Open Defects

The following defects are open in Extreme Fabric Automation 3.1.0.

Parent Defect ID: EFA-11978 Issue ID: EFA-11978
Product: Extreme Fabric Automation Reported in Release: EFA 3.0.0
Symptom: Disable of vn-tag header strip and enabling of 802.1BR header strip fails from XCO GUI for SLX NPB
Condition: When vn-tag header strip is enabled on an interface, disabling the vn-tag header strip and enabling the 802.1BR header strip in a single operation fails from XCO GUI.
Workaround: Disable the vn-tag header strip in first operation (save the port update) and then edit port again for enabling 802.1BR header strip option.
Recovery: N/A
Parent Defect ID: EFA-12004 Issue ID: EFA-12004
Product: Extreme Fabric Automation Reported in Release: EFA 3.0.0
Symptom: Ports are not listed in the port-channel creation for SLX NPB devices
Condition: Even though the ports are not used in any other configurations, the ports are not listed in the port-channel creation. For these ports, speed is set to auto-negotiation, and ports are not connected with cable.
Workaround: For breakout ports, make sure that cables are connected so that port speed will be updated.
Recovery: NA
Parent Defect ID: EFA-12617 Issue ID: EFA-12617
Product: Extreme Fabric Automation Reported in Release: EFA 3.0.0
Symptom: Port-channel partial configuration are present on device for SLX NPB devices
Condition: Port-channel configuration failed from UI, on device still the partial configuration is present.
Workaround: Make sure that all the configuration information are correctly populated from UI so that configuration will not fail on device.
Recovery: Login to SLX CLI and delete the given port channel and refresh configuration on XCO UI.
Parent Defect ID: EFA-15357 Issue ID: EFA-15357
Product: Extreme Fabric Automation Reported in Release: EFA 2.7.2
Symptom:

In a CLOS fabric, multiple fabric ports belonging to different fabric devices can have the same IP address assigned incorrectly.

For example: interface ethernet 0/x on device D1 and ethernet 0/y on device D2 can have an ip-address 10.1.1.1/31 assigned.

Recovery:

1. Disable the LLDP protocol under the interfaces ethernet 0/x on D1 and ethernet 0/y on D2

2. Execute "efa inventory device update --ip <device-ip>" for both D1 and D2

3. Execute "efa fabric configure --name <fabric-name>"

Parent Defect ID: EFA-15502 Issue ID: EFA-15502
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: The intermediate session expired pop up in the XCO user interface
Condition: When the user session is active for one hour, the user will see a session expiry pop up.
Workaround:

Set the higher value for the user token expiry using "efa auth settings token update" CLI. The default access token expiry value is 1 hour.

Example: efa auth settings token update --type=ACCESS --hours=2 --minutes=30

Recovery: The user has to click OK on the pop up and the user session will be reauthenticated automatically.
Parent Defect ID: EFA-15594 Issue ID: EFA-15594
Product: Extreme Fabric Automation Reported in Release: EFA 2.7.2
Symptom: The fabric devices continue to remain in cfg-refresh-err state after the tpvm fail over.
Condition:

1.Fabric devices are already in cfg-refresh-err state due to LLDP Link down(LD) event.

2. Bring up the LLDP links responsible for the fabric devices to be in cfg-refresh-err state.

3. Execute the TPVM failover by 'tpvm stop' and 'tpvm start' commands during the LLDP Link up (LA) event handling caused by 2.

Recovery: Execute "efa inventory drift-reconcile execute --ip <device-ip> --reconcile" on the devices which are in cfg-refresh-err state
Parent Defect ID: EFA-15697 Issue ID: EFA-15697
Product: Extreme Fabric Automation Reported in Release: EFA 2.7.2
Symptom: Fabric devices continue to remain in cfg-refresh-err state even though the links between the MCT pair are brought up after the reload
Condition:

1. Configure a single rack(MCT Pair) Non-CLOS fabric with the SLX devices

2. All links between the MCT pair are brought down

3. "efa fabric show" output indicates the devices with the app-sate set as "cfg-refresh-err"

4. Reload the SLX devices

5. There are connectivity issues towards the SLX from EFA after reload

Recovery:

