Open Defects

Below are the steps to reproduce the issue:

1) Create VRF with local-asn

2) Create EPG using the VRF created in step 1

3) Take one of the SLX devices to administratively down state

4) Perform VRF Update "local-asn-add" to different local-asn than the one configured during step 1

5) Perform VRF Update "local-asn-add" to the same local-asn that is configured during step 1

6) Admin up the SLX device which was made administratively down in step 3 and wait for DRC to complete

Following are the steps to recover:

1) Log in to SLX device which was made admin down and then up

2) Introduce local-asn configuration drift under "router bgp address-family ipv4 unicast" for the VRF

3) Execute DRC for the device

Add the devices to fabric in the following sequence

1)First add devices that have preconfigured configs

2)Add remaining devices that don't have any configs stored

Removing the devices and adding the devices again to fabric in following sequence

1)First add devices that have preconfigured configs

2)Add remaining unconfigured devices.

Below are the steps to reproduce the issue:

1. Create L3 EPG EPG1 with Device1Port1 and VRF1.

2. Create L3 EPG EPG2 with Device1Port2, Device2Port1, and VRF1

3. Update EPG EPG2 with "port-group-delete" of Device1Port2

4. Update EPG EPG1 with "port-group-delete" of Device1Port1. This is the last port getting deleted from the device which should have resulted in the deletion of the VRF VRF1 from the Device1.

Recovery way 1:

1. Delete EPG1.

2. EPG2 update with port-group add D1P2 and then remove D1P2 from EPG.

After the port removal D1P2 (last-port) vrf will be removed from the device.

Recovery way 2:

Manually remove the vrf from the device.. Inventory update.

Below are the steps to reproduce the issue:

1. Create a BD based tenant under a CLOS or Non-CLOS fabric.

2. Create a BD based EPG (under the ownership of the tenant created in step 1) with some ctags and some member port-channels.

3. For the reasons unknown, the BD (Bridge Domain) configuration pertaining to one of the member port-channel got deleted from the EFA DB, causing the DB to be in an inconsistent state.

4. Execute EPG update "port-group-delete" operation to remove the member port-channel whose BD configuration is inconsistent.

No recovery through EFA CLI.

The inconsistent DB needs to be corrected by creating dummy BD (Bridge Domain) entries in the database followed by EPG update "port-group-delete".

Perform the following steps to renew EFA certificates on 2.3.x and 2.4.x.

1. cd /apps/efa/efacerts

2. Generate a new certificate using the tls.key from <IP>-certs folder

# openssl req -new -sha256 -key <IP>-certs/tls.key -subj "/CN=efa.extremenetworks.com" | openssl x509 -req -sha256 \

-CA /apps/efa/efacerts/extreme-ca.cert.pem \

-CAkey /apps/efa/efacerts/extreme-ca.key.pem \

-CAcreateserial \

-out newtls.crt -days 365 \

-extensions v3_req -extfile /apps/efa/efacerts/extreme-openssl.cnf-san

3. Install the new certificate into traefik using the following shell script

# if ./install_efa_certs_st.sh --cert /apps/efa/efacerts/newtls.crt --key /apps/efa/efacerts/<IP>-certs/tls.key ; then

cp newtls.crt <IP>-certs/tls.crt

cp newtls.crt /apps/efadata/certs/own/tls.crt

echo SUCCESS

fi

4. Wait for the traefik pod to restart (1-2min)

5. Restart the running goraslog pod

With rollback , Multi-node upgrade with node replacement is not supported.

