Issue fixed with Aria Operations for Networks 6.14 Patch8, Build number 1749832225
search cancel

Issue fixed with Aria Operations for Networks 6.14 Patch8, Build number 1749832225

book

Article ID: 401499

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

Below mentioned 3 issues are now fixed in Aria Operations for Networks 6.14 Patch 8, Build number 1749832225 :

1. Latency Profile enabled on Aria Operations for Networks GUI when disabled does not get  removed from NSXT Transport Zones with the BFD Profile.

2. An IllegalArgumentException is seen from logs at location /var/log/arkin/collector/ while processing the security policies, refer to log entry below:
   

java.lang.IllegalArgumentException: Comparison method violates its general contract_
        at java.util.TimSort.mergeHi(TimSort.java:903) _[_:_]
        at java.util.TimSort.mergeAt(TimSort.java:520) _[_:_]
        at java.util.TimSort.mergeForceCollapse(TimSort.java:461) _[_:_]
        at java.util.TimSort.sort(TimSort.java:254) _[_:_]
        at java.util.Arrays.sort(Arrays.java:1515) _[_:_]
        at java.util.ArrayList.sort(ArrayList.java:1750) _[_:_]
        at com.vnera.dataproviders.core.impl.vmware.policymanager.tasks.datafetchers.PolicyManagerFirewallPolicyRulesFetcher.getFirewallPolicies


3. Incomplete policy firewall rule SDM causes to toggle realized entity and email Notifications From Stale Alerts, Refer to GUI Screenshot showing Email alert notifications:



In above you see Alert shows very older time stamp and email notification is very recent.

From collector logs at location /var/log/arkin/collector

com.vnera.dataproviders.core.common.impl.dataprovider.utils.exceptions.HttpException: Could not get response for /policy/api/v1/infra/realized-state/realized-entities, status 429
        at com.vnera.dataproviders.core.common.impl.dataprovider.utils.HttpUtils.checkCodeAndThrow(HttpUtils.java:54) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.common.impl.dataprovider.utils.HttpUtils.checkStatusAndThrow(HttpUtils.java:34) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.common.impl.dataprovider.utils.HttpUtils.checkStatusAndThrow(HttpUtils.java:23) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.impl.vmware.nsxcommon.AbstractDatasourceFetchUtils.handleErrorResponse(AbstractDatasourceFetchUtils.java:276) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.impl.vmware.policymanager.utils.PolicyManagerUtils.handleErrorResponse(PolicyManagerUtils.java:1728) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.impl.vmware.nsxcommon.AbstractDatasourceFetchUtils.fetchData(AbstractDatasourceFetchUtils.java:87) _[dataproviders-0.001-SNAPSHOT.jar:_]
        at com.vnera.dataproviders.core.impl.vmware.nsxcommon.AbstractClusterDataSourceFetchUtils.fetchData(AbstractClusterDataSourceFetchUtils.java:49) _[dataproviders-0.001-SNAPSHOT.jar:_]

 

Environment

Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.12.1
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0
 

Cause

  1.  Due to this IllegalArgumentException seen the firewall rules intermittently deleting it from Aria Operations for Networks GUI, it is a logical bug in Aria Operations for network while sorting Security Policies.

  2. The last modified user/timestamp field which is present in e-mail that customer received is consumed from NSX APIs. As there was no change in rule in NSX, the audit info still showed stale timestamp.
    In logs we found that AON was getting a lot of HTTP 429 'exceeded request rate of 100 per second' exception while polling NSX APIs. Due to this exception received in Aria Operations for Network.
    Sometimes the firewall rule SDMs are half-baked and it does not contain the realized entitles.
    Due to this, we are seeing this toggle for realized entity attribute and as a result of the toggle customer is receiving change event alerts. As the customer subscribed for e-mail alerts, so the customer received e-mail alerts with firewall rule change event alert.

    Note: For Issue 2:  This Patch should be applied only if you see both the symptoms i.e. combination of older alert time stamp in email notification  and above log entry showing status 429 for realized-entities.

  3. Latency and BDF profile issues:          

    Issue A: When latency is enabled via Aria Operations for Networks UI, the NSX Latency flag in the vRNI collector database isn't set to true as we are not able to update the Transport Zone with the BFD Profile. This prevents deletion of latency profiles and configurations on NSX Manager when latency is disabled, potentially causing an "already configured" error on subsequent attempts to enable it.

    Issue B: During latency disablement (via Aria Operations for Networks GUI, NSX data source disablement/deletion, or migration), vRNI may only delete the BFD Profile and not its path from the TZ due to Issue1 leading to data path issues in NSX upon manager restart. If the BFD profile is still being referenced somewhere (in this case Transport Zone), the deletion of the profile should not be allowed. This a known issue in NSX and has been fixed in NSX 4.2.2

Resolution

Above mentioned issues are now fixed in Aria Operations for Networks 6.14 Patch8, Build number 1749832225

Aria Operations for Networks patch can be downloaded from Broadcom Support portal port login.

To Download GA patch click here 

File name: VMware-AriaOpNetworks.6.14.0.P8.1749832225.patch.bundle
File Size: 969.31 MB

Note: Above patch is cumulative of any previous patches for Aria Operations for Networks 6.14.0

Review below procedure and steps to apply Aria Operation for Networks Patch from GUI:

  1. Download Aria Operations for Networks 6.14 Patch8 Build number 1749832225 on you local system.
  2. Log into the Aria Operations for Networks GUI as an Administrator user. 

    Note:
    The default admin@local account can be used.
    Use platform node 1 IP in case of Clustered deployments.

  3. Navigate to Settings > Infrastructure and Support> Infrastructure and Updates  then under Product, select Click here.
  4. Click Browse to select the  locally downloaded patch file and click Upload.

    Note:

    When the upload is complete, Aria Operations for Networks GUI show the Bundle Upload Complete message notification within 2-3 minutes and the bundle processing happens in the background.
    Until the upload of the package happens, ensure that the session is not closed. If the session ends, you have to restart the upload process.
    Do not refresh the page after bundle upload, until you see the Update Available message notification.

  5. In the Bundle Available message notification, click View details.

    Aria Operations for Networks (vRNI) Update screen appears.

  6. Read the Before you proceed instruction and click Continue.
  7. Wait for the pre-checks to complete.
  8. Click Install Now.

    You can see the approximate time required to complete the update process on your setup.

  9. Once the update process begins, the Aria operations for Networks Update screen provides the status of the upgrade  process.

  10.  All platforms and the collectors nodes are updated.


    If you are using Aria Suite Life Cycle to Manage Aria Operations for Networks 6.14.0 then see below the Procedure to apply patch using VMware Aria Suite Lifecycle:

    Download Patch file here

    File Name: vrlcm-vrni-6.14.0-6.14.0.P8.1749832225.patch
    File Size: 996.35 MB
     
    For applying the patch via VMware Aria Suite Lifecycle for VMware Aria Operation for Networks 6.14.0, refer to VMware Aria Suite Lifecycle 8.18 documentation for procedure and steps.
Powered by Wolken Software