Avi Vantage 18.2.X Release Notes

Issues Resolved in 18.2.2 Patch Releases

Issues Resolved in 18.2.2-3p1

  • AV-58660: Polling for Azure VM scalesets stops if a scaleset is deleted from Azure, without being removed from Avi pool

Issues Resolved in 18.2.2-2p1

  • AV-57344: VIP traffic from an external client fails when OpenShift/K8S clusters have more than 1 NIC and the VIP NIC is not the default gateway interface
  • AV-58886: SE thread stuck when momentary access fails for a specific SE pod check causing the SE’s IP resolution to fail and potentially the extra SE object is not cleaned up

Issues Resolved in 18.2.2-1p1

  • AV-56674: Adding more than 200 servers to a pool fails on AWS

What’s New in 18.2.2

ADC

Containers

  • OpenShift: Configuration knob to assign FQDNs automatically to a virtual service in OpenShift clouds
  • Kubernetes: Support for egress taints and tolerances in egress pod scheduling

OpenStack

Public Cloud

  • Azure: Support for user-configured polling interval for Azure virtual machine scale sets

Security

System

  • Configuration knob for enabling and disabling traffic capture for Service Engine
  • Support for storing tech-support in Controller and link for downloading the file on the UI

UI

Key Changes in 18.2.2

Issues Resolved in 18.2.2

  • AV-46453: k8s: External IP is not updated when k8s service type is set to LoadBalancer
  • AV-51499: Avi Vantage not caching javascript query URI when ‘*/javascript’ is in the string group
  • AV-52075: Post upgrade Service Engine health score reduced due to increased disk usage
  • AV-52588: Server inventory response pages not paginated
  • AV-53119: Controller cluster HA: Fixes for better reconvergence
  • AV-53301: In Avi UI, under Virtual Service > Security tab, small graphs on right side keep spinning or fail to load
  • AV-53365: Incorrect handling of Nagios health monitor requests
  • AV-53395: Azure: CPU utilization of Service Engine reported by Avi Vantage is incorrect
  • AV-53448: OpenStack: Timeout issues with various cloud Connector RPC requests
  • AV-53547: Reduction of max SE per virtual service in the SE group does not take effect even after virtual service is disabled/enabled
  • AV-53552: Unable to add an exclude_list to the rules for a crs_group in WAF policy
  • AV-53899: Service Engine OVA download failure from the Controller
  • AV-53902: Configuring proxy protocol in UI does not work
  • AV-53914: Service Engine failure when response event DataScript runs in the context of HTTP response generated by a request event DataScript
  • AV-53966: Controller services may restart on Controller instances that have a large number of CPUs
  • AV-53972: Metrics database usage increases on using client insights
  • AV-54003: Autorebalance configuration did not take effect for some Service Engine groups
  • AV-54008: On using HTTP/2 with caching enabled, application page does not load properly
  • AV-54081: Access to the Controller fails even after ACL preventing the access is removed
  • AV-54109: Unable to update system configuration with CLI scripting mode
  • AV-54186: Virtual service goes into fault state when certificate expiry warning is generated
  • AV-54302: Avi with Infoblox DNS profile: DNS PTR record created in forward lookup zone instead of reverse lookup zone
  • AV-54379: Service Engine crash after bond VLAN interface was deleted on bonded VLAN interface
  • AV-54752: Increase in latency with Avi not acknowledging TCP FIN packets for few flows
  • AV-54922: Linux server cloud: IPv6 on the VIP and IPv4 on the pool fails
  • AV-54931: Service Engine may fail when caching and WAF are enabled on a virtual service
  • AV-54964: SQL injection possible while using some APIs
  • AV-55142: Unable to configure a pool with autoscaling configuration if autoscale group is created with Launch Template
  • AV-55185: K8s in AWS: Virtual service failed to start due to private IP address limit on the Service Engine
  • AV-55343: Service Engine failure when a pool group is configured with redirect fail action with no destination
  • AV-55454: Service Engine failure for virtual service with application type System-SSL-Application when network profile type is set to TCP Fast
  • AV-55686: SE_HM_EVENT_SHM_UP events in the logs not preceded by any corresponding DOWN events
  • AV-55850: License: Fix in workflow for creating a new cloud with Bandwidth license
  • AV-55941: Azure: Pool members not deleted despite deleting servers from the corresponding Azure virtual machine scale set
  • AV-56113: OpenShift on Azure: One Service Engine keeps entering OPER_DISABLED mode even though K8S node is in Ready state
  • AV-56128: Log files in /var/log/ are not being rotated
  • AV-56197: Zone transfer through Avi DNS virtual service fails after a certain number of records are present
  • AV-56495: Modifying the application’s domain name is not propogated to Infoblox DNS/IPAM
  • AV-56625: Over a period of few days SE Persistence table usage increased to 99%
  • AV-56660: Service Engine restarts on applying Controller patch that requires a Controller reboot
  • AV-56745: Enhancement to reduce frequency of license expiry emails
  • AV-57619: User defined metrics are incrementing even after the DataScript referencing the metrics is deleted
  • AV-57621: Auto rebalance criteria with PPS : ‌Threshold modified from using client-side PPS to interface PPS

