, multiple requests on the same connection may result in SE failure
  • AV-25891: When custom Geo-DB is configured, DNS analytics logs may show conflicting location information
  • AV-25952: Service Engine fails when multiple pool groups are attached to a DataScript
  • AV-26095: SSL certificate content update done in OpenShift is not picked up by Avi Vantage
  • AV-26118: When using IE11 browser, the Operations menu does not respond and VS pop-up menu formatting is broken
  • AV-26629: BGP state on SE is not initialized after many VRF updates
  • AV-26663: Upgrade fails if there are a large number of alerts
  • AV-26726: Sending multiple DNS requests over the same TCP connection causes SE to fail
  • AV-26831: If timestamp option is not present in a TCP packet, RTT values and timestamps in client logs may be incorrect
  • AV-26836: Upgrade fails when a tenant name contains a plus (+) symbol
  • AV-26984: If connection multiplexing is disabled, graceful disable of servers may cause an SE failure
  • AV-27215: Unable to create virtual service for OpenStack cloud with Infoblox DNS provider
  • AV-27273: In the VS logs tab of Avi UI, bar graph is blank even though log details appear in the logs pane
  • AV-27378: During an upgrade from 16.x version, an SE fails if it gets disconnected from the Avi Controller
  • AV-27396: In auto-allocation of VIPs, IP addresses overlap with other VIPs in the system
  • AV-27876: In an OpenShift cloud, cloud-inventory call fails in Avi UI
  • AV-27894: User sees the <sensitive> tag in the private key field, despite having the superuser role
  • AV-28058: The AWS Auto Scaling group list displayed while creating a pool is not complete
  • AV-28502: Generation of an SE’s authentication token works only in admin tenant

Known Issues in 17.2.3

  • AV-29155: With Docker CE version 17.09, Avi Controllers and Avi SEs cannot be co-located on the same host. If they are, restart of any of them will fail.
  • AV-29469: Upgrade for Linux server cloud will be disruptive.
  • AV-29529: In a vCenter cloud, after upgrading to 17.2.3, network object configuration can get lost.

What’s New in 17.2.2

This section summarizes the enhancements in 17.2.2. For more information, click on the feature names, which link to additional information in the Avi Networks Knowledge Base.

Cloud Connectors

Networking

OpenShift/Kubernetes

Metrics

  • Users can now gain insight on Controller cluster health on a per-node basis

Key Changes in 17.2.2

Issues Resolved in 17.2.2

  • AV-21493: Controller cluster leader election takes too long if one of the nodes is inaccessible
  • AV-24660: SE fails when root certification is attached to an HTTPS health monitor
  • AV-24788: SE fails due to disk-full condition
  • AV-25078: Virtual service VIP is lost due to race condition if an SE is deleted out-of-band
  • AV-25158: If the management network name is changed in AWS, the netwrok settings are missing in the cloud configuration
  • AV-25518: SE upgrade fails on Cisco CSP 2100 with bond configuration
  • AV-25637: Loss of Zookeeper connectivity results in Controller warm reboot
  • AV-25676: HTTPS slow when many small packets are received from the server
  • AV-25692: Changing the cluster IP in OpenShift is not reflected in Avi Vantage
  • AV-25936: SE fails during configuration of floating IP
  • AV-26037: SE fails during upgrade to 17.1.6
  • AV-26737: SE may fail in bare-metal installations due to large packets
  • AV-26776: Server-side connections are not re-usable for HTTP 1.0 requests

Performing the Upgrade

Upgrade prerequisite: The current version of Avi Controller must be 17.1 or later.

Upgrade Instructions

Protocol Ports Used by Avi Vantage for Management Communication

Supported Platforms

Refer to System Requirements: Ecosystem

Product Documentation

For more information, please see the following documents, also available within this knowledge base.

Installation Guides

Open Source Package Information

Avi Networks software, Copyright © 2013-2019 by Avi Networks, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php