English | Tutorial | Size: 20.9 GB
Issues Resolved in 22.1.6
AV-172878: After updating the NSX Advanced Load Balancer Controller, when the Service Engines are pending update, the Service Engine group’s Status is displayed as Unknown in the SEG Update screen.
AV-175344: Log Manager’s task queue stalls causing unbounded growth on the Controller.
AV-175551: Controller service system-portal event file uses older PID format, resulting in multiple events files leading to logging and rsync performance degradation.
AV-179858: Unable to modify or save an existing DNS application profile due to a validation error in the Admin Email, entered in the Domain Names/Subdomains screen.
AV-181982: Configuration disappeared on GSLB site if glb_local_worker service is not running on the leader.
AV-184622: The VirtualService inventory API endpoint excludes blank configuration fields from the response data, instead of including them with an empty string value.
AV-185059: CSR certificates managed through the certificate management profile get stuck in a renewal loop, leading to repeated renewal attempts every few seconds and generating corresponding temporary files.
AV-185882: Unable to update the secure channel root certificate when the cloud is not set to No Orchestrator or if there are SEs running in the system.
AV-186738: Configuring a virtual service with App Cookie Persistence, Detect NTLM App enabled, and Connection Multiplexing disabled, leads to Service Engine failure after an HTTP request has been sent and the connection times out due to the Keep-Alive timer.
AV-188816: Over time, certain GSLB processes experience memory consumption issues, leading to excessive memory usage across nodes.
AV-188904: A Trailing RST on a closed L7 SSL virtual service connection may result in SE failure.
AV-189818: Unable to edit or update the checkpoint object after setting a checkpoint as active in adaptive replication mode. The replication stalls with the following error, Sync Stalled, reason: replicating federationcheckpoint:
AV-190126: Using Broadcom NIC as management with Mellanox NIC for datapath causes issues in bringing up the NIC.
AV-190461: Frequent updates to StringGroups attached to a DataScript, that also makes repeated calls to avi.stringgroup functions may result in failures in string group lookups.
AV-190475: se_dp failure occurs due to memory corruption in rare cases within the GRO layer.
AV-190615: Deploying a Controller node with ovf property for IPv6 address, avi.mgmt-ip-v6.CONTROLLER set as null instead of leaving it as blank, leads to erroneous IP configuration.
AV-190853: Performance issues when handling large requests in WAF with a large Positive Security Model.
AV-191360: After successfully adding a WAF exception through VS logs, the subsequent exception additions fail.
AV-191387: When an incoming request contains an Avi-generated cookie for HTTP Cookie Persistence, that cookie is forwarded to the backend server with the request. However, in some cases, servers may expire the Avi-specific cookie during certain transactions. As a result, clients fail to present the cookie in subsequent transactions, leading to persistence failure on NSX Advanced Load Balancer. After consuming the Avi-generated HTTP cookie and persisting to the selected server, Avi will remove that cookie from the request sent to the server.
AV-191149: Objsync may cause memory build-up and might lead to OOM eventually on the Service Engine due to objsync peer connection failures due to port either 9001 or 4001 not being open in DFW in NSX or no management plane connectivity between SEs in various enviornments.
AV-191509: A large number of event files generated on Controller clusters resulting in high CPU utilization on the Controller.
AV-191545: The source port range of the BFD control packets does not adhere to the RFC5881.
AV-191551: SE fails to connect to the Controller when deployed using a VM template created by the user rather than deploying using the SE OVA.
AV-191615: When a WebSocket is utilized with front-end using HTTP/2 and backend using HTTP/1, then NSX Advanced Load Balancer does not terminate the v1 WebSocket on the backend if the “Upgrade” header sent by the server is not “websocket” (all in lowercase), the upgrade header’s value being case-sensitive.
AV-191642: A PKI profile with a large CRL (greater than 4 MB) fails in replication across federation because of gRPC message size limitation.
AV-191670: In VMware NSX environments, in some scenarios when VIPs are created and added, NSX Advanced Load Balancer retains stale routes causing VIPs to go down.
AV-191808: The write access restriction to the Controller file system from the ControlScript is compromised as mounting a device (dev) path was allowed.
AV-191913: Using a GeoDB object configured with the option Is Federated through the UI causes NSX Advanced Load Balancer to fail. This option has been deactivated now.
AV-192083: Failure in Objsync connection over management interfaces between SEs might lead to memory exhaustion.
AV-192417: If the GSLB leader changes due to network partition and the old leader disables the new leader, then both the leaders wipe out each other’s configurations.
AV-192508: Changing a specific pool server from an initially configured IPv6 address to an IPv4 address, is unrestricted, creating a mismatch where the server is designated as IPv6 but configured with an IPv4 address, ultimately leading to a Service Engine failure.
AV-192901: Updating passwords in vCenter can transition the Avi vCenter cloud to failed state.
AV-192951: Unable to use Infoblox DNS and Infoblox IPAM profiles when they are handled by different Infoblox instances.
AV-192601: SE failure can occur if the memory allocation fails when True Client IP is used.
AV-193075: Requests with X-Accel-Redirect on the response may fail.
AV-193663: Metrics Manager’s database connections with Postgres are unclosed, causing a connection leak.
AV-193665: When configuring an Analytics Profile through the CLI with a format_config object and subsequently accessing the Analytics Profile page in the UI, an exception occurs because the format_config field is not supported though the UI.
AV-194178: The Horizon UAG system’s default DataScript is decoding the CRLF in the client request making it vulnerable to injection attack.
AV-194313: On NSX-T cloud there may be a spam of CC_IP_ATTACH events if the NSX Manager has more than 1000 routes on any T1
AV-195217: In LSC hosts, when configuring Mellanox devices in combination with Broadcom components, the ring size computation logic can cause initialization errors and stall the SE during connection to the Controller.
AV-195418: ControlScript execution fails due to incorrect IP address value in the DOCKER_GATEWAY environment variable, when the Controller IP is in the range 172.16.0.0/16 to 172.31.0.0/16.
AV-195595: External log streaming to servers or load balancers which erroneously respond to simplex log stream causing Service Engine memory growth, eventually leading to SE failure.
AV-195716: Although licenses are available in Cloud Services, changing the Bandwidth Type of SE Group in the Cloud Services tier failed.
AV-196642: The Service Engine may fail when the virtual service is updated during a TLS handshake.
AV-196619: AttributeError: ‘Response’ object has no attribute ‘uuid when attempting POST/PUT operations on the gslbservice object through the macro API.
AV-196914: VsVIP objects having the same IP address may cause SE failure.
AV-197046: IPAM allocation for A records with multiple subnets will fail when the first subnet is exhausted.
AV-197319: If WAF learning is enabled and in addition for the same WAF policy a second WAF Positive Security Model group is created which is matching on the PATH_INFO variable. This can cause SE failure.
AV-197350: Log streaming fails owing to the streaming endpoint restarts or receipt of any unexpected responses.
AV-197737: Go SDK does not allow values within the range of uint32, causing it to fail while unmarshalling JSON data containing uint32 values in the request/response.
AV-198105:Failed renewal for expired certificates result in the accumulation of numerous temporary files in the /tmp directory over time, leading to a significant increase in inode usage and storage consumption in the Controller.
AV-198269: Positive Security Model (PSM) programming failure in WAF applications with learning enabled, when unique parameters exceed the configured maximum values.
AV-199434: If the Controller is connected to the proxy server and the proxy server goes down during an active connection to Cloud Services, the Controller displays the error GET 500 (Internal Server Error)