1. Fix the network connectivity issue between EFA and the SLX devices

2. Execute "lldp disable" followed by "lldp enable" under the physical interfaces interconnecting the MCT pair

3. Execute "efa inventory device update --ip <device-ip>" on the MCT pair

Parent Defect ID: EFA-15899 Issue ID: EFA-15899
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: The Bridge domain will show the pw-profile as default rather than the actual value 'Tenant-profile' . This is even after the DRC and the EFA will show bridge domain configurations as drifted.
Condition:

On BR-SLX9540, BR-SLX9640, SLX9740-40C, SLX9740-80C

1. Configure a fabric and create a BD based tenant, vrf and Port channel under the tenant

2. Configure L3 EPG under the BD based tenant using the vrf and Port channel created in step 1.

3. Step 2 will result in 'Tenant-profile' pw-profile configuration under the Bridge domain corresponding to the Tenant ctag.

4. Delete the port channel which has the associated LIF to the BD (discussed in step 3) on the switch.

OR

Delete the LIF present in the Port channel or Ethernet Port that is associated with the BD (discussed in step 3) on the switch.

5. Execute the DRC for the switch using CLI 'efa inventory drift-reconcile execute --ip <ip-address> --reconcile'

6. Step 5 will result in 'default' pw-profile configuration instead of 'Tenant-profile' under the Bridge domain corresponding to the Tenant ctag and EPG ctags will remain in 'cfg-refreshed' state.

Note: The issue is reproducible on BR-SLX9540, BR-SLX9640, SLX9740-40C, SLX9740-80C platforms only.

Workaround: Do not delete the Port channel or LIF associated with the Port channel or the Ethernet Port
Recovery: Execute DRC the second time to reconcile the bridge domain to the original state.
Parent Defect ID: EFA-15934 Issue ID: EFA-15934
Product: Extreme Fabric Automation Reported in Release: EFA 3.0.0
Symptom: Certificate Expiry warning is shown on 'efa login' after certificate has expired.
Workaround: Renew EFA server certificate.
Parent Defect ID: EFA-15943 Issue ID: EFA-15943
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: Creating a SNMP community with a view that is not configured in EFA may be allowed.
Condition: A SNMP view created directly on the SLX can be used as the view associated with a SNMP community, even when the view is not in EFA's view list.
Workaround: When creating SNMP communities, consult the SLX configuration to see if any out of band views were created or ensure all view are created by EFA.
Recovery: When using an out of band view, creating the view in EFA will take ownership of the view on a specific OID or the community can be changed to use a different view name that is not out of band.
Parent Defect ID: EFA-15954 Issue ID: EFA-15954
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: Renewal of K3s server certificate fails after a time-shift.
Condition: K3s CA certificate has been renewed and immediately K3s server certificate renewal is tried again.
Workaround: During K3s CA certificate renewal, the K3s server certificate is generated as well. If the time-shift is very quick, then wait for few hours and then retry the same operation again.
Parent Defect ID: EFA-15957 Issue ID: EFA-15957
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom:

Port-group add operation on a Layer-3 EPG of a bridge-domain enabled tenant that shares ctag with other EPGs may fail. on certain conditions with the error:

Device: <device-1-IP> Ctag: <ctag> Anycast <IP-1> subnet is conflicting with already configured Ve 4097 : Anycast <IP-1> on the device <device-1>

Condition:

1. Configure two layer-3 EPGs with shared ctags and with ports from different SLX devices that are connected as MCT pair

2. Do an EPG port-group-delete update operation on one EPG to remove all its ports

3. Re-add the same ports back to the EPG

The step 3 will fail with the symptom mentioned above.

