What's New in 22.1.7

Release Date: 08 August 2024

This is a maintenance release and provides fixes for high-priority issues.

See Checklist for Upgrade to 22.1.7.

Patch Release Notes for 22.1.7

22.1.7-2P1

Release Date: 26 September 2024

• AV-145849: SNMPD failure, requiring an upgrade of the base package to version 5.9 or later to fix the crash.

• AV-188518: Querying the Logs for IPv6 addresses incorrectly results in NO_DATA.

• AV-217209: Subnet CIDRs appear as undefined in the Service Engine Network field during cloud configuration.

Issues Resolved in 22.1.7

• AV-161092: In a VMware cloud, the Service Engine creation fails when the content library is shared between the NSX cloud and the vCenter cloud configured in the same Controller.

• AV-197042: L4 proxy may perform inefficiently in certain cases where front-end and back-end processing speeds substantially differs.

• AV-190793: In some GSLB site persistence configurations, if a cookie generated by one virtual server is transmitted to another virtual server within the same site or different site, requests may loop back and forth between the sites and then result in a 503 error.

• AV-192778: In Docker-based Controllers, during reboot/upgrade workflows, DNS configuration is not being persisted.

• AV-193280: For HTTP/2 requests, when there is a SNI host name mismatch, the virtual service closes the connection instead of sending a 421 response to the client.

• AV-194438: When health monitor sharding is enabled for GSLB services, GSLB pool members may occasionally be incorrectly marked as DOWN.

• AV-195157: DNS resolution is affected due to incorrect GSLB status being synced across all the sites.

• AV-197591: High CPU utilization when Least Load Algorithm is configured in the pool and connection multiplexing is disabled in the application profile of the virtual service.

• AV-198913: In case of HTTP/2 requests, using HTTP Response Policy or HTTP Response DataScript to replace the Content-Type header with "charset" directive present, leads to an incomplete rewrite of the header.

• AV-198989: Service Engine failure may occur when WAF is enabled on a virtual service also utilizing Thales Luna HSM integration.

• AV-200616: SE Disk Encryption key update in GCP Cloud fails with the error, "Delete all Virtual Services and Service Engines of Cloud Default-Cloud to modify encryption_keys.se_disk_kms_key_id option".

• AV-201304: Requests are potentially being sent to the EVH virtual service with a wildcard domain instead of being processed by the EVH virtual service with a matching exact domain. This issue occurs specifically when the path of the request is matched using a regular expression (regex_match).

• AV-201682: L4 logs are not displayed in the UI when a single virtual service is hosting ports with different protocols using the override option.

• AV-202493: UI validation for search domains fails with space-separated entries.

• AV-203271: Importing a LetsEncrypt certificate implicitly associates it with the default LetsEncrypt certificate management profile, lacking the flexibility to manage the certificates externally.

• AV-203418: When the shared SSL certificates functionality is enabled, and a non-admin tenant’s certificate chains to a CA certificate in the admin tenant, during renewal, the certificate chain update fails.

• AV-204295: Shared memory allocation failures for debug, trace, or event rings in LSC based deployments can cause Service Engine failure.

• AV-204733: Using any delimiters other than spaces for multiple search domains results in an invalid DNS configuration.

• AV-204781: SCTP virtual service does not support auto gateway.

• AV-204909: Client traffic may experience latency / timeouts for a virtual service when using HSM and HTTP/2 or WAF are configured.

• AV-205031: In some cases, the UI incorrectly displays a CRS group as disabled despite it being enabled, when configured via API/CLI.

• AV-205033: The End-to-End timing data is missing from the per-request display in the Virtual Service Log UI.

• AV-206573: When creating pools through the UI, adding servers includes a "prst_hdr_val" field with a default empty value ("prst_hdr_val": "",). However, when using the API for pool creation, this field is not included in the API calls, leading to inconsistent presence of the "prst_hdr_val" key among servers within the pool.

• AV-206581: Using a variable in avi.pool.select() may fail to identify the pool during a virtual service update.

• AV-207823: When the preserve client IP feature is enabled on a virtual service, if the response from the backend server to the SE is fragmented, the packets will be dropped or sent to the client with the wrong client.

• AV-208104: In the case of HTTP/2 header processing error, the virtual service reports a protocol error for the subsequent request.

• AV-209123: Service timeout error on the NSX Advanced Load Balancer UI when creating a Service Engine group.

• AV-209147: When a user with non-admin permissions, creates a pool through the CLI/API, some default fields are not instantiated, causing subsequent modifications through the UI to fail.

• AV-211473: The default login timeout for TACACS was short causing multi-factor authentication to fail.

• AV-212227: In VMware deployments, traffic disruption may occur if the interface route is down due to a race condition while initializing the Service Engine.

Key Changes in 22.1.7

Checklist for Upgrade to NSX Advanced Load Balancer Version 22.1.7

Refer to this section before initiating upgrade.

• Upgrade to NSX Advanced Load Balancer 22.1.7 is supported from the following versions: