Guest

Support

Cisco ACI Software Advisory Notice for CSCuu21167

Hierarchical Navigation

Cisco ACI Software Advisory Notice for CSCuu21167

First Published: May 21, 2015

Last Updated: May 21, 2015

 

Dear Cisco Customer,

Cisco engineering has identified a software issue with the software release detailed below.

Affected Software

ACI Release 1.0(4h)

Affected Platforms

Cisco ACI-mode switches

Symptom

Policy Manager (PM) becomes unresponsive and eventually crashes.

Reason for Advisory

CDETS number CSCuu21167 (Policymgr is non-responsive for any new policy update after upgrade)

Description

The Policy Manager (PM) can become unresponsive over time due to an out-of-memory condition.  The PM can eventually crash.

The issue occurs when a configured system is upgraded to this release and the existing configuration contains the following condition:  The device selection policy used for a service graph in the user�s tenant (not tn-common) is pointing to a Bridge Domain (BD) in tn-common.

The issue does not occur when an unconfigured system is upgraded to this release or when a new system is delivered with this release.

Workaround

If you are using L4-L7 services with a BD for L4-L7 devices in the tenant common, check for a vnsRsLIfCtxToBD (L4-L7 Device selection policy) relation from any non-common tenant pointing to a BD in the tenant common. This can be determined in the UI or by using the Visore browser interface. An example of a Visore query with an appropriate filter is shown below (replace apic-host-name and challenge-key with appropriate values).



Visore Query to detect the condition

https://apic-host-name/visore.html?f=filter&challenge=challenge-key&cls=vnsRsLIfCtxToBD&prop=tDn&op=wcard&val1=uni%2Ftn-common%2FBD-&val2=

If the relation exists, run the script cleanupRsLIfCtxToBD.py after upgrading by pointing it at your APIC IP address. The script is provided below in this advisory note and is also attached to the bug: CSCuu21167. To run the command, you will need python 2.7, and you will need to set the PYTHONPATH to point to the egg files of the specific version. An example is shown below.



Python Path Example

PYTHONPATH=/tmp/104h/acicobra-1.0_4h-py2.7.egg:/tmp/867h/acimodel-1.0_4h-py2.7.egg

/opt/cisco/aci/python2.7/bin/python cleanupRsLIfCtxToBD.py -H 192.168.10.1 -P 443 -u admin -p ins3965! -S



where    -H = APIC IP address

            -P = port number (HTTPS)

            -u = username

            -p = password

 

This script will delete and re-add all the vnsRsLIfCtxToBD relations in your system. GraphInst might go to a fault state and recover but no traffic disruption is expected.

Script

The following script is cleanupRsLIfCtxToBD.py :

 

#!/usr/bin/env python

 

from __future__ import print_function

from cobra.mit.access import MoDirectory

from cobra.mit.session import LoginSession

from cobra.mit.request import ConfigRequest

from cobra.model.vns import RsLIfCtxToBD

 

 

def main(https, host, port, user, password):

    url = '{prot}://{host}:{port}'.format(

        prot='https' if https else 'http', host=host, port=port)

    session = LoginSession(url, user, password)

    moDir = MoDirectory(session)

    print('Logging into', url)

    moDir.login()

 

    print('Querying all vns.RsLIfCtxToBD...', end='')

    rss = moDir.lookupByClass('vns.RsLIfCtxToBD')

    print('found', len(rss), 'objects.')

 

    if not rss:

        print('Nothing to do.')

        return

 

    print('Deleting them...', end='')

    for rs in rss:

        cfgRequest = ConfigRequest()

        mo = RsLIfCtxToBD(rs.dn.getParent(), tDn=rs.tDn)

        mo.delete()

        cfgRequest.addMo(mo)

        moDir.commit(cfgRequest)

    print('done.')

 

    print('Recreating them...', end='')

    for rs in rss:

        cfgRequest = ConfigRequest()

        mo = RsLIfCtxToBD(rs.dn.getParent(), tDn=rs.tDn)

        cfgRequest.addMo(mo)

        moDir.commit(cfgRequest)

    print('done.')

 

if __name__ == '__main__':

    from argparse import ArgumentParser

    parser = ArgumentParser('Deletes/recreates vnsRsLIfCtxToBD objects')

    parser.add_argument('-H', '--host', help='APIC host name or IP',

                        required=True)

    parser.add_argument('-P', '--port', help='APIC REST API port', type=int,

                        default=80)

    parser.add_argument('-S', '--https', default=None,

                        help='use HTTPS', action='store_true')

 

    parser.add_argument('-u', '--user', help='user name', required=True)

    parser.add_argument('-p', '--password', help='user password',

                        required=True)

    args = parser.parse_args()

 

    main(args.https, args.host, args.port, args.user, args.password)

 

Notes

1.     A fix for this bug will be available in a future 1.0(4) patch release.

 

Legal Information

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB�s public domain version of the UNIX operating system. All rights reserved. Copyright � 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED �AS IS� WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

All printed copies and duplicate soft copies are considered un-Controlled copies and the original on-line version should be referred to for latest version.

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Trademark

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Copyright

� 2015 Cisco Systems, Inc. All rights reserved.