Open Defects

The following defects are open in Extreme Fabric Automation 3.1.1.

Parent Defect ID: XCO-3438 Issue ID: XCO-3438
Product: XCO Reported in Release: EFA 2.7.0
Symptom: When endpoint group create or update operation REST requests of multiple endpoint groups each with 50+ ctags are issued concurrently, one or two of the requests may fail with "Error 1452: Cannot add or update a child row: a foreign key constraint fails" or with an error indicating database timeout or an error indicating failure of network property delete.
Condition: When multiple endpoint group requests are processed concurrently, some of the database requests initiated by EFA may cause database to abort one of the request with the above mentioned error.
Workaround: Execute the commands sequentially.
Recovery: EFA database and SLX device configurations are not always affected by this error and hence no recovery is required. The failed commands shall be rerun sequentially to successful completion of the expected operations.
Parent Defect ID: XCO-3443 Issue ID: XCO-3443
Product: XCO Reported in Release: EFA 3.1.0
Symptom: After fresh installation of XCO or after an IP change, browser shows the 'Certificate is not Valid'.
Workaround:

Add EFA CA to the trust store in the browser.

In case of an IP change, regenerate the EFA server certificate using CLI. Refer to Administration guide for details.
Parent Defect ID: XCO-3445 Issue ID: XCO-3445
Product: XCO Reported in Release: EFA 3.0.0
Symptom: DRC will not identify the drift and hence will not reconcile the drifted configuration
Condition:

Below are the steps to reproduce the issue:

  1. Configure multi-rack Non-CLOS fabric.
  2. Manually remove the below set of configurations on device under:
    • router-bgp
    • no neighbor 172.x.x.x password xxxx
    • no neighbor 172.x.x.x update-source loopback 1
    • no neighbor 172.x.x.x peer-group overlay-ebgp-group
    • address-family l2vpn evpn
    • no retain route-target all
  3. Execute "efa inventory drift-reconcile execute --ip <device-ip>".
Recovery: Manually reconfigure the removed configurations from the device.
Parent Defect ID: XCO-3448 Issue ID: XCO-3448
Product: XCO Reported in Release: EFA 3.0.0
Symptom: Super spine devices continue to remain in cfg-refreshed state even after the invalid topology connections (i.e. superspine to superspine connections) are removed by disabling the LLDP links between the super spine devices followed by a DRC (Drift and Reconcile).
Condition:

Below are the steps to reproduce the issue:

  1. Configure a 5-stage CLOS fabric.
  2. Enable the LLDP link(s) between the superspine devices.
  3. App state of superspine devices moves to cfg-refresh-error.
  4. Disable the LLDP link(s) (which were enabled in step 2) between the superspine devices.
  5. App state of superspine devices moves to cfg-refreshed.
  6. Execute "efa inventory drift-reconcile execute --ip <device-ip> --reconcile" for the super-spine devices.
Recovery: Execute "efa fabric configure --name <fabirc-name>" so that the superspine devices move to cfg-in-sync state.
Parent Defect ID: XCO-3460 Issue ID: XCO-3460
Product: XCO Reported in Release: EFA 2.5.5
Symptom: kubernetes command k3s kubectl get pods -n efa will show some pods in "ImagePullBackOff" state.
Condition: when node Disk Space is full and pods are in evicted state, after freeing up space and executing efactl start or on next restart of pod.
Workaround: Check for expected Disk space as mentioned in system requirements.
Recovery:
  1. Check if we have enough disk space as mentioned in system requirements,
  2. On the install dir , change to docker_images and import the images using following command:

    k3s ctr image import docker_k3s_images.tar

  3. 3. Execute efactl start
Parent Defect ID: XCO-3471 Issue ID: XCO-3471
Product: XCO Reported in Release: EFA 3.1.0
Symptom: Stale BGP Peer-group entry configured under router BGP on SLX Border leaf and Spine devices with none of the BGP neighbors linked with the Peer group.
Condition:
  1. Create a 3-stage CLOS fabric, add devices with MCT leaf, spine, and border-leaf and configure the fabric.
  2. Convert the 3-stage CLOS fabric to a 5-stage CLOS fabric using the fabric migrate command:

    "efa fabric migrate --type "3-to-5-stage" --source-fabric <source-fabric> --destination-3-stage-leaf-spine-pod <pod-name> --destination-3-stage-border-leaf-pod <pod-name>"