This happens when user gives command efa deploy with-rollback for multi-node replacement, user is given option 1) Multi Node Build Upgrade and 2) Multi Node Build Upgrade With Node Replacement . If user chooses the option 2 Multi Node Build Upgrade With Node Replacement . Installer prompts

"With rollback , replacement upgrade not supported

Do you wish to restart the install? (yes/no)"

When the installer prompts,

1) Multi Node Build Upgrade and 2) Multi Node Build Upgrade With Node Replacement .

if User presses option 2 ,

Installer promtps

"With rollback , replacement upgrade not supported

Do you wish to restart the install? (yes/no)"

User can input no to halt the installation and press yes if he wants to go for option 1) Multi Node Build Upgrade

When the installer prompts,

1) Multi Node Build Upgrade and 2) Multi Node Build Upgrade With Node Replacement .

if User presses option 2 ,

Installer promtps

"With rollback , replacement upgrade not supported

Do you wish to restart the install? (yes/no)"

User can input no to halt the installation

Below are the steps to reproduce the issue:

1. Introduce drift w.r.t the scaled tenant configuration

e.g. 100 POs, 100 VRFs, 200 EPGs (with around 100 ctags), 300 BGP Peers, 100 BGP Peer-Groups

2. Execute "efa inventory drift-reconcile execute --ip <device-ip>"

Below steps needs to be re-executed on the device for which the DRC had failed with the status "tenant-dr-timeout"

1. "efa inventory device update --ip <device-ip>"

2. "efa inventory drift-reconcile execute --ip <device-ip>"

Below are the steps to reproduce the issue:

1) Create Tenant and EndpointGroup with ctag-range

2) Create Mirror Session with Global VLANs (VLANs to be chosen from the ctag-range mentioned in step 1) as a mirror source

3) Delete EndpointGroup (created in Step1) with the force option

Case1: EFA doesnt move device to config-refresh on device update. Config does NOT Reconcile on drift-reconcile:

Fabric devices app state should be cfg-refreshed, after peer-keepalive configuration removed manually in slx

Fabric devices app state should be cfg-refreshed, after "ip address" configuration under a fabric interface removed manually in slx

Fabric devices app state should be cfg-refreshed, after loopback interface configuration under a fabric is removed manually in slx

Fabric devices app state should be cfg-refreshed, after "address-family l2vpn evpn" is removed

Fabric devices app state should be cfg-refreshed, after "no neighbor <ip> next-hop-self" is removed

Case2 : EFA doesnt move device to config-refresh on device update. Config does Reconcile on drift-reconcile:

Fabric devices app state should be cfg-refreshed, after "maximum-paths" configuration under router bgp removed manually in slx

Fabric devices app state should be cfg-refreshed, after "graceful-restart" configuration under router bgp removed manually in slx

Manually configure the device back in case 1

Run drift-reconcile OR manually configure device back will recover the config in case 2

Below are the steps to reproduce the issue

1. Configure fabric, tenant, po, vrf, epg, mirror session

2. Execute "efa system backup"

3. Delete the devices from inventory

4. Execute "efa system restore" using the backup taken in step 2

5. Execute "efa tenant po show", "efa tenant vrf show", "efa tenant epg show", "efa tenant service mirror session show"

Below are the steps to reproduce the issue

1. Create a mirror session on an SLX device using EFA

2. Modify the mirror session configuration on SLX by changing any of the attributes e.g. source, destination, direction, etc.

3. Perform "efa inventory drift-reconcile execute --ip <device-ip> --reconcile"

At the end of upgrade, the installer displays a

message associated with a fresh install and not an upgraded install. The installer will show

"Extreme Fabric Automation Stack is now deployed and ready"

instead of

"Extreme Fabric Automation Stack has been upgraded successfully"

This is harmless and the upgrade procedure is unaffected.

1. Create a single rack fabric

2. If the use manually removes "member-vlan-all" or " member-bd-all", from the SLX followed by DRC.

Execute in device command 'shutdown' of member port of MCT PO.

EFA device update brings the device to 'cfg-refresh'

Execute Drift-reconcile for device does not bring the member port back up ie 'no shutdown' is not issued on member port interface.

Below are the steps to reproduce the issue

1. Create and configure a fabric with backup routing enabled

2. Create a Tenant, a PO, 5 VRFs and 5 EPGs

3. Update the fabric setting (for the fabric created in step 1) with md5 password

4. Perform fabric configure

1. Remove backup routing neighbor md5-password from the VRFs which are in cfg-refreshed state (as seen in the DRC output)

2. Execute DRC to reconcile the configs and to move the cfg-refreshed configurations to cfg-in-sync