Known Issues in 18.2.2

  • AV-56674: Adding more than 200 servers to a pool fails on AWS
  • AV-58537: Service Engine fails on GSLB follower site when the leader site pushes an incompatible TCP health monitor
  • AV-58860: Complete system testing for container and non-container environment including Controllers and Service Engines
  • AV-58867: Keystone V2 endpoint configured for OpenStack is not supported.

What’s New in 18.2.1

ADC

Containers

  • Opt-in or opt-out for a load-balancing deployment in conformance with Kubernetes standards
  • Ability to use alternate ingress provider

GSLB

  • Ability to disable a GSLB pool

Logging

  • Support for large trap payload in aviSystemAlert trap

Networking

  • Visibility for status of bond interfaces
  • Ability to use HTTP server reselect to select an available back-end server when connection to another has failed

Private Cloud

  • Avi supports VMware hardware versions 10 and above. Support for hardware versions 8/9, corresponding to ESX5.0/5.1, has been deprecated.

Issues Resolved in 18.2.1

  • AV-32521: traceroute within the namespace does not show the hops
  • AV-33959: URL invalid encoding for redirect action
  • AV-41861: Memory leak during RSS scaleout
  • AV-42759: Azure: Latency increases after some time
  • AV-43980: Secure channel flapping between the Controller and SE when GRO is enabled
  • AV-44473: Import configuration fails if string contains Unicode character
  • AV-44659: Error message on saving HTTP security policy with rate-limit and local response HTML file
  • AV-45040: Unable to update the virtual service name to have () parentheses from UI, but can change from REST API and CLI
  • AV-45221: Virtual service placement stuck at “AWAITING_VNIC_IP” for SNI parent
  • AV-45496: Service Engine may fail if TLS persistence is used for a non-SSL pool
  • AV-45852: OpenShift: Delay in creating Avi routes
  • AV-45943: Health monitor fails if there is a \r\n\r\n before the HTTP/x.x in the send string
  • AV-46045: Linux server cloud: Service Engine may fail when DPDK is enabled on Mellanox NICs in a port channel
  • AV-46061: Third-party GSLB sites are not shown in the list of DNS policy primary and fallback sites
  • AV-46169: Syslog message with invalid PRI 324
  • AV-46742: SE stuck at OPER_DISABLING while the cluster and SEs are having intermittent network partitioning issues
  • AV-46899: OpenShift: Stale Avi bridge ports are not being cleaned up
  • AV-47080: Linux server cloud: Service Engine may fail on using multiple bond interfaces to advertise VIP via BGP
  • AV-47140: SMTP error while running email test
  • AV-47333: Upgrade hung on remote task when the time is not synced between Service Engine and the Controller
  • AV-47437: Linux server cloud: Default route may not take effect on using Mellanox NICs in in-band mode
  • AV-47568: Service Engine failure due to a corrupted persistence cookie
  • AV-47574: vCenter API version 6.7U1 is not supported by Avi Controller
  • AV-47600: Service Engine may stop processing packets if it has been up for more than 392 days
  • AV-47650: Service Engine advertising routes to BGP for virtual service that are not placed
  • AV-47797: When RSS is enabled, connections to pool servers delayed due to dropped SYN+ACK packets causing retransmits
  • AV-47800: When VIP to SNAT is enabled, changing non-critical fields (e.g., name) causes virtual service to detach and reattach to Service Engines
  • AV-50783: Virtual service cannot be enabled due to IP address exhaustion
  • AV-50784: Microsoft Azure: HTTP health monitor fails for VMs added to a pool from a scale set because of underscore (“_”) in the hostname

Performing the Upgrade

Upgrade prerequisite: The current version of the Avi Controller must be 17.2 or later.

Upgrade Instructions

Protocol Ports Used by Avi Vantage for Management Communication

Supported Platforms

Refer to System Requirements: Ecosystem

Product Documentation

For more information, please see the following documents, also available within this Knowledge Base.

Installation Guides

Open Source Package Information

Avi Networks software, Copyright © 2013-2019 by Avi Networks, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php