  3. Add super-spine POD devices to the migrated 5-stage CLOS fabric.
  4. Disconnect the BorderLeaf to Spine links and reconnect the BorderLeaf to Super-Spine links.
  5. Configure the migrated 5-stage CLOS fabric.
Recovery: Manually delete the stale BGP peer-groups from both the Border Leaf and Spine devices
Parent Defect ID: EFA-4127 Issue ID: EFA-4127
Product: Extreme Fabric Automation Reported in Release: EFA 3.0.0
Symptom: Ports are not listed in the port-channel creation for SLX NPB devices.
Condition: Even though the ports are not used in any other configurations, the ports are not listed in the port-channel creation. For these ports, speed is set to auto-negotiation, and ports are not connected with cable.
Workaround: For breakout ports, make sure that cables are connected so that port speed will be updated.
Recovery: NA
Parent Defect ID: XCO-4128 Issue ID: XCO-4128
Product: XCO Reported in Release: EFA 3.0.0
Symptom: Port-channel partial configuration are present on device for SLX NPB devices.
Condition: Port-channel configuration failed from UI, on device still the partial configuration is present.
Workaround: Make sure that all the configuration information is correctly populated from UI so that configuration will not fail on device.
Recovery: Login to SLX CLI and delete the given port channel and refresh configuration on XCO UI.
Parent Defect ID: XCO-4129 Issue ID: XCO-4129
Product: XCO Reported in Release: EFA 3.0.0
Symptom: Disable of vn-tag header strip and enabling of 802.1BR header strip fails from XCO GUI for SLX NPB.
Condition: When vn-tag header strip is enabled on an interface, disabling the vn-tag header strip and enabling the 802.1BR header strip in a single operation fails from XCO GUI.
Workaround: Disable the vn-tag header strip in first operation (save the port update) and then edit port again for enabling 802.1BR header strip option.
Recovery: NA
Parent Defect ID: XCO-4136 Issue ID: XCO-4136
Product: XCO Reported in Release: EFA 3.1.0
Symptom: The intermediate session expired popup in the XCO user interface.
Condition: When the user session is active for one hour, the user will see a session expiry popup.
Workaround:

Set the higher value for the user token expiry using "efa auth settings token update" CLI. The default access token expiry value is 1 hour.

Example: efa auth settings token update --type=ACCESS --hours=2 --minutes=30.
Recovery: The user has to click OK on the popup and the user session will be reauthenticated automatically.
Parent Defect ID: XCO-4139 Issue ID: XCO-4139
Product: XCO Reported in Release: EFA 2.7.2
Symptom In a CLOS fabric, multiple fabric ports belonging to different fabric devices can have the same IP address assigned incorrectly. For example: interface ethernet 0/x on device D1 and ethernet 0/y on device D2 can have an ip-address 10.1.1.1/31 assigned.
Recovery:
  1. Disable the LLDP protocol under the interfaces ethernet 0/x on D1 and ethernet 0/y on D2.
  2. Execute "efa inventory device update --ip <device-ip>" for both D1 and D2.
  3. Execute "efa fabric configure --name <fabric-name>".
Parent Defect ID: XCO-4146 Issue ID: XCO-4146
Product: XCO Reported in Release: EFA 2.7.2
Symptom: The fabric devices continue to remain in cfg-refresh-err state after the tpvm fail over.
Condition:
  1. Fabric devices are already in cfg-refresh-err state due to LLDP Link down(LD) event.
  2. Bring up the LLDP links responsible for the fabric devices to be in cfg-refresh-err state.
  3. Execute the TPVM failover by 'tpvm stop' and 'tpvm start' commands during the LLDP Link up (LA) event handling caused by 2.
Recovery: Execute "efa inventory drift-reconcile execute --ip <device-ip> --reconcile" on the devices which are in cfg-refresh-err state.
Parent Defect ID: XCO-4154 Issue ID: XCO-4154
Product: XCO Reported in Release: EFA 2.7.2
Symptom: Fabric devices continue to remain in cfg-refresh-err state even though the links between the MCT pair are brought up after the reload.
Condition:
  1. Configure a single rack (MCT Pair) Non-CLOS fabric with the SLX devices.
  2. All links between the MCT pair are brought down.
  3. "efa fabric show" output indicates the devices with the app-sate set as "cfg-refresh-err".
  4. Reload the SLX devices.
  5. There are connectivity issues towards the SLX from EFA after reload.
Recovery:
  1. Fix the network connectivity issue between EFA and the SLX devices.
  2. Execute "lldp disable" followed by "lldp enable" under the physical interfaces interconnecting the MCT pair.
  3. Execute "efa inventory device update --ip <device-ip>" on the MCT pair.
Parent Defect ID: XCO-4155 Issue ID: XCO-4155
Product: XCO Reported in Release: EFA 3.1.0
Symptom: Renewal of K3s server certificate fails after a time-shift.
Condition: K3s CA certificate has been renewed and immediately K3s server certificate renewal is tried again.
Workaround: During K3s CA certificate renewal, the K3s server certificate is generated as well. If the time-shift is very quick, then wait for few hours and then retry the same operation again.
XCO-4156 Issue ID: XCO-4156
Parent Defect ID: XCO Reported in Release: EFA 3.1.0
Symptom:

Port-group add operation on a Layer-3 EPG of a bridge-domain enabled tenant that shares ctag with other EPGs may fail. on certain conditions with the error:

Device: <device-1-IP> Ctag: <ctag> Anycast <IP-1> subnet is conflicting with already configured Ve 4097 : Anycast <IP-1> on the device <device-1>
Condition:
  1. Configure two layer-3 EPGs with shared ctags and with ports from different SLX devices that are connected as MCT pair.
  2. Do an EPG port-group-delete update operation on one EPG to remove all its ports.
  3. Re-add the same ports back to the EPG.

The step 3 will fail with the symptom mentioned above.
Workaround: Ensure that the layer-3 EPGs that share ctags are provisioned with all the ports upfront at the time of EPG create time itself.
Recovery: None
Parent Defect ID: XCO-4160 Issue ID: XCO-4160
Product: XCO Reported in Release: EFA 2.7.0
Symptom: After node-replacement with multiaccess subinterfaces, EFA is not accessible through VIP.
Condition: When new TPVM is installed for node-replacement, if new hostname was different from the older one with the same IP.
Recovery: In /etc/keepalived/keepalived.conf on the standby node, update the multiaccess IP and restart the keepalived service.
Parent Defect ID: XCO-4164 Issue ID: XCO-4164
Product: XCO Reported in Release: EFA 3.1.0
Symptom: Syslog messages are not seen for SLX (NPB) devices in the XCO user interface.
Condition: When the SLX device already has a secured Syslog configuration and then discovers the same device in XCO.
Workaround: Clear the secured Syslog configuration on the SLX NPB device before discovering it in XCO.
Recovery: Clear the secured Syslog configuration on the SLX NPB device and rediscover the device.
Parent Defect ID: XCO-4165 Issue ID: XCO-4165
Product: XCO Reported in Release: EFA 3.1.0
Symptom: 'efa tenant show' command fails with error 500.
Condition: A user is assigned multiple tenant admin roles.
Workaround: Use 'efa tenant show --name=' to view tenant details.
Parent Defect ID: XCO-4168 Issue ID: XCO-4168
Product: XCO Reported in Release: EFA 3.1.0
Symptom: Ingress group is not updating correctly on NPB device version 21.1.2.3
Condition: When there is an ingress group associated with given policy exists without any inner/outer tunnel information present and other ingress group which is also associated with same policy with inner/outer tunnel configuration is being updated, the update of 2nd ingress group is not happening.
Workaround: Delete ingress group with inner/outer tunnel information and add it back with updated configuration.
Recovery: Delete ingress group with inner/outer tunnel information and add it back with updated configuration.
Parent Defect ID: XCO-4169 Issue ID: XCO-4169
Product: XCO Reported in Release: EFA 3.1.0
Symptom: For fabric installation, the password reset of a local user having tenant admin role displays an error message related to the permission.
Condition: Perform password reset of a local user having a dynamic tenant administrator role.
Workaround: Don't create the local user having a dynamic tenant administrator role.
Parent Defect ID: XCO-4174 Issue ID: XCO-4174
Product: XCO Reported in Release: EFA 3.1.0
Symptom: For fabric installation, the tenant user logout displays an error message related to the permission.
Condition: Perform logout for a user having a dynamic tenant administrator role.
Recovery: The user can ignore the error message as the user will be logged out successfully in spite of the error.
9037631-00 Rev AB