Workaround: Ensure that the layer-3 EPGs that share ctags are provisioned with all the ports upfront at the time of EPG create time itself
Recovery: None
Parent Defect ID: EFA-15968 Issue ID: EFA-15968
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: Syslog messages are not seen for SLX (NPB) devices in the XCO user interface.
Condition: When the SLX device already has a secured Syslog configuration and then discovers the same device in XCO.
Workaround: Clear the secured Syslog configuration on the SLX NPB device before discovering it in XCO.
Recovery: Clear the secured Syslog configuration on the SLX NPB device and rediscover the device.
Parent Defect ID: EFA-15969 Issue ID: EFA-15969
Product: Extreme Fabric Automation Reported in Release: EFA 2.7.0
Symptom: After node-replacement with multiaccess subinterfaces, EFA is not accessible through VIP.
Condition: When new TPVM is installed for node-replacement, if new hostname was different from the older one with the same IP.
Recovery: In /etc/keepalived/keepalived.conf on the standby node, update the multiaccess IP and restart the keepalived service.
Parent Defect ID: EFA-15990 Issue ID: EFA-15990
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: 'efa tenant show' command fails with error 500.
Condition: A user is assigned multiple tenant admin roles.
Workaround: Use 'efa tenant show --name=' to view tenant details.
Parent Defect ID: EFA-15992 Issue ID: EFA-15992
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: For fabric installation, the tenant user logout displays an error message related to the permission.
Condition: Perform logout for a user having a dynamic tenant administrator role.
Recovery: The user can ignore the error message as the user will be logged out successfully in spite of the error.
Parent Defect ID: EFA-15993 Issue ID: EFA-15993
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: Rule match (ACL) is reconciled with zero DSCP value
Condition: When rule match is set with only with default protocol (IPv6/IPv4), and device is discovered from XCO, it is reconciled with DSCP value 0 (zero) in XCO.
Workaround: While editing the rule match, user needs to be cautioned to clear the DSCP value of 0 (zero) in the form so that it will not be pushed to device.
Recovery: If the DSCP value zero is configured on the device, user can edit the rule match and clear the DSCP value and push it to device.
Parent Defect ID: EFA-15995 Issue ID: EFA-15995
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: For fabric installation, the password reset of a local user having tenant admin role displays an error message related to the permission.
Condition: Perform password reset of a local user having a dynamic tenant administrator role.
Workaround: Don't create the local user having a dynamic tenant administrator role.
Parent Defect ID: EFA-16000 Issue ID: EFA-16000
Product: Extreme Fabric Automation Reported in Release: EFA 3.1.0
Symptom: Ingress group is not updating correctly on NPB device version 21.1.2.3
Condition: When there is an ingress group associated with given policy exists without any inner/outer tunnel information present and other ingress group which is also associated with same policy with inner/outer tunnel configuration is being updated, the update of 2nd ingress group is not happening.
Workaround: Delete ingress group with inner/outer tunnel information and add it back with updated configuration.
Recovery: Delete ingress group with inner/outer tunnel information and add it back with updated configuration.
Parent Defect ID: XCO-3435 Issue ID: XCO-3435
Product: XCO Reported in Release: EFA 2.5.0
Symptom: Add Device Failed because ASN used in border leaf showing conflict
Condition: If there are more than one pair of Leaf/border leaf devices then devices which are getting added first will get the first available ASN in ascending order and in subsequent addition of devices if one of device is trying to allocate the same ASN because of brownfield scenario then EFA will throw an error of conflicting ASN
Workaround:

Add the devices to fabric in the following sequence

1)First add devices that have preconfigured configs

2)Add remaining devices that don't have any configs stored

Recovery:

Removing the devices and adding the devices again to fabric in following sequence

1)First add devices that have preconfigured configs

2)Add remaining unconfigured devices.

Parent Defect ID: XCO-3438 Issue ID: XCO-3438
Product: XCO Reported in Release: EFA 2.7.0
Symptom: When endpoint group create or update operation REST requests of multiple endpoint groups each with 50+ ctags are issued concurrently, one or two of the requests may fail with "Error 1452: Cannot add or update a child row: a foreign key constraint fails" or with an error indicating database timeout or an error indicating failure of network property delete.
Condition: When multiple endpoint group requests are processed concurrently, some of the database requests initiated by EFA may cause database to abort one of the request with the above mentioned error
Workaround: Execute the commands sequentially
Recovery: EFA database and SLX device configurations are always not affected by this error and hence no recovery is required. The failed commands shall be rerun sequentially to successful completion of the expected operations
Parent Defect ID: XCO-3443 Issue ID: XCO-3443
Product: XCO Reported in Release: EFA 3.1.0
Symptom: After fresh installation of XCO or after IP change, browser shows the 'Certificate is not Valid'.
Workaround:

Add EFA CA to the trust store in the browser.

Incase of an IP change, regenerate the EFA server certificate using CLI. Refer to Administration guide for details.

Parent Defect ID: XCO-3445 Issue ID: XCO-3445
Product: XCO Reported in Release: EFA 3.0.0
Symptom: DRC will not identify the drift and hence will not reconcile the drifted configuration
Condition:

Below are the steps to reproduce the issue:

1. Configure multi rack Non-CLOS fabric.

2. Manually remove the below set of configurations on device under

router-bgp

no neighbor 172.x.x.x password xxxx

no neighbor 172.x.x.x update-source loopback 1

no neighbor 172.x.x.x peer-group overlay-ebgp-group

address-family l2vpn evpn

no retain route-target all

3. Execute "efa inventory drift-reconcile execute --ip <device-ip>"

Recovery: Manually reconfigure the removed configurations from the device
Parent Defect ID: XCO-3448 Issue ID: XCO-3448
Product: XCO Reported in Release: EFA 3.0.0
Symptom: Super spine devices continue to remain in cfg-refreshed state even after the invalid topology connections (i.e. superspine to superspine connections) are removed by disabling the LLDP links between the super spine devices followed by a DRC (Drift and Reconcile)
Condition:

Below are the steps to reproduce the issue

1. Configure a 5-stage CLOS fabric

2. Enable the LLDP link(s) between the superspine devices

3. App state of superspine devices moves to cfg-refresh-error

4. Disable the LLDP link(s) (which were enabled in step 2) between the superspine devices

5. App state of superspine devices moves to cfg-refreshed

6. Execute "efa inventory drift-reconcile execute --ip <device-ip> --reconcile" for the super-spine devices

Recovery: Execute "efa fabric configure --name <fabirc-name>" so that the superspine devices move to cfg-in-sync state
Parent Defect ID: XCO-3460 Issue ID: XCO-3460
Product: XCO Reported in Release: EFA 2.5.5
Symptom: kubernetes command k3s kubectl get pods -n efa will show some pods in "ImagePullBackOff" state.
Condition: when node Disk Space is full and pods are in evicted state, after freeing up space and executing efactl start or on next restart of pod.
Workaround: Check for expected Disk space as mentioned in system requirements.
Recovery:

1. Check if we have enough disk space as mentioned in system requirements,

2. On the install dir , change to docker_images and import the images using following command

k3s ctr image import docker_k3s_images.tar

3. execute efactl start

Parent Defect ID: XCO-3471 Issue ID: XCO-3471
Product: XCO Reported in Release: EFA 3.1.0
Symptom: Stale BGP Peer-group entry configured under router BGP on SLX Border leaf and Spine devices with none of the BGP neighbors linked with the Peer group.
Condition:

1. Create a 3-stage CLOS fabric, add devices with MCT leaf, spine, and border-leaf and configure the fabric

2. Convert the 3-stage CLOS fabric to a 5-stage CLOS fabric using the fabric migrate command

"efa fabric migrate --type "3-to-5-stage" --source-fabric <source-fabric> --destination-3-stage-leaf-spine-pod <pod-name> --destination-3-stage-border-leaf-pod <pod-name>"

3. Add super-spine POD devices to the migrated 5-stage CLOS fabric

4. Disconnect the BorderLeaf to Spine links and reconnect the BorderLeaf to Super-Spine links

5. Configure the migrated 5-stage CLOS fabric

Recovery: Manually delete the stale BGP peer-groups from both the Border Leaf and Spine devices
Parent Defect ID: XCO-3979 Issue ID: XCO-3979
Product: XCO Reported in Release: EFA 2.5.0
Symptom: Deleting device from EFA Inventory does not bring up the interface to admin state 'up' after unconfiguring breakout configuration
Condition: This condition occurs when there is a breakout configuration present on the device that is being deleted from EFA Inventory
Workaround: Manually bring the admin-state up on the interface, if required
Recovery: Manually bring the admin-state up on the interface, if required
Parent Defect ID: XCO-3980 Issue ID: XCO-3980
Product: XCO Reported in Release: EFA 2.5.0
Symptom: Removing a device from Inventory does not clean up breakout configuration on interfaces that are part of port channels.
Condition: This condition occurs when there is breakout configuration present on device that is being deleted from Inventory, such that those breakout configurations are on interfaces that are part of port-channels
Workaround: Manually remove the breakout configuration, if required.
Recovery: Manually remove the breakout configuration